Questions & Answers:
Client Privacy, Confidentiality and Security with Toronto SMIS

This page is available in printer-friendly PDF version.
You will need to have the latest version of the FREE Acrobat Reader on your computer to view this link.

This page provides answers to questions regarding the protection of a client's personal information in Toronto SMIS, the City's emergency shelter management information system.

Personal information refers to details recorded about an identifiable individual. Shelters already have ways to ensure personal information is protected while delivering client services including

1. federal and provincial privacy legislation
2. Toronto Shelter Standards and City policy guidelines
3. their own best practices, policies and procedures.

Toronto SMIS protects the privacy, confidentiality and security of personal information in the following ways:

1. Privacy - restricting who has access to personal information
2. Confidentiality - regulating how personal information is shared, including how and when client consent is obtained to release personal information
3. Security - employing industry-standard technology to ensure personal information is protected.

The following information outlines the privacy principles that Toronto SMIS is built on. City guidelines will focus on protecting personal information in the day-to-day use of Toronto SMIS.

Questions and Answers:

Q1. What personal information can staff view in Toronto SMIS?
A. Access to personal information in Toronto SMIS is generally restricted to a need-to-know basis. Although staff must have general access to certain pieces of information in order to perform their duties, different staff roles in the shelter require different levels of access to a client's personal information.

For example, intake staff can view basic client information - first/last name, alias, date of birth, gender and whether the client is active (i.e. currently occupying a bed in a shelter) or non-active. Detailed client information, such as case notes, are only available to staff working as the client's caseworker or counsellor or to those staff who need the information to provide services.

Detailed client information is also shelter specific: staff in shelters can only view information about clients who have stayed in their shelter and notes related to that stay.

Q2. Who determines the level of access staff have to personal information in the new system?
A. Executive directors and shelter managers request password access for staff based on their role in the shelter. Staff who work at more than one shelter sign agreements, which prevents them from accessing client information from any other shelter. They can only see client information in they shelter where they are currently working.

Q3. Can shelters use Toronto SMIS to share client information?
A. Since Toronto SMIS is a web-based system, all shelters can view basic client information as noted above. As with our current system, shelters can share other client information if it is required for service delivery and only with specific client consent.

Q4. How is personal information released in the case of a law enforcement or Public Health request?
A. In exceptional circumstances, the release of personal information without client consent is possible with authorization. This usually requires shelter staff to file a written record and obtain a signed form from law enforcement or Public Health officials.

Q5. What security measures does Toronto SMIS employ?
A. Staff are required to log-in to the web-based system from a City-authorized computer using a password. Their level of access to client information is based on their role in the emergency shelter. The system will automatically log-out a user if the computer is left idle. Staff must re-enter their password to get back in. Toronto SMIS also monitors staff activity in the system.

All client information is stored on a secure network server that blocks any unauthorized access. Any client information printed from the system is stored securely, as is the current practice with paper files.

Q6. Does anyone have access to all of the data?
A. Only the database administrators (DBAs) have full access rights. As a standard practice, however, DBAs are bound by non-disclosure agreements that prohibit them from releasing personal information without proper consent or authorization.

Q7. Is Toronto SMIS linked to the Ontario Works database?
A. For shelters that pay Personal Needs Allowance, Toronto SMIS can automatically check a client's eligibility by searching for active files (clients receiving OW or ODSP) in the City's Ontario Works database. This process will not affect the client's status in the database, nor will they appear in the database if they were not already listed. Staff cannot access Ontario Works through Toronto SMIS.

Q8. Can staff access Toronto SMIS from their home computer?
A. No - in order to ensure the privacy, confidentiality and security of clients' personal information, staff cannot access Toronto SMIS from home.

Q9. Does Toronto SMIS create barriers to service?
A. All emergency shelter providers must adhere to Toronto Shelter Standards, City guidelines, and legislation governing the collection and storage of personal information. Toronto SMIS improves service delivery by limiting access to authorized staff only, regulating sharing practices and implementing security measures.

With Toronto SMIS, staff are more confident in the way they are managing their client's personal information, therefore, breaches in privacy, confidentiality and security are less likely to occur.

Back to: Toronto SMIS main page.