A Year in Review: CIHI s Annual Privacy Report
|
|
- Ella Day
- 8 years ago
- Views:
Transcription
1 A Year in Review: CIHI s Annual Privacy Report
2 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health information that enables sound policy and effective health system management that improve health and health care. Our Values Respect, Integrity, Collaboration, Excellence, Innovation
3 Table of Contents Introduction... 4 Section 1: Legal Context in Canada... 4 Section 2: Data-Sharing Agreements... 5 Section 3: Policy Review... 6 Section 4: Privacy and Security Training and Awareness... 7 Section 5: Privacy Impact Assessments... 8 Section 6: Privacy Audit Program... 8 Section 7: Privacy Breaches Section 8: Renewal of CIHI s Prescribed Entity Status Under Ontario s Personal Health Information Protection Act, Conclusion... 10
4 Introduction Privacy must be proactively incorporated into networked data systems and technologies, by default. The same is true of security. Both concepts must become integral to organizational priorities, project objectives, design processes, and planning operations... This culture of privacy is what emerges when organizations approach privacy as a business issue not a compliance issue. It is what takes hold when the leadership of an organization comes to see that the implementation of positive privacy [and security] controls creates rather than constrains business opportunities. Ann Cavoukian, Information and Privacy Commissioner, Ontario (2013) This past year, the Canadian Institute for Health Information (CIHI) continued to evolve its Privacy program with an increased focus on integrating privacy and security processes. Privacy and Legal Services and the Information Security branch continued to work together on many initiatives, including staff training, privacy and security incident management, and policies and procedures. All of this reflects the reality that at CIHI, as at many other organizations, privacy and security are interwoven and interdependent. The following annual privacy report is a testament to CIHI s ongoing commitment to privacy and security as a corporate priority. Section 1: Legal Context in Canada CIHI s data providers supply CIHI with the data it needs to fulfill its mandate: to produce the accurate and timely information required to establish sound health policy and to effectively manage the Canadian health system. In order to facilitate the flow of information from data providers to CIHI, it is critical that CIHI s data providers have clear lawful authority to disclose personal health information to CIHI, without an individual s consent. When a jurisdiction enacts or amends health privacy legislation, CIHI makes a submission to the jurisdiction suggesting that the new or amended legislation establish explicit lawful authority for disclosures of personal health information to CIHI without an individual s consent. Since our annual privacy report was published, two new pieces of legislation have referred to CIHI by name and have established lawful authority for disclosures of personal health information to CIHI: Nova Scotia s Personal Health Information Act, which came into force in June 2013; and Yukon s Health Information Privacy and Management Act, which was enacted in December 2013 but has not yet come into force. CIHI is also watching for future health privacy legislation in Prince Edward Island and the Northwest Territories. 4
5 Section 2: Data-Sharing Agreements As a health system user of personal health information, CIHI enters into data-sharing agreements (DSAs) with data providers from across the country. DSAs facilitate the flow of data to CIHI and support CIHI s mandate to provide the accurate and timely information required to establish sound health policy and effectively manage the Canadian health system. CIHI ratified or amended DSAs with the following data providers in : Saskatchewan: The schedule to the umbrella DSA was amended to add multiple sclerosis data to the DSA. Alberta First Nations communities: Agreements were signed with First Nations communities in Alberta to facilitate the flow of personal health information from the communities to CIHI s Home Care Reporting System (HCRS). British Columbia: The schedule to the umbrella DSA was amended to add patient-level physician billing data to the DSA. Northwest Territories: This umbrella DSA replaced the 2009 umbrella DSA. Statistics Canada: This DSA will provide CIHI with access to survey data concerning residential and long-term care facilities. CIHI is also currently negotiating new or amended DSAs with the following data providers: Transplant Quebec: CIHI is negotiating a DSA to permit Transplant Quebec to satisfy its legislative requirements for the disclosure of transplant data to CIHI. Ontario s Trillium Gift of Life Network: This DSA will facilitate the flow of personal health information concerning Ontario organ transplants from Trillium to CIHI for use in the Canadian Organ Replacement Register (CORR). Manitoba: CIHI is negotiating its first DSA with Manitoba. This umbrella DSA will govern all types of data that Manitoba shares with CIHI. Cancer Care Ontario (CCO): This DSA will replace the 2010 DSA and will facilitate the disclosure of renal-related personal health information from CCO to CIHI for use in CORR. In addition to entering into DSAs with data providers, in some cases, CIHI may also enter into a DSA or other legally binding instrument with a data requestor. A DSA with a data requestor becomes necessary when a request is for a significant volume of record-level data or when the need for the data is ongoing and is generally related to a broader program of work (as opposed to a time-limited, project-specific research initiative). Since our annual privacy report was published, CIHI has ratified DSAs with the following data requestors: Better Outcomes Registry and Network (BORN): The DSA was amended to permit BORN to use CIHI s personal health information from the Discharge Abstract Database (DAD) and National Ambulatory Care Reporting System (NACRS) for any work within BORN s legislated mandate. 5
6 CCO: This DSA facilitates the flow of personal health information from the DAD, NACRS and CORR at CIHI to CCO. CCO: This DSA provides CCO with access to Ontario data from the National System for Incident Reporting (NSIR) to improve the safety of cancer treatment. Institute for Clinical Evaluative Sciences (ICES): The DSA was amended to permit ICES to make anonymized Ontario data available to external researchers. The anonymized data is from the DAD, NACRS and CORR. interrai i (Hebrew SeniorLife,): This DSA facilitates the flow of de-identified data from the Continuing Care Reporting System (CCRS) and HCRS at CIHI to the interrai site at Hebrew SeniorLife facility. interrai (University of Michigan): This DSA facilitates the flow of de-identified data from CCRS, at CIHI to the interrai site at the University of Michigan. Patented Medicine Prices Review Board (PMPRB): This DSA permits the PMPRB to access the National Prescription Drug Utilization Information System (NPDUIS) Database. CIHI is also currently negotiating a DSA with the following data requestor: Canadian Nurses Association (CNA): This DSA will replace the previous agreement governing the flow of data regarding registered nurses and licensed practical nurses from CIHI to the CNA. Section 3: Policy Review CIHI is committed to the ongoing review of its privacy policies, procedures and practices in order to determine whether any amendments are needed or any new privacy policies, procedures and practices are required. This review takes place annually; any proposed changes to CIHI s privacy policies are brought to the Senior Management Committee for review and approval. In the case of material changes to CIHI s Privacy Policy, 2010, approval from the Board of Directors is required. The Privacy Policy was first approved by the Board in February Following is a list of the policies reviewed during and any action taken: Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 (Privacy Policy, 2010): No changes Use of Mobile Computing Equipment Policy and related implementation measures: Policy to be rewritten to align with current technology Privacy and Security Training Policy: No changes i. interrai is a not-for-profit network of researchers committed to improving health care for persons who are elderly, frail or disabled through evidence-based clinical practice and policy decisions. 6
7 As mentioned in last year s report, a recommendation was put forward as a result of a privacy incident to review both the Privacy Breach Management Protocol (governing privacy breaches/suspected privacy breaches or incidents) and the InfoSec Incident Management Protocol (governing information security incidents and information security breaches). The goals were to reduce ambiguity, clarify roles and authority, and possibly merge the two protocols into a single privacy/security incident protocol. While, on paper, the two protocols were intended to address different types of incidents and breaches, in practice they were very similar. CIHI s new Privacy and Security Incident Management Protocol came into force effective April 2013 and was accompanied in September by a mandatory online training module intended to ensure that all staff were familiar with their responsibilities under the protocol. Section 4: Privacy and Security Training and Awareness Privacy and security awareness forms part of CIHI s mandatory privacy and security training. CIHI s Privacy and Security Training Policy encompasses both privacy and security orientation for new employees and ongoing privacy and security training for current employees. In addition, it sets out the requirements for traceable, mandatory privacy and security training for all CIHI staff. Staff awareness is critically important to CIHI s culture of privacy and security. Each September is Information Security Awareness Month at CIHI; this year, all staff completed enhanced online training on CIHI s new, simplified Privacy and Security Incident Management Protocol. An incident management desktop tool was also provided to all staff that gives them the information they need to know should they suspect that a privacy or security incident or breach has occurred. Every January is designated Privacy Awareness Month at CIHI. All CIHI staff successfully completed a recently updated mandatory Privacy and Security Fundamentals training module and renewed their Confidentiality Agreement. Privacy Resources Privacy and Legal Services makes available to staff a number of resources on privacy changes and trends within and outside of Canada. One such resource is a yearly compilation of excerpts relating to personal health information from the annual reports of privacy commissioners in Canada, which have particular relevance for CIHI. In addition, CIHI prepared a summary of the investigation report released by the British Columbia Information and Privacy Commissioner on June 26, 2013, related to three breaches of personal health data for research purposes that happened because the Ministry of Health failed to translate privacy and security policies into meaningful business practices. 7
8 Section 5: Privacy Impact Assessments CIHI adopted and implemented a Privacy Impact Assessment Policy in 2009 as its governing document on privacy impact assessments (PIAs). PIAs have been conducted for all CIHI databases containing either personal health information or health workforce personal information. They are renewed every five years or in the following circumstances: a. When significant changes occur to functionality, purposes, data collection, uses, disclosures, relevant agreements or authorities for a program, initiative, process or system that need to be reflected in the PIA; b. When other changes occur that may potentially affect the privacy and security of those programs, initiatives, processes and systems; or c. When CIHI s Chief Privacy Officer determines that an update of a PIA or a new PIA is required and recommends same. Privacy and Legal Services has created a Privacy Impact Assessment Log and Schedule to track and record the conduct of PIAs. For , the following PIAs are currently in progress or were completed: CIHI Portal: Renewal of the 2008 PIA Primary Health Care Voluntary Reporting System: Addendum to the PIA relating to the cessation of data collection as of December 1, 2013 Canadian Patient Experiences Survey: Preliminary PIA Patient-level physician billing data: New PIA Section 6: Privacy Audit Program CIHI s Privacy Audit program ensures that regular privacy audits are conducted within and outside the organization to monitor compliance with legislative and regulatory requirements, internal policies and procedures, and any other contractual obligations pertaining to privacy and security. The program is in line with the requirements of the Information and Privacy Commissioner of Ontario and is consistent with best practices. The program is risk-based and includes a multi-year plan. It consists of three types of reviews: program area audits, topic audits and external data recipient audits. Program area audits assess the program area s compliance with CIHI s privacy and security policies and privacy best practices. Topic audits may be narrower in scope than program area audits and focus on how a particular issue is managed across the organization. Program area audits and topic audits help CIHI identify any gaps or potential privacy and security vulnerabilities in its policies and practices. 8
9 External data recipient audits evaluate the use and management of CIHI s data and assess whether the recipient s activities comply with requirements set out in CIHI s Data Request Form and Non-Disclosure/Confidentiality Agreement. These audits demonstrate CIHI s diligence in evaluating all aspects of its Privacy program, including the obligations of external data recipients. Collectively, these audits serve a tremendous and inherent remedial and risk mitigation function by making recommendations to address any issues identified. In addition, CIHI incorporates lessons learned that result from findings of audits to support its priorities and strategic direction by identifying privacy and security best practices and strengthening policies, procedures and practices that could more adequately protect the personal health information of Canadians. Below are summaries of four audits approved in the Multi-Year Privacy Audit Plan: two carried over from and two from Identity Management Security Assessment ( ) CIHI conducted an assessment of its Identity Management System to determine whether its development (e.g., technologies) and deployment (e.g., people and processes) had been done in a privacy- and security-sensitive manner. The assessment resulted in eight recommendations, including a roadmap for implementation. Internal Data Access to Unencrypted (Original) HCNs by CIHI Staff ( ) CIHI undertook an audit of its staff s access to unencrypted (original) health card numbers (HCNs). The investigation revealed systemic problems in the data access process, supporting forms and software application. In the final report, five recommendations were made to address the identified gaps and to align processes with CIHI s Privacy Policy Procedures, 2010, including conducting staff awareness and education sessions. Identity Management Access Audit ( ) CIHI is currently conducting an access audit to assess compliance with the Identity Management System s standard operating procedures for authorization and authentication. This audit is in progress. Procurement of External Consulting Services ( ) CIHI undertook an audit to determine whether the process for procuring external consulting resources adheres to CIHI s privacy and security policies, procedures and standards. Recommendations were made, which are either already being put in place or will be implemented early in the next fiscal year. 9
10 Section 7: Privacy Breaches There were no major privacy breaches, as defined by CIHI s Privacy and Security Incident Management Protocol. Section 8: Renewal of CIHI s Prescribed Entity Status Under Ontario s Personal Health Information Protection Act, 2014 Every three years, the Information and Privacy Commissioner of Ontario (IPC/ON) is required to review the information practices of organizations designated as prescribed entities under Ontario s Personal Health Information Protection Act, 2004 (PHIPA). CIHI first received prescribed entity status in 2005, was subsequently renewed in 2008 and was again renewed in October A new process was implemented for the 2011 renewal in which the prescribed entities were required to perform a self-review and submit a detailed written report describing their privacy and security programs, with an affidavit sworn by their presidents and CEOs confirming the report and compliance with IPC/ON requirements. In preparation for renewal again in 2014, the prescribed entities were required to submit their reports to be reviewed by the IPC/ON in the fall of CIHI s report is currently under review, and we look forward to a renewal of our status in the fall of Conclusion The past year was busy and productive for the Privacy program at CIHI. In the year ahead, we look forward to having CIHI s prescribed entity status renewed and celebrating CIHI s 20th anniversary. 10
11 At the heart of data
Privacy and Security Framework, February 2010
Privacy and Security Framework, February 2010 Updated April 2014 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationOur Vision Better data. Better decisions. Healthier Canadians.
Population Risk Adjustment Grouping Project Privacy Impact Assessment, January 2015 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationPrivacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010
pic pic Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 Updated March 2013 Our Vision Better data. Better decisions. Healthier
More informationOur Vision Better data. Better decisions. Healthier Canadians.
Patient-Level Physician Billing Repository Privacy Impact Assessment, January 2015 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of
More informationNational System for Incident Reporting
National System for Incident Reporting Privacy Impact Assessment The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full
More informationOur Vision Better data. Better decisions. Healthier Canadians.
Canadian Multiple Sclerosis Monitoring System Privacy Impact Assessment, September 2013 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance
More informationpic Home Care Reporting System Privacy Impact Assessment
pic Home Care Reporting System Privacy Impact Assessment Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health system
More informationHEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS
HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS KEY HIA CONCEPTS AND PROVISIONS Q. What is the purpose of the legislation? To protect clients personal health information. To set rules on the collection,
More informationNational Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada
Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy
More informationCanadian Provincial and Territorial Early Hearing Detection and Intervention. (EHDI) Programs: PROGRESS REPORT
Canadian Provincial and Territorial Early Hearing Detection and Intervention (EHDI) Programs: PROGRESS REPORT www.sac-oac.ca www.canadianaudiology.ca 1 EHDI PROGRESS REPORT This progress report represents
More informationNursing Database Privacy Impact Assessment
pic pic Nursing Database Privacy Impact Assessment Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health
More informationYour Health System: Insight Privacy Impact Assessment (October 2015)
Your Health System: Insight Privacy Impact Assessment (October 2015) Table of contents 10 quick facts about Your Health System: Insight... 6 Definitions... 7 1 Introduction... 8 2 Background... 8 3 Description
More informationThe Regulation and Supply of Nurse Practitioners in Canada: Health Expenditure Estimates
The Regulation and Supply of Nurse Practitioners in Canada: Preliminary Technical Provincial Appendix and Territorial Government Health Expenditure Estimates 1974 1975 to 2004 2005 The Regulation and
More informationHospital Mental Health Database Privacy Impact Assessment
Hospital Mental Health Database Privacy Impact Assessment Standards and Data Submission Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information
More informationHospital Mbidity Databases - DAD, NACRS and E&A
Clinical Administrative Databases Privacy Impact Assessment, November 2012 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive
More informationPrimary Health Care Voluntary Reporting System Privacy Impact Assessment, January 2013
Primary Health Care Voluntary Reporting System Privacy Impact Assessment, January 2013 Factors Infl uencing Health Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the
More informationOur Employees. CIBC s vision, mission and values are at the centre of our commitment to create an environment where all of our employees can excel.
Our Employees CIBC s vision, mission and values are at the centre of our commitment to create an environment where all of our employees can excel. CIBC focuses on the things that matter to our employees
More informationBill C-27: First Nations Financial Transparency Act
Bill C-27: First Nations Financial Transparency Act Overview of Act Bill C-27: First Nations Financial Transparency Act was introduced in the House of Commons on November 23, 2011 and is identified as
More informationNurse Practitioners in Canada
Nurse Practitioners in Canada Prepared for the Health Care Co-operative Federation of Canada Biju Mathai, BSc Policy and Research Intern Canadian Co-operative Association March 20, 2012 Nurse Practitioners
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationBLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT
BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 1 of 29 TABLE OF CONTENTS BLUEPRINT FOR THE...4 Executive Summary...4 FEDERATION OF IDENTITY
More informationHelpful Tips. Privacy Breach Guidelines. September 2010
Helpful Tips Privacy Breach Guidelines September 2010 Office of the Saskatchewan Information and Privacy Commissioner 503 1801 Hamilton Street Regina, Saskatchewan S4P 4B4 Office of the Saskatchewan Information
More informationData Quality Documentation, Hospital Morbidity Database Multi-Year Information
pic pic pic Data Quality Documentation, Hospital Morbidity Database Multi-Year Information Types of Care Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development
More informationAN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown
AN INTRO TO Privacy Laws An introductory guide to Canadian Privacy Laws and how to be in compliance Laura Brown Air Interactive Media Senior DMS Advisor A Publication of 1 TABLE OF CONTENTS Introduction
More informationFREQUENTLY ASKED QUESTIONS MOBILITY
FREQUENTLY ASKED QUESTIONS MOBILITY These FAQs are intended to provide you with an overview to the provisions respecting mobility. The questions and answers are intended as a guide, only. Lawyers seeking
More informationFoundation Working Group
Foundation Working Group Proposed Recommendations on De-identifying Information for Disclosure to Third Parties The Foundation Working Group (FWG) engaged in discussions around protecting privacy while
More informationTitle Consultation Process to Determine Priority Information Needs for the Canadian Multiple Sclerosis Monitoring System
Title Consultation Process to Determine Priority Information Needs for the Canadian Multiple Sclerosis Monitoring System Subtitle Summary of Feedback From Participating CMSMS Advisory Committee Members
More informationOccupational Therapists in Canada, 2010 National and Jurisdictional Highlights and Profiles
Occupational Therapists in Canada, 2010 National and Jurisdictional Highlights and Profiles October 2011 Spending and Health Workforce Who We Are Established in 1994, CIHI is an independent, not-for-profit
More informationTaking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationElectronic Health Records
Electronic Health Records AN OVERVIEW OF FEDERAL AND PROVINCIAL AUDIT REPORTS APRIL 2010 Office of the Auditor General of Canada Bureau du vérificateur général du Canada PARTICIPATING LEGISLATIVE AUDIT
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationPrivacy Law in Canada
Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the
More informationSelected Annotated Bibliography Personal Health Information, Privacy and Access
A. National Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 canlii.org/en/ca/laws/stat/sc-2000-c-5/latest/sc-2000-c-5.html Privacy Act, R.S.C. 1985, c. P-21 canlii.org/en/ca/laws/stat/rsc-1985-c-p-21/latest/rsc-1985-c-p-21.html
More informationReport of the CMEC Quality Assurance Subcommittee
Report of the CMEC Quality Assurance Subcommittee 2007 2007 CMEC Jurisdictional Update on Activities Related to Quality Assurance Introduction In February 2007, ministers responsible for advanced education
More informationComments on Illegal Insider Trading in Canada: Recommendations on Prevention, Detection and Deterrence Report (the Insider Trading Report )
February 2, 2004 Delivered and Via E-Mail Alberta Securities Commission British Columbia Securities Commission Saskatchewan Financial Services Commission Manitoba Securities Commission Ontario Securities
More informationMULTILATERAL INSTRUMENT 33-107 PROFICIENCY REQUIREMENTS FOR REGISTRANTS HOLDING THEMSELVES OUT AS PROVIDING FINANCIAL PLANNING AND SIMILAR ADVICE
MULTILATERAL INSTRUMENT 33-107 PROFICIENCY REQUIREMENTS FOR REGISTRANTS HOLDING THEMSELVES OUT AS PROVIDING FINANCIAL PLANNING AND SIMILAR ADVICE PART 1 PROFICIENCY REQUIREMENTS 1.1 Proficiency Requirements
More informationPARTICIPATION AGREEMENT REGARDING THE IMPLEMENTATION OF A CANADA~WIDE INSURANCE OF PERSONS (LIFE AND HEALTH) QUALIFICATION PROGRAM
PARTICIPATION AGREEMENT REGARDING THE IMPLEMENTATION OF A CANADA~WIDE INSURANCE OF PERSONS (LIFE AND HEALTH) QUALIFICATION PROGRAM This agreement ("Participation Agreement" or "this Agreement") is made
More informationCitation: TD Asset Management Inc. et al, 2005 ABASC 436 Date: 20050429
Headnote Mutual Reliance Review System for Exemptive Relief Applications investment advisor registered as such under US securities laws but operating out of Alberta is exempt from the registration requirement
More informationJuly 25, 2014. Dear Sirs/Mesdames:
July 25, 2014 British Columbia Securities Commission Alberta Securities Commission Financial and Consumer Affairs Authority of Saskatchewan Manitoba Securities Commission Ontario Securities Commission
More informationHealth: Electronic Health Records
Performance Audits 2 Electronic Health Records Summary Nova Scotia is working towards the development of a provincial electronic health record system known as SHARE. The province is participating in and
More informationPROVINCIAL/TERRITORIAL COUNCIL Of MINISTERS OF SECURITIES REGULATION (Council) ANNUAL PROGRESS REPORT January 2013 to December 2013
PROVINCIAL/TERRITORIAL COUNCIL Of MINISTERS OF SECURITIES REGULATION (Council) ANNUAL PROGRESS REPORT January 2013 to December 2013 BACKGROUND Since its formation in 2004, the Provincial-Territorial Council
More informationInternet Connectivity Among Aboriginal Communities in Canada
Internet Connectivity Among Aboriginal Communities in Canada Since its inception the Internet has been the fastest growing and most convenient means to access timely information on just about everything.
More informationCloudy With a Chance Of Risk Management
Proudly presents Cloudy With a Chance Of Risk Management Toby Merrill, ACE USA John Mullen, Nelson Levine de Luca & Hamilton Shawn Melito, Immersion Ltd. Michael Trendler, ACE INA Canada What is Cloud
More informationCMHC Mortgage Loan Insurance Overview
CMHC Mortgage Loan Insurance view Mortgage loan insurance is typically required when homebuyers make a down payment of less than 2% of the purchase price. Mortgage loan insurance helps protect lenders
More informationThe Regulation and Supply of Nurse Practitioners in Canada. Preliminary Provincial and Territorial Government. Health Expenditure Estimates
The Regulation and Supply of Nurse Practitioners in Canada Preliminary Provincial and Territorial Government Health Expenditure Estimates 1974 1975 to 2004 2005 All rights reserved. Contents of this publication
More informationGuide to the National Safety and Quality Health Service Standards for health service organisation boards
Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian
More informationSCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
More informationAND IN THE MATTER OF THE MUTUAL RELIANCE REVIEW SYSTEM FOR EXEMPTIVE RELIEF APPLICATIONS AND IN THE MATTER OF TD ASSET MANAGEMENT INC.
July 28, 2005 IN THE MATTER OF THE SECURITIES LEGISLATION OF BRITISH COLUMBIA, ALBERTA, SASKATCHEWAN, MANITOBA, ONTARIO, QUEBEC, NEW BRUNSWICK, NOVA SCOTIA, PRINCE EDWARD ISLAND, NEWFOUNDLAND AND LABRADOR,
More informationPharmacist Workforce, 2012 Provincial/Territorial Highlights
pic pic Pharmacist Workforce, 2012 Provincial/Territorial Highlights Spending and Health Workforce Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and
More informationPrivacy and Security Incident Management Protocol
Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health information that enables sound policy and effective
More informationPrivacy Law in Canada
by PATRICIA WILSON & MICHAEL FEKETE Protection of personal information remains at the forefront of public policy debate in. Federal and provincial privacy legislation has a profound impact on the way virtually
More informationDoing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance
About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring
More informationHow the practice of medicine is regulated in Canada
Regulatory Bodies The federal government s authority over health care is limited to issues concerning spending, criminal law, patent regulation, aboriginal health services, and matters relating to the
More informationCloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
More informationAccess to Basic Banking Services
Access to Basic Banking Services Opening a personal deposit account and cashing Government of Canada cheques or other instruments In order to improve access to basic banking services, legislation requires
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationOctober 30, 2006. Mr. John Stevenson, Secretary Ontario Securities Commission 20 Queen Street West Suite 1903, Box 55 Toronto Ontario M5H 3S8
Ian C.W. Russell, FCSI President & Chief Executive Officer October 30, 2006 Mr. John Stevenson, Secretary Ontario Securities Commission 20 Queen Street West Suite 1903, Box 55 Toronto Ontario M5H 3S8 Dear
More information4.0 Health Expenditure in the Provinces and Territories
4.0 Health Expenditure in the Provinces and Territories Health expenditure per capita varies among provinces/territories because of different age distributions. xii Population density and geography also
More informationEmployment termination and group insurance coverage
HEALTH & DENTAL / DISABILITY, LIFE AND AD&D 14-11 Employment termination and group insurance coverage This GroupLine is a revised version of GroupLine 07-02. Previous versions also include 05-21, 02-11
More informationPOLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING
POLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING Know your rights A wide range of organizations are requiring employees and volunteers to provide police record checks. Privacy, human rights and employment
More informationOrganization of the health care system and the recent/evolving human resource agenda in Canada
Organization of the health care system and the recent/evolving human resource agenda in Canada 1. Organization - the structural provision of health care. Canada has a predominantly publicly financed health
More informationAccountable Privacy Management in BC s Public Sector
Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY
More informationCSA STAFF NOTICE 31-325 MARKETING PRACTICES OF PORTFOLIO MANAGERS
1.1.2 CSA Staff Notice 31-325 Marketing Practices of Portfolio Managers PURPOSE CSA STAFF NOTICE 31-325 MARKETING PRACTICES OF PORTFOLIO MANAGERS Staff in various provinces from the Canadian Securities
More informationMFDA STAFF NOTICE ELECTRONIC SIGNATURES
Contact: Paige Ward General Counsel and Vice-President, Policy Phone: (416) 943-5838 Email: pward@mfda.ca MSN-0016 January 23, 2003 MFDA STAFF NOTICE ELECTRONIC SIGNATURES MFDA Staff Notices are intended
More informationPrivacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act. Ann Cavoukian, Ph.D. Commissioner October 2005
Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act Ann Cavoukian, Ph.D. Commissioner October 2005 Information and Privacy Commissioner/Ontario Privacy Impact
More informationConsultation Paper for Civil Rule Reform
COURT OF APPEAL Consultation Paper for Civil Rule Reform 1. Introduction... 1 2. Reorganization of the Act and Rules... 2 3. Leave to Appeal... 2 4. Filings, Document Content and Deadlines... 3 5. Vexatious
More informationHealth and Safety - Are you in danger? Health and Safety Awareness. Why is health and safety awareness important?
Health and Safety - Are you in danger? This summer, thousands of students across Canada will become employed in small and medium businesses, and in institutions such as hospitals and schools. Some will
More informationAnalytical Bulletin Certified and Non-Certified Specialists: Understanding the Numbers
Analytical Bulletin Certified and Non-Certified Specialists: Understanding the Numbers CIHI Physician Databases 2004:2 Introduction Physician count information is available from a number of Canadian data
More informationInsights and Lessons Learned From the PHC VRS Prototype
Insights and Lessons Learned From the PHC VRS Prototype Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated
More informationEXAMINATION OF BRITISH COLUMBIA HEALTH AUTHORITY PRIVACY BREACH MANAGEMENT. Elizabeth Denham Information and Privacy Commissioner
EXAMINATION OF BRITISH COLUMBIA HEALTH AUTHORITY PRIVACY BREACH MANAGEMENT Elizabeth Denham Information and Privacy Commissioner September 30, 2015 Examination of British Columbia Health Authority Privacy
More information5. 16. Health Law in Canada. Constitutional Division of Power
Health Law in Canada Health care in Canada is a complex subject, some health care services are public, some are private and there are a number of different entities involved in regulating and providing
More informationGuidelines for Self-Employed Registered Nurses
Guidelines for Self-Employed Registered Nurses MISSION The Nurses Association of New Brunswick is a professional regulatory organization that exists to protect the public and to support nurses by promoting
More informationSCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION
More informationCANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper
CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section
More informationPIPEDA and Online Backup White Paper
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
More informationIncome tax rates for Canadian-controlled private corporations (CCPCs) 2012-2013
Income tax rates for Canadian-controlled private corporations (CCPCs) 2012-2013 Federal income tax rates for income earned by a CCPC 1 Small Active Income between $400,000 and General Active General corporate
More informationMemorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems. among:
March 19, 2014 Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems The Parties hereby agree as follows: among: Bank of Canada (the Bank ) Ontario Securities
More informationCLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com
More informationThe Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee
The Journey to Create Document Standards and Guidelines for Occupational Therapists Christine Fleming Legislation and Bylaws Committee Objectives To describe the process and tools used to create the document
More informationPositionStatement TELEHEALTH: THE ROLE OF THE NURSE CNA POSITION
PositionStatement TELEHEALTH: THE ROLE OF THE NURSE CNA POSITION Telehealth 1 is the use of information and communication technology to deliver health services, expertise and information over distance.
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
More informationNurses and Environmental Health: Survey Results
Nurses and Environmental Health: Survey Results BACKGROUND As part of its centennial project on environmental health, the Canadian Nurses Association (CNA) applied for and received funding from Health
More informationNCLEX-RN 2015: Canadian Results. Published by the Canadian Council of Registered Nurse Regulators (CCRNR)
NCLEX-RN 2015: Canadian Results Published by the Canadian Council of Registered Nurse Regulators (CCRNR) March 31, 2016 Contents Message from the president 3 Background on the NCLEX-RN 4 The role of Canada
More informationYou made record profits in 2012. How are you giving back to communities? 9,000+ donated to. United Way
COMMUNITY In this section Priorities, 2012 Performance highlights and 2013 Plans 95 Our approach: Donations and sponsorships 97 Donations at glance 98 Employee contributions 99 Impact 100 How we give 101
More informationProducts and Services Guide, 2015 2016
Products and Services Guide, 2015 2016 About CIHI Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health
More informationTaking care of what s important to you
National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles
More informationNational Rehabilitation Reporting System
National Rehabilitation Reporting System Privacy Impact Assessment The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full
More informationAPPLICATION FOR INSURANCE
APPLICATION FOR INSURANCE PROFESSIONAL LIABILITY INSURANCE FOR FINANCIAL AGENCIES & FIRMS THIS IS AN APPLICATION FOR A "CLAIMS MADE" POLICY (Words and expressions, other than in the headings, printed in
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationRegulated Nurses: Canadian Trends, 2007 to 2011
Spending and Health Workforce Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and integrated health information that
More informationINSTITUTE FOR SAFE MEDICATION PRACTICES CANADA
INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada
More informationBorden Ladner Gervais LLP Scotia Plaza, 40 King St W Toronto, ON, Canada M5H 3Y4 T 416.367.6000 F 416.367.6749 blg.com
Borden Ladner Gervais LLP Scotia Plaza, 40 King St W Toronto, ON, Canada M5H 3Y4 T 416.367.6000 F 416.367.6749 blg.com March 9, 2016 DELIVERED BY EMAIL British Columbia Securities Commission Alberta Securities
More informationBuilding a Strong Organization CORPORATE GOVERNANCE AND ORGANIZATIONAL STRUCTURE
chapter III Building a Strong Organization To remain a strong organization that is able to fulfil its mandate, CMHC draws on sound corporate governance, financial and risk management practices, progressive
More informationBest Practices for Protecting Individual Privacy in Conducting Survey Research
Best Practices for Protecting Individual Privacy in Conducting Survey Research CONTENTS Foreword... 1 Introduction... 2 Privacy Considerations at Each Stage of a Survey Research Project... 5 Stage 1: Issue
More informationRegulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))
Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose
More informationWelcome. Online Renewal Application Postgraduate Education
1 Welcome Online Renewal Application Postgraduate Education To complete your renewal application, you must: 1. Answer all questions in this online application form 2. Pay online (or by alternate method)
More informationMISSION VALUES. The guide has been printed by:
www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More information