ADMINISTRATIVE MANUAL Policy and Procedure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ADMINISTRATIVE MANUAL Policy and Procedure"

Transcription

1 ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information, Capital Health recognizes the importance of privacy and the sensitivity of personal information and has a responsibility: 1.1. To protect the privacy of each individual whose personal information it holds; 1.2. To afford the individual an opportunity to access that personal information; 1.3. To use and share personal information effectively to support the provision of health care, research and planning. 2. The right of individuals to privacy and to control use of their personal information, within the limits of the law, is essential to client care and the service provider relationship. 3. SCOPE 3.1. This policy applies, along with other relevant Capital Health policies, to any access to personal information in the custody of Capital Health including, but not necessarily limited to: All programs and services of the Capital Health, and all employees of those programs and services; All medical, dental and scientific staff with privileges at Capital Health; Researchers, research assistants, fellowships and all other employees, learners and contractors conducting research on the premises of Capital Health or using personal health information related to individual of Capital Health that is collected or in the custody of Capital Health; All learners completing internships, practicums, or work terms at Capital Health; All volunteers of Capital Health including but not limited to all persons appointed or invited to fulfill advisory, consultation or decision-making roles on Capital Health committees, panels, etc All agents and contractors of the Capital Health;

2 Privacy Page 2 of All consultants hired or engaged by the Capital Health; The members of the Board of Directors of Capital Health and of Capital Health Community Health Boards. 4. Capital Health only collects personal information from and about an individual: 4.1. To provide care and treatment; 4.2. For any purposes associated with the administration and management of Capital Health; 4.3. To plan, administer and manage quality of care provided by Capital Health; 4.4. To meet any legislative and regulatory requirements (e.g. Vital Statistics); 4.5. To support and promote research and education. 5. COMPLIANCE 5.1. Any breach of this Policy may result in significant disciplinary action up to and including termination or revocation of privileges, and termination of access to information Personal information may only be used as permitted by Capital Health and under the same legislation legal limitations that apply to Capital Health The Capital Health Privacy Officer is to be notified at the first reasonable opportunity if personal information is lost, stolen or accessed without authorization. DEFINITIONS Personal Information: Information in any form, including personal health information, that identifies an individual or could enable the individual to be identified, including but not necessarily limited to information about an individual, including: The individual s name, address or telephone number; The individual s race, national or ethnic origin, colour, or religious or political beliefs or associations The individual s age, sex, sexual orientation, marital status or family status; An identifying number, symbol or other particular assigned to the individual; The individual s fingerprints, blood type or inheritable characteristics; Information about the individual s physical or mental health which may include family history as reflected in the individual s health record; Information about the individual s educational, financial, criminal or employment history; Anyone else s opinions about the individual; and The individual s personal views or opinions, except if they are about someone else and the person who generated the opinion did so in the course of employment with Capital Health.

3 Privacy Confidentiality Security Privacy Page 3 of 7 Includes an individual s right to determine when, how, and to what extent they share information about themselves with others. The right of privacy and consent are essential to the trust of the client care or service provider relationship. Means the obligation of an individual, organization or custodian to protect the information entrusted to it and not misuse or wrongfully disclose it. [Source: Preliminary Draft of the Pan-Canadian Health Information Privacy and Confidentiality Framework]. Includes the measures taken to protect personal health information from unauthorized or unintentional loss, theft, access, use, modification or disclosure. GUIDING PRINCIPLES 1. This Privacy Policy outlines how Capital Health manages personal information and safeguards privacy. 2. Management and protection of health information at Capital Health is governed by the Hospitals Act, Section 71, all other personal information is governed by the Freedom of Information and Protection of Privacy Act (the FOIPOP Act). The Personal Information International Disclosure Protection Act (PIIDPA) governs the access, storage, disclosure and transportation of personal information outside of Canada. Capital District Health Authority is responsible to comply with this and any other relevant legislation PROCEDURE 1. Accountability for Personal Information 1.1. All Capital District Health Authority staff and individuals outlined in the policy Scope are accountable to protect the privacy of personal information under the control of Capital District Health Authority The Chief Executive Officer of Capital Health delegates responsibility for the management of privacy issues to the Privacy Officer including, but not limited to: Privacy policy and guideline development; Privacy education and training; Privacy inquires and complaints; 1.3. The Privacy Officer, on an on-going basis, monitors the Privacy policy and makes recommendations related to the protection of personal information. 2. Identifying Purposes for the Collection of Personal Information 2.1. All persons collecting personal information on behalf of Capital Health explains, to the extent necessary and as requested by the individual, the purpose for which the information is being collected or direct the individual to a person who can provide that information Explain verbally or by using an admission or appointment form, poster or brochure Capital Health makes available to individuals written information on the general uses and disclosures of personal information.

4 Privacy Page 4 of This information may be contained in posters, brochures or forms available to all individuals and should make reference to administration of health care services, research and statistics, legal and regulatory requirements, and education of health care providers At the request of the individual, Capital Health provides as much information as is available on the specific uses and disclosures of their personal information. 3. Limiting Collection of Personal Information 3.1. Capital Health: limits the collection of personal information to that which is necessary to fulfill the purposes identified collects the information by fair and lawful means. 4. CONSENT for the Use and Disclosure of Personal Health Information As per Section 71 of the Hospitals Act, individual consent is not required for the use or disclosure of personal health information for care and treatment of the individual if the use or disclosure is by a person on staff at the hospital, or by the qualified medical practitioner of the person concerned designated by the person as his physician. Consent to use and disclose personal health information is not required for the following purposes: Payment by the individual for any non-insured hospital services; Administration and management of Capital Health (e.g. wait list management); Compliance with any legislative/legal and regulatory requirements (e.g. providing birth and death information to NS Vital Statistics; compliance with Ministerial Authorizations compliance with a valid search warrant or subpoena) Ensure that the individual knows of and consents to the use and disclosure of the individual s personal information for all purposes, except as required or authorized by law. (See Capital Health s Release of Information from the Health Record, CH , for further information.) Note: Disclosures required by law include but are not necessarily limited to communicable diseases, child and adult protection matters and compliance with court orders. Disclosures authorized by law include disclosures pursuant to a Ministerial Authorization. As per Section 71(5) (e) of the Hospitals Act, the Minister of Health may authorize access to individuals records without the individuals consent. Only the information specified in the Ministerial Authorization may be provided to the individuals named in the Authorization. 5. Limiting Use and Disclosure and Retention of Personal Information 5.1. Capital Health limits the use and disclosure of personal information to the identified purposes, except with the consent of the individual or as required or authorized by law. (Refer to Capital Health s Interacting With Law Enforcement Agencies CH and Capital Health Release of Information from the Health Record CH )

5 Privacy Page 5 of If a person or agent is in doubt as to whether or not to disclose personal information, consult with the immediate supervisor, and/or contact the Privacy Officer Retain individual records as per the Capital Health s record retention schedule. (Refer to Capital Health Retention of Records CH ) 5.4. Prior to the use of personal information in the course of research, obtain approval, in advance, by the Capital Health Ethics Review Board and in accordance Capital Health Research Ethics policies and Capital Health Release of Information from the Health Record Policy. 6. Accuracy of Personal Information 6.1. Ensure that personal information is as accurate, complete, and up-to-date as is necessary for the purpose of which it is to be used As per Section 25 of the FOIPOP Act, an individual who believes there is an error or omission in his/her personal information may make a request to Capital Health to correct the information Direct requests for changes of personal information in writing to the Privacy Officer Direct any concerns with regards to the individual s ability to place their request in writing to the Privacy Officer as well Capital Health is not required to correct the information if the Privacy Officer determines that a correction is not appropriate. Include the request for correction with the individual s record. 7. Safeguards for Personal Health Information 7.1. Capital Health protects personal information in its custody or control regardless of the format in which it is held The nature of safeguards varies depending on the sensitivity of the information These security safeguards are in keeping with industry standards and are designed to protect personal information against loss or theft as well as unauthorized access, disclosure, copying, use or modification The safeguards include, but are not limited to, the following: Appropriate storage of hospital records in secure cabinets and/or rooms; Password protection and restricted access for any information held electronically; Appropriate location of personal information, including placement of terminal screens, printers and paper records; Access to personal information permitted on a need-to-know basis; that is, if the information is required for an authorized person to perform his/her functions within Capital Health; Confidentiality Agreements for all employees and any other persons who may access personal information; and Technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access.

6 Privacy Page 6 of Capital Health provides all new staff and volunteers with appropriate training on the importance of maintaining the privacy and confidentiality of personal information. This may include: staff training orientation information signing and discussion of Capital Health s Confidentiality Agreement at time of hire or placement periodic re-signing of the Confidentiality Agreement. 8. Openness about Personal Information Policies and Practices 8.1. Capital Health provides copies of its Privacy Policy and associated policies/guidelines to any person who requests them Information made available includes: The name or title, and the contact information of the Privacy Officer; The process of gaining access to personal information held by Capital Health; A copy of the Privacy Policy and/or brochures or other information explaining the Privacy Policy. 9. Individual Access to One s Own Personal Information 9.1. Any individual can request a copy or to view his/her own personal information As per Section 71 of the Hospitals Act, if requested, any individual may receive or view personal health information (see Capital Health s Release of Information from the Health Record, #CH , for further information.) Advise the individual that fees for access may be charged as per the Hospitals Act Fees Regulations Any individual may receive personal information held by Capital Health by making an application to the Privacy Officer under the Nova Scotia Freedom of Information & Protection of Privacy Act If unable to provide access to all of the information held about an individual, explain the reason for denying the access. Note: Exceptions to the access requirement will be limited and specific and may include information that cannot be disclosed for legal, security, or commercial proprietary reasons, information that is deemed to be a physician s private office record, and information that is subject to solicitor-client privilege or other litigation purposes. 10. Challenging Compliance with the Privacy Policy The individual may challenge Capital Health s compliance with the principles set out in this Policy by submitting their concerns in writing to the Privacy Officer: Privacy Officer Capital District Health Authority Phone: Capital Health s Privacy Officer oversees the procedures taken to receive and respond to complaints or inquires about its handling of personal health information.

7 Privacy Page 7 of Capital Health investigates all complaints and takes appropriate measures to ensure compliance with this Policy. RELATED CDHA DOCUMENTS: Policies Release of Information from the Health Record CH Retention of Records CH Release of Information Restriction-Verbal (Communications Blackout) CH Release of Information: Fee Schedule CH Restricted Areas, Access to CH Interacting with Law Enforcement Agencies CH Web Policy - Internet and Intranet CH Computer end-user acceptable use CH Electronic Service CH Virtual Private Network CH Remote Access CH Password CH Internet Access/Use CH Information Technology Audit Ch Departmental and Enterprise Applications CH REFERENCES Nova Scotia Department of Health: Best Practices Privacy Committee The Ottawa Hospital Privacy Policy Nova Scotia Freedom of Information & Protection of Privacy Act Nova Scotia Hospitals Act Personal Information International Disclosure Protection Act (PIIDPA) Timmins and District Privacy Policy Vancouver Island Health Authority Privacy Policy The Hospital for Sick Children, Privacy of Personal Information University Health Network Privacy Policy CAN/CSA-Q Model Code for the Protection of Personal Information, CSA * * *

PRIVACY BREACH MANAGEMENT POLICY

PRIVACY BREACH MANAGEMENT POLICY PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department

More information

Public School Network Access and Use Policy

Public School Network Access and Use Policy Public School Network Access and Use Policy Nova Scotia Department of Education October 7, 2011 1 Public School Network Access and Use Policy Nova Scotia Department of Education October 7, 2011 This policy

More information

Guide to Identifying Personal Information Banks

Guide to Identifying Personal Information Banks Guide to Identifying Personal Information Banks Revised April 2004 ISBN 0-7785-2089-7 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155-102 Street Edmonton, Alberta, Canada T5J 4L4 Office

More information

4.7 Website Privacy Policy

4.7 Website Privacy Policy Policy Statement The is committed to ensuring that its departments, offices, agencies, boards, and commissions adhere to the privacy protection provisions of the Freedom of Information and Protection of

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,

More information

Information Management and Protection Policy

Information Management and Protection Policy Document Title: Information Management and Protection Policy Document Type: Policy No. Of Pages (11) Scope: Government of Newfoundland and Labrador and Public Bodies supported by the Office of the Chief

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

Privacy Policy on the Responsibilities of Third Party Service Providers

Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014,

More information

COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT

COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT The Personal Health Information Act, S.N.S. 2010, c.41 (referred to as PHIA or the Act ) was passed by the Nova Scotia government on December 10, 2010.

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing

More information

The Northern Lakes CMH Recipient Rights Officer is designated as the Substance Abuse Program Recipient Rights Advisor.

The Northern Lakes CMH Recipient Rights Officer is designated as the Substance Abuse Program Recipient Rights Advisor. Page 1 of 5 Title Northern Lakes CMH Policies Part 106 Supports and Services NLCMH Provided and Contract Subpart I Substance Abuse Services Policy No. 106.901 Subject Rights of Substance Abuse Applicability

More information

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001 NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates

More information

Privacy Incident and Breach Management Policy

Privacy Incident and Breach Management Policy Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health

More information

Protection for Persons in Care Act

Protection for Persons in Care Act DEPARTMENT OF COMMUNITY SERVICES Protection for Persons in Care Act Policy Manual 8/16/2013 Table of Contents Terms Used in this Manual Section 1: Introduction and Authority 2 4 Policy 1.1: Authorization

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...

More information

COLLECTION, USE AND DISCLOSURE

COLLECTION, USE AND DISCLOSURE COLLECTION, USE AND DISCLOSURE The full title of the Personal Health Information Act is An Act Respecting the Collection, Use, Disclosure and Retention of Personal Health Information. The title underscores

More information

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL] [Insert Date of Policy] PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS of [ABC SCHOOL] Address Independent schools in British Columbia are invited to adopt or adapt some or all of this

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014 This Notice sets forth the principles followed by United Technologies Corporation and its operating companies, subsidiaries, divisions

More information

SECTION ti -LIABILITY, INSURANCE AND RISK MANAGEMENT

SECTION ti -LIABILITY, INSURANCE AND RISK MANAGEMENT SECTION ti -LIABILITY, INSURANCE AND RISK MANAGEMENT 12A. Insurance &Liability Coverage Good Earth Charter School will obtain all necessary insurance either through a broker or through direct placement

More information

ALL PARENTS HAVE THE FOLLOWING RIGHTS: THE RIGHT TO A FREE PUBLIC SCHOOL EDUCATION.

ALL PARENTS HAVE THE FOLLOWING RIGHTS: THE RIGHT TO A FREE PUBLIC SCHOOL EDUCATION. Martine Guerrier Chief Family Engagement Officer askmartine@schools.nyc.gov Each child s maximum potential can best be achieved through an active engagement between parents 1 and the education community.

More information

Policy on the Security of Informational Assets

Policy on the Security of Informational Assets Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information Personal Information Protection Act Information Sheet 5 Introduction The Personal Information Protection Act (PIPA) governs the collection, use, disclosure, retention and protection of personal information

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

PHIA GENERAL INFORMATION

PHIA GENERAL INFORMATION To: From: Researchers Legal Services and Research Services Date: May 21, 2013 Subject: Research and the New Personal Health Information Act On June 1, 2013, the Personal Health Information Act ( PHIA )

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

Personal Information Protection Policy for Small and Medium-Size Businesses

Personal Information Protection Policy for Small and Medium-Size Businesses Personal Information Protection Policy for Small and Medium-Size Businesses Why does a small business need a policy? Alberta s Personal Information Protection Act, which came into force on January 1, 2004,

More information

Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE

Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Drug Abuse Prevention, Treatment, and Rehabilitation ACT THE CENTER FOR HEALTH CARE SERVICES 3031 IH

More information

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed

More information

PRIVACY BREACH! WHAT NEXT?

PRIVACY BREACH! WHAT NEXT? PRIVACY BREACH! WHAT NEXT? A four step plan to help you in the event of a privacy breach or possible breach situation A privacy breach is an incident involving the unauthorized disclosure of personal information

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

Information Security Policy

Information Security Policy Information Security Policy Policy Title Responsible Executive Responsible Office Information Security Policy Vice President for Information Technology and CIO, Jay Dominick Office of Information Technology,

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Departmental Directive on the Management of Information in the Student Record and Other Records Pertaining to Students

Departmental Directive on the Management of Information in the Student Record and Other Records Pertaining to Students Departmental Directive on the Management of Information in the Student Record and Other Records Pertaining to Students 1998 Minister's Message The development of this Directive coincides with the requirement

More information

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM PINAL COUNTY POLICY AND PROCEDURE 2.50 Subject: ELECTRONIC MAIL AND SCHEDULING SYSTEM Date: November 18, 2009 Pages: 1 of 5 Replaces Policy Dated: April 10, 2007 PURPOSE: The purpose of this policy is

More information

PRIVACY BREACH POLICY

PRIVACY BREACH POLICY Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

The Health Information Protection Act

The Health Information Protection Act 1 The Health Information Protection Act being Chapter H-0.021* of the Statutes of Saskatchewan, 1999 (effective September 1, 2003, except for subsections 17(1), 18(2) and (4) and section 69) as amended

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES Effective Date of Notice: October 1, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND

More information

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s): Title: Category: Administration Information Management Policy No.: B5010 Replaces: B5010 Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s): Approval: (President

More information

Boys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology

Boys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) General Education Presented by: Bureau of Personnel Department of Health Department of Human Services Department of Social Services Bureau of

More information

UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by:

UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE. No: Supersedes Date: Distribution: Issued by: UNIVERSITY PHYSICIANS OF BROOKLYN, INC. POLICY AND PROCEDURE Subject: MENTAL HEALTH INFORMATION Page 1 of 6 No: Prepared by: Shoshana Milstein Original Issue Date: NEW Reviewed by: HIPAA Policy & Procedure

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

1. Each employee is responsible for managing college records in a responsible and professional manner.

1. Each employee is responsible for managing college records in a responsible and professional manner. Policy O-6.2 Approved By: College Executive Team Approval Date: February 26, 2003 Amendment Date: November 25, 2009 Policy Holder: VP Administration & CFO Purpose / Rationale RECORD MANAGEMENT The purpose

More information

College of DuPage Information Technology. Information Security Plan

College of DuPage Information Technology. Information Security Plan College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data

More information

Personal Health Information Privacy Policy

Personal Health Information Privacy Policy Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1

More information

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity Career Connection, Inc. Data Privacy Objectives This course is intended for CCI employees. The course gives guidance on data privacy concepts and describes how data privacy is relevant when delivering

More information

Kingsway Financial Services Inc. Privacy Policy

Kingsway Financial Services Inc. Privacy Policy Kingsway Financial Services Inc. Privacy Policy Table of Contents Notice... i 1. Introduction... 1 2. Responsibility... 1 3. Personal Information... 2 4. Why Kingsway Collects & Discloses Personal Information...

More information

Protection of Privacy

Protection of Privacy Protection of Privacy Privacy Breach Protocol March 2015 TABLE OF CONTENTS 1. Introduction... 3 2. Privacy Breach Defined... 3 3. Responding to a Privacy Breach... 3 Step 1: Contain the Breach... 3 Step

More information

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board Date: August 29, 2012 File No.: 2008/101 SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003 Saskatchewan Workers Compensation Board Summary: The Commissioner

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions

Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions Are landlords in Alberta bound by privacy law? Yes. The Personal Information Protection Act (PIPA)

More information

Nova Scotia Guidelines for School Counselling Records and Standards of Practice (Draft) Department of Education and Early Childhood Development

Nova Scotia Guidelines for School Counselling Records and Standards of Practice (Draft) Department of Education and Early Childhood Development Nova Scotia Guidelines for School Counselling Records and Standards of Practice (Draft) Department of Education and Early Childhood Development 2013 Contents Introduction... 2 Definitions... 3 Referral

More information

9/11 Heroes Stamp Act of 2001 File System

9/11 Heroes Stamp Act of 2001 File System for the 9/11 Heroes Stamp Act of 2001 File System Contact Point Elizabeth Edge US Fire Administration Federal Emergency Management Agency (202) 646-3675 Reviewing Official Nuala O Connor Kelly Chief Privacy

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

CITY UNIVERSITY OF HONG KONG

CITY UNIVERSITY OF HONG KONG PUBLIC Version: 1.1 CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer in September 2015) PUBLIC

More information

JOB APPLICANT PRIVACY NOTICE

JOB APPLICANT PRIVACY NOTICE JOB APPLICANT PRIVACY NOTICE Table of Contents 1. Purpose... 3 2. What Personal Information ADM Collects... 3 3. How ADM Uses Your Personal Information... 4 4. How ADM Protects Your Personal Information...

More information

Hulse/QM Healthcare Advocacy Program Notice of Privacy Practices

Hulse/QM Healthcare Advocacy Program Notice of Privacy Practices Hulse/QM Healthcare Advocacy Program Notice of Privacy Practices THIS NOTICE DESCRIBES HOW PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices HIPAA Notice of Privacy Practices Date of Last Revision: 09/20/2013 Effective Date: Immediately THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

Disclosure is the action of making new or secret information known.

Disclosure is the action of making new or secret information known. /PURPOSE OF POLICY Pty Limited (Momentum) is required and committed to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1998 (Cth) (Privacy Act). The APPs regulate the manner in

More information

Information Handling Policy

Information Handling Policy Information Handling Policy 10 December 2015 Information Handling Policy 1. Who We Are 1.1 In this Information Handling Policy, references to we, our, us and ClearView are to ClearView Wealth Limited and

More information

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Privacy Policy Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Revised Date: 11/01/2008 26/08/2011 19/03/2013 14/02/2014 Review Date: 14/02/2016 PLEASE NOTE: Version control for this document

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices Pueblo Radiology Medical Group, Inc. Pueblo Radiology Associates, Inc. Central Coast Radiology Associates, Inc. Santa Barbara Women s Imaging Center Effective Date: September

More information

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment

More information

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

SCHEDULE C ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION

More information

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Greater Dallas Orthopaedics, PLLC. Notice of Privacy Practices

Greater Dallas Orthopaedics, PLLC. Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. Uses and Disclosures

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws Overview of Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws College of Registered Nurses of British Columbia 2855 Arbutus Street Vancouver, BC Canada V6J 3Y8

More information

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion

Privacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board

More information

Information with a person who is involved in your medical care or payment for your care, such as your family or a

Information with a person who is involved in your medical care or payment for your care, such as your family or a Notice of Privacy Practices Effective Date: September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

HIPAA Privacy Policy & Notice of Privacy Practices

HIPAA Privacy Policy & Notice of Privacy Practices HIPAA Privacy Policy & Notice of Privacy Practices 1. PURPOSE 1 The purpose of this policy is to comply with patient personal health information security rights and privacy regulations as outlined in the

More information

Clevertar Privacy Policy

Clevertar Privacy Policy Clevertar Privacy Policy At Clevertar, we take privacy very seriously. We encourage you to read this Privacy Policy Policy carefully. The defined terms in this Policy have the same meaning as in our Terms

More information

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

Privacy and Management of Health Information: Standards for CARNA s Regulated Members Privacy and Management of Health Information: Standards for CARNA s Regulated Members September 2011 Permission to reproduce this document is granted; please recognize CARNA. College and Association of

More information

Policy & Procedure. This policy applies to all records in the custody and control of SMGH.

Policy & Procedure. This policy applies to all records in the custody and control of SMGH. Policy & Procedure Subject: Management of Records 1) Purpose: The purpose of this policy is to establish a corporate record management plan, including the development of a directory of records and a personal

More information