Health Care Provider Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Health Care Provider Guide"

Transcription

1 Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4

2 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying or transmission electronically to any computer, without prior written consent of ehealth Ontario. The information contained in this document is proprietary to ehealth Ontario and may not be used or disclosed except as expressly authorized in writing by ehealth Ontario. Trademarks Other product names mentioned in this document may be trademarks or registered trademarks of their respective companies and are hereby acknowledged. ii Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

3 Document Control The electronic version of this document is recognized as the only valid version. Document ID 3598 Document Sensitivity Level Low Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. iii

4 Contents General Information 2 Purpose and Scope... 2 Audience... 2 Related Documents... 2 Glossary... 3 Service Description 4 Overview... 4 Benefits... 5 Benefits to You... 5 Benefits to Your Patients... 5 ehealth Ontario Responsibilities... 5 Diagnostic Imaging Information Publisher Responsibilities... 6 Diagnostic Imaging Information Consumer Responsibilities... 7 Privacy and Security Considerations 8 Patient Consent... 8 Background... 8 Overriding a consent directive... 8 Applying consent directives to Diagnostic Imaging data... 9 Access Requests... 9 Access requests made by patients for Diagnostic Imaging data... 9 Requests for audit logs... 9 Correction Requests...10 Privacy Complaints and Inquiries...10 Privacy Breach Management...10 Security Incident and Breach Management...11 Instructions for Health Care Providers...12 Instructions for Privacy Officers...12 Privacy-related questions from Health Care Provider sites...13 Summary of Security Safeguards in Place at ehealth Ontario 14 Administrative Safeguards...14 Technical Safeguards...15 Physical Safeguards...15 iv Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

5 General Information Purpose and Scope The Diagnostic Imaging Health Care Provider Guide describes the functions and associated benefits provided by ehealth Ontario Diagnostic Imaging Common Service application and the Privacy and Security Considerations, which health care providers and organizations that use the ehealth Ontario Diagnostic Imaging Common Service application must adhere to. Audience The primary audience for this document includes health care providers and organizations across the health care sector that use ehealth Ontario Diagnostic Imaging Common Service application to access Ontario patients DI Results. Related Documents The Diagnostic Imaging Service Guide should be read in conjunction with the following information found at ehealthontario.on.ca: ONE Portal Product Sheet ONE ID Registrant Reference Guide ehealth Ontario Personal Health Information Privacy Policy ehealth Ontario Privacy Complaints and Inquiries Procedure 2 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

6 Glossary Term CPS DI DI CS DI-r ENITS HN IHF LRA MRN ONE ID ONE Portal PACS RA SDM Definition Certification Practices Statement Diagnostic Imaging ehealth Ontario Diagnostic Imaging Common Service Regional diagnostic imaging repository Emergency Neuro Image Transfer System Health (Card) Number Independent Health Facility Local Registration Authority Medical Record Number. Patient identifier unique within an issuer site. Set of systems and processes for the assignment and management of electronic identities to allow secure access to ehealth services. ehealth Ontario Portal provides secure access to collaboration tools, content management and health care applications such as Diagnostic Imaging Common Service. Picture Archiving and Communications Systems Registration Authority Substitute Decision Maker Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 3

7 Service Description Overview Diagnostic Imaging (DI) Common Service is an initiative that supports the sharing and viewing of DI results across Ontario to all hospital and community-based health care providers anytime, anywhere. DI Common Service gives health care providers important information to make better decisions about a patient s treatment. Prior to DI Common Service, authorized health care providers could share images and reports securely with other providers only within their respective Diagnostic Imaging Repositories (DIrs). Now, with the first installment of DI Common Service, diagnostic reports can be shared across the entire province and future releases will enable sharing of diagnostic images and other types of DI information across Ontario. The diagnostic images and corresponding reports are stored in repositories from which they can be retrieved in digital format. This capability is providing physicians with faster access to information resulting in faster diagnosis. ehealth Ontario DI Program is committed to delivering health care providers in Ontario with secure electronic access to their patients comprehensive diagnostic images and reports from anywhere at any time, resulting in improved patient care. The program is achieving this through a number of initiatives in addition to the DI Common Service, which include hospital Diagnostic Imaging Repositories (DI-rs), integration of Independent Health Facilities (IHFs) and the Emergency Neuro Image Transfer System (ENITS). ehealth Ontario DI program is part of the agency s overall strategy to improve access to safe patient care. By putting in place a stable technical infrastructure, it guarantees that health care providers have access to vital clinical activity information when they need it. 4 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

8 Benefits Benefits to You Access to diagnostic reports across Ontario Faster and easier access to images 1 and reports 24/7 Remote access to diagnostic imaging reports for off-hours coverage Real-time clinical collaboration, increasing access to a broader range of specialists Benefits to Your Patients Eliminates unnecessary patient travel Reduces wait times and lengths of stay thanks to faster exam reports and clinical decisions by physicians and specialists Reduces duplicate and unnecessary exams Eliminates the need to physically transfer images or CDs to the specialist ehealth Ontario Responsibilities ehealth Ontario shall comply with the following obligations: Provide Diagnostic Imaging Common Service application functionalities as described below, for registered health care providers 24/7. 1 The initial release of Diagnostic Imaging Common Service will enable provincial sharing of diagnostic reports, while future releases will enable provincial sharing of diagnostic images and other types of DI information. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 5

9 Provide alternative ways to search for a patient of interest within the Diagnostic Imaging Community of the Electronic Health Record Enable access to the patient s diagnostic imaging reports 2 that have been submitted by health care providers to the regional Diagnostic Imaging Repositories. Do not provide access to diagnostic imaging information that has been restricted by one or more consent directives issued by the patient. Temporarily reinstate access to diagnostic imaging information restricted by consent directives when the health care provider indicates that the patient s or his/her substitute decision maker s approval has been obtained. Provide general support for the application during standard business hours as described in the Support section of this guide. Update the application to expand and enhance the functionalities provided. Create and maintain a certification practices statement (CPS) that describes the practices followed by ehealth Ontario certification authority when issuing public key infrastructure certificates and keys. Conduct privacy and security assessments to ensure that the collection, storage, use and disclosure of personal identity information related to registration comply with legislative and privacy protection requirements. Assist providers in meeting their legislative obligation on responding to individual s access and correction requests. Diagnostic Imaging Information Publisher Responsibilities Health care providers that publish diagnostic imaging information shall comply with the following obligations: 2 The initial release of Diagnostic Imaging Common Service will enable provincial sharing of diagnostic reports, while future releases will enable provincial sharing of diagnostic images and other types of DI information. 6 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

10 Provide timely, complete and accurate diagnostic imaging order information to the regional Diagnostic Imaging Repository. Provide all diagnostic imaging reports, complete and accurate information associated with each report, all report addendums and all report replacements to the regional Diagnostic Imaging Repository on a timely basis. Diagnostic Imaging Information Consumer Responsibilities Health care providers that use diagnostic imaging information shall comply with the following obligations: Register as user of a portal hosting the Electronic Health Record Diagnostic Imaging application. Enrol in the Electronic Health Record Diagnostic Imaging application to access diagnostic imaging information submitted to the Diagnostic Imaging Repositories across Ontario. Follow the requirements of the ehealth Ontario Identity Provider Standard. Agree to follow ehealth Ontario acceptable use policy available at Review the reference information listed above and learn how to protect privacy and security when using ehealth Ontario products. Use Diagnostic Imaging Common Service application s functionalities only for approved clinical purposes. Always indicate the person or the organization that the user represents when accessing diagnostic imaging information. Diagnostic Imaging Common Service application to locate the electronic health record for the patient under your care. Obtain the patient s or the substitute decision maker s consent prior requesting temporary reinstatement of consent to access diagnostic imaging information restricted by consent directives. Use Diagnostic Imaging Common Service application to display, print or save diagnostic imaging reports. When support is required, follow the troubleshooting process as described in the Support section below. Implement and assist users to follow privacy and security policies, where applicable. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 7

11 Privacy and Security Considerations Patient Consent Background As custodians of patient personal health information (PHI), health care providers working at sites have obligations under PHIPA and Ontario Regulation 329/04 (the regulation) for protection of PHI. Patient Consent Model DI Common Service data has a consent directive capability, which gives patients or their substitute decision maker (SDM) the option to restrict access to patient data in DI Common Service. A patient may restrict access to either: All of his/her diagnostic imaging results in DI Common Service (Domain consent directive); or A particular diagnostic imaging result.(hic Record consent directive) Not in Place in the first release In other words, if a patient restricts access to his/her results in DI Common Service, health care providers querying DI Common Service data will not be able to access any patient information that has been, or will be, submitted into DI Common Service. Overriding a consent directive In special cases (with consent from the patient or the patient s SDM) the patient directive restricting access to the test may temporarily be overridden by a provider. Health care providers may request to temporary override a consent directive applied to data when access has been granted directly by a patient or the patient s SDM (express consent). No health care provider using DI Common Service should override a consent directive applied to DI Common Service data without the patient s or SDM s express consent. Therefore, health care providers using DI Common Service are permitted to override consent directives applied to DI Common Service data only where permission to do so has been expressly authorized by the patient or the patient s SDM prior to performing the consent directive override. Overriding a patient s consent directive for DI Common Service data without express consent from the patient or the patient s SDM will constitute a breach of the EHR Access Services Schedule, and will be subject to the remedies available under the agreement. Temporary override will be logged in DI Common Service application interface, along with the identity of the overriding health care provider. 8 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

12 Applying consent directives to Diagnostic Imaging data If a patient contacts a health care provider and wishes to place a restriction on access to his/her information in DI Common Service, or wishes to reinstate access (remove the restriction), the HIC should Capture the patient and consent directive information on the DI CS Consent Form, and submit the patient and consent directive information to ehealth Ontario by faxing it to (416) or , In instances where a patient wants to issue consent directives on records contributed by more than one HIC, the provider can direct the individual to contact ehealth Ontario at to apply consent directives as per the consent management policy. Access Requests Access requests made by patients for Diagnostic Imaging data Under PHIPA, patients or their SDMs have a right to access the patient s data held by a HIC about the patient. Where provider receives a request for records collected, created and contributed by the provider to DI CS, the provider shall follow their Part V of PHIPA and its internal policies, procedures and practices to respond directly to the individual in respect of the Request for Access. In instances where request for access involve information contributed by another HIC or by multiple HICs, the provider shall Notify the individual that the Request for Access involves PHI not within the custody or control of the HIC that received the Request for Access; and Direct individual to contact ehealth Ontario at to make the Request for Access As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Requests for audit logs Where a provider receives a Request for Access directly from an individual related to the audit logs for records stored in DI CS the HIC shall Notify the individual that the HIC is unable to process the Request for Access; and Direct individual to contact ehealth Ontario at to make the Request for Access to logs Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 9

13 As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Correction Requests Where a HIC receives a Request for Correction directly from an individual related to records of PHI that were created and contributed to the DI CS solely by that HIC, the HIC shall follow Part V of PHIPA and its internal policies, procedures and practices to respond directly to the individual in respect of the Request for Correction. Where a HIC receives a Request for Correction directly from an individual related to records of PHI that were created and contributed to the DI CS solely by another HIC or by more than one HIC, the HIC that received the Request for Correction shall as soon as possible, but in any event no later than 2 days after receiving the Request for Correction: Notify the individual that the Request for Correction involves PHI not within the custody or control of the HIC that received the Request for Correction; and Direct individual to contact ehealth Ontario at to make the correction request As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Privacy Complaints and Inquiries Where a HIC directly receives an Inquiry/complaint related to DI CS and solely to the HIC and its agents and service providers, the HIC shall follow its own internal policies, procedures, and practices to address the Inquiry as per the DI CS Inquiries and Complaints policy. Where a HIC directly receives an Inquiry that it is unable to address and respond to related solely to DI CS or to the agents or Electronic Service Providers of ehealth Ontario, the HIC receiving the Inquiry as per the DI CS Inquiries and Complaints policy shall as soon as possible: Notify the person that the HIC is unable to respond to the Inquiry because DI CS is the subject of the Inquiry; and Direct individual to contact ehealth Ontario Privacy Office at (416) for complaints and inquiries. Privacy Breach Management The DI CS Privacy Breach Management policy describes detailed steps to be taken in the event of the privacy breach/incident. 10 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

14 A HIC shall report an actual or suspected Privacy Breach to ehealth Ontario by calling the 24/7 available Service Desk/ONE Support at as soon as possible, but in any event no later than the end of the next business day after the person at the HIC responsible for reporting actual or suspected Privacy Breaches to ehealth Ontario has become aware of an actual or suspected Privacy Breach caused or contributed to by: Another HIC or the agents or Electronic Service Providers of another HIC; More than one HIC or the agents or Electronic Service Providers of more than one HIC; ehealth Ontario or the agents or Electronic Service Providers of ehealth Ontario; or Any other unauthorized persons who are not agents or Electronic Service Providers of ehealth Ontario or any other HIC. In instances where breach is caused by HIC who solely created and contributed the data to DI CS, the HIC shall follow its internal policies, procedures, and practices to notify the individual(s) to whom the PHI relates at the first reasonable opportunity in accordance with PHIPA and to contain, investigate and remediate the Privacy Breach. In instances where breach is where the Privacy Breach was solely caused by a HIC that did not solely create and contribute the PHI to the DI CS, the HIC in consultation with other HICs (who contributed data) and ehealth Ontario identify the individual to investigate the breach. The specific roles for each party involved in the privacy breach are noted in the DI CS Privacy Brach Management policy. Security Incident and Breach Management This section includes instructions for providers at clinics and privacy officers at organizations to report to ehealth Ontario any security incidents or breaches (defined below) by you or your organization, including health care providers, agents, employees or service providers. A security incident is an unwanted or unexpected situation that results in: Failure to comply with the organization s security policies, procedures, practices or requirements. Unauthorized access, use or probing of information resources. Unauthorized disclosure, destruction, modification or withholding of information. A contravention of agreements with ehealth Ontario by your organization, users at your organization, or employees, agents or service providers of your organization. An attempted, suspected or actual security compromise. Waste, fraud, abuse, theft, loss of or damage to resources. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 11

15 Instructions for Health Care Providers If you become aware of, or suspect, a security incident or breach of the Diagnostic Imaging Common Service system or data by you or any of your employees, agents, or service providers, you must immediately report the incident or breach to your privacy office. If you do not have a privacy office, or you are unable to reach your privacy office or support team to report a breach, please contact the ehealth Ontario service desk at and advise the ehealth Ontario agent that you would like to open a security incident ticket. You are expected to cooperate in any incident or breach containment activities or with any investigation undertaken by ehealth Ontario. During the investigation by ehealth Ontario, you may be required to provide additional information which may include personal health information or personal information, in order to contain or resolve the incident or breach. Note: It is extremely important that you do not disclose any patient personal health information and/or personal information to the ehealth Ontario agent when initially reporting a security incident or breach. Instructions for Privacy Officers If you become aware of, or suspect, an incident or breach related to Diagnostic Imaging Common Service system or data by any of your organization s staff members, including employees, agents or service providers, you must immediately report the incident or breach to the ehealth Ontario service desk at and advise the ehealth Ontario agent that you would like to open a security incident ticket. Note: It is extremely important that you do not disclose any patient personal health information and/or personal information to the ehealth Ontario agent when initially reporting a privacy or security incident or breach. Further, you may not contact any patient or SDM directly, unless expressly instructed to do so in writing by ehealth Ontario. It is expected that you and the organization s staff members will cooperate with any investigations conducted by ehealth Ontario in respect of any privacy or security incidents or breaches related to Diagnostic Imaging Common Service data. When reporting a confirmed or suspected privacy or security incident, please have the following information ready: 1) If possible, a description of the situation and condition that led to the incident. 2) Who was involved (name and role)? 3) Where did the incident happen? 4) When and at what time was the incident noticed? 5) If possible, describe how the incident was detected. 6) If possible, provide information on the most likely cause for example: a) Human error b) Negligence c) Technical failure, caused by failure of an application or system to maintain privacy 12 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

16 d) Process failure, caused by not following a process e) Wilful wrongdoing f) Act of nature 7) Describe the type of PI/PHI involved in the incident. 8) If possible, list measures taken to contain the incident or breach or any risks that could eventually result in an incident or breach. 9) If possible, list any corrective measures taken or additional controls applied. 10) What services, if any, are impacted? 11) Are ehealth Ontario s services impacted or involved? Once a call has been logged with the ehealth Ontario service desk, the ehealth Ontario privacy and security teams will be engaged to deal with the situation. Privacy-related questions from Health Care Provider sites If a health care provider has any questions regarding the privacy-related processes described above, including how to respond to individual access requests, consent obligations or incident/breach management processes, please contact the ehealth Ontario privacy operations department, at or (416) Please ensure that you do not include any personal information or personal health information in any s to ehealth Ontario. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 13

17 Summary of Security Safeguards in Place at ehealth Ontario Administrative Safeguards ehealth Ontario has a Chief Privacy Officer and Chief Security Officer; these individuals are accountable for health information privacy and security All providers who use DI Common Services must sign a data access agreement with ehealth Ontario, which, among other things, spells out their responsibilities regarding privacy and security. ehealth Ontario requires its representatives to implement privacy and security safeguards, as appropriate to the service being provided. ehealth Ontario regularly reviews and enhances its privacy and security policies. Staff and contractors are required to read the relevant policies and acknowledge in writing that they have read and understood them. All staff and contractors must sign confidentiality agreements and undergo criminal background checks prior to joining or providing services to ehealth Ontario. ehealth Ontario has a security screening policy that requires staff to have an appropriate level of clearance for the sensitivity of the information they may access. ehealth Ontario staff and contractors generally have no ability or permission to access personal health information. If access to personal health information is required in the course of providing ehealth Ontario services, individuals are required to follow the access request process and are prohibited from using or disclosing such information for other purposes. ehealth Ontario ensures, through contracts, that any third party it retains to assist in providing services to health information custodians will comply with the restrictions and conditions necessary for ehealth Ontario to fulfill its legal responsibilities. ehealth Ontario has developed a full privacy and security incident management system. ehealth Ontario has mandatory privacy and security awareness and training programs for all staff and contractors. ehealth Ontario staff, contractors, suppliers and clients must promptly report any privacy and/or security breaches to ehealth Ontario for investigation. ehealth Ontario conducts privacy and security risk assessments for both product/service development and client deployments. Mitigation activities are well established and tracked as part of each assessment. 14 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.

18 ehealth Ontario provides a summary of the results of privacy and security risk assessments to the affected health information custodians. ehealth Ontario ensures all operational and systems changes follow the agency s change management procedures. Technical Safeguards Authorization and authentication (i.e. confirming who each user is, and what he/she is permitted to do) controls limit access to DI Common Services to only those individuals who require it to perform their job function. DI Common Services users are authenticated each time they access the system. Information about each data request is recorded in an audit trail maintained by DI Common Services, in compliance with PHIPA. Patients can expressly withhold or withdraw their consent to use or disclose information related to their diagnostic imaging information. The DI Common Services verifies all inbound messages to ensure that they are well formed. Personal health information is transmitted to and from DI Common Services securely using a mutually authenticated tunnel. Networks are protected by devices (firewalls and routers) which limit access to and from systems. The systems are kept up-to-date by installing software updates on a regular basis. Security agents are installed on each system to protect DI Common Services from malware and detect intrusions. ehealth Ontario s hosting environment provides continuous secure data backup and immediate failover capabilities for all system components. Physical Safeguards DI Common Services resides in a specially-built facility that is physically secured against unauthorized access. Biometrics, secure cabinets and access cards control physical access to facilities and equipment. The facilities are staffed and monitored continuously by security staff/employees. The facility is protected against environmental issues such as power outages and extreme weather. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 15

ehealth Ontario Ontario Lab Data and Your EMR

ehealth Ontario Ontario Lab Data and Your EMR ehealth Ontario Ontario Lab Data and Your EMR 2012 ehealth Ontario NOTICE AND DISCLAIMER All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in

More information

Privacy Incident and Breach Management Policy

Privacy Incident and Breach Management Policy Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

Electronic Health Record Privacy Policies

Electronic Health Record Privacy Policies Electronic Health Record Privacy Policies Table of Contents 1. Access and Correction Policy v1.1 2. Assurance Policy v1.1 3. Consent Management Policy v1.2 4. Inquiries and Complaints Policy v1.1 5. Logging

More information

Access & Correction Policy

Access & Correction Policy EHR Policies Table of Content 1. Access & Correction Policy.. 2 2. Assurance.. 14 3. Consent Management Policy.. 27 4. Inquiries and Complaints Policy.. 39 5. Logging and Auditing Policy... 51 6. Privacy

More information

Privacy Policy on the Responsibilities of Third Party Service Providers

Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014,

More information

Policy Reference Guide

Policy Reference Guide Policy Reference Guide Electronic Health Record (EHR) - connectinggta Version: 1.0 ehealth Ontario EHR Access and Correction Request for Service Form - cgta 1 Trademarks Other product names mentioned in

More information

Electronic Child Health Network - Ontario Laboratories Information System Limited Production Release. Delta Privacy Impact Assessment Summary

Electronic Child Health Network - Ontario Laboratories Information System Limited Production Release. Delta Privacy Impact Assessment Summary Electronic Child Health Network - Ontario Laboratories Information System Limited Production Release Delta Privacy Impact Assessment Summary Copyright Notice Copyright 2012, ehealth Ontario All rights

More information

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR

Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific

More information

Ontario Laboratories Information System Electronic Medical Records Initiative. Privacy Impact Assessment Summary

Ontario Laboratories Information System Electronic Medical Records Initiative. Privacy Impact Assessment Summary Ontario Laboratories Information System Electronic Medical Records Initiative Privacy Impact Assessment Summary Copyright Notice Copyright 2011, ehealth Ontario All rights reserved Trademarks No part of

More information

Personal Health Information Privacy Policy

Personal Health Information Privacy Policy Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

ehealth Ontario Site Support Guide

ehealth Ontario Site Support Guide ehealth Ontario Site Support Guide Version 5.2 Reference Guide This guide will assist sites accessing OLIS with information around processes and contacting ehealth Ontario for support. www.ehealthontario.on.ca

More information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing

More information

EHR Contributor Agreement

EHR Contributor Agreement This EHR Contributor Agreement (this Agreement ) is made effective (the Effective Date ) and sets out certain terms and conditions that apply to the sharing of Personal

More information

Access to Electronic Health Records Policy Franciscan Health System

Access to Electronic Health Records Policy Franciscan Health System Access to Electronic Health Records Policy Franciscan Health System PURPOSE: The purpose of the Access to Electronic Health Records Policy ( EHR Policy ) is to establish processes and procedures for permitting

More information

Ontario Laboratories Information System ConnectingGTA Integration. Delta Privacy Impact Assessment Summary

Ontario Laboratories Information System ConnectingGTA Integration. Delta Privacy Impact Assessment Summary Ontario Laboratories Information System ConnectingGTA Integration Delta Privacy Impact Assessment Summary Copyright Notice Copyright 2012, ehealth Ontario All rights reserved Trademarks No part of this

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

ONE Mail Direct. Privacy Impact Assessment Summary

ONE Mail Direct. Privacy Impact Assessment Summary ONE Mail Direct Privacy Impact Assessment Summary Copyright Notice Copyright 2010, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying or

More information

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD Quality Assurance Committee Approved by Council: February 11, 2014 Amended: September 20, 2014 *(formerly Guideline G-017) Note to readers: In the event of any inconsistency between this document and the

More information

Responsibilities of Custodians and Health Information Act Administration Checklist

Responsibilities of Custodians and Health Information Act Administration Checklist Responsibilities of Custodians and Administration Checklist APPENDIX 3 Responsibilities of Custodians in Administering the Each custodian under the Act must establish internal processes and procedures

More information

ehealth Ontario Site Support Guide

ehealth Ontario Site Support Guide ehealth Ontario Site Support Guide Version 8.0 Reference Guide This guide will assist the electronic Child Health Network with information around processes and contacting ehealth Ontario for support. www.ehealthontario.on.ca

More information

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the

More information

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health

More information

Mohawk DI-r: Privacy Breach Management Procedure Version 2.0. April 2011

Mohawk DI-r: Privacy Breach Management Procedure Version 2.0. April 2011 Mohawk DI-r: Privacy Breach Management Procedure Version 2.0 April 2011 Table of Contents 1 Purpose... 3 2 Terminology... 5 3 Identifying a Privacy Breach... 5 4 Monitoring for Privacy Breaches... 6 5

More information

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Exhibit 2. Business Associate Addendum

Exhibit 2. Business Associate Addendum Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

ONE Mail Service Availability and Support

ONE Mail Service Availability and Support ONE Mail Service Availability and Support Document Version: 0.01 Document ID: 4038 Copyright Notice Copyright 2015 ehealth Ontario All rights reserved No part of this document may be reproduced in any

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

Service Schedule for CLOUD SERVICES

Service Schedule for CLOUD SERVICES Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this

More information

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the

More information

Information Security Policy

Information Security Policy Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems

More information

Common Privacy Framework CCIM Assessment Projects

Common Privacy Framework CCIM Assessment Projects Common Privacy Framework CCIM Assessment Projects Acknowledgements This material, information and the idea contained herein are proprietary to Community Care Information Management (CCIM) and may not be

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Overview. Definition of a Standard. Purpose of the Privacy Standard

Overview. Definition of a Standard. Purpose of the Privacy Standard PURPOSE The Privacy Standard sets the foundation for all guidelines, policies and procedure within the toolkit. It is expected that this Privacy Standard will be used in its entirety and will not be rewritten

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada

More information

DATA SECURITY AGREEMENT. Addendum # to Contract #

DATA SECURITY AGREEMENT. Addendum # to Contract # DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the

More information

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT

ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS

More information

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013 Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Information and Privacy Commissioner / Ontario How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Ann Cavoukian, Ph.D. Commissioner

More information

Privacy Breach Protocol

Privacy Breach Protocol & Privacy Breach Protocol Guidelines for Government Organizations www.ipc.on.ca Table of Contents What is a privacy breach? 1 Guidelines on what government organizations should do 2 What happens when the

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

PRIVACY BREACH POLICY

PRIVACY BREACH POLICY Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

SCHEDULE C ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION

More information

STANDARDS OF PRACTICE (2013)

STANDARDS OF PRACTICE (2013) STANDARDS OF PRACTICE (2013) COLLEGE OF ALBERTA PSYCHOLOGISTS STANDARDS OF PRACTICE (2013) 1. INTRODUCTION The Health Professions Act (HPA) authorizes and requires the College of Alberta Psychologists

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

TORONTO CENTRAL LHIN COMMUNITY BUSINESS INTELLIGENCE PROJECT PRIVACY INCIDENT AND BREACH MANAGEMENT POLICY Policy No. 2

TORONTO CENTRAL LHIN COMMUNITY BUSINESS INTELLIGENCE PROJECT PRIVACY INCIDENT AND BREACH MANAGEMENT POLICY Policy No. 2 TORONTO CENTRAL LHIN COMMUNITY BUSINESS INTELLIGENCE PROJECT PRIVACY INCIDENT AND BREACH MANAGEMENT POLICY Policy No. 2 1.0 Purpose/Background The purpose of this policy is to establish the protocol to

More information

Information Technology Acceptable Use and Safeguards

Information Technology Acceptable Use and Safeguards Approved by: Information Technology Acceptable Use and Safeguards President and Chief Executive Officer Corporate Policy & Procedures Manual Number: X-50 Date Approved May 12, 2014 Next Review (3 years

More information

Patient Consent Form

Patient  Consent Form Patient Email Consent Form Email is a widely accepted form of communication. While it cannot replace personal encounters between you and your health care provider, email can be a convenient way to exchange

More information

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY School Board Policy 523.5 The School District of Black River Falls ( District ) is committed to compliance with the health information

More information

INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA

INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA Report of an investigation of a malicious software outbreak affecting health information August 19, 2011 Dr. Cathy MacLean Investigation Report H2011-IR-003

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

PACS JOINT SERVICES/ACCESS POLICY

PACS JOINT SERVICES/ACCESS POLICY PACS JOINT SERVICES/ACCESS POLICY 1. High Level Policy The identifiable Diagnostic Imaging Data stored in PACS constitutes personal health information and is subject to the provisions of The Health Information

More information

Access Control and Identity Management Policy for System Level Access

Access Control and Identity Management Policy for System Level Access Access Control and Identity Management Policy for System Level Access Version: 1.5 Document ID: 3535 Copyright Notice Copyright 2016, ehealth Ontario All rights reserved No part of this document may be

More information

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2.

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2. 1.2: DATA SHARING POLICY PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance 1.2.1 Introduction Consistent with its international counterparts, OBI recognizes

More information

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement

Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement Agreement Digital Testing System (Annex 4 to the RFP Digital Testing System) Annex 1 - Data Processing Agreement ANNEX 1 DATA PROCESSING AGREEMENT RELATING TO THE AGREEMENT DIGITAL TESTING SYSTEM BETWEEN

More information

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)

MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,

More information

HIPAA Business Associate Agreement For Collaborative Services

HIPAA Business Associate Agreement For Collaborative Services EXECUTION DRAFT HIPAA Business Associate Agreement For Collaborative Services This Business Associate Agreement ( Agreement ) is by and between the Camden Coalition of Healthcare Providers, Inc. (the Business

More information

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,

More information

List of Professional Practice Briefs

List of Professional Practice Briefs List of Professional Practice Briefs Checklist for HIM Readiness This PPB identifies 28 components to be considered in the transition of the paper based to EHR HIM Department from getting started to forms,

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

Online Banking Agreement and Disclosures

Online Banking Agreement and Disclosures Online Banking Agreement and Disclosures This agreement states the terms and conditions that apply to your use of Online Banking services offered by Eastman Credit Union. Please read this agreement carefully.

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...

More information

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)

HIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name) HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan

More information

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT BETWEEN: HER MAJESTY THE QUEEN IN RIGHT OF THE PROVINCE OF BRITISH COLUMBIA, represented by the Minister of Health ( the Ministry as the Province as applicable) at the following address: Assistant Deputy

More information

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

The Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3 Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use

More information

ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES

ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES ARKANSAS OFFICE OF HEALTH INFORMATION TECHNOLOGY (OHIT) PRIVACY POLICIES OHIT wishes to express its gratitude to Connecting for Health and the Markel Foundation for their work in developing the Common

More information

Provider secure web portal & Member Care Information portal Registration Form

Provider secure web portal & Member Care Information portal Registration Form Provider secure web portal & Member Care Information portal Registration Form Thank you for your interest in registering for the Aetna Better Health Provider Secure Web Portal and the Aetna Better Health

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria

Gatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

DISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004

DISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004 DISASTER RECOVERY INSTITUTE CANADA (DRIC) UPDATED APRIL 2004 This website privacy policy is intended to provide DRIC website visitors with information about how DRIC treats private and personal information

More information

Information Privacy and Security Program Title:

Information Privacy and Security Program Title: 1 Page: 1 of 7 I. PURPOSE: 1 The purpose of this standard is to provide direction for Tenet regarding auditing and monitoring requirements. Logging and auditing of actions within networks, systems, and

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

Closing or Moving a Physician Practice

Closing or Moving a Physician Practice Closing or Moving a Physician Practice Background The College of Physicians & Surgeons of Alberta (CPSA) provides Standards of Practice representing the minimum standards of professional behaviour and

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information