The Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Journey to Create Document Standards and Guidelines for Occupational Therapists. Christine Fleming Legislation and Bylaws Committee"

Transcription

1 The Journey to Create Document Standards and Guidelines for Occupational Therapists Christine Fleming Legislation and Bylaws Committee

2 Objectives To describe the process and tools used to create the document Explore the current issues with the document for occupational therapists working in the education system

3

4 Background & Process for Documentation Guidelines Started development in March 2011 Environmental scan across Canada Reviewed and modified Guidelines from the College of Occupational Therapists of Manitoba Stakeholder meetings with OTs in December 2011

5 Process Summer 2012: Meeting with a Ministry of Health representative, Health Information Policy division Fall 2012: Pro-bono law students from the University of Saskatchewan took on the project Researching 3 separate areas: Records Management Law, Cessation of Practice, and Electronic Documentation and Non-Health Organizations.

6 Process Student work finished in April 2013 SSOT Legislation and Bylaws committee completed final edits to the paper based on student recommendations Document was presented to SSOT membership December 2013 and revised May 2014 (typos!)

7 Introduction to the Document Client records serve a variety of purposes Contributing to continuity and adequacy of care. Facilitating communication between others. Creating an historical document for the client and the professional. Providing a means of quality review. Value of a record depends upon it being meaningful, accurate, timely and clear.

8 Introduction to the Document Contemplation of certain privacy laws Legislation current to March 2013 The Health Information Protection Act (HIPA) The Personal Information Protection and Electronic Documents Act (PIPEDA).

9 Acknowledgements Based upon a model used by the College of Occupational Therapists of Manitoba. Prepared with the assistance from students from the University of Saskatchewan College of Law Does not constitute legal advice

10 Key Definitions Record: a record means information generated by the OT, pertaining to services provided by the OT Includes: assessments and evaluations, therapy goals, progress towards goals, attendance and remuneration records May also include items not generated by the OT: a referral, correspondence, and reports prepared by others

11 Definitions Continued Personal health information (PHI): means information with respect to the physical or mental health of an individual, or pertaining to services provided, or any information that is collected in the course of providing health services to an individual.

12 Definitions Continued Trustee: An individual or an organization that has custody or control of personal health information Designated trustee: an eligible trustee who is willing to take on the responsibility for care and security of the personal health information of another trustee, in case of cessation of practice.

13 Definitions Continued Health Information Protection Act (HIPA): Saskatchewan legislation which deals with the privacy of individuals and the duty of trustees in the collection, use, disclosure, security, retention and destruction of health information. Personal Information Protection and Electronic Documents Act (PIPEDA): Canadian legislation which governs the collection, use and disclosure of personal information with a specific focus on electronic communications.

14 Reflects Essential Competencies required by OTs Unit 5. Communications & Collaborates Effectively 5.2: Communicates using a timely and effective approach 5.3: Maintains confidentiality and security in the sharing, transmission, storage and management of information

15 5 General Principles 1. Accountability 2. Client care records 3. General security 4. General access 5. Implementation

16 Collection Client consent Record essentials Third party information Approved care protocols Progress notes Required copies Miscellaneous items

17 Use General limitation of use Identification Record entry requirements Signature requirements Revisions to record entry Drafts and raw data

18 Disclosure General limitations of disclosure Sharing of client care records Vendors / funding organizations Other health care practitioners Reasonable steps taken Disclosing client care records May disclose without consent: Legal proceedings SGI

19 Access General client access Request handled in 30 days or less General office access Need to know Access to physical files Locked Need to know Access to computer files password Breach response plan Follow organization policy SSOT and Privacy Commissioner for guidance

20 Retention General accountability Protect from loss, theft, destruction Duration of retention, minimum 3 years from conclusion of client treatment 3 years after client reaches age of majority

21 Electronic Data Storage and Transmission Electronic record keeping Maintain audit trail Electronic transmission of records, personal information Safe guards for electronic retention Firewall Secure wireless network, encrypted transmissions Back up

22 Destruction of Documents General guidelines Hard drives fully destroyed Physical files shredded Third Party destruction Signed agreement outlining standards to comply with HIPA and PIPEDA

23 Cessation of Practice Time period of more than 30 days in which an OT permanently or temporarily stops working SSOT Mandatory Requirement for all private practice OTs to have a designated trustee and cessation plan in place for transfer of records

24 Cessation of Practice Temporary Cessation: more than 30 days with intent to return Holiday, maternity leave, compassionate leave Permanent Cessation: notify client affected by transfer to designated trustee Retirement, moving practice outside Saskatchewan, career change Unforeseen Cessation: temporary or permanent Sudden serious illness, revocation of license, fatal injury

25 Retention of Financial Records General retention of financial records Items / service sold Cost of item /service Date the item sold/ service provided Date monies received Separate from client record Consistent with this guideline Comply with PIPEDA

26 Final Pages Resources: Statutes and links Chart: Core Principles of Privacy Law in Canada Sample Forms: Designated Trustee Agreement Notification of Cessation to Current Client

27 Next Steps Questions raised from OTs working in school systems : second Pro-Bono project with students from U of S College of Law School based OT stakeholder discussions

28 Education System & OT Final project submission April 2015 Summary of project was presented to membership at May 2015 annual conference Information to be incorporated into document by Legislation and Bylaws Committee

29 Project Findings General principles for OT working in Schools: Legislation Employed by health region Employed by school division Disclosure Retention Security

30 Conclusion Document addresses best practices for collection and use of client care information as well as disclosure, access, retention and destruction of records. We know that further changes will be required with the evolving legal and regulatory landscape.

31

32 Special Thanks SSOT Legislation and Bylaws Committee for hours already spent and those to come with the updates! SSOT Admin Assistant for all her work in formatting the document

33 Questions?????

34 Contacts: Resources and Links SSOT Position Statements

Document Standards and Guidelines for Occupational Therapists. Managing Client Care Records

Document Standards and Guidelines for Occupational Therapists. Managing Client Care Records Document Standards and Guidelines for Occupational Therapists Revised May 2014 Managing Client Care Records Best Practices for: Collection Use Disclosure Retention Destruction PURPOSE SSOT Document Standards

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

VIDEO SURVEILLANCE GUIDELINES

VIDEO SURVEILLANCE GUIDELINES VIDEO SURVEILLANCE GUIDELINES Introduction Surveillance of public spaces has increased rapidly over recent years. This growth is largely attributed to the significant advances in surveillance technology

More information

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1

More information

GUIDELINE No. 117 THE PHYSICIAN MEDICAL RECORD*

GUIDELINE No. 117 THE PHYSICIAN MEDICAL RECORD* Purpose of Medical Records: GUIDELINE No. 117 THE PHYSICIAN MEDICAL RECORD* The physician s medical record is a reflection of the interaction between a physician and a patient. For each interaction the

More information

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY This Plan we adopted by member, partner, etc.) on Our Program Coordinator (date). (Board of Directors, owner, We have appointed

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

Standards for Record Keeping

Standards for Record Keeping Standard Standards for Record Keeping Revised February 2016 Originally Issued July 2008 Introduction Keeping records is an integral part of occupational therapy practice and demonstrates the occupational

More information

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD Quality Assurance Committee Approved by Council: February 11, 2014 Amended: September 20, 2014 *(formerly Guideline G-017) Note to readers: In the event of any inconsistency between this document and the

More information

Privacy Breach Protocol

Privacy Breach Protocol & Privacy Breach Protocol Guidelines for Government Organizations www.ipc.on.ca Table of Contents What is a privacy breach? 1 Guidelines on what government organizations should do 2 What happens when the

More information

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

Privacy and Management of Health Information: Standards for CARNA s Regulated Members Privacy and Management of Health Information: Standards for CARNA s Regulated Members September 2011 Permission to reproduce this document is granted; please recognize CARNA. College and Association of

More information

Closing or Moving a Physician Practice

Closing or Moving a Physician Practice Closing or Moving a Physician Practice Background The College of Physicians & Surgeons of Alberta (CPSA) provides Standards of Practice representing the minimum standards of professional behaviour and

More information

Ottawa Valley Veterinary Professional Corporation. Personal Information Policy

Ottawa Valley Veterinary Professional Corporation. Personal Information Policy Ottawa Valley Veterinary Professional Corporation Personal Information Policy Introduction The Personal Information Protection and Electronics Documents Act ( PIPEDA ) is a federal legislation which came

More information

FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments

FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments December 2015 CONTENTS Introduction...1 The Amendments What s New?...1 Is My Institution Required to Comply With These Provisions?...2 What are Records?...2

More information

Guidelines for Self-Employed Registered Nurses

Guidelines for Self-Employed Registered Nurses Guidelines for Self-Employed Registered Nurses MISSION The Nurses Association of New Brunswick is a professional regulatory organization that exists to protect the public and to support nurses by promoting

More information

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation. PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,

More information

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle

More information

SCHEDULE A Practice Guidelines for Psychologists

SCHEDULE A Practice Guidelines for Psychologists SCHEDULE A Practice Guidelines for Psychologists 1. Introduction The intent of this document is to set out the WCB service provider guidelines for Psychologists providing the following services to WCB

More information

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

Table of Contents. Acknowledgement

Table of Contents. Acknowledgement OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...

More information

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate

More information

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario

Record Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the

More information

Privacy Incident and Breach Management Policy

Privacy Incident and Breach Management Policy Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights

More information

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,

More information

STANDARDS FOR RECORD KEEPING

STANDARDS FOR RECORD KEEPING STANDARDS FOR RECORD KEEPING JULY 2008 STANDARDS FOR RECORD KEEPING Store at Tab #2 of your Registrant Resource Binder Introduction The Regulated Health Professions Act, 1991 as amended (RHPA 1991), acknowledges

More information

Is There Such a Thing as Internet Privacy?

Is There Such a Thing as Internet Privacy? Is There Such a Thing as Internet Privacy? April 13, 2015 Danielle Graff & Kristél Kriel Western Canada s Law Firm Click Agenda to edit Master title style What is Internet Privacy? Why does it matter?

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing

More information

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,

More information

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00 Client Advisory October 2009 Data Security Law MGL Chapter 93H and 201 CMR 17.00 For a discussion of these and other issues, please visit the update on our website at /law. To receive mailings via email,

More information

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution. Written Information Security Plan (WISP) for HR Knowledge, Inc. This document has been approved for general distribution. Last modified January 01, 2014 Written Information Security Policy (WISP) for HR

More information

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

SCHEDULE C ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

Records Management - Department of Health

Records Management - Department of Health Policy Directive Records Management - Department of Health Document Number PD2009_057 Publication date 24-Sep-2009 Functional Sub group Corporate Administration - Records Ministry of Health, NSW 73 Miller

More information

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Information and Privacy Commissioner / Ontario How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Ann Cavoukian, Ph.D. Commissioner

More information

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security

Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

Hang Seng HSBCnet Security. May 2016

Hang Seng HSBCnet Security. May 2016 Hang Seng HSBCnet Security May 2016 1 Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,

More information

Helpful Tips. Privacy Breach Guidelines. September 2010

Helpful Tips. Privacy Breach Guidelines. September 2010 Helpful Tips Privacy Breach Guidelines September 2010 Office of the Saskatchewan Information and Privacy Commissioner 503 1801 Hamilton Street Regina, Saskatchewan S4P 4B4 Office of the Saskatchewan Information

More information

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY

More information

S.M.A.R.T. Goal Setting for Professional Development Plans and Outcomes

S.M.A.R.T. Goal Setting for Professional Development Plans and Outcomes S.M.A.R.T. Goal Setting for Professional Development Plans and Outcomes Presented by Richelle Ryan and Iain Maclean May 26, 2012 Objectives Update of Continuing Competency Program Review of PDPO Writing

More information

BUSINESS ASSOCIATE AGREEMENT TERMS

BUSINESS ASSOCIATE AGREEMENT TERMS BUSINESS ASSOCIATE AGREEMENT TERMS This Addendum ( Addendum ) is incorporated into and made part of the Agreement between SIGNATURE HEALTHCARE CORPORATION ("Covered Entity ) and ( Business Associate"),

More information

Anxiety & OCD Treatment Center of Philadelphia

Anxiety & OCD Treatment Center of Philadelphia Anxiety & OCD Treatment Center of Philadelphia th 1845 Walnut Street, 15 Floor Philadelphia, PA 19103 Phone: (215) 735-7588 Website: www.ocdphiladelphia.com Authorization to Receive & Release Protected

More information

Ann Cavoukian, Ph.D.

Ann Cavoukian, Ph.D. School Psychologists: What You Should Know about the Personal Health Information Protection Act Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Psychological Services Northeast Toronto

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

Information Circular

Information Circular Information Circular Enquiries to: Brooke Smith Senior Policy Officer IC number: 0177/14 Phone number: 9222 0268 Date: March 2014 Supersedes: File No: F-AA-23386 Subject: Practice Code for the Use of Personal

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

More information

Privacy Law in Canada

Privacy Law in Canada Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

REQUESTING ORGANIZATION INFORMATION:

REQUESTING ORGANIZATION INFORMATION: Instructions: Please fill in this form, print it, and sign it (5 pages in total). You may then either: fax the completed and signed forms to the ehealth Service Desk at 306-781-8480 or scan the completed

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Smoking Cessation Program

Smoking Cessation Program Guide to Pharmacist Health Coaching Smoking Cessation Program Smoking is the leading cause of preventable death in Canada and a significant risk factor for many chronic non-communicable diseases including

More information

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

Record Retention and Destruction Policy

Record Retention and Destruction Policy Policy North York General Hospital (NYGH) will retain and dispose of records in accordance with applicable laws and policies including the Personal Health Information Privacy Policy. Retention Records

More information

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT

Updated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT BETWEEN: HER MAJESTY THE QUEEN IN RIGHT OF THE PROVINCE OF BRITISH COLUMBIA, represented by the Minister of Health ( the Ministry as the Province as applicable) at the following address: Assistant Deputy

More information

Informed Consent and Records Management for Alberta School Counsellors

Informed Consent and Records Management for Alberta School Counsellors Informed Consent and Records Management for Alberta School Counsellors Published by the Guidance Council of the Alberta Teachers Assocation Barnett House, 11010 142 Street, Edmonton, Alberta T5N 2R1 Table

More information

Last updated: 30 May 2016. Credit Suisse Privacy Policy

Last updated: 30 May 2016. Credit Suisse Privacy Policy Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using

More information

PACS JOINT SERVICES/ACCESS POLICY

PACS JOINT SERVICES/ACCESS POLICY PACS JOINT SERVICES/ACCESS POLICY 1. High Level Policy The identifiable Diagnostic Imaging Data stored in PACS constitutes personal health information and is subject to the provisions of The Health Information

More information

HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS

HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS KEY HIA CONCEPTS AND PROVISIONS Q. What is the purpose of the legislation? To protect clients personal health information. To set rules on the collection,

More information

PRIVACY POLICY. Consent

PRIVACY POLICY. Consent PRIVACY POLICY car2go N.A. LLC and car2go Canada Ltd. (collectively, car2go ) recognize the importance of protecting your personal information. We take the protection of your personal information seriously

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions

Medical Privacy Version 2015.12.10 - Standard. Business Associate Agreement. 1. Definitions Medical Privacy Version 2015.12.10 - Standard Business Associate Agreement This Business Associate Agreement (the Agreement ) shall apply to the extent that the Lux Scientiae HIPAA Customer signee is a

More information

Accreditation Standards and Service Provider Guidelines for Saskatchewan Workers Compensation Board. Primary Occupational Therapy Service Providers.

Accreditation Standards and Service Provider Guidelines for Saskatchewan Workers Compensation Board. Primary Occupational Therapy Service Providers. 1. Intent Accreditation Standards and Service Provider Guidelines for Saskatchewan Workers Compensation Board Primary Occupational Therapy Service Providers This document sets out the: accreditation standards,

More information

Table of contents ELECTRONIC RECORDS HANDBOOK. Important considerations 1. Introduction 2. Selecting an appropriate system 3

Table of contents ELECTRONIC RECORDS HANDBOOK. Important considerations 1. Introduction 2. Selecting an appropriate system 3 Table of contents Important considerations 1 Introduction 2 Selecting an appropriate system 3 Regulation of electronic records 5 Patient consent and rights to access 6 Security and privacy issues 8 Maintaining

More information

Information and Privacy Commissioner of Ontario. Guidelines for the Use of Video Surveillance Cameras in Public Places

Information and Privacy Commissioner of Ontario. Guidelines for the Use of Video Surveillance Cameras in Public Places Information and Privacy Commissioner of Ontario Guidelines for the Use of Video Surveillance Cameras in Public Places Ann Cavoukian, Ph.D. Commissioner September 2007 Acknowledgements This publication

More information

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for

More information

Access Control Policy

Access Control Policy Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you

More information

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES I acknowledge that I have been provided a copy of Fiorillo Cosmetic and General Dentistry s Notice of Privacy Practices, which has an effective

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Student Records. 4. Data Security: Upper Yarra Community House Inc. will protect the personal information it

Student Records. 4. Data Security: Upper Yarra Community House Inc. will protect the personal information it Student Records Objective To ensure that Upper Yarra Community House Inc. collects, uses, stores, retains, archives and destroys information in our student record files according to the requirements of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

Patient Health Information For Tax Reporting

Patient Health Information For Tax Reporting Patient Health Information For Tax Reporting When patients or clients ask you for their account statement information, take the time to ask them for photo ID and a proper authorization to disclose their

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( BA Agreement ) amends, supplements, and is made a part of the Agreement ( Agreement ) entered with Client ( CLIENT ) and International

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

INDEX NO.: Consultation Policy Released December 2009. CP - Management and Retention of Pension Plan Records by the Administrator - PBA s.

INDEX NO.: Consultation Policy Released December 2009. CP - Management and Retention of Pension Plan Records by the Administrator - PBA s. Financial Services Commission of Ontario Commission des services financiers de l=ontario SECTION: Administrator INDEX NO.: Consultation Policy Released December 2009 TITLE: APPROVED BY: PUBLISHED: EFFECTIVE

More information

Moving Information: Privacy & Security Guidelines

Moving Information: Privacy & Security Guidelines Information and Privacy Commissioner/ Ontario Moving Information: Privacy & Security Guidelines Ann Cavoukian, Ph.D. Commissioner July 1997 Information and Privacy Commissioner/Ontario 2 Bloor Street East

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

DHS / UKvisas Project

DHS / UKvisas Project for the DHS / UKvisas Project November 14, 2007 Contact Point Elizabeth Gaffin Associate Counsel United States Citizenship and Immigration Services 202-272-1400 Reviewing Official Hugo Teufel III Chief

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

ADULT REGISTRATION FORM. Last Name First Name Middle Initial. Date of Birth Age Identified Gender. Street Address. City State Zip Code

ADULT REGISTRATION FORM. Last Name First Name Middle Initial. Date of Birth Age Identified Gender. Street Address. City State Zip Code ADULT REGISTRATION FORM Last Name First Name Middle Initial Date of Birth Age Identified Gender Street Address City State Zip Code Home Phone Cell Phone FINANCIALLY RESPONSIBLE PARTY (If different from

More information

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data; Legal Updates & News Legal Updates Pending Changes to California s Data Breach Law: New Burdens for Retailers? September 2007 by Christine E. Lyon, William L. Stern Related Practices: Privacy and Data

More information

Administrative Procedures Memorandum A1452

Administrative Procedures Memorandum A1452 Page 1 of 11 Date of Issue February 2, 2010 Original Date of Issue Subject References February 2, 2010 PRIVACY BREACH PROTOCOL Policy 2197 Management of Personal Information APM 1450 Management of Personal

More information

Accountable Privacy Management in BC s Public Sector

Accountable Privacy Management in BC s Public Sector Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

Marian R. Zimmerman, Ph.D.

Marian R. Zimmerman, Ph.D. Marian R. Zimmerman, Ph.D. Clinical Health Psychology www.mzpsychology.com 3550 Parkwood Blvd., 306 (214)618-1451 Phone Frisco, TX 75034 (214)618-2102 Fax Pre-Surgical Evaluation Patient Name: Age: Date

More information

Authorized. User Agreement

Authorized. User Agreement Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION

More information

INVESTIGATION REPORT 176-2015

INVESTIGATION REPORT 176-2015 Saskatoon Regional Health Authority January 29, 2016 Summary: Saskatoon Regional Health Authority (SRHA) proactively reported a privacy breach to the Office of the Information and Privacy Commissioner

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information