SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

Size: px
Start display at page:

Download "SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL"

Transcription

1 SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS, PARTICIPATING OTHER CUSTODIAN(S) AND PARTICIPATING PHYSICIANS USING AN AHS EMR SYSTEM) A DOCUMENT CONCERNING THE ACCESS TO, USE AND DISCLOSURE OF INFORMATION IN THE ELECTRONIC MEDICAL RECORD EMR IEP Jan version as amended from time to time)

2 A.1 Purpose of This Document This document, the Electronic Medical Record Information Exchange Protocol (the Protocol ), establishes the specific rules for the access to, use, disclosure and protection of EMR Information contributed to and stored in an EMR System 1 that is owned and operated by AHS (in this Protocol, the EMR System ) including: EMR Information from Participating Physicians, Participating Other Custodian(s) and Alberta Health Services; EMR Information that is accessed by EMR Custodians in the EMR System; and, EMR Information that is used for Secondary Use and Disclosure purposes. These rules bind all EMR Custodians and EMR Affiliates utilizing the EMR System. Custodians who choose not to sign the Information Sharing Agreement (the ISA ) as amended from time to time, or other appropriate legal agreements may not access, use or disclose EMR Information in the EMR System. 1 1 The phrase located in an AHS facility was removed by Governance Committee motion on November 21, A.2 Why Rules Are Required The Health Information Act establishes the legal authority and limits for the exchange of health information. It makes each Custodian in the health system responsible for the collection, use and disclosure of health information. However, the Health Information Act recognizes that a wide variety of circumstances exist in the delivery of care. While the Health Information Act establishes general rules, it provides Custodians considerable latitude within those rules for discharging their responsibilities. An EMR is an electronic record of an individual's health information. An EMR typically records a history of clinical encounters maintained by Physicians and other health care providers in an electronic information system. Since health information is shared electronically in the EMR System by a large number of Physicians and other health services providers, it is necessary to establish clear and consistent rules for Custodians. The rules set forth in this Protocol define the expected use of EMR Information by EMR Custodians, thereby providing consistency within the larger context of Custodian activity and their obligations under the Health Information Act. Only those rules that are unique to the EMR context are contained within this Protocol. Rules for how information may be collected, used and disclosed in the context of the Alberta EHR may be found in the Alberta Netcare Information Exchange Protocol. EMR IEP Jan version as amended from time to time 2

3 A.3 History of This Document This Protocol was created and first released under Version 1.0, February A.4 Revisions to This Document This Protocol may be revised from time to time by the Governance Committee with input from the EHRDSC as required. All revisions to this Protocol will be made available to EMR Custodians 30 days prior to the effective date of the revisions. By continuing to access EMR Information in the EMR System following the effective date, an EMR Custodian accepts and agrees to comply with the revisions. The Governance Committee may, at its ongoing meetings, make relatively minor revisions to this Protocol that do not materially affect the continued use of the EMR System. Rather than release continual revisions to the Protocol, these minor revisions will be consolidated and published in periodic updated releases. When published, these updated releases will become effective in the same manner as major revisions. They will be made available to EMR Custodians 30 days prior to the effective date of the revisions. By continuing to access the EMR System following the effective date, an EMR Custodian accepts and agrees to comply with the revisions. A.5 Guiding Legislation The rules outlined in this Protocol have been developed in consideration of the Health Information Act (and other applicable legislation) and serve as a vehicle for the clarification and the operational application of selected sections of that legislation, particularly as it relates to health information in the EMR System. Definitions of terms used in the Health Information Act also apply to those terms when used in this Protocol. A.6 Guiding Principles In its adoption and continuation of this Protocol, the Governance Committee will strive to maintain alignment with the following principles: Protocol rules will recognize and align with legislated and EMR Custodians ethical obligations. Protocol rules will be structured to assure the privacy and security of an individual s health information without placing onerous restrictions and processes on those who have a legitimate need to access and use information from the EMR System. The Protocol will not be a reiteration of the Health Information Act, but rather a document to highlight and clarify important aspects of the Health Information Act as it relates to the use and disclosure of health information in an EMR System. The Protocol will further elaborate on the use and disclosure of health information from the EMR System where the Act does not provide sufficient guidance. EMR IEP Jan version as amended from time to time 3

4 Protocol rules will articulate EMR Custodian obligations but not necessarily the means by which EMR Custodians are to meet those obligations. In that regard, EMR Custodians should use their professional judgement or other guidelines that may be released from time to time by the Governance Committee. Information Exchange Protocol rules will articulate EMR Custodian obligations but will not provide guidance in matters where discretion may be exercised. Such guidance is expected to be provided through the CPSA and other applicable health professional bodies. A.7 Limitations of This Document This Protocol does not define the scope or necessarily represent the current architecture of the EMR System. In some cases, these rules may infer functionality which exceeds that of the EMR Systems. This approach has been taken to assist EMR Custodians in understanding the possible impacts of future functionality, and to recognize that the EMR System will continue to be an evolving tool for the use of health services providers in their delivery of health services to Alberta residents. A.8 Contact Information Questions regarding this Protocol or requests to contact the Governance Committee can be directed to the Information Stewardship Office ( ISO ) at EMR IEP Jan version as amended from time to time 4

5 IEP Jan (as amended from time to time 5

6 instructions of a Patient to his/her Physician, including individual data element masking or global person masking. Memorandum of Understanding Participating Other Custodian Participating Physician Primary use Secondary use Security Unmasking An agreement entered into between AHS and the AMA dated effective the 1st day of April, 2012, as amended from time to time, together with consequential amendments resulting from adding Participating Other Custodian(s)to the Memorandum of Understanding, establishing the Information Sharing Framework, and the Governance Committee. A Participating Other Custodian is a Custodian, other than AHS and Participating Physicians, that is authorized by AHS to use an EMR System within its facilities or otherwise, including through authorized network access, for use by that Participating Other Custodian and its affiliates; A Physician that signs a Participating Physician Agreement signifying his/her acknowledgement of the Memorandum of Understanding, and agreement with the terms of the ISF, including the ISA, IMA and this Protocol. The use of EMR Information for the purpose of providing Health Services to Patients and includes the reproduction of that information, but not the Disclosure of that information The use of EMR information by a Party for any purpose not directly related to the provision of Health Services to the Patient whom is the subject of that information including, without limitation, the provision of Health Services to Patient populations or to advance Patient safety, or health system management. The process of protecting EMR Information by assessing threats and risks to that EMR Information and implementing the procedures and systems to restrict access and maintain the integrity of that EMR Information. The temporary removal of Masking from EMR Information during a session of access to an Individual s EMR Information by an EMR Custodian. B.2 Glossary of Terms Used in This Document and Defined in the Health Information Act IEP Jan (as amended from time to time 6

7 Affiliate Audit Collect In relation to a custodian, means (i) an individual employed by the custodian; (ii) a person who performs a service for the custodian as an appointee, volunteer or student or under a contract or agency relationship with the custodian; (iii) a health services participating custodian who has the right to admit and treat patients at a hospital as defined in the Hospitals Act; (iv) an information manager as defined in section 66(1); (v) a person who is designated under the regulations to be an affiliate; but does not include (vi) an agent as defined in the Health Insurance Premiums Act; or, (vii) a health information repository other than a health information repository that is designated in the regulations as an affiliate. A financial, clinical or other formal or systematic examination or review of a program, portion of a program or activity. To gather, acquire, receive or obtain health information. Custodian Means (i) (ii) (iii) (iv) (v) the board of an approved hospital as defined in the Hospitals Act other than an approved hospital that is (A) owned and operated by a regional health authority established under the Regional Health Authorities Act, the operator of a nursing home as defined in the Nursing Homes Act other than a nursing home that is owned and operated by a regional health authority established under the Regional Health Authorities Act; an ambulance operator as defined in the Emergency Health Services Act; a provincial health board established pursuant to regulations made under section 17(1)(a) of the Regional Health Authorities Act; a regional health authority established under the Regional IEP Jan (as amended from time to time 7

8 (vi) Health Authorities Act; a community health council as defined in the Regional Health Authorities Act; (vii) a subsidiary health corporation as defined in the Regional Health Authorities Act; (viii) a board, council, committee, commission, panel or agency that is created by a custodian referred to in sub-clauses (i) to (vii), if all or a majority of its members are appointed by, or on behalf of, that custodian, but does not include a committee that has as its primary purpose the carrying out of quality assurance activities within the meaning of section 9 of the Alberta Evidence Act; (ix) (x) (xi) a health services provider who is designated in the regulations as a custodian, or who is within a class of health services providers that is designated in the regulations for the purpose of this sub-clause; a licensed pharmacy as defined in the Pharmacy and Drug Act; the Department; (xii) the Minister; (xiii) an individual or board, council, committee, commission, panel, agency or corporation designated in the regulations as a custodian; but does not include (xiv) a Community Board or a Facility Board, as those terms are defined in the Persons with Developmental Disabilities Community Governance Act other than a Community Board that is designated in the regulations as a custodian. Department Health information Health professional body Health service The Department administered by the Minister. One or both of the following: (i) (ii) diagnostic, treatment and care information; registration information. A body that regulates the members of a health profession or health discipline pursuant to an Act. A service that is provided to an individual for any of the following IEP Jan (as amended from time to time 8

9 purposes: (i) (ii) (iii) (iv) (v) protecting, promoting or maintaining physical and mental health; preventing illness; diagnosing and treating illness; rehabilitation; caring for the health needs of the ill, disabled, injured or dying, but does not include a service excluded by the regulations. Health services provider Individually identifying Minister Non-identifying Record Research Research ethics board Use An individual who provides health services. When used to describe health information, means that the identity of the individual who is the subject of the information can be readily ascertained from the information. The Minister determined under section 16 of the Government Organization Act as the Minister responsible for this Act. When used to describe health information, means that the identity of the individual who is the subject of the information cannot be readily ascertained from the information. A record of health information in any form and includes notes, images, audiovisual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers and any other information that is written, photographed, recorded or stored in any manner, but does not include software or any mechanism that produces records. Academic, applied or scientific health related research that necessitates the use of individually identifying health information. A body designated by the regulations as a research ethics board. To apply health information for a purpose and includes reproducing the information, but does not include disclosing the information. IEP Jan (as amended from time to time 9

10 responsible to liaise with the EHRDSC for the purpose of ensuring The Governance Committee, or its representative, shall be Committee Information that is in the EMR System. Protocol pertaining to the access to, use and disclosure of EMR Governance The Governance Committee establishes and amends rules in this Topic 1.2 Operation of the Information Exchange Protocol obligations under the Health Information Act. responsibility of each EMR Custodian to meet his/her or its compliance with the Health Information Act. It is the Full compliance with this Protocol does not necessarily assure full Information Act the Health Act. Deference to These rules neither replace nor supersede the Health Information Act. Information Health the of 32(2) and 32(1) sections under regulated is but Protocol this under covered not is System EMR an in information non-identifying of use and to Access Protocol Information. EMR identifying individually of Application of disclosure and use and, to access the to only applies Protocol This EMR the System Information in EMR Protocol. this of conditions and terms the to subject and access use is System EMR the in Information EMR all of use and to Access to Authority Protocol , February on Committee of Currency this Steering the by approved was Protocol this of 0.3 Version Protocol the of Authority 1.1 Topic IEP Jan (as amended from time to time 10

11 continued consistency in their approach to health information sharing. Coming into effect EMR Custodian joint responsibility for accuracy and confidentiality of Health Information Physicians as EMR Custodians Alberta Health Services as an EMR Custodian Participating Other Custodian(s) as an EMR Custodian Rules pertaining to the access to and, use and disclosure of EMR Information in the EMR System are documented in this Protocol and come into effect according to the terms of the Information Sharing Agreement In a shared EMR environment, it is recognized that there are multiple health service providers that add or modify Patient Health Information, each sharing responsibility for the accuracy and confidentiality of that information. Each EMR Custodian must make reasonable efforts to ensure that the Health Information that is under that EMR Custodian's custody or control is accurate, complete and that the confidentiality of that Health Information is maintained Any Physician who has signed the Physician Participation Agreement is considered to be an EMR Custodian. In his/her role as an EMR Custodian, a Participating Physician may only use and disclose EMR Information for authorized purposes in accordance with this Protocol and the Health Information Act Alberta Health Services is an EMR Custodian. In its role as an EMR Custodian (compared to its role as Information Manager for the EMR System), Alberta Health Services may only use and disclose EMR Information for authorized purposes as per this Protocol and the Health Information Act Each Participating Other Custodian is an EMR Custodian. In its role as an EMR Custodian, a Participating Other Custodian may only use and disclose EMR Information for authorized purposes as per this Protocol and the Health Information Act. Alberta Health Services as Information Manager for EMR Systems Notwithstanding its role as an EMR Custodian, Alberta Health Services is the Information Manager of the EMR System. In its role as the Information Manager of the EMR System, Alberta Health Services is limited to only using and disclosing EMR Information in its capacity of an Information Manager as authorized by the Information Management Agreement and the Health Information Act. IEP Jan (as amended from time to time 11

12 Role of the Information Manager The Information Manager, in accordance with the Information Sharing Agreement and the Health Information Act, will, in addition to other obligations set forth in the Health Information Act and the Information Management Agreement: a. process, store, retrieve or dispose of EMR Information in the EMR System as required; b. provide information management services for the EMR System, as required; c. monitor and audit EMR Information in the EMR System on a continuing basis; and, d. where required, report to the ISO Should the role of Information Manager for the EMR System be transferred from Alberta Health Services to another organization, this Protocol will continue to guide the operation of sharing of EMR Information in the EMR System. General authority to access EMR Information General responsibilities of EMR Custodians Any EMR Custodian requiring access to EMR Information in the EMR System may use the EMR Information in respect of which access has been granted, that is stored in the EMR System, where such access: a. has been granted to the EMR Custodian pursuant to the Information Sharing Agreement; b. is consistent with the authorization for access established in this Protocol and the Health Information Act; and, c. will be made through a unique system account and profile assigned to that EMR Custodian Each EMR Custodian has a duty pursuant to Section 60 of the Health Information Act to protect the confidentiality of EMR Information in the EMR System and to protect against any reasonably anticipated threat or hazard to the security of that EMR Information, or unauthorized use, disclosure, modification or unauthorized access to the EMR Information EMR Custodians are responsible for all EMR information accessed and used by the EMR Custodian and their EMR Affiliates in the EMR System or while such EMR Information falls under the authority of this Protocol. General responsibilities of EMR Any EMR Affiliate of an EMR Custodian who requires access to the EMR System for the purpose of either providing EMR Information to or receiving EMR Information from the EMR IEP Jan (as amended from time to time 12

13 Affiliates System must be authorized by an EMR Custodian for such access EMR Affiliates will retain full responsibility for all EMR Information they access from the EMR System. Responsibility is not restricted to EMR Information which EMR Affiliates or the EMR Custodians have contributed to the EMR System Notwithstanding , any use or disclosure of EMR Information by an EMR Affiliate is considered to be use or disclosure by the EMR Custodian An EMR Affiliate, who is authorized to access and use EMR Information in the EMR System, must do so in accordance with this Protocol. Responsibilities of ISO The ISO may access, use and disclose EMR Information in the EMR System for any of the limited purposes authorized by this Protocol The ISO will, as directed by the Governance Committee, develop, implement and maintain policies and procedures relating to the privacy and Security of EMR Information in the EMR System in compliance with, but not limited to, the Health Information Act and this Protocol. Topic 2.1 Entry of Information as per the Information Sharing Agreement Authority to enter information Managing access rights and permissions An EMR Custodian may enter EMR Information through the EMR System where functionality for the addition or modification of EMR Information in the EMR System has been enabled, and the EMR Custodian has been granted rights to do so. EMR Information entered into the EMR System by an EMR Custodian must align with Standards of Practice set by the CPSA or standards prescribed by other health professional bodies where applicable. The Information Manager must implement the necessary functionality within the EMR System to manage access rights and permissions as determined by the Information Sharing Agreement. IEP Jan (as amended from time to time 13

14 Retention of EMR Information by the Information Manager A Record of EMR Information that is entered into the EMR System must be retained by the Information Manager, so that where corrections and amendments are made to EMR Information, a Record of the original EMR Information persists, as it would for a paper-based Record. A Record of EMR Information that is entered into the EMR System must contain at least the following elements: a. identification of the EMR Custodian or EMR Affiliate who entered/modified the EMR Information; b. a date and time when the EMR Information was entered/modified; and, c. the EMR Information that was entered/modified A Record of EMR Information must be maintained in accordance with the Standards of Practice of the CPSA, the professional standards of other health professional bodies and/or in accordance with AHS or Participating Other Custodian(s) documentation standards, as applicable. Topic 3.1 Request to Access Information by Individual who is the Subject of the Information Right to access Sources of access Process for Subject to the exceptions set out in the Health Information Act, an Individual has the right of access to that Individual s EMR Information stored in the EMR System An Individual may request his/her EMR Information from his/her EMR Custodian and the EMR Custodian will respond to a request for access to records that relate directly to Health Services provided only by that EMR Custodian. Broader requests for records that relate to Health Services provided by more than one EMR Custodian or Custodians must be referred to the Information Manager. In either event, the request for access to records will be tracked and recorded Requests must be responded to within 30 days after receipt of the request IEP Jan (as amended from time to time 14

15 access In response to a request for EMR Information, an EMR Custodian or the Information Manager, as applicable, will disclose only EMR Information about the requesting Individual, subject to any exceptions to access in the Health Information Act When requested by the Individual, and where practical, the EMR Custodian or Information Manager, as applicable, will provide an explanation of terms, codes or abbreviations used in any presented EMR Information When determining whether to provide an explanation of the EMR Information being presented to an Individual, or any additional explanation beyond that defined in section 3.1.5, the EMR Custodian or Information Manager, as applicable, will, where necessary, confer with other EMR Custodians that have contributed EMR Information to the Individual s Record to comply with the requirements for responding to an access request under the Health Information Act An Individual s request for EMR Information sent to an EMR Custodian must be in writing The EMR Custodian or ISO will verify the identity of the Individual making the request An Individual may be required to pay a fee stipulated by the EMR Custodian or Information Manager prior to receipt of the requested EMR Information. Fees for access requests are specified in the Health Information Regulation. Records of access An Individual may request to receive a record of requests for accesses to EMR Information about that Individual. Such requests shall be made in writing to the Information Manager. IEP Jan (as amended from time to time 15

16 Topic 3.2 Request to Correct or Amend EMR Information by Individual who is the Subject of the EMR Information Right to correction or amendment An Individual has the right to request a correction or amendment to that Individual s EMR Information in the EMR System where the Individual believes there is an error or omission Where an Individual requests a correction or amendment to that Individual s EMR Information in the EMR System, the request must be made in writing to the EMR Custodian who entered the EMR Information where possible. Process for correction or amendment Subject to the Health Information Act, a response to an Individual s request to correct or amend information in the EMR System must be provided to that Individual within 30 days If the EMR Custodian agrees to an Individual s request to make a correction or amendment to EMR Information in the EMR System, the EMR Custodian must give written notice to the applicant stating that the correction or amendment has been made, direct the Information Manager to make the correction or amendment, and the EMR Custodian must notify any person to whom that EMR Information has been disclosed during the one year period before the correction or amendment. IEP Jan (as amended from time to time 16

17 4.0 Primary Uses of EMR Information Topic 4.1 Provision of Health Services Permissible primary uses An EMR Custodian may access and use EMR Information in the EMR System for the provision of Health Services Use of EMR Information in the EMR System shall adhere to the principles of: a. using the least amount of EMR Information necessary for the purpose; and, b. using EMR Information only on a need to know basis EMR Custodians may access and use EMR Information in the EMR System when: a. they are providing Health Services to the Individual; and, b. their access to the EMR Information is necessary for the provision of the Health Service or for making a determination for a related Health Service. Scope of Information Subject to the professional standards of practice of the CPSA and other professional bodies, non-identifying EMR Information in the EMR System may be used by an EMR Custodian for any purpose An EMR Custodian may access and use EMR Information available in the EMR System to the extent permitted under that EMR Custodian s system access profile Where EMR Information has been subjected to Masking, use of such EMR Information by an EMR Custodian will be subject to section 7.2 of this Protocol. IEP Jan (as amended from time to time 17

18 5.0 Secondary Uses of EMR Information Topic 5.1 Secondary Use of EMR Information Guiding principles of secondary uses Secondary use of EMR Information in the EMR System shall adhere to the principles of: a. using the least amount of EMR Information necessary for the intended purpose; b. using the highest degree of anonymity that is reasonable in the circumstances; and, c. using EMR Information based only on a need to know basis Non-identifying Health Information in the EMR System can be used by an EMR Custodian for any noncommercial purpose. Topic 5.2 Secondary Use of EMR Information for Conducting Practice Reviews Authority to use EMR Information for practice reviews EMR Information in the EMR System may be used by an EMR Custodian for conducting practice reviews: a. for the purpose of self-audit to determine whether the Participating Physician s own standards and procedures are being effectively and efficiently executed; or, b. for the purpose of performance or periodic reviews as defined in AHS Medical Staff Bylaws and Participating Other Custodian(s) Medical Staff Bylaws, as applicable. Topic 5.3 Secondary Use of EMR Information for Conducting Investigations Authority to use EMR Information for Investigations EMR Information in the EMR System may be used by the EMR Custodian for conducting investigations: a. to determine whether the Standards of Practice of the CPSA or standards of other IEP Jan (as amended from time to time 18

19 applicable health professional bodies are being complied with; b. to determine whether the requirements of any other governance or oversight body are being maintained; c. if the EMR Custodian is a Participating Physician, to determine whether that Participating Physician s claims submissions are accurate and his/her claims practices are compliant with applicable requirements; d. for any other purpose essential to the EMR Custodian s effective provision of Health Services to Individuals; and, e. to investigate breaches of privacy obligations. Topic 5.4 Secondary Use of EMR Information for Research Conditions of secondary use of EMR Information for research EMR Information in the EMR System may be eligible for use in research only where the research proposal has met the requirements set forth in this Protocol. EMR Custodians access to EMR Information for research purposes A research applicant who is also an EMR Custodian (in this Protocol, the Researcher ) may be eligible to access EMR Information in the EMR System for research purposes where a. his/her research proposal has been approved by a research ethics board; b. his/her request for information has been accepted for review by the Information Stewardship Office; c. the request has been presented through a research protocol summary in a form acceptable by the Information Stewardship Office; and, d. the Researcher has entered into a formal research agreement with the Information Stewardship Office on behalf of the EMR Custodians. IEP Jan (as amended from time to time 19

20 EMR Affiliates access to EMR Information for research purposes An EMR Affiliate may be eligible to access EMR Information in the EMR System for research purposes where: a. the Researcher has the research proposal approved by a research ethics board; b. the Researcher s request for EMR Information has been accepted for review by the ISO; c. the Researcher s request has been presented through a research protocol summary in a form acceptable to the ISO; d. the Researcher has entered into a formal research agreement with the ISO on behalf of the EMR Custodians; and, e. the Researcher has identified the EMR Affiliate as part of the research team in the proposals to the research ethics board and the ISO EMR Information provided to a Researcher as a result of successful application under section 5.4 of this Protocol is for the exclusive use of the Researcher and where applicable, other members of the research team, for purposes of conducting the specified research and only for the duration of the research period, as stipulated in the research agreement signed by the ISO on behalf of the EMR Custodians and the Researcher. Role of the ISO The ISO, upon receiving a written application from a Researcher wishing to use EMR Information in the EMR System for research, shall: a. make reasonable efforts to respond to an application within 30 days after receiving the request; b. confirm that the Researcher has had his/her research proposal approved by a research ethics board; c. review the research protocol summary; d. impose additional conditions upon the Researcher as deemed necessary; e. enter into a formal research agreement on behalf of the EMR Custodians with the IEP Jan (as amended from time to time 20

21 Researcher; f. consult with the Information Manager to determine whether it is practical to fulfill the request from a technical, resource requirement and cost perspective; and, g. when the above conditions have been met, refer the research request to the Information Manager for processing The ISO may, at its discretion, impose additional conditions upon a Researcher, to ensure the protection of privacy for the EMR Information of Individuals that is available in the EMR System. Scope of access to EMR Information A Researcher who has been approved to use EMR Information in the EMR System for research purposes must only access and use EMR Information described in the research agreement signed by the ISO on behalf of the EMR Custodians when accessing the EMR System for research purposes Where EMR Information has been created in the EMR System in the course of conducting research by a Researcher, that EMR Information may be accessed by that EMR Custodian for the purpose of continuing that research in accordance with section The ISO and Information Manager will not make EMR Information available that has been Masked in the EMR System except where the Individual has provided consent for the Unmasking of that EMR Information for the purpose of the specified research Where provision of additional EMR Information may be required by the Researcher, a revision to the research agreement may be necessary. Such revision may require the Researcher to submit a new proposal for research ethics board approval. Process for provision of EMR Information The Researcher will submit to the ISO, in a form and manner prescribed by the ISO, a research protocol summary The ISO will review the research protocol summary and establish whether: a. the EMR Information being requested is IEP Jan (as amended from time to time 21

22 available; b. it is willing to approve Secondary Use of EMR Information for research purposes; c. the request for and provision of the EMR Information is in compliance with the Health Information Act and other applicable legislation; and, d. the request for and provision of the EMR Information meets the condition established under section 5.4 of this Protocol. The research agreement The ISO, in consultation with the EMR Custodians, will create the research agreement including the terms, conditions and restrictions of the Researcher s Secondary Use of EMR Information The ISO, on behalf of EMR Custodians, and Researcher will enter into a formal agreement by executing a research agreement The research agreement will stipulate: a. the scope of EMR Information to be made accessible; b. duration of EMR Information used; c. the names of research team members who are permitted access to the EMR Information; and, d. the terms, conditions and restrictions under which the provided EMR Information is to be used. Topic 5.5 Secondary Use of EMR Information for Provider Education An EMR Custodian may use EMR Information for the purpose of educating other health services providers. Topic 5.6 Secondary Use of EMR Information for Quality Assurance and Quality Improvement An EMR Custodian may use EMR Information for quality improvement and quality assurance purposes. IEP Jan (as amended from time to time 22

23 Any report generated as a consequence of quality assurance purposes shall contain only non-identifying EMR Information, unless otherwise approved by the Governance Committee. Topic 5.7 Secondary Use of EMR Information for Auditing and Monitoring of the EMR The Information Manager may use EMR Information in the EMR System for the purpose of auditing and monitoring access to and use of the EMR System. The Governance Committee, or its designate, may access and use EMR Information for the purpose of periodic/random audits and monitoring of compliance with the terms and conditions of this Agreement. Topic 5.8 Secondary Use of EMR Information for Internal Management Purposes An EMR Custodian may use EMR Information for internal management purposes as described in Section 27(1) g of the Health Information Act. EMR Information used for this purpose should, where reasonably possible, be non-identifying. Topic 5.9 Secondary Uses of EMR Information for Billing Purposes EMR Custodians may use EMR Information for the purposes of submitting billing information to Alberta Health or other paying agency for the purpose of receiving payment for the provision of Health Services Topic 5.10 Additional Secondary Uses of EMR Information by Alberta Health Services and Participating Other Custodian(s) In accordance with section 27(2) of the Health Information Act, Alberta Health Services and Participating Other Custodian(s) may use EMR Information in the EMR System to promote the IEP Jan (as amended from time to time 23

24 following objectives for which it is responsible: a. planning and resource allocation; b. health system management; c. public health surveillance; and, d. health policy development. Alberta Health Services must not use EMR Information in its custody solely by reason of performing its responsibilities as Information Manager for any of these purposes. IEP Jan (as amended from time to time 24

25 6.0 Disclosures of EMR Information Topic 6.1 Disclosure of EMR Information with consent Disclosure with consent Conditions of consent Revocation of consent An EMR Custodian may disclose EMR Information in the EMR System for any purpose where the Individual who is the subject of the EMR Information has provided consent for that disclosure Consent must be in writing and meet the requirements of section 34(2) of the Health Information Act Disclosure of EMR Information with consent must be carried out in accordance with the terms of the consent and must cease if consent is revoked. Topic 6.2 Disclosure of EMR Information as Required or Authorized by the Health Information Act Permitted disclosures required or authorized by the Health Information Act An EMR Custodian may disclose that specific EMR Information in the EMR System where expressly authorized or required by sections 35 or 37 of the Health Information Act or other legislative enactments of Alberta or Canada and only that EMR Information that is necessary to comply with the requirement or demand. Topic 6.3 Disclosure of EMR Information for Research Disclosure of EMR Information for research purposes EMR Information from the EMR System may be eligible for disclosure for research only where the research proposal has been approved by a research ethics board The disclosure of EMR Information from the EMR System for research purposes is a discretionary service that may be provided by the ISO on behalf of all EMR Custodians EMR Information disclosed to a researcher as a result of successful application under section 6.3 of this Protocol is for the exclusive use of the researcher and IEP Jan (as amended from time to time 25

26 where applicable, other members of the research team, for purposes of conducting the specified research and only for the duration of the research period, as stipulated in the research agreement. Authority to disclose EMR Information for research purposes Any request for EMR Information made by a research applicant to an EMR Custodian must be forwarded to the ISO for consideration If the ISO accepts a proposal for research, the ISO will establish the eligibility of the research applicant when considering disclosure of EMR Information for research purposes. Conditions of disclosure for research The ISO may disclose EMR Information to a researcher if: a. the disclosure of such EMR Information is in compliance with the Health Information Act and any other applicable legislation; b. the researcher has entered into a fully executed research agreement with the ISO on behalf of the EMR Custodians; c. the research agreement includes satisfaction of any and all terms, conditions and restrictions established by the research ethics board as a condition of its approval; d. the researcher has satisfied all the terms and conditions for information management and maintenance or other standards as established by the ISO in the research agreement; e. the EMR Information will be used exclusively for the purpose stipulated in the research agreement; f. the researcher has paid, or has agreed to pay, any fees stipulated by the ISO to cover the ISO s actual costs for provision of such service; g. the ISO has consulted with the Information Manager to determine whether it is practical to fulfill the request, from a technical, resource requirement and cost perspective; and, h. when the above conditions have been met, the ISO will forward the research request to the Information Manager for processing. IEP Jan (as amended from time to time 26

27 6.3.7 The ISO will not provide the researcher with direct access to the EMR System. The ISO will direct the Information Manager to provide EMR Information to a researcher by paper copy or electronic copy, subject to section 6.3 of this Protocol. Scope of EMR Information EMR Information disclosed to a researcher is restricted to: a. EMR Information that is necessary to answer the research question(s); and b. such EMR Information as has been explicitly included for access or disclosure in the research agreement The ISO will not release individually-identifiable EMR Information pertaining to an Individual where that EMR Information must be accessed by Unmasking except where the Individual who is the subject of the EMR Information has provided explicit consent that the information be Unmasked Where disclosure of additional EMR Information may be required by the researcher, and where the ISO has agreed to disclose such additional EMR Information, a revision to the research agreement may be necessary. Such revision may require the research applicant and the ISO to undertake a separate research application review, including review by a research ethics board, subject to the terms of section 6.3 of this Protocol, prior to revision. Process for disclosure of information The research applicant will submit to the ISO, in a form and manner prescribed by the ISO, a research protocol summary The ISO will review the research protocol summary and establish whether: a. it has access to, and the right to disclose, the requested EMR Information; b. it is willing to disclose the requested EMR Information for research purposes; c. the request for and disclosure of the EMR Information is in compliance with the Health Information Act and other applicable IEP Jan (as amended from time to time 27

28 legislation; and, d. the request for and disclosure of the EMR Information meets the conditions established under section 6.3 of this Protocol. The ISO will make reasonable efforts to respond to an application within 30 days after receiving the request Where the ISO agrees, in coordination with the Information Manager, to disclose EMR Information in response to a research request, the ISO may impose additional terms, conditions and restrictions The ISO will create the research agreement on behalf of the EMR Custodians including the terms, conditions and restrictions of the research applicant s use of EMR Information. The research agreement The research agreement will be a formal agreement entered into between the researcher and the ISO, on behalf of the EMR Custodians The research agreement will stipulate: a. the scope of EMR Information to be disclosed; b. the duration for which EMR Information will be available for use; c. the names of research team members who are permitted access to the disclosed EMR Information; and, d. the terms, conditions and restrictions under which the disclosed EMR Information is to be used. Topic 6.4 Disclosure of EMR Information for Third Party Requests EMR Information may be disclosed to third parties pursuant to duly and properly authorized requests in accordance with the HIA and this Protocol. The EMR Custodian will respond to a request for disclosure that relate directly to Health Services provided only by that EMR Custodian. Broader requests for records that relate to Health Services provided by more than one EMR Custodian or Custodians must be referred to the IEP Jan (as amended from time to time 28

29 IEP Jan (as amended from time to time 29 Information Manager.

30 Topic 7.1 Management and Maintenance of EMR Information Accuracy of Patient Information Protection of Patient Information It is the responsibility of EMR Custodians to ensure accuracy of EMR Information when entering EMR Information into an EMR that is made available through the EMR System EMR Custodians must take reasonable steps to maintain, either directly or through the Information Management Agreement, safeguards to protect confidentiality and to protect against reasonably anticipated threats or hazards to the security, integrity, loss or unauthorized use, disclosure, modification or unauthorized access to EMR Information in the EMR System EMR Information in the EMR System must meet the requirements of the Standards of Practice of the CPSA or other health professional bodies and the AHS Medical Staff Bylaws and Rules or Participating Other Custodian(s) Medical Staff Bylaws and Rules, as applicable. Topic 7.2 Masking of EMR Information Right to request Accepting a request to Mask Use of Masked EMR Information in the EMR System An Individual may request that an EMR Custodian limit the use and/or disclosure of EMR Information about him/her When deciding whether to Mask an Individual s EMR Information, an EMR Custodian will consider an Individual s request as an important factor in the EMR Custodian decision to Mask EMR Information. An EMR Custodian will agree to Mask that Individual s EMR Information in circumstances where the EMR Custodian believes it is appropriate Masked EMR Information in the EMR System can only be accessed by completing the Unmasking procedure. IEP Jan (as amended from time to time 30

31 7.2.4 Recognizing that the EMR System may require a limited amount of EMR Information to uniquely identify an Individual, data fields containing such EMR Information cannot be Masked. The selection of identifying data fields will be limited to data fields containing the minimum amount of EMR Information required to uniquely identify an Individual (first name, last name, date of birth, gender and personal health number) Authority to Unmask EMR Information Authority to rescind Masking An EMR Custodian who encounters Masked EMR Information while accessing the EMR System under the authority of section 7.2 of this Protocol has the authority to Unmask the EMR Information for the following: 1. Direct Patient care - clinical need; 2. Medical emergency; 3. Patient consented; 4. Public health follow-up; 5. Release of Patient information; and, 6. Required by law or health professional body The ISO may direct the Information Manager to rescind a Mask: a. at the request of the Individual; or, b. where an EMR Custodian or the ISO becomes aware of a change in circumstances since the Mask was applied such that a request to Mask the EMR Information would no longer meet the conditions for Masking established under this Protocol A decision to rescind a Mask under section of this Protocol does not require the Individual s consent Where the ISO has directed the Information Manager to rescind Masking, it will notify the Individual who is the subject of the EMR Information of such action as well as the EMR Custodian(s) responsible for the Masking The ISO will advise of the right to request a review of this decision by the Information and Privacy Commissioner. IEP Jan (as amended from time to time 31

32 8.0 Protocol Compliance and Enforcement Topic 8.1 Monitoring, Investigations and Audits Monitoring Complaints and Suspected breaches In accordance with the Information Management Agreement, the Information Manager shall, subject to the oversight and approval of the ISO, monitor the EMR System for the purpose of identifying unauthorized access to, use and disclosure of EMR Information that is stored in the EMR System Any reasonable suspicion of unauthorized access to, use or disclosure of EMR Information in the EMR System by an EMR Custodian or EMR Affiliate (an Alleged Contravention ) and other contraventions of this Protocol shall immediately be reported to the ISO, where: a. such Alleged Contravention is identified by the Information Manager; b. an investigation is requested by an EMR Custodian; or, c. a complaint of an Alleged Contravention is made by an Individual Once notified about an Alleged Contravention, the ISO shall immediately notify the Information Manager, and the Information Manager shall investigate the Alleged Contravention Once an Alleged Contravention has been reported to the ISO, the ISO shall immediately inform the EMR Custodian whom or that is the subject of the Alleged Contravention and the Governance Committee shall be informed of Alleged Contraventions in a regular monthly report released to it An EMR Custodian that has identified an Alleged Contravention will immediately act to, where possible for it to do so: a. remedy the Alleged Contravention; b. manage and mitigate effects of the Alleged Contravention; and, c. collaborate with the ISO and Information Manager, as appropriate, in the development of IEP Jan (as amended from time to time 32

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

HEALTH INFORMATION ACT

HEALTH INFORMATION ACT Province of Alberta HEALTH INFORMATION ACT Revised Statutes of Alberta 2000 Current as of June 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park

More information

A Physician s Guide to the Information Sharing Framework

A Physician s Guide to the Information Sharing Framework A Physician s Guide to the Information Sharing Framework 1 Table of Contents Background 4 Information Sharing Framework 5 The Shared EMRs 9 Professional Obligations 10 Participation in the Information

More information

Shared EMR Access Administrator (AA) Guide ~ External

Shared EMR Access Administrator (AA) Guide ~ External Shared EMR Access Administrator (AA) Guide ~ External Developed and maintained by: Information Stewardship Office (ISO) Information Sharing Framework Governance Committee (ISF GC) TABLE OF CONTENTS Purpose

More information

The Health Information Protection Act

The Health Information Protection Act 1 The Health Information Protection Act being Chapter H-0.021* of the Statutes of Saskatchewan, 1999 (effective September 1, 2003, except for subsections 17(1), 18(2) and (4) and section 69) as amended

More information

HEALTH INFORMATION ACT

HEALTH INFORMATION ACT Province of Alberta HEALTH INFORMATION ACT Revised Statutes of Alberta 2000 With amendments in force as of May 16, 2003 Office Consolidation Published by Alberta Queen s Printer Queen s Printer Bookstore

More information

Information Sharing Framework Governance Committee 15 May 2014. Information Stewardship Office 21 May 2015

Information Sharing Framework Governance Committee 15 May 2014. Information Stewardship Office 21 May 2015 IS O STANDARD TITLE DOCUMENT # PARENT POLICY, PROCEDURE OR STANDARD (IDENTIFY PARENT AND DELETE UNUSED TERMS) APPROVING AUTHORITY ISO-IV-02 APPROVED 21 May 2014 LAST UPDATE Information Sharing Framework

More information

Alberta Electronic Health Record Regulation Section 5 Framework September 2011 Version 1.1

Alberta Electronic Health Record Regulation Section 5 Framework September 2011 Version 1.1 Alberta Electronic Health Record Regulation Section 5 Framework September 2011 Version 1.1 Acknowledgements The College of Physicians & Surgeons of Alberta thanks the following stakeholders for their valuable

More information

Table of Contents. Preface... 1. 1 CPSA Position... 2. 1.1 How EMRs and Alberta Netcare are Changing Practice... 2. 2 Evolving Standards of Care...

Table of Contents. Preface... 1. 1 CPSA Position... 2. 1.1 How EMRs and Alberta Netcare are Changing Practice... 2. 2 Evolving Standards of Care... March 2015 Table of Contents Preface... 1 1 CPSA Position... 2 1.1 How EMRs and Alberta Netcare are Changing Practice... 2 2 Evolving Standards of Care... 4 2.1 The Medical Record... 4 2.2 Shared Medical

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS GENERAL What is the Information Sharing Framework (ISF)? The ISF is a set of legal agreements designed to allow physicians to fulfill College of Physicians and Surgeons of Alberta

More information

21 May 2014 APPROVING AUTHORITY. Information Sharing Framework Governance Committee (ISF GC) 15 May 2014. Information Stewardship Office 21 May 2015

21 May 2014 APPROVING AUTHORITY. Information Sharing Framework Governance Committee (ISF GC) 15 May 2014. Information Stewardship Office 21 May 2015 TITLE DOCUMENT # Intake/Deplo yment for New Shared EMR ISO-I-01 PARENT POLICY, PROCEDURE OR STANDARD (IDENTIFY PARENT AND DELETE UNUSED TERMS) APPROVED ISO STANDARD 21 May 2014 APPROVING AUTHORITY LAST

More information

Responsibilities of Custodians and Health Information Act Administration Checklist

Responsibilities of Custodians and Health Information Act Administration Checklist Responsibilities of Custodians and Administration Checklist APPENDIX 3 Responsibilities of Custodians in Administering the Each custodian under the Act must establish internal processes and procedures

More information

The Health Information Act. Use and Disclosure of Health Information for Research

The Health Information Act. Use and Disclosure of Health Information for Research The Health Information Act Use and Disclosure of Health Information for Research The Health Information Act (HIA) sets out rules respecting the use and disclosure of health information for research purposes

More information

The Youth Drug Detoxification and Stabilization Act

The Youth Drug Detoxification and Stabilization Act YOUTH DRUG DETOXIFICATION 1 The Youth Drug Detoxification and Stabilization Act being Chapter Y-1.1* of The Statutes of Saskatchewan, 2005 (effective April 1, 2006) as amended by The Statutes of Saskatchewan,

More information

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

Privacy and Management of Health Information: Standards for CARNA s Regulated Members Privacy and Management of Health Information: Standards for CARNA s Regulated Members September 2011 Permission to reproduce this document is granted; please recognize CARNA. College and Association of

More information

HEALTH INFORMATION ACT. Guidelines and Practices Manual

HEALTH INFORMATION ACT. Guidelines and Practices Manual HEALTH INFORMATION ACT Guidelines and Practices Manual March 2011 This publication is a practical reference tool for the application of Alberta s Health Information Act (HIA). It is designed to assist

More information

NEXT REVIEW MAY 01, 2017

NEXT REVIEW MAY 01, 2017 TITLE Privacy Auditing & Investigation of Shared EMR Systems DOCUMENT # IPO-1108-01-02 APPROVAL LEVEL Chief Privacy Officer SPONSOR Legal & Privacy CATEGORY Breach Investigation & Education Team INITIAL

More information

Table of Contents. Page 1

Table of Contents. Page 1 Table of Contents Executive Summary... 2 1 CPSA Interests and Roles in ehealth... 4 1.1 CPSA Endorsement of ehealth... 4 1.2 CPSA Vision for ehealth... 5 1.3 Dependencies... 5 2 ehealth Policies and Trends...

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

How To Ensure Health Information Is Protected

How To Ensure Health Information Is Protected pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

VCUR 2008 EMR FUNDING EXTENSION PROGRAM OFFER TO PARTICIPATING PHYSICIAN TO: (the Physician )

VCUR 2008 EMR FUNDING EXTENSION PROGRAM OFFER TO PARTICIPATING PHYSICIAN TO: (the Physician ) T 780.482.2626 12230 106 Ave NW F 780.482.5445 amamail@albertadoctors.org Edmonton AB T5N 3Z1 TF 1.800.272.9680 www.albertadoctors.org VCUR 2008 EMR FUNDING EXTENSION PROGRAM OFFER TO PARTICIPATING PHYSICIAN

More information

DATA USE AGREEMENT RECITALS

DATA USE AGREEMENT RECITALS DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties

More information

The Health Information Act and You. A Primer for Pharmacy Technicians

The Health Information Act and You. A Primer for Pharmacy Technicians The Health Information Act and You A Primer for Pharmacy Technicians Disclaimer As per the definition regarding bias or conflict of interest put forth in the Guidelines and Criteria for CCCEP Accreditation

More information

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation. PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,

More information

Electronic Health Record Privacy Policies

Electronic Health Record Privacy Policies Electronic Health Record Privacy Policies Table of Contents 1. Access and Correction Policy v1.1 2. Assurance Policy v1.1 3. Consent Management Policy v1.2 4. Inquiries and Complaints Policy v1.1 5. Logging

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

PHARMACY AND DRUG ACT

PHARMACY AND DRUG ACT Province of Alberta PHARMACY AND DRUG ACT Revised Statutes of Alberta 2000 Current as of December 19, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor,

More information

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT Province of Alberta Statutes of Alberta, Current as of June 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton, AB

More information

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle

More information

CONTENT OF THE AUDIT LAW

CONTENT OF THE AUDIT LAW CONTENT OF THE AUDIT LAW I. GENERAL PROVISIONS Article 1 This Law shall regulate the conditions for conducting an audit of legal entities which perform activities, seated in the Republic of Macedonia.

More information

Alberta Electronic Health Record (EHR) An Alberta Netcare Guide for Authorized Custodians and/or their Authorized Affiliates

Alberta Electronic Health Record (EHR) An Alberta Netcare Guide for Authorized Custodians and/or their Authorized Affiliates Health Information Technology and Systems (HITS) Information Management Branch (IM) HIA Policy, Privacy and Security Unit 21 Floor, ATB Place 10025 Jasper Avenue Edmonton, Alberta T5J 1S6 Telephone: 780-422-8642

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

CHARTER OF THE FINANCE AND AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SPECTRAL DIAGNOSTICS INC.

CHARTER OF THE FINANCE AND AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SPECTRAL DIAGNOSTICS INC. CHARTER OF THE FINANCE AND AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF SPECTRAL DIAGNOSTICS INC. Purpose The primary function of the Finance and Audit Committee (the Committee ) of the Board of Directors

More information

Access & Correction Policy

Access & Correction Policy EHR Policies Table of Content 1. Access & Correction Policy.. 2 2. Assurance.. 14 3. Consent Management Policy.. 27 4. Inquiries and Complaints Policy.. 39 5. Logging and Auditing Policy... 51 6. Privacy

More information

The Mortgage Brokerages and Mortgage Administrators Act

The Mortgage Brokerages and Mortgage Administrators Act MORTGAGE BROKERAGES AND 1 The Mortgage Brokerages and Mortgage Administrators Act being Chapter M-20.1* of The Statutes of Saskatchewan, 2007 (effective October 1, 2010), as amended by the Statutes of

More information

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health

More information

PHIA GENERAL INFORMATION

PHIA GENERAL INFORMATION To: From: Researchers Legal Services and Research Services Date: May 21, 2013 Subject: Research and the New Personal Health Information Act On June 1, 2013, the Personal Health Information Act ( PHIA )

More information

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures Clearing and Settlement Procedures New Zealand Clearing Limited Clearing and Settlement Procedures 30 November 2011 Contents Section A: Interpretation and Construction 6 Section 1: Introduction and General

More information

Closing or Moving a Physician Practice

Closing or Moving a Physician Practice Closing or Moving a Physician Practice Background The College of Physicians & Surgeons of Alberta (CPSA) provides Standards of Practice representing the minimum standards of professional behaviour and

More information

B I L L. No. 183 An Act to amend The Saskatchewan Employment Act and The Saskatchewan Employment Amendment Act, 2014

B I L L. No. 183 An Act to amend The Saskatchewan Employment Act and The Saskatchewan Employment Amendment Act, 2014 B I L L No. 183 An Act to amend The Saskatchewan Employment Act and The Saskatchewan Employment Amendment Act, 2014 (Assented to ) HER MAJESTY, by and with the advice and consent of the Legislative Assembly

More information

STANDARDS OF PRACTICE (2013)

STANDARDS OF PRACTICE (2013) STANDARDS OF PRACTICE (2013) COLLEGE OF ALBERTA PSYCHOLOGISTS STANDARDS OF PRACTICE (2013) 1. INTRODUCTION The Health Professions Act (HPA) authorizes and requires the College of Alberta Psychologists

More information

PERSONAL INFORMATION PROTECTION ACT

PERSONAL INFORMATION PROTECTION ACT Province of Alberta Statutes of Alberta, Current as of December 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton,

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY PLEASE READ THIS WEBSITE PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE, OR SUBMITTING ANY PROTECTED HEALTH INFORMATION OR PERSONALLY IDENTIFIABLE

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

In the event of any inconsistency between this standard and any legislation that governs the practice of physiotherapists, the legislation governs.

In the event of any inconsistency between this standard and any legislation that governs the practice of physiotherapists, the legislation governs. Record Keeping College publications contain practice parameters and standards which should be considered be all Ontario physiotherapists in the care of their patients and in the practice of the profession.

More information

STT ENVIRO CORP. (the Company ) CHARTER OF THE CORPORATE GOVERNANCE AND NOMINATING COMMITTEE. As amended by the Board of Directors on May 10, 2012

STT ENVIRO CORP. (the Company ) CHARTER OF THE CORPORATE GOVERNANCE AND NOMINATING COMMITTEE. As amended by the Board of Directors on May 10, 2012 STT ENVIRO CORP. (the Company ) CHARTER OF THE CORPORATE GOVERNANCE AND NOMINATING COMMITTEE PURPOSE AND SCOPE As amended by the Board of Directors on May 10, 2012 The primary function of the Committee

More information

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. Notice of Privacy Practices KAISER PERMANENTE NORTHERN CALIFORNIA REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

An order of the Medical Examining Board to create chapter Med 24 relating to telemedicine.

An order of the Medical Examining Board to create chapter Med 24 relating to telemedicine. STATE OF WISCONSIN MEDICAL EXAMINING BOARD IN THE MATTER OF RULEMAKING : PROPOSED ORDER OF THE PROCEEDINGS BEFORE THE : MEDICAL EXAMINING BOARD MEDICAL EXAMINING : ADOPTING RULES BOARD : (CLEARINGHOUSE

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

University of California Policy

University of California Policy University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The Hollandse School Limited (hereinafter HSL ) is an educational institution with a history of over 93 years, and is one of the largest Dutch language schools abroad where the International

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD

Ownership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD Quality Assurance Committee Approved by Council: February 11, 2014 Amended: September 20, 2014 *(formerly Guideline G-017) Note to readers: In the event of any inconsistency between this document and the

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. Notice of Privacy Practices KAISER PERMANENTE COLORADO REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW

More information

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 pic pic Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 Updated March 2013 Our Vision Better data. Better decisions. Healthier

More information

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,

More information

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations. 1 PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This Privacy Notice is being

More information

NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE

NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE NORTHERN TERRITORY ELECTRICITY RING-FENCING CODE JULY 2001 Table of Provisions Clause Page 1. Authority...2 2. Application...2 3. Objectives...2 4. Ring-Fencing Minimum Obligations...2 5. Compliance with

More information

The Archives and Public Records Management Act

The Archives and Public Records Management Act 1 ARCHIVES AND PUBLIC RECORDS MANAGEMENT c. A-26.11 The Archives and Public Records Management Act being Chapter A-26.11* of The Statutes of Saskatchewan, 2015 (effective August 24, 2015). *NOTE: Pursuant

More information

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL] [Insert Date of Policy] PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS of [ABC SCHOOL] Address Independent schools in British Columbia are invited to adopt or adapt some or all of this

More information

ENERGY MARKETING AND RESIDENTIAL HEAT SUB-METERING REGULATION

ENERGY MARKETING AND RESIDENTIAL HEAT SUB-METERING REGULATION Province of Alberta FAIR TRADING ACT ENERGY MARKETING AND RESIDENTIAL HEAT SUB-METERING REGULATION Alberta Regulation 246/2005 With amendments up to and including Alberta Regulation 119/2015 Office Consolidation

More information

CREDIT REPORTING BILL EXPLANATORY NOTES

CREDIT REPORTING BILL EXPLANATORY NOTES CREDIT REPORTING BILL EXPLANATORY NOTES INTRODUCTION These explanatory notes are intended as a guide to the proposed new Act. They are not meant as a substitute for a careful reading of the Bill itself.

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

ELECTRONIC TRANSACTIONS ACT

ELECTRONIC TRANSACTIONS ACT Province of Alberta Statutes of Alberta, Current as of June 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton, AB

More information

Appendix : Business Associate Agreement

Appendix : Business Associate Agreement I. Authority: Pursuant to 45 C.F.R. 164.502(e), the Indian Health Service (IHS), as a covered entity, is required to enter into an agreement with a business associate, as defined by 45 C.F.R. 160.103,

More information

Electronic Health Record Sharing System Bill. Contents. Part 1. Preliminary. 1. Short title and commencement... C1203. 2. Interpretation...

Electronic Health Record Sharing System Bill. Contents. Part 1. Preliminary. 1. Short title and commencement... C1203. 2. Interpretation... C1193 Electronic Health Record Sharing System Bill Contents Clause Page Part 1 Preliminary 1. Short title and commencement... C1203 2. Interpretation... C1203 3. Substitute decision maker... C1213 4. Ordinance

More information

Office of the National Coordinator for Health IT Proposed Rule Public Comment Template

Office of the National Coordinator for Health IT Proposed Rule Public Comment Template Office of the National Coordinator for Health IT Proposed Rule Public Comment Template ONC Health IT Certification Program: Enhanced Oversight and Accountability Preface This document is meant to provide

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

Guide to Policies and Procedures. For Physician Offices HEALTH INFORMATION ACT

Guide to Policies and Procedures. For Physician Offices HEALTH INFORMATION ACT HEALTH INFORMATION ACT Guide to Policies and Procedures For Physician Offices February 2003 Health Information Act Guide to Policies and Procedures For Physician Offices 1 Table of contents INTRODUCTION

More information

POLICY STATEMENT 5.17

POLICY STATEMENT 5.17 POLICY STATEMENT 5.17 DENTAL RECORDS 1 (Including ADA Guidelines for Dental Records) 1. Introduction 1.1 Dentists have a professional and a legal obligation to maintain clinically relevant, accurate and

More information

Effective Date: March 23, 2016

Effective Date: March 23, 2016 AIG COMPANIES Effective Date: March 23, 2016 HIPAA NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

KAISER PERMANENTE SOUTHERN CALIFORNIA REGION

KAISER PERMANENTE SOUTHERN CALIFORNIA REGION Notice of Privacy Practices KAISER PERMANENTE SOUTHERN CALIFORNIA REGION THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

ADMINISTRATIVE MANUAL Policy and Procedure

ADMINISTRATIVE MANUAL Policy and Procedure ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,

More information

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance

Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the

More information

Important Disclosure Information

Important Disclosure Information Important Disclosure Information Health Savings Account Custodial Agreement (Under section 223(a) of the Internal Revenue Code) Please keep this agreement with your HSA records. Thank you for choosing

More information

Privacy Statement Relating to the Collection, Use and Disclosure of Personal Data & Customer Information

Privacy Statement Relating to the Collection, Use and Disclosure of Personal Data & Customer Information Privacy Statement Relating to the Collection, Use and Disclosure of Personal Data & Customer Information Safeguarding personal data and customer information and using it in a lawful manner, consistent

More information

GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES

GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES GUIDELINES ON COMPLIANCE FUNCTION FOR FUND MANAGEMENT COMPANIES Issued: 15 March 2005 Revised: 25 April 2014 1 P a g e List of Revision Revision Effective Date 1 st Revision 23 May 2011 2 nd Revision 16

More information

INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA

INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA Report of an investigation of a malicious software outbreak affecting health information August 19, 2011 Dr. Cathy MacLean Investigation Report H2011-IR-003

More information

ISO LESO NETWORK PROVIDER AGREEMENT. Between: and. ISO LESO OPTICS LIMITED Registration number: 1999/13972/06 ("Iso Leso Optics")

ISO LESO NETWORK PROVIDER AGREEMENT. Between: and. ISO LESO OPTICS LIMITED Registration number: 1999/13972/06 (Iso Leso Optics) ISO LESO NETWORK PROVIDER AGREEMENT Between: EACH OPTOMETRIC PRACTICE AND OPTOMETRIST WHO ELECTS TO PARTICIPATE IN THE PROVIDER AGREEMENTS ALREADY ENTERED INTO OR TO BE ENTERED INTO BETWEEN ISO LESO OPTICS

More information

Unofficial Consolidation

Unofficial Consolidation CENTRAL BANK (SUPERVISION AND ENFORCEMENT) ACT 2013 (SECTION 48) (LENDING TO SMALL AND MEDIUM-SIZED ENTERPRISES) REGULATIONS 2015 (S.I. No. 585 of 2015) Unofficial Consolidation This document is an unofficial

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

The United States Federal Trade Commission (FTC) and the Office of the Data Protection Commissioner of Ireland (collectively, the Participants), MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL

More information

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION ELKIN & ASSOCIATES, LLC HIPAA Privacy Policy and Procedures INTRODUCTION The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict a Covered Entity

More information

CHAPTER 267. BE IT ENACTED by the Senate and General Assembly of the State of New Jersey:

CHAPTER 267. BE IT ENACTED by the Senate and General Assembly of the State of New Jersey: CHAPTER 267 AN ACT concerning third party administrators of health benefits plans and third party billing services and supplementing Title 17B of the New Jersey Statutes. BE IT ENACTED by the Senate and

More information

Personal Data Protection Policy and Practices ( the Policy )

Personal Data Protection Policy and Practices ( the Policy ) Personal Data Protection Policy and Practices ( the Policy ) FWD Life Insurance Company (Bermuda) Limited ("the Company") is committed to implementation and compliance with the provisions of the Personal

More information

Best Practices for Protecting Individual Privacy in Conducting Survey Research (Full Version)

Best Practices for Protecting Individual Privacy in Conducting Survey Research (Full Version) Best Practices for Protecting Individual Privacy in Conducting Survey Research (Full Version) April 1999 Information and Privacy Commissioner/Ontario 80 Bloor Street West Suite 1700 Toronto, Ontario M5S

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

Players Agent Registration Regulations

Players Agent Registration Regulations Players Agent Registration Regulations 1 Definitions 1.1 In these, the following terms shall have the following meanings: Agency Activity means acting in any way and at any time in the capacity of agent,

More information

A Guide. Personal Health Information Protection Act. to the. December 2004. Ann Cavoukian, Ph.D Commissioner

A Guide. Personal Health Information Protection Act. to the. December 2004. Ann Cavoukian, Ph.D Commissioner A Guide to the Personal Health Information Protection Act December 2004 Information and Privacy Commissioner/Ontario Ann Cavoukian, Ph.D Commissioner Dr. Ann Cavoukian, the Information and Privacy Commissioner

More information

NURSING HOMES OPERATION REGULATION

NURSING HOMES OPERATION REGULATION Province of Alberta NURSING HOMES ACT NURSING HOMES OPERATION REGULATION Alberta Regulation 258/1985 With amendments up to and including Alberta Regulation 164/2015 Office Consolidation Published by Alberta

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6

More information

EHR Contributor Agreement

EHR Contributor Agreement This EHR Contributor Agreement (this Agreement ) is made effective (the Effective Date ) and sets out certain terms and conditions that apply to the sharing of Personal

More information