SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

Transcription

1 SUBJECT: VOYAGEUR PAGE PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing our transportation services and in accordance with Personal Health Information Protection Act (PHIPA) and Personal Information Protection and Electronic Documents Act (PIPEDA). 2.0 SCOPE: 2.1 This policy is effective at all Voyageur facilities, locations and anywhere business is conducted. 3.0 DEFINITIONS: 3.1 Voyageur refers to Voyageur Transportation Services and all of its divisions and locations and subsidiaries including Checker Limousine and Voyageur Patient Transfer Services. 3.2 PIPEDA The Personal Information Protection and Electronic Documents Act 3.3 PHIPA Personal Health Information Protection Act 3.4 Personal Health Information Personal health information includes oral or written information about the individual, if the information relates to the individual s physical or mental health, including family health history; relates to the provision of health care, including the identification of persons providing care; is a plan of service for individuals requiring long-term care; relates to payment or eligibility for health care; relates to the donation of body parts or bodily substances or is derived from the testing or examination of such parts or substances; is the individual s health number, or identifies an individual s substitute decision maker.

2 SUBJECT: VOYAGEUR PAGE POLICY: 4.1 Accountability Voyageur is responsible for personal health information in its possession or custody and has designated a Privacy Officer to oversee compliance to the Corporate Policy and Procedures. Voyageur will not share or transfer information to a third party. 4.2 Identifying Purpose for Collection of Customer Information Voyageur will identify the purposes for which personal health information is collected at or before the time the information is collected. Depending on the sensitivity of the information, the purpose may be stated orally or in writing. 4.3 Obtaining Consent The individual s consent will be obtained for collection, use or disclosure of their personal health information, except where required by law. Voyageur collects personal health information for the purposes of providing transportation of individuals, in addition to accounting, administration and management of transportation services. When personal health information is disclosed by a health information custodian, such as hospitals or schools, an individual s consent is implied for the purpose of providing our services within their circle of care. Persons collecting personal health information will be able to explain to individuals the purpose for which the information is collected. 4.4 Limiting Collection of Personal Information Personal health information collected shall be limited to that which is necessary for the purposes identified by Voyageur, or as otherwise permitted by law. 4.5 Limiting Use, Disclosure and Retention of Personal Information Voyageur will not use or disclose personal health information for purposes other than the identified purposes for which it was collected, except with the consent of the individual or as required by law. Voyageur will retain personal health information only for as long as necessary to fulfill the identified purpose. Voyageur will ensure personal health information is protected during disposal or destruction to prevent unauthorized parties from gaining access to the information. Voyageur will dispose of or cause destruction of the information using the most appropriate methods.

3 SUBJECT: VOYAGEUR PAGE Accuracy of Personal Information The personal health information kept shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is to be used. Voyageur relies upon its customers to notify it of any changes or corrections to their personal health information through the access provisions of this privacy policy. 4.7 Security and Safeguards Personal health information shall be protected using various methods that are appropriate to the sensitivity levels of information: Physical restrictions include locked filing cabinets, controlling physical access to documents, and securing technological equipment from theft or damage Technological controls includes use of passwords, automatic screen savers during computer inactivity, storing information on secure servers, installing firewalls, and the installation of anti-virus software Organizational controls include confidentiality agreements, termination processes (such as changing passcodes, locks and passwords), reviewing and updating policies as required, ensuring staff are well training on privacy regulations, and promoting privacy as part of the Voyageur culture The security safeguards will protect personal health information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Voyageur will protect personal health information regardless of the format in which it is held. Voyageur will ensure personal health information is protected during disposal or destruction to prevent unauthorized parties from gaining access to the information. Voyageur will dispose of or cause destruction of the information using the most appropriate methods. 4.8 Openness Concerning Policies and Practices Information will be available to individuals about our policies and procedures relating to the management of personal health information under the company s control without unreasonable effort. The information may be available in a variety of ways such as on-line access or brochures. 4.9 Individual Access of Personal Information Upon written request to Voyageur s Privacy Officer, an individual will be informed of the existence, use and disclosure of his personal health information that is under

4 SUBJECT: VOYAGEUR PAGE 4 the company s care and control as required and permitted by law. Individuals are entitled to challenge the accuracy and completeness of their personal health information and request that it be amended, which Voyageur shall amend once confirming the accuracy of the new information and where such amendment is appropriate in the circumstances Handling Inquiries or Complaints Any questions or inquiries concerning compliance with our privacy policies and procedures may be addressed to: Catherine McBride, Privacy Officer Voyageur Transportation Services, 573 Admiral Court, London, Ontario, N5V 4L3, Phone: Ext catherine@voyageurtransportation.ca 5.0 RESPONSIBILITY: 5.1 It is the responsibility of all Company personnel, Independent Contractors and suppliers to adhere to this policy. 5.2 It is the responsibility of all Company personnel, Independent Contractors and suppliers to maintain the confidentiality and security of all personal health information to which they have access in accordance with Provincial and Federal laws. 5.3 It is the responsibility of the Privacy Officer to monitor Company-wide application of this policy and compliance with applicable Provincial and Federal laws. 5.4 It is the responsibility of each manager for ensuring this policy is adhered to within their respective centres. Reference: Privacy of Personal Information (VTS-111)

5 SUBJECT: VOYAGEUR PAGE 5 Revision Log Rev. Level Rev. Date Description of Change 1 01/01/2014 Change Date 2 04/22/2014 Added some definitions, responsibilities, changed Privacy Officer s name, and some wording changes