Health Care Provider Guide
|
|
- Abigail Horton
- 8 years ago
- Views:
Transcription
1 Health Care Provider Guide Diagnostic Imaging Common Service Project, Release 1 Version: 1.4
2 Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying or transmission electronically to any computer, without prior written consent of ehealth Ontario. The information contained in this document is proprietary to ehealth Ontario and may not be used or disclosed except as expressly authorized in writing by ehealth Ontario. Trademarks Other product names mentioned in this document may be trademarks or registered trademarks of their respective companies and are hereby acknowledged. ii Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
3 Document Control The electronic version of this document is recognized as the only valid version. Document ID 3598 Document Sensitivity Level Low Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. iii
4 Contents General Information 2 Purpose and Scope... 2 Audience... 2 Related Documents... 2 Glossary... 3 Service Description 4 Overview... 4 Benefits... 5 Benefits to You... 5 Benefits to Your Patients... 5 ehealth Ontario Responsibilities... 5 Diagnostic Imaging Information Publisher Responsibilities... 6 Diagnostic Imaging Information Consumer Responsibilities... 7 Privacy and Security Considerations 8 Patient Consent... 8 Background... 8 Overriding a consent directive... 8 Applying consent directives to Diagnostic Imaging data... 9 Access Requests... 9 Access requests made by patients for Diagnostic Imaging data... 9 Requests for audit logs... 9 Correction Requests...10 Privacy Complaints and Inquiries...10 Privacy Breach Management...10 Security Incident and Breach Management...11 Instructions for Health Care Providers...12 Instructions for Privacy Officers...12 Privacy-related questions from Health Care Provider sites...13 Summary of Security Safeguards in Place at ehealth Ontario 14 Administrative Safeguards...14 Technical Safeguards...15 Physical Safeguards...15 iv Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
5 General Information Purpose and Scope The Diagnostic Imaging Health Care Provider Guide describes the functions and associated benefits provided by ehealth Ontario Diagnostic Imaging Common Service application and the Privacy and Security Considerations, which health care providers and organizations that use the ehealth Ontario Diagnostic Imaging Common Service application must adhere to. Audience The primary audience for this document includes health care providers and organizations across the health care sector that use ehealth Ontario Diagnostic Imaging Common Service application to access Ontario patients DI Results. Related Documents The Diagnostic Imaging Service Guide should be read in conjunction with the following information found at ehealthontario.on.ca: ONE Portal Product Sheet ONE ID Registrant Reference Guide ehealth Ontario Personal Health Information Privacy Policy ehealth Ontario Privacy Complaints and Inquiries Procedure 2 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
6 Glossary Term CPS DI DI CS DI-r ENITS HN IHF LRA MRN ONE ID ONE Portal PACS RA SDM Definition Certification Practices Statement Diagnostic Imaging ehealth Ontario Diagnostic Imaging Common Service Regional diagnostic imaging repository Emergency Neuro Image Transfer System Health (Card) Number Independent Health Facility Local Registration Authority Medical Record Number. Patient identifier unique within an issuer site. Set of systems and processes for the assignment and management of electronic identities to allow secure access to ehealth services. ehealth Ontario Portal provides secure access to collaboration tools, content management and health care applications such as Diagnostic Imaging Common Service. Picture Archiving and Communications Systems Registration Authority Substitute Decision Maker Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 3
7 Service Description Overview Diagnostic Imaging (DI) Common Service is an initiative that supports the sharing and viewing of DI results across Ontario to all hospital and community-based health care providers anytime, anywhere. DI Common Service gives health care providers important information to make better decisions about a patient s treatment. Prior to DI Common Service, authorized health care providers could share images and reports securely with other providers only within their respective Diagnostic Imaging Repositories (DIrs). Now, with the first installment of DI Common Service, diagnostic reports can be shared across the entire province and future releases will enable sharing of diagnostic images and other types of DI information across Ontario. The diagnostic images and corresponding reports are stored in repositories from which they can be retrieved in digital format. This capability is providing physicians with faster access to information resulting in faster diagnosis. ehealth Ontario DI Program is committed to delivering health care providers in Ontario with secure electronic access to their patients comprehensive diagnostic images and reports from anywhere at any time, resulting in improved patient care. The program is achieving this through a number of initiatives in addition to the DI Common Service, which include hospital Diagnostic Imaging Repositories (DI-rs), integration of Independent Health Facilities (IHFs) and the Emergency Neuro Image Transfer System (ENITS). ehealth Ontario DI program is part of the agency s overall strategy to improve access to safe patient care. By putting in place a stable technical infrastructure, it guarantees that health care providers have access to vital clinical activity information when they need it. 4 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
8 Benefits Benefits to You Access to diagnostic reports across Ontario Faster and easier access to images 1 and reports 24/7 Remote access to diagnostic imaging reports for off-hours coverage Real-time clinical collaboration, increasing access to a broader range of specialists Benefits to Your Patients Eliminates unnecessary patient travel Reduces wait times and lengths of stay thanks to faster exam reports and clinical decisions by physicians and specialists Reduces duplicate and unnecessary exams Eliminates the need to physically transfer images or CDs to the specialist ehealth Ontario Responsibilities ehealth Ontario shall comply with the following obligations: Provide Diagnostic Imaging Common Service application functionalities as described below, for registered health care providers 24/7. 1 The initial release of Diagnostic Imaging Common Service will enable provincial sharing of diagnostic reports, while future releases will enable provincial sharing of diagnostic images and other types of DI information. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 5
9 Provide alternative ways to search for a patient of interest within the Diagnostic Imaging Community of the Electronic Health Record Enable access to the patient s diagnostic imaging reports 2 that have been submitted by health care providers to the regional Diagnostic Imaging Repositories. Do not provide access to diagnostic imaging information that has been restricted by one or more consent directives issued by the patient. Temporarily reinstate access to diagnostic imaging information restricted by consent directives when the health care provider indicates that the patient s or his/her substitute decision maker s approval has been obtained. Provide general support for the application during standard business hours as described in the Support section of this guide. Update the application to expand and enhance the functionalities provided. Create and maintain a certification practices statement (CPS) that describes the practices followed by ehealth Ontario certification authority when issuing public key infrastructure certificates and keys. Conduct privacy and security assessments to ensure that the collection, storage, use and disclosure of personal identity information related to registration comply with legislative and privacy protection requirements. Assist providers in meeting their legislative obligation on responding to individual s access and correction requests. Diagnostic Imaging Information Publisher Responsibilities Health care providers that publish diagnostic imaging information shall comply with the following obligations: 2 The initial release of Diagnostic Imaging Common Service will enable provincial sharing of diagnostic reports, while future releases will enable provincial sharing of diagnostic images and other types of DI information. 6 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
10 Provide timely, complete and accurate diagnostic imaging order information to the regional Diagnostic Imaging Repository. Provide all diagnostic imaging reports, complete and accurate information associated with each report, all report addendums and all report replacements to the regional Diagnostic Imaging Repository on a timely basis. Diagnostic Imaging Information Consumer Responsibilities Health care providers that use diagnostic imaging information shall comply with the following obligations: Register as user of a portal hosting the Electronic Health Record Diagnostic Imaging application. Enrol in the Electronic Health Record Diagnostic Imaging application to access diagnostic imaging information submitted to the Diagnostic Imaging Repositories across Ontario. Follow the requirements of the ehealth Ontario Identity Provider Standard. Agree to follow ehealth Ontario acceptable use policy available at Review the reference information listed above and learn how to protect privacy and security when using ehealth Ontario products. Use Diagnostic Imaging Common Service application s functionalities only for approved clinical purposes. Always indicate the person or the organization that the user represents when accessing diagnostic imaging information. Diagnostic Imaging Common Service application to locate the electronic health record for the patient under your care. Obtain the patient s or the substitute decision maker s consent prior requesting temporary reinstatement of consent to access diagnostic imaging information restricted by consent directives. Use Diagnostic Imaging Common Service application to display, print or save diagnostic imaging reports. When support is required, follow the troubleshooting process as described in the Support section below. Implement and assist users to follow privacy and security policies, where applicable. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 7
11 Privacy and Security Considerations Patient Consent Background As custodians of patient personal health information (PHI), health care providers working at sites have obligations under PHIPA and Ontario Regulation 329/04 (the regulation) for protection of PHI. Patient Consent Model DI Common Service data has a consent directive capability, which gives patients or their substitute decision maker (SDM) the option to restrict access to patient data in DI Common Service. A patient may restrict access to either: All of his/her diagnostic imaging results in DI Common Service (Domain consent directive); or A particular diagnostic imaging result.(hic Record consent directive) Not in Place in the first release In other words, if a patient restricts access to his/her results in DI Common Service, health care providers querying DI Common Service data will not be able to access any patient information that has been, or will be, submitted into DI Common Service. Overriding a consent directive In special cases (with consent from the patient or the patient s SDM) the patient directive restricting access to the test may temporarily be overridden by a provider. Health care providers may request to temporary override a consent directive applied to data when access has been granted directly by a patient or the patient s SDM (express consent). No health care provider using DI Common Service should override a consent directive applied to DI Common Service data without the patient s or SDM s express consent. Therefore, health care providers using DI Common Service are permitted to override consent directives applied to DI Common Service data only where permission to do so has been expressly authorized by the patient or the patient s SDM prior to performing the consent directive override. Overriding a patient s consent directive for DI Common Service data without express consent from the patient or the patient s SDM will constitute a breach of the EHR Access Services Schedule, and will be subject to the remedies available under the agreement. Temporary override will be logged in DI Common Service application interface, along with the identity of the overriding health care provider. 8 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
12 Applying consent directives to Diagnostic Imaging data If a patient contacts a health care provider and wishes to place a restriction on access to his/her information in DI Common Service, or wishes to reinstate access (remove the restriction), the HIC should Capture the patient and consent directive information on the DI CS Consent Form, and submit the patient and consent directive information to ehealth Ontario by faxing it to (416) or , In instances where a patient wants to issue consent directives on records contributed by more than one HIC, the provider can direct the individual to contact ehealth Ontario at to apply consent directives as per the consent management policy. Access Requests Access requests made by patients for Diagnostic Imaging data Under PHIPA, patients or their SDMs have a right to access the patient s data held by a HIC about the patient. Where provider receives a request for records collected, created and contributed by the provider to DI CS, the provider shall follow their Part V of PHIPA and its internal policies, procedures and practices to respond directly to the individual in respect of the Request for Access. In instances where request for access involve information contributed by another HIC or by multiple HICs, the provider shall Notify the individual that the Request for Access involves PHI not within the custody or control of the HIC that received the Request for Access; and Direct individual to contact ehealth Ontario at to make the Request for Access As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Requests for audit logs Where a provider receives a Request for Access directly from an individual related to the audit logs for records stored in DI CS the HIC shall Notify the individual that the HIC is unable to process the Request for Access; and Direct individual to contact ehealth Ontario at to make the Request for Access to logs Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 9
13 As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Correction Requests Where a HIC receives a Request for Correction directly from an individual related to records of PHI that were created and contributed to the DI CS solely by that HIC, the HIC shall follow Part V of PHIPA and its internal policies, procedures and practices to respond directly to the individual in respect of the Request for Correction. Where a HIC receives a Request for Correction directly from an individual related to records of PHI that were created and contributed to the DI CS solely by another HIC or by more than one HIC, the HIC that received the Request for Correction shall as soon as possible, but in any event no later than 2 days after receiving the Request for Correction: Notify the individual that the Request for Correction involves PHI not within the custody or control of the HIC that received the Request for Correction; and Direct individual to contact ehealth Ontario at to make the correction request As per the DI CS Access and Correction policy, ehealth Ontario may seek assistance from you when responding to access requests received directly by ehealth Ontario. Privacy Complaints and Inquiries Where a HIC directly receives an Inquiry/complaint related to DI CS and solely to the HIC and its agents and service providers, the HIC shall follow its own internal policies, procedures, and practices to address the Inquiry as per the DI CS Inquiries and Complaints policy. Where a HIC directly receives an Inquiry that it is unable to address and respond to related solely to DI CS or to the agents or Electronic Service Providers of ehealth Ontario, the HIC receiving the Inquiry as per the DI CS Inquiries and Complaints policy shall as soon as possible: Notify the person that the HIC is unable to respond to the Inquiry because DI CS is the subject of the Inquiry; and Direct individual to contact ehealth Ontario Privacy Office at (416) for complaints and inquiries. Privacy Breach Management The DI CS Privacy Breach Management policy describes detailed steps to be taken in the event of the privacy breach/incident. 10 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
14 A HIC shall report an actual or suspected Privacy Breach to ehealth Ontario by calling the 24/7 available Service Desk/ONE Support at as soon as possible, but in any event no later than the end of the next business day after the person at the HIC responsible for reporting actual or suspected Privacy Breaches to ehealth Ontario has become aware of an actual or suspected Privacy Breach caused or contributed to by: Another HIC or the agents or Electronic Service Providers of another HIC; More than one HIC or the agents or Electronic Service Providers of more than one HIC; ehealth Ontario or the agents or Electronic Service Providers of ehealth Ontario; or Any other unauthorized persons who are not agents or Electronic Service Providers of ehealth Ontario or any other HIC. In instances where breach is caused by HIC who solely created and contributed the data to DI CS, the HIC shall follow its internal policies, procedures, and practices to notify the individual(s) to whom the PHI relates at the first reasonable opportunity in accordance with PHIPA and to contain, investigate and remediate the Privacy Breach. In instances where breach is where the Privacy Breach was solely caused by a HIC that did not solely create and contribute the PHI to the DI CS, the HIC in consultation with other HICs (who contributed data) and ehealth Ontario identify the individual to investigate the breach. The specific roles for each party involved in the privacy breach are noted in the DI CS Privacy Brach Management policy. Security Incident and Breach Management This section includes instructions for providers at clinics and privacy officers at organizations to report to ehealth Ontario any security incidents or breaches (defined below) by you or your organization, including health care providers, agents, employees or service providers. A security incident is an unwanted or unexpected situation that results in: Failure to comply with the organization s security policies, procedures, practices or requirements. Unauthorized access, use or probing of information resources. Unauthorized disclosure, destruction, modification or withholding of information. A contravention of agreements with ehealth Ontario by your organization, users at your organization, or employees, agents or service providers of your organization. An attempted, suspected or actual security compromise. Waste, fraud, abuse, theft, loss of or damage to resources. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 11
15 Instructions for Health Care Providers If you become aware of, or suspect, a security incident or breach of the Diagnostic Imaging Common Service system or data by you or any of your employees, agents, or service providers, you must immediately report the incident or breach to your privacy office. If you do not have a privacy office, or you are unable to reach your privacy office or support team to report a breach, please contact the ehealth Ontario service desk at and advise the ehealth Ontario agent that you would like to open a security incident ticket. You are expected to cooperate in any incident or breach containment activities or with any investigation undertaken by ehealth Ontario. During the investigation by ehealth Ontario, you may be required to provide additional information which may include personal health information or personal information, in order to contain or resolve the incident or breach. Note: It is extremely important that you do not disclose any patient personal health information and/or personal information to the ehealth Ontario agent when initially reporting a security incident or breach. Instructions for Privacy Officers If you become aware of, or suspect, an incident or breach related to Diagnostic Imaging Common Service system or data by any of your organization s staff members, including employees, agents or service providers, you must immediately report the incident or breach to the ehealth Ontario service desk at and advise the ehealth Ontario agent that you would like to open a security incident ticket. Note: It is extremely important that you do not disclose any patient personal health information and/or personal information to the ehealth Ontario agent when initially reporting a privacy or security incident or breach. Further, you may not contact any patient or SDM directly, unless expressly instructed to do so in writing by ehealth Ontario. It is expected that you and the organization s staff members will cooperate with any investigations conducted by ehealth Ontario in respect of any privacy or security incidents or breaches related to Diagnostic Imaging Common Service data. When reporting a confirmed or suspected privacy or security incident, please have the following information ready: 1) If possible, a description of the situation and condition that led to the incident. 2) Who was involved (name and role)? 3) Where did the incident happen? 4) When and at what time was the incident noticed? 5) If possible, describe how the incident was detected. 6) If possible, provide information on the most likely cause for example: a) Human error b) Negligence c) Technical failure, caused by failure of an application or system to maintain privacy 12 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
16 d) Process failure, caused by not following a process e) Wilful wrongdoing f) Act of nature 7) Describe the type of PI/PHI involved in the incident. 8) If possible, list measures taken to contain the incident or breach or any risks that could eventually result in an incident or breach. 9) If possible, list any corrective measures taken or additional controls applied. 10) What services, if any, are impacted? 11) Are ehealth Ontario s services impacted or involved? Once a call has been logged with the ehealth Ontario service desk, the ehealth Ontario privacy and security teams will be engaged to deal with the situation. Privacy-related questions from Health Care Provider sites If a health care provider has any questions regarding the privacy-related processes described above, including how to respond to individual access requests, consent obligations or incident/breach management processes, please contact the ehealth Ontario privacy operations department, at privacyoperations@ehealthontario.on.ca. or (416) Please ensure that you do not include any personal information or personal health information in any s to ehealth Ontario. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 13
17 Summary of Security Safeguards in Place at ehealth Ontario Administrative Safeguards ehealth Ontario has a Chief Privacy Officer and Chief Security Officer; these individuals are accountable for health information privacy and security All providers who use DI Common Services must sign a data access agreement with ehealth Ontario, which, among other things, spells out their responsibilities regarding privacy and security. ehealth Ontario requires its representatives to implement privacy and security safeguards, as appropriate to the service being provided. ehealth Ontario regularly reviews and enhances its privacy and security policies. Staff and contractors are required to read the relevant policies and acknowledge in writing that they have read and understood them. All staff and contractors must sign confidentiality agreements and undergo criminal background checks prior to joining or providing services to ehealth Ontario. ehealth Ontario has a security screening policy that requires staff to have an appropriate level of clearance for the sensitivity of the information they may access. ehealth Ontario staff and contractors generally have no ability or permission to access personal health information. If access to personal health information is required in the course of providing ehealth Ontario services, individuals are required to follow the access request process and are prohibited from using or disclosing such information for other purposes. ehealth Ontario ensures, through contracts, that any third party it retains to assist in providing services to health information custodians will comply with the restrictions and conditions necessary for ehealth Ontario to fulfill its legal responsibilities. ehealth Ontario has developed a full privacy and security incident management system. ehealth Ontario has mandatory privacy and security awareness and training programs for all staff and contractors. ehealth Ontario staff, contractors, suppliers and clients must promptly report any privacy and/or security breaches to ehealth Ontario for investigation. ehealth Ontario conducts privacy and security risk assessments for both product/service development and client deployments. Mitigation activities are well established and tracked as part of each assessment. 14 Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name.
18 ehealth Ontario provides a summary of the results of privacy and security risk assessments to the affected health information custodians. ehealth Ontario ensures all operational and systems changes follow the agency s change management procedures. Technical Safeguards Authorization and authentication (i.e. confirming who each user is, and what he/she is permitted to do) controls limit access to DI Common Services to only those individuals who require it to perform their job function. DI Common Services users are authenticated each time they access the system. Information about each data request is recorded in an audit trail maintained by DI Common Services, in compliance with PHIPA. Patients can expressly withhold or withdraw their consent to use or disclose information related to their diagnostic imaging information. The DI Common Services verifies all inbound messages to ensure that they are well formed. Personal health information is transmitted to and from DI Common Services securely using a mutually authenticated tunnel. Networks are protected by devices (firewalls and routers) which limit access to and from systems. The systems are kept up-to-date by installing software updates on a regular basis. Security agents are installed on each system to protect DI Common Services from malware and detect intrusions. ehealth Ontario s hosting environment provides continuous secure data backup and immediate failover capabilities for all system components. Physical Safeguards DI Common Services resides in a specially-built facility that is physically secured against unauthorized access. Biometrics, secure cabinets and access cards control physical access to facilities and equipment. The facilities are staffed and monitored continuously by security staff/employees. The facility is protected against environmental issues such as power outages and extreme weather. Diagnostic Imaging Common Service Project, Release 1 / Health Care Provider Guide /Version No Error! Unknown document property name. 15
ehealth Ontario Ontario Lab Data and Your EMR
ehealth Ontario Ontario Lab Data and Your EMR 2012 ehealth Ontario NOTICE AND DISCLAIMER All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in
More informationPrivacy Incident and Breach Management Policy
Privacy Incident and Breach Management Policy Privacy Office Document ID: 2480 Version: 2.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationElectronic Health Record Privacy Policies
Electronic Health Record Privacy Policies Table of Contents 1. Access and Correction Policy v1.1 2. Assurance Policy v1.1 3. Consent Management Policy v1.2 4. Inquiries and Complaints Policy v1.1 5. Logging
More informationPrivacy Policy on the Responsibilities of Third Party Service Providers
Privacy Policy on the Responsibilities of Third Party Service Providers Privacy Office Document ID: 2489 Version: 3.1 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014,
More informationPersonal Health Information Privacy Policy
Personal Health Information Privacy Policy Privacy Office Document ID: 2478 Version: 6.2 Owner: Chief Privacy Officer Sensitivity Level: Low Copyright Notice Copyright 2014, ehealth Ontario All rights
More informationAccess & Correction Policy
EHR Policies Table of Content 1. Access & Correction Policy.. 2 2. Assurance.. 14 3. Consent Management Policy.. 27 4. Inquiries and Complaints Policy.. 39 5. Logging and Auditing Policy... 51 6. Privacy
More informationGuide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR
Guide to INFORMATION SECURITY FOR THE HEALTH CARE SECTOR Information and Resources for Small Medical Offices Introduction The Personal Health Information Protection Act, 2004 (PHIPA) is Ontario s health-specific
More informationOntario Laboratories Information System Electronic Medical Records Initiative. Privacy Impact Assessment Summary
Ontario Laboratories Information System Electronic Medical Records Initiative Privacy Impact Assessment Summary Copyright Notice Copyright 2011, ehealth Ontario All rights reserved Trademarks No part of
More informationPolicy Reference Guide
Policy Reference Guide Electronic Health Record (EHR) - connectinggta Version: 1.0 ehealth Ontario EHR Access and Correction Request for Service Form - cgta 1 Trademarks Other product names mentioned in
More informationSUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION
SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing
More informationEHR Contributor Agreement
This EHR Contributor Agreement (this Agreement ) is made effective (the Effective Date ) and sets out certain terms and conditions that apply to the sharing of Personal
More informationAccess to Electronic Health Records Policy Franciscan Health System
Access to Electronic Health Records Policy Franciscan Health System PURPOSE: The purpose of the Access to Electronic Health Records Policy ( EHR Policy ) is to establish processes and procedures for permitting
More informationONE Mail Direct. Privacy Impact Assessment Summary
ONE Mail Direct Privacy Impact Assessment Summary Copyright Notice Copyright 2010, ehealth Ontario All rights reserved No part of this document may be reproduced in any form, including photocopying or
More informationehealth Ontario Site Support Guide
ehealth Ontario Site Support Guide Version 8.0 Reference Guide This guide will assist the electronic Child Health Network with information around processes and contacting ehealth Ontario for support. www.ehealthontario.on.ca
More informationResponsibilities of Custodians and Health Information Act Administration Checklist
Responsibilities of Custodians and Administration Checklist APPENDIX 3 Responsibilities of Custodians in Administering the Each custodian under the Act must establish internal processes and procedures
More informationOntario Laboratories Information System ConnectingGTA Integration. Delta Privacy Impact Assessment Summary
Ontario Laboratories Information System ConnectingGTA Integration Delta Privacy Impact Assessment Summary Copyright Notice Copyright 2012, ehealth Ontario All rights reserved Trademarks No part of this
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationOwnership, Storage, Security and Destruction of Records of Personal Health Information STANDARD OF PRACTICE S-022 INTENT DESCRIPTION OF STANDARD
Quality Assurance Committee Approved by Council: February 11, 2014 Amended: September 20, 2014 *(formerly Guideline G-017) Note to readers: In the event of any inconsistency between this document and the
More informationTable of Contents. Acknowledgement
OPA Communications and Member Services Committee February 2015 Table of Contents Preamble... 3 General Information... 3 Risks of Using Email... 4 Use of Smartphones and Other Mobile Devices... 5 Guidelines...
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationQuestions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
More informationMohawk DI-r: Privacy Breach Management Procedure Version 2.0. April 2011
Mohawk DI-r: Privacy Breach Management Procedure Version 2.0 April 2011 Table of Contents 1 Purpose... 3 2 Terminology... 5 3 Identifying a Privacy Breach... 5 4 Monitoring for Privacy Breaches... 6 5
More informationExhibit 2. Business Associate Addendum
Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationPrivacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual
Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer
More informationRecord Keeping. Guide to the Standard for Professional Practice. 2013 College of Physiotherapists of Ontario
Record Keeping Guide to the Standard for Professional Practice 2013 College of Physiotherapists of Ontario March 7, 2013 Record Keeping Records tell a patient s story. The record should document for the
More informationONE Mail Service Availability and Support
ONE Mail Service Availability and Support Document Version: 0.01 Document ID: 4038 Copyright Notice Copyright 2015 ehealth Ontario All rights reserved No part of this document may be reproduced in any
More informationTaking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationNew River Community College. Information Technology Policy and Procedure Manual
New River Community College Information Technology Policy and Procedure Manual 1 Table of Contents Asset Management Policy... 3 Authentication Policy... 4 Breach Notification Policy... 6 Change Management
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationSCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationSTANDARDS OF PRACTICE (2013)
STANDARDS OF PRACTICE (2013) COLLEGE OF ALBERTA PSYCHOLOGISTS STANDARDS OF PRACTICE (2013) 1. INTRODUCTION The Health Professions Act (HPA) authorizes and requires the College of Alberta Psychologists
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationCommon Privacy Framework CCIM Assessment Projects
Common Privacy Framework CCIM Assessment Projects Acknowledgements This material, information and the idea contained herein are proprietary to Community Care Information Management (CCIM) and may not be
More informationThe Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training
The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.
More informationAuthorized. User Agreement
Authorized User Agreement CareAccord Health Information Exchange (HIE) Table of Contents Authorized User Agreement... 3 CareAccord Health Information Exchange (HIE) Polices and Procedures... 5 SECTION
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationPRIVACY BREACH POLICY
Approved By Last Reviewed Responsible Role Responsible Department Executive Management Team March 20, 2014 (next review to be done within two years) Chief Privacy Officer Quality & Customer Service SECTION
More informationINSTITUTE FOR SAFE MEDICATION PRACTICES CANADA
INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationThe Internet and e-mail 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3
Table of Contents 1 Acceptable use 1 Violations 1 Administration 1 Director and Supervisor Responsibilities 1 MIS Director Responsibilities 1 The Internet and e-mail 2 Acceptable use 2 Unacceptable use
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationMONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP)
MONTSERRAT COLLEGE OF ART WRITTEN INFORMATION SECURITY POLICY (WISP) 201 CMR 17.00 Standards for the Protection of Personal Information Of Residents of the Commonwealth of Massachusetts Revised April 28,
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationHow to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice
Information and Privacy Commissioner / Ontario How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Ann Cavoukian, Ph.D. Commissioner
More informationPrivacy Breach Protocol
& Privacy Breach Protocol Guidelines for Government Organizations www.ipc.on.ca Table of Contents What is a privacy breach? 1 Guidelines on what government organizations should do 2 What happens when the
More informationInformation Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services
Information Security Policy Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services Contents 1 Purpose / Objective... 1 1.1 Information Security... 1 1.2 Purpose... 1 1.3 Objectives...
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationFORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT
FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationHIPAA COMPLIANCE PLAN. For. CHARLES RETINA INSTITUTE (Practice Name)
HIPAA COMPLIANCE PLAN For CHARLES RETINA INSTITUTE (Practice Name) Date of Adoption 1/02/2003 Review/Update 10/25/2012 Review/Update 4/01/2014 I. COMPLIANCE PLAN A. Introduction This HIPAA Compliance Plan
More informationBUSINESS ONLINE BANKING AGREEMENT
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationData Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records
CMA POLICY Data Sharing Agreements: Principles for Electronic Medical Records/Electronic Health Records I. INTRODUCTION This document is intended to provide some interim guidance with respect to the main
More informationAnnual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance
Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the
More informationTORONTO CENTRAL LHIN COMMUNITY BUSINESS INTELLIGENCE PROJECT PRIVACY INCIDENT AND BREACH MANAGEMENT POLICY Policy No. 2
TORONTO CENTRAL LHIN COMMUNITY BUSINESS INTELLIGENCE PROJECT PRIVACY INCIDENT AND BREACH MANAGEMENT POLICY Policy No. 2 1.0 Purpose/Background The purpose of this policy is to establish the protocol to
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationInformation Technology Security Policies
Information Technology Security Policies Randolph College 2500 Rivermont Ave. Lynchburg, VA 24503 434-947- 8700 Revised 01/10 Page 1 Introduction Computer information systems and networks are an integral
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationFirstCarolinaCare Insurance Company Business Associate Agreement
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationCalifornia Department of Corrections and Rehabilitation (CDCR) BUSINESS ASSOCIATES AGREEMENT (HIPAA)
California Department of Corrections and Rehabilitation (CDCR) BUSINESS ASSOCIATES AGREEMENT (HIPAA) IN PRISON SUBSTANCE USE DISORDER TREATMENT PROGRAM WHEREAS, Provider, hereinafter referred to in this
More informationOnline Banking Agreement and Disclosures
Online Banking Agreement and Disclosures This agreement states the terms and conditions that apply to your use of Online Banking services offered by Eastman Credit Union. Please read this agreement carefully.
More informationGatekeeper PKI Framework. February 2009. Registration Authority Operations Manual Review Criteria
Gatekeeper PKI Framework ISBN 1 921182 24 5 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright. Apart from
More informationUniversity of Aberdeen Information Security Policy
University of Aberdeen Information Security Policy Contents Introduction to Information Security... 1 How can information be protected?... 1 1. Information Security Policy... 3 Subsidiary Policy details:...
More informationUpdated February 15, 2008 MINISTRY OF HEALTH SOFTWARE SUPPORT ORGANIZATION SERVICE LEVEL AGREEMENT
BETWEEN: HER MAJESTY THE QUEEN IN RIGHT OF THE PROVINCE OF BRITISH COLUMBIA, represented by the Minister of Health ( the Ministry as the Province as applicable) at the following address: Assistant Deputy
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationDISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004
DISASTER RECOVERY INSTITUTE CANADA (DRIC) UPDATED APRIL 2004 This website privacy policy is intended to provide DRIC website visitors with information about how DRIC treats private and personal information
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationPRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7
PRIVACY POLICY Effective: January 1, 2014 Revised: March 19, 2015 Privacy Policy Page 1 of 7 WAJAX CORPORATION PRIVACY POLICY GENERAL POLICY Privacy Overview Wajax Corporation (Wajax) and its business
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationPACS JOINT SERVICES/ACCESS POLICY
PACS JOINT SERVICES/ACCESS POLICY 1. High Level Policy The identifiable Diagnostic Imaging Data stored in PACS constitutes personal health information and is subject to the provisions of The Health Information
More informationWho Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
More informationSUPPLIER SECURITY STANDARD
SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard
More informationACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT
ACCESS TO ELECTRONIC HEALTH RECORDS AGREEMENT THIS AGREEMENT ( Agreement ) is made and entered into this day of, 20, by and between Franciscan Health System ( Hospital ), and ( Community Partner ). RECITALS
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationIndex .700 FORMS - SAMPLE INCIDENT RESPONSE FORM.995 HISTORY
Information Security Section: General Operations Title: Information Security Number: 56.350 Index POLICY.100 POLICY STATEMENT.110 POLICY RATIONALE.120 AUTHORITY.130 APPROVAL AND EFFECTIVE DATE OF POLICY.140
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationSCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationINFORMATION AND PRIVACY COMMISSIONER OF ALBERTA
INFORMATION AND PRIVACY COMMISSIONER OF ALBERTA Report of an investigation of a malicious software outbreak affecting health information August 19, 2011 Dr. Cathy MacLean Investigation Report H2011-IR-003
More informationFUND MANAGER CODE OF CONDUCT
FUND MANAGER CODE OF CONDUCT First Edition pursuant to the Securities and Futures Ordinance (Cap. 571) April 2003 Securities and Futures Commission Hong Kong TABLE OF CONTENTS Page INTRODUCTION 1 I. ORGANISATION
More information