Document Management in the FIPPA Era



Similar documents
Privacy Update Recent Updates in Privacy Law

September Tsawwassen First Nation Policy for Records and Information Management

RECORD AND INFORMATION MANAGEMENT FRAMEWORK FOR ONTARIO SCHOOL BOARDS/AUTHORITIES

ACCESS, PRODUCTION AND RETENTION OF CITY RECORDS

Legal Issues in Hospital Enterprise Risk Management

How To Manage Records And Information Management In Alberta

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

Information and records management. Purpose. Scope. Policy

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice

Scotland s Commissioner for Children and Young People Records Management Policy

Personal Health Information Privacy Policy

How To Ensure Health Information Is Protected

WEST LOTHIAN COUNCIL RECORDS MANAGEMENT POLICY. Data Label: Public

Disposal Authorisation for Information and Technology Management Records. Administrative Schedule No. 4

Approved by: Vice President, Human Resources & Corporate Resources and Vice President, Treasury & Compliance Date: October 14, 2009

Policy & Procedure. This policy applies to all records in the custody and control of SMGH.

SECTION 5 RECORDED INFORMATION MANAGEMENT

PSAB Supplement 21 Records Retention and Disposition

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

Administrative Procedures Memorandum A2005

United Cerebral Palsy of Greater Chicago Records and Information Management Policy and Procedures Manual, December 12, 2008

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

Guideline for Roles & Responsibilities in Information Asset Management

Information and Compliance Management Information Management Policy

Corporate Records Management Policy

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

UNIVERSITY OF MANITOBA PROCEDURE

Basic Records Management Practices for Saskatchewan Government*

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

What is Records Management?

RECORDS MANAGEMENT POLICY

Records and Information Management

NATIONAL ARCHIVES AND RECORDS SERVICE OF SOUTH AFRICA ACT (ACT NO. 43 OF 1996)

4.10 Information Management Policy

Records Management Policy.doc

Cloud Computing Contracts. October 11, 2012

RECORDS MANAGEMENT POLICY

Records Management Policy

Presented by Vickie Swam, Director of University Compliance. Records Management is one of the functions supported by the University Compliance Office.

Cloud Service Contracts: An Issue of Trust

Privacy Incident and Breach Management Policy

RECORDS MANAGEMENT MANUAL

RUTGERS POLICY. Approval Authority: Executive Vice President for Academic Affairs and Senior Vice President for Administration

Records Retention and Disposal Schedule. Information Management

Disposal Schedule for Functional records of Retirement Benefits Fund. Disposal Authorisation No. 2416

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

INFORMATION AND DOCUMENTATION RECORDS MANAGEMENT PART 1: GENERAL IRISH STANDARD I.S. ISO :2004. Price Code

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

What NHS staff need to know

State of Michigan Records Management Services. Frequently Asked Questions About E mail Retention

Privacy Policy on the Responsibilities of Third Party Service Providers

TERRITORY RECORDS OFFICE BUSINESS SYSTEMS AND DIGITAL RECORDKEEPING FUNCTIONALITY ASSESSMENT TOOL

Council Policy. Records & Information Management

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #160.0 Records and Information Management

Lord Chancellor s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000

DOCUMENT RETENTION AND ARCHIVAL POLICY:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS

3. Ensure the management of information is compliant with legislative requirements to maximise the benefits and minimise risks;

Accountable Privacy Management in BC s Public Sector

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

Scope and Explanation

GUIDELINE No. 117 THE PHYSICIAN MEDICAL RECORD*

Chester Beatty Library Records Management Policy

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Records Management Policy

A Guide to Ontario Legislation Covering the Release of Students

Outline of a Research Data Management Policy for Australian Universities / Institutions

Considerations for Outsourcing Records Storage to the Cloud

GREATER TEXAS FEDERAL CREDIT UNION RECORDS PRESERVATION PROGRAM

RECORDS MANAGEMENT POLICY

Interagency Science Working Group. National Archives and Records Administration

Records Management and SharePoint 2013

Records and Document Management

Information Integrity & Data Management

Records Management - Council Policy Version 2-28 April Council Policy. Records Management. Table of Contents. Table of Contents... 1 Policy...

Management of Research Data Procedure

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)

RECORDS MANAGEMENT MANUAL FOR STATE EMPLOYEES

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Government records findings--recognition of public policy.

Union County. Electronic Records and Document Imaging Policy

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Transcription:

Document Management in the FIPPA Era Kathryn Frelick DISCLAIMER This Coffee Talk presentation is provided as an information service and is not meant to be taken as legal opinion or advice. Please do not act on the information provided in this presentation without seeking specific legal advice. Miller Thomson LLP, 2011 All Rights Reserved. All Intellectual Property Rights including copyright in this presentation are owned by Miller Thomson LLP. This presentation may be reproduced and distributed in its current state. Any other form of reproduction or distribution requires the prior written consent of Miller Thomson LLP which may be requested at healtheditor@millerthomson.com

Document Management in the FIPPA Era Overview 1. Records Inventory - What records do you have and where are they located? 2. How do you manage your records? 3. When and how do you dispose of records?

What is document management? Systematic and efficient management of business records throughout their entire lifecycle; from creation to eventual destruction Record information created, received and maintained as evidence in pursuance of legal obligations in the transaction of business (ISO Records Management Standard) Can be any media or format

Why is document management important? Critical asset of organization obligation to organize, control and protect records Legal benefits legislative compliance, evidence, protection during litigation, due diligence Economic benefits business continuity, reduction of storage space, equipment, retrieval costs Operational benefits efficient retrieval of information, support business requirements, consistency Historical benefits preservation of identity and culture, permanent records

Enhanced obligations under FIPPA Access to information Facilitate record retrieval and support appeal process Reporting obligations and prescribed information Directory of Records and personal information banks Protection of Personal Information Retention, safeguards and destruction of records

1. Records inventory Directory of Records obligation to provide Minister of Government Services with information about the types of records in the custody or control of the hospital annually Review information holdings and records management systems in preparation for FIPPA

Records inventory Survey of recorded information in all formats in all areas of the hospital where records are kept Identify FIPPA lead for each office or department to assist with records review (and ongoing obligations) Review existing records, record classification plans, retention or disposal schedules (paper and electronic) and create formal inventory Create consolidated inventory Survey on annual basis

2. Records management Review existing records management policies and practices and incorporate specific requirements under FIPPA Review retention schedules and practices Consolidate or reorganization of records (hospital-wide basis) Identify records that may be suitable for proactive disclosure

2. Records management Consider whether notice and consent forms are compliant with FIPPA for the collection, use and disclosure of personal information Identify whether information security practices comply with FIPPA reasonable measures in place including defined and documented measures to prevent unauthorized access or disclosure and to prevent inadvertent destruction or damage to records

Key elements for record retention policies Record retention system grouping/classification of records applying appropriate retention period to records movement of older records to storage retrieval of records as required proper disposition of records as scheduled Identify roles for staff, managers, senior leadership, privacy office, risk management

Key elements for record retention policies Record retention schedules define period of time that records are maintained and set out specific procedures for destruction Not all records i.e. transitory records Look to usefulness of information and whether there is organizational benefit, anticipated future need, or legal or contractual obligation

Key elements for record retention policies Legal requirements statutory retention and destruction requirements, limitation periods, privacy requirements Other factors patient care, educational, economic, operational, technological, risk management or historical benefits, records with enduring interest Consistency - spoliation of evidence (intentional or negligent destruction of relevant evidence)

Key elements for records retention Records hold where risk of potential litigation or notice of possible legal action, audit, inquest, investigation or proceeding (overrides retention schedule) Also access requests under PHIPA Communication/processes to ensure obligations are met

Retention requirements under FIPPA Personal information - used by the hospital must be retained for at least one year after its last use Person may consent to earlier disposal If a record is subject to an FOI request, privacy complaint or appeal, it must be retained until the request/any appeals have been dealt with Recommendation that once appeals exhausted, maintain for retention period or further five years

3. Disposal of records Process to ensure that records are monitored and identified for destruction in accordance with retention schedules (subject to records holds) Guided by existing legislative requirements (PHA, PHIPA) and IPC guidelines regarding secure disposal of records

Disposal of records under FIPPA Records of personal information: all reasonable steps must be taken to protect the security and confidentiality of personal information that is to be destroyed, including protecting security and confidentiality during storage, transportation, handling and destruction only with authorization of head and in such a way that it cannot be reconstructed or retrieved must maintain disposal record (personal information that has been destroyed and the date of destruction)

Questions? Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information