ADMINISTRATIVE MANUAL Policy and Procedure



Similar documents
PRIVACY BREACH MANAGEMENT POLICY

Guide to Identifying Personal Information Banks

4.7 Website Privacy Policy

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

Information Management and Protection Policy

The Manitoba Child Care Association PRIVACY POLICY

Privacy Policy on the Responsibilities of Third Party Service Providers

3. Consent for the Collection, Use or Disclosure of Personal Information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

The Northern Lakes CMH Recipient Rights Officer is designated as the Substance Abuse Program Recipient Rights Advisor.

Privacy Incident and Breach Management Policy

Protection for Persons in Care Act

Taking care of what s important to you

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Information Governance Policy

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

CORK INSTITUTE OF TECHNOLOGY

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

How To Ensure Health Information Is Protected

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

SECTION ti -LIABILITY, INSURANCE AND RISK MANAGEMENT

ALL PARENTS HAVE THE FOLLOWING RIGHTS: THE RIGHT TO A FREE PUBLIC SCHOOL EDUCATION.

Policy on the Security of Informational Assets

Merthyr Tydfil County Borough Council. Data Protection Policy

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information

Notice of Privacy Practices

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

Personal Information Protection Policy for Small and Medium-Size Businesses

Wyoming School Boards Association Insurance Trust ( The Plan ) HEALTH CARE PLAN PRIVACY NOTICE

NOTICE OF PRIVACY PRACTICES

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

PROTECTION OF PERSONAL INFORMATION

Information Security Policy

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Departmental Directive on the Management of Information in the Student Record and Other Records Pertaining to Students

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

Data Compliance. And. Your Obligations

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

PRIVACY BREACH POLICY

DATA PROTECTION AND DATA STORAGE POLICY

The Health Information Protection Act

DATA PROTECTION POLICY

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

Health Insurance Portability and Accountability Act (HIPAA)

How To Protect Mental Health Information In Upb

Data Protection Policy

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

1. Each employee is responsible for managing college records in a responsible and professional manner.

College of DuPage Information Technology. Information Security Plan

Personal Health Information Privacy Policy

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

Kingsway Financial Services Inc. Privacy Policy

Protection of Privacy

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F Saskatchewan Workers Compensation Board

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions

Nova Scotia Guidelines for School Counselling Records and Standards of Practice (Draft) Department of Education and Early Childhood Development

9/11 Heroes Stamp Act of 2001 File System

Corporate Policy. Data Protection for Data of Customers & Partners.

JOB APPLICANT PRIVACY NOTICE

HIPAA Notice of Privacy Practices

M&T BANK CANADIAN PRIVACY POLICY

Disclosure is the action of making new or secret information known.

Privacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

SCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Greater Dallas Orthopaedics, PLLC. Notice of Privacy Practices

HIPAA and Privacy Policy Training

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

Information with a person who is involved in your medical care or payment for your care, such as your family or a

AlixPartners, LLP. General Data Protection Statement

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

Clevertar Privacy Policy

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

Policy & Procedure. This policy applies to all records in the custody and control of SMGH.

Transcription:

ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information, Capital Health recognizes the importance of privacy and the sensitivity of personal information and has a responsibility: 1.1. To protect the privacy of each individual whose personal information it holds; 1.2. To afford the individual an opportunity to access that personal information; 1.3. To use and share personal information effectively to support the provision of health care, research and planning. 2. The right of individuals to privacy and to control use of their personal information, within the limits of the law, is essential to client care and the service provider relationship. 3. SCOPE 3.1. This policy applies, along with other relevant Capital Health policies, to any access to personal information in the custody of Capital Health including, but not necessarily limited to: 3.1.1. All programs and services of the Capital Health, and all employees of those programs and services; 3.1.2. All medical, dental and scientific staff with privileges at Capital Health; 3.1.3. Researchers, research assistants, fellowships and all other employees, learners and contractors conducting research on the premises of Capital Health or using personal health information related to individual of Capital Health that is collected or in the custody of Capital Health; 3.1.4. All learners completing internships, practicums, or work terms at Capital Health; 3.1.5. All volunteers of Capital Health including but not limited to all persons appointed or invited to fulfill advisory, consultation or decision-making roles on Capital Health committees, panels, etc. 3.1.6. All agents and contractors of the Capital Health;

Privacy Page 2 of 7 3.1.7. All consultants hired or engaged by the Capital Health; 3.1.8. The members of the Board of Directors of Capital Health and of Capital Health Community Health Boards. 4. Capital Health only collects personal information from and about an individual: 4.1. To provide care and treatment; 4.2. For any purposes associated with the administration and management of Capital Health; 4.3. To plan, administer and manage quality of care provided by Capital Health; 4.4. To meet any legislative and regulatory requirements (e.g. Vital Statistics); 4.5. To support and promote research and education. 5. COMPLIANCE 5.1. Any breach of this Policy may result in significant disciplinary action up to and including termination or revocation of privileges, and termination of access to information. 5.2. Personal information may only be used as permitted by Capital Health and under the same legislation legal limitations that apply to Capital Health. 5.3. The Capital Health Privacy Officer is to be notified at the first reasonable opportunity if personal information is lost, stolen or accessed without authorization. DEFINITIONS Personal Information: Information in any form, including personal health information, that identifies an individual or could enable the individual to be identified, including but not necessarily limited to information about an individual, including: The individual s name, address or telephone number; The individual s race, national or ethnic origin, colour, or religious or political beliefs or associations The individual s age, sex, sexual orientation, marital status or family status; An identifying number, symbol or other particular assigned to the individual; The individual s fingerprints, blood type or inheritable characteristics; Information about the individual s physical or mental health which may include family history as reflected in the individual s health record; Information about the individual s educational, financial, criminal or employment history; Anyone else s opinions about the individual; and The individual s personal views or opinions, except if they are about someone else and the person who generated the opinion did so in the course of employment with Capital Health.

Privacy Confidentiality Security Privacy Page 3 of 7 Includes an individual s right to determine when, how, and to what extent they share information about themselves with others. The right of privacy and consent are essential to the trust of the client care or service provider relationship. Means the obligation of an individual, organization or custodian to protect the information entrusted to it and not misuse or wrongfully disclose it. [Source: Preliminary Draft of the Pan-Canadian Health Information Privacy and Confidentiality Framework]. Includes the measures taken to protect personal health information from unauthorized or unintentional loss, theft, access, use, modification or disclosure. GUIDING PRINCIPLES 1. This Privacy Policy outlines how Capital Health manages personal information and safeguards privacy. 2. Management and protection of health information at Capital Health is governed by the Hospitals Act, Section 71, all other personal information is governed by the Freedom of Information and Protection of Privacy Act (the FOIPOP Act). The Personal Information International Disclosure Protection Act (PIIDPA) governs the access, storage, disclosure and transportation of personal information outside of Canada. Capital District Health Authority is responsible to comply with this and any other relevant legislation PROCEDURE 1. Accountability for Personal Information 1.1. All Capital District Health Authority staff and individuals outlined in the policy Scope are accountable to protect the privacy of personal information under the control of Capital District Health Authority. 1.2. The Chief Executive Officer of Capital Health delegates responsibility for the management of privacy issues to the Privacy Officer including, but not limited to: 1.2.1. Privacy policy and guideline development; 1.2.2. Privacy education and training; 1.2.3. Privacy inquires and complaints; 1.3. The Privacy Officer, on an on-going basis, monitors the Privacy policy and makes recommendations related to the protection of personal information. 2. Identifying Purposes for the Collection of Personal Information 2.1. All persons collecting personal information on behalf of Capital Health explains, to the extent necessary and as requested by the individual, the purpose for which the information is being collected or direct the individual to a person who can provide that information. 2.1.1. Explain verbally or by using an admission or appointment form, poster or brochure. 2.2. Capital Health makes available to individuals written information on the general uses and disclosures of personal information.

Privacy Page 4 of 7 2.2.1. This information may be contained in posters, brochures or forms available to all individuals and should make reference to administration of health care services, research and statistics, legal and regulatory requirements, and education of health care providers. 2.3. At the request of the individual, Capital Health provides as much information as is available on the specific uses and disclosures of their personal information. 3. Limiting Collection of Personal Information 3.1. Capital Health: 3.1.1. limits the collection of personal information to that which is necessary to fulfill the purposes identified 3.1.2. collects the information by fair and lawful means. 4. CONSENT for the Use and Disclosure of Personal Health Information As per Section 71 of the Hospitals Act, individual consent is not required for the use or disclosure of personal health information for care and treatment of the individual if the use or disclosure is by a person on staff at the hospital, or by the qualified medical practitioner of the person concerned designated by the person as his physician. Consent to use and disclose personal health information is not required for the following purposes: Payment by the individual for any non-insured hospital services; Administration and management of Capital Health (e.g. wait list management); Compliance with any legislative/legal and regulatory requirements (e.g. providing birth and death information to NS Vital Statistics; compliance with Ministerial Authorizations compliance with a valid search warrant or subpoena). 4.1. Ensure that the individual knows of and consents to the use and disclosure of the individual s personal information for all purposes, except as required or authorized by law. (See Capital Health s Release of Information from the Health Record, CH 30-015, for further information.) Note: Disclosures required by law include but are not necessarily limited to communicable diseases, child and adult protection matters and compliance with court orders. Disclosures authorized by law include disclosures pursuant to a Ministerial Authorization. As per Section 71(5) (e) of the Hospitals Act, the Minister of Health may authorize access to individuals records without the individuals consent. Only the information specified in the Ministerial Authorization may be provided to the individuals named in the Authorization. 5. Limiting Use and Disclosure and Retention of Personal Information 5.1. Capital Health limits the use and disclosure of personal information to the identified purposes, except with the consent of the individual or as required or authorized by law. (Refer to Capital Health s Interacting With Law Enforcement Agencies CH 100-065 and Capital Health Release of Information from the Health Record CH 30-015.)

Privacy Page 5 of 7 5.2. If a person or agent is in doubt as to whether or not to disclose personal information, consult with the immediate supervisor, and/or contact the Privacy Officer. 5.3. Retain individual records as per the Capital Health s record retention schedule. (Refer to Capital Health Retention of Records CH 100-055.) 5.4. Prior to the use of personal information in the course of research, obtain approval, in advance, by the Capital Health Ethics Review Board and in accordance Capital Health Research Ethics policies and Capital Health Release of Information from the Health Record Policy. 6. Accuracy of Personal Information 6.1. Ensure that personal information is as accurate, complete, and up-to-date as is necessary for the purpose of which it is to be used. 6.2. As per Section 25 of the FOIPOP Act, an individual who believes there is an error or omission in his/her personal information may make a request to Capital Health to correct the information. 6.3. Direct requests for changes of personal information in writing to the Privacy Officer. 6.3.1. Direct any concerns with regards to the individual s ability to place their request in writing to the Privacy Officer as well. 6.4. Capital Health is not required to correct the information if the Privacy Officer determines that a correction is not appropriate. Include the request for correction with the individual s record. 7. Safeguards for Personal Health Information 7.1. Capital Health protects personal information in its custody or control regardless of the format in which it is held. 7.1.1. The nature of safeguards varies depending on the sensitivity of the information. 7.1.2. These security safeguards are in keeping with industry standards and are designed to protect personal information against loss or theft as well as unauthorized access, disclosure, copying, use or modification. 7.2. The safeguards include, but are not limited to, the following: 7.2.1. Appropriate storage of hospital records in secure cabinets and/or rooms; 7.2.2. Password protection and restricted access for any information held electronically; 7.2.3. Appropriate location of personal information, including placement of terminal screens, printers and paper records; 7.2.4. Access to personal information permitted on a need-to-know basis; that is, if the information is required for an authorized person to perform his/her functions within Capital Health; 7.2.5. Confidentiality Agreements for all employees and any other persons who may access personal information; and 7.2.6. Technological safeguards such as security software and firewalls to prevent hacking or unauthorized computer access.

Privacy Page 6 of 7 7.3. Capital Health provides all new staff and volunteers with appropriate training on the importance of maintaining the privacy and confidentiality of personal information. This may include: 7.3.1. staff training 7.3.2. orientation information 7.3.3. signing and discussion of Capital Health s Confidentiality Agreement at time of hire or placement 7.3.4. periodic re-signing of the Confidentiality Agreement. 8. Openness about Personal Information Policies and Practices 8.1. Capital Health provides copies of its Privacy Policy and associated policies/guidelines to any person who requests them. 8.2. Information made available includes: 8.2.1. The name or title, and the contact information of the Privacy Officer; 8.2.2. The process of gaining access to personal information held by Capital Health; 8.2.3. A copy of the Privacy Policy and/or brochures or other information explaining the Privacy Policy. 9. Individual Access to One s Own Personal Information 9.1. Any individual can request a copy or to view his/her own personal information. 9.2. As per Section 71 of the Hospitals Act, if requested, any individual may receive or view personal health information (see Capital Health s Release of Information from the Health Record, #CH 30-015, for further information.) Advise the individual that fees for access may be charged as per the Hospitals Act Fees Regulations. 9.3. Any individual may receive personal information held by Capital Health by making an application to the Privacy Officer under the Nova Scotia Freedom of Information & Protection of Privacy Act. 9.4. If unable to provide access to all of the information held about an individual, explain the reason for denying the access. Note: Exceptions to the access requirement will be limited and specific and may include information that cannot be disclosed for legal, security, or commercial proprietary reasons, information that is deemed to be a physician s private office record, and information that is subject to solicitor-client privilege or other litigation purposes. 10. Challenging Compliance with the Privacy Policy 10.1. The individual may challenge Capital Health s compliance with the principles set out in this Policy by submitting their concerns in writing to the Privacy Officer: Privacy Officer Capital District Health Authority Phone: 473-4866 10.2. Capital Health s Privacy Officer oversees the procedures taken to receive and respond to complaints or inquires about its handling of personal health information.

Privacy Page 7 of 7 10.3. Capital Health investigates all complaints and takes appropriate measures to ensure compliance with this Policy. RELATED CDHA DOCUMENTS: Policies Release of Information from the Health Record CH 30-015 Retention of Records CH 100-055 Release of Information Restriction-Verbal (Communications Blackout) CH 30-014 Release of Information: Fee Schedule CH 30-016 Restricted Areas, Access to CH 80-075 Interacting with Law Enforcement Agencies CH 100-065 Web Policy - Internet and Intranet CH 50-080 Computer end-user acceptable use CH 50-020 Electronic Email Service CH 50-045 Virtual Private Network CH 50-085 Remote Access CH 50-070 Password CH 50-015 Internet Access/Use CH 50-005 Information Technology Audit Ch 50-010 Departmental and Enterprise Applications CH 50-075 REFERENCES Nova Scotia Department of Health: Best Practices Privacy Committee The Ottawa Hospital Privacy Policy Nova Scotia Freedom of Information & Protection of Privacy Act Nova Scotia Hospitals Act Personal Information International Disclosure Protection Act (PIIDPA) Timmins and District Privacy Policy Vancouver Island Health Authority Privacy Policy The Hospital for Sick Children, Privacy of Personal Information University Health Network Privacy Policy CAN/CSA-Q830-96 Model Code for the Protection of Personal Information, CSA * * *

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information