Privacy and Security Training Policy (PS.Pol.051)



Similar documents
Personal Data Security Breach Management Policy

GUIDANCE FOR BUSINESS ASSOCIATES

Key Steps for Organizations in Responding to Privacy Breaches

How To Ensure Your Health Care Is Safe

WHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy

Plus500CY Ltd. Statement on Privacy and Cookie Policy

Privacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.

Process for Responding to Privacy Breaches

DisplayNote Technologies Limited Data Protection Policy July 2014

VCU Payment Card Policy

THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM

HIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions

HIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.

BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS

Data Protection Policy & Procedure

First Global Data Corp.

FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT

General Records Authority 33. Accredited Training

RATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority

Project Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES

Cloud-based File Sharing: Privacy and Security Tutorial Institutional Compliance Office July 2013

nbn is committed to identifying hazards, preventing workplace accidents and minimising dangerous health safety and environment incidents.

Multi-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company,

New York Institute of Technology Faculty and Staff Retention Policy

NYU Langone Medical Center NYU Hospitals Center NYU School of Medicine

Financial Planning Agreement

Directives to LHINs in respect of Reporting Requirements under the BPSAA. Issued By Minister of Health and Long-Term Care

Malpractice and Maladministration Policy

Corporate Credit Card Policy

Creating an Ethical Culture and Protecting Your Bottom Line:

GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information

CHANGE MANAGEMENT STANDARD

Privacy Breach and Complaint Protocol

RQ10.06 AACo Share Trading Policy

NHVAS Mass Management Spot Check Checklist

SPENCER STUART CANDIDATE DATA PROTECTION STANDARDS

RUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer

Visa Global Acquirer Risk Standards (GARS)

Data Protection Act Data security breach management

- Upfront fee of $ + GST - Ongoing fee commencing immediately after plan implementation of $ GST per fortnight.

FINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.

How To Ensure That The Internet Is Safe For A Health Care Worker

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER

GUIDELINE INFORMATION MANAGEMENT (IM) PROGRAM PLAN

COPIES-F.Y.I., INC. Policies and Procedures Data Security Policy

POLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014

ACQUIRED RARE DISEASE DRUG THERAPY EXCEPTION PROCESS

Immaculate Conception School, Prince George Bring Your Own Device Policy for Students

Audit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd

How To Write An Ehsms Training, Awareness And Competency Procedure

Sources of Federal Government and Employee Information

SPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010

Internet and Policy User s Guide

TITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents

How To Deal With A Data Breach In The European Law

expertise hp services valupack consulting description security review service for Linux

Offer Specifications Dell Management Services (EMS): Policy Based Encryption-E

Change Management Process For [Project Name]

Systems Support - Extended

Bill Payment Agreement & Disclosures

Audit Committee Charter

ISMF Standard 141 Endpoint Protection. OCIO/S4.6 Government standard on cyber security

Columbine Federal Credit Union ONLINE BANKING/ BILL PAYMENT AGREEMENT & DISCLOSURES AND PRIV ACY DISCLOSURE

Helicopter Landing Sites Planning, Implementation and Management

AUDIT AND RISK COMMITTEE TERMS OF REFERENCE

Accessible Service Policy

Harborstone Credit Union June 2015 Online Banking and Bill Pay Services Terms and Conditions

Transcription:

Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider A persn wh prvides gds r services fr the purpse f enabling a HIC t use electrnic means t cllect, use, mdify, disclse, retain r dispse f persnal health infrmatin (PHI), and includes a health infrmatin netwrk prvider. Privacy Breach Privacy breach has the same meaning as in the Privacy Breach Management Plicy and its assciated prcedures, as amended frm time t time. Scpe This plicy and its assciated prcedures apply t the prvisin f privacy and security training t health infrmatin custdians (HICs), CnnectingGTA and agents and Electrnic Service Prviders f HICs and CnnectingGTA in respect f the CnnectingGTA Slutin. This plicy and its assciated prcedures d nt apply t privacy and security training: In respect f any ther system ther than the CnnectingGTA Slutin; In respect f any ther infrmatin ther than PHI in the CnnectingGTA Slutin; T any agents f HICs wh d nt cllect, use r disclse PHI in the CnnectingGTA Slutin; T any Electrnic Service Prviders f HICs wh d nt view, handle r therwise deal with PHI in the CnnectingGTA Slutin; r T any agents r Electrnic Service Prviders f CnnectingGTA wh d nt view, handle r therwise deal with PHI in the CnnectingGTA Slutin. This plicy and its assciated prcedures als d nt apply t basic privacy and security training, als knwn as privacy and security awareness training. CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 1

Plicies and Prcedures 1. Guiding Plicies 1.1. PHIPA requires a HIC that is nt a natural persn t designate a cntact persn t facilitate the HIC s cmpliance with the Persnal Health Infrmatin Prtectin Act, 2004 (PHIPA) and t ensure that all agents f the HIC are apprpriately infrmed f their duties under PHIPA. 1.2. PHIPA permits a HIC that is a natural persn t designate a cntact persn t facilitate the HIC s cmpliance with PHIPA and t ensure that all agents f the HIC are apprpriately infrmed f their duties under PHIPA. Where a HIC that is a natural persn des nt designate a cntact persn t perfrm these functins, the HIC is required t perfrm these functins n his r her wn. 1.3. PHIPA requires CnnectingGTA t ensure that thse acting n its behalf agree t cmply with cnditins and restrictins necessary t enable CnnectingGTA t cmply with PHIPA. 1.4. HICs and CnnectingGTA shall have in place and maintain plicies, prcedures and practices in respect f privacy and security that cmply with PHIPA and prvide training t their agents and electrnic service prviders n the plicies, prcedures and practices as required by PHIPA. 1.5. HICs and CnnectingGTA shall take steps that are reasnable in the circumstances t ensure their agents and Electrnic Service Prviders cmply with PHIPA and this plicy and its assciated prcedures. 2. Prcedures Related t Creating Privacy and Security Training Materials 2.1. CnnectingGTA shall develp and distribute privacy and security training materials t enable HICs and CnnectingGTA t train their agents and Electrnic Service Prviders wh cllect, use and disclse PHI in the CnnectingGTA Slutin r wh view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be, n their privacy and security duties and bligatins. 2.2. CnnectingGTA shall ensure that the privacy and security training materials are rle-based t enable HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA t understand hw t meet their duties and bligatins in respect f the CnnectingGTA Slutin in their day-t-day peratins. 2.3. At a minimum, the privacy and security training materials shall address the requirements described in paragraph 5.1.CnnectingGTA will review and refresh the privacy and security training materials every tw years r earlier in circumstances where amendments t the privacy and security plicies, prcedures and practices will impact the duties and bligatins f HICs, CnnectingGTA and/r their agents and Electrnic Service Prviders in respect f the CnnectingGTA Slutin. 3. Prcedures Related t Delivering Privacy and Security Training 3.1. HICs shall ensure that all their agents and Electrnic Service Prviders, ther than CnnectingGTA and agents r Electrnic Service Prviders t CnnectingGTA, are apprpriately infrmed f their relevant duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures and practices, prir t permitting the agents and Electrnic Service Prviders t cllect, use r disclse PHI in the CnnectingGTA Slutin r t view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be. 3.2. CnnectingGTA shall ensure that all its agents and Electrnic Service Prviders are apprpriately infrmed f their relevant duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures and practices, prir t permitting its agents and Electrnic Service Prviders CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 2

t view, handle r therwise deal with PHI in the CnnectingGTA Slutin. 3.3. HICs and CnnectingGTA shall nt permit their agents and Electrnic Service Prviders t cntinue t cllect, use r disclse PHI in the CnnectingGTA Slutin r t cntinue t view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be, unless the agent r Electrnic Service Prvider has been apprpriately infrmed f its relevant duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures and practices. 3.4. When infrming their agents and Electrnic Service Prviders f their duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures, and practices, HICs and CnnectingGTA shall ensure that the agent r Electrnic Service Prvider is infrmed, if relevant t their day-t-day duties, f the infrmatin described in paragraph 5.1. 3.5. HICs and CnnectingGTA shall impse cnsequences n agents and Electrnic Service Prviders wh d nt understand their relevant duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures, and practices. 3.6. HICs and CnnectingGTA shall be able t demnstrate with evidence that their agents and Electrnic Service Prviders understand their relevant duties under PHIPA and the CnnectingGTA privacy and security plicies, prcedures, and practices. 4. Prcedures Related t End User Agreements 4.1. CnnectingGTA shall ensure that the CnnectingGTA Slutin requires HICs as well as agents and Electrnic Service Prviders f HICs and CnnectingGTA t acknwledge and agree t cmply with the duties and bligatins in the end user agreement prir t cllecting, using r disclsing PHI in the CnnectingGTA Slutin r prir t viewing, handling r therwise dealing with PHI in the CnnectingGTA Slutin, as the case may be, and at a minimum, every tw years thereafter. 4.2. CnnectingGTA shall ensure that the CnnectingGTA Slutin des nt permit agents and Electrnic Service Prviders f HICs and CnnectingGTA t cllect, use r disclse PHI in the CnnectingGTA Slutin r t view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be, unless the agent r Electrnic Service Prvider has acknwledged and agreed t cmply with the duties and bligatins in the annual end user agreement. 4.3. CnnectingGTA shall develp and implement an end user agreement that, at a minimum: Sets ut the purpses fr which HICs and agents and Electrnic Service Prviders f HICs are permitted t cllect, use r disclse PHI in the CnnectingGTA Slutin r t view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be; Sets ut the purpses fr which agents and Electrnic Service Prviders f CnnectingGTA are permitted t view, handle r therwise deal with PHI in the CnnectingGTA Slutin; Requires HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA t acknwledge that they have read, understd and agreed t cmply with the privacy and security plicies, prcedures and practices in respect f the CnnectingGTA Slutin; Requires HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA t agree t cmply with PHIPA; Requires HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA t implement the administrative, technical and physical safeguards set ut in the end user agreement t prtect PHI in the CnnectingGTA Slutin; Requires HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA t prvide ntificatin in accrdance with the Privacy Breach Management Plicy and its assciated prcedures, as amended frm time t time, if they believe that an actual r CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 3

suspected Privacy Breach has ccurred r is abut t ccur in respect f the CnnectingGTA Slutin; and Sets ut the cnsequences f breach f the end user agreement. 5. Training Cntent 5.1. The cntent fr training shall include the fllwing infrmatin if the rle f the agent r Electrnic Service Prvider requires it: The nature f PHI that is retained in the CnnectingGTA Slutin; The status under PHIPA f CnnectingGTA and ther rganizatins participating in the CnnectingGTA Slutin and the duties and bligatins arising frm this status; All f the permitted and knwn purpses fr which HICs and their agents and Electrnic Service Prviders are permitted t cllect, use and disclse PHI in the CnnectingGTA Slutin r t view, handle r therwise deal with PHI in the CnnectingGTA Slutin, as the case may be, and the limitatins placed theren; The authrity fr the cllectin, use and disclsure f PHI in the CnnectingGTA Slutin r the viewing, handling r dealing with PHI in the CnnectingGTA Slutin, as the case may be, by HICs and their agents and Electrnic Service Prviders; The purpses fr which PHI in the CnnectingGTA Slutin is permitted t be viewed, handled r therwise dealt with by CnnectingGTA and its agents and Electrnic Service Prviders and the limitatins placed theren; The authrity fr viewing, handling r dealing with PHI in the CnnectingGTA Slutin by CnnectingGTA and its agents and Electrnic Service Prviders; The prcesses r materials available t HICs and their agents t ensure that cnsent is knwledgeable; An verview f the privacy and security plicies, prcedures and practices that have been implemented in respect f the CnnectingGTA Slutin and the duties and bligatins f HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA arising frm these plicies, prcedures and practices; The cnsequences f breach f the privacy and security plicies, prcedures and practices implemented in respect f the CnnectingGTA Slutin; The administrative, technical and physical safeguards put in place t prtect PHI in the CnnectingGTA Slutin against theft, lss and unauthrized use r disclsure and t prtect recrds f PHI in the CnnectingGTA Slutin frm unauthrized cpying, mdificatin r dispsal; The duties and bligatins f HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA in implementing the administrative, technical and physical safeguards; The end-user agreement that HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA must acknwledge and agree t cmply with; and The duties and bligatins f HICs and agents and Electrnic Service Prviders f HICs and CnnectingGTA with respect t identifying, reprting, cntaining and participating in the investigatin and remediatin f Privacy Breaches and Security Breaches. CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 4

Enfrcement All instances f nn-cmpliance will be reviewed by the Privacy and Security Cmmittee wh will recmmend apprpriate actin t the CnnectingGTA Steering Cmmittee. The CnnectingGTA Steering Cmmittee has the authrity t impse apprpriate penalties, up t and including terminatin f the Participatin Agreement with the HIC r terminatin f the access privileges f agents, and t require the implementatin f remedial actins. References 1. Legislative PHIPA, ss. 10, 15 and 17 and Part V.1 PHIPA, Reg. 329/04, s. 6 Dcument Management Plicy Number PS.Pl.051 Versin 11 Versin Histry V11 Plicy structure refreshed and increased level f prcedural detail added V10 Initial release Effective Date LPR G-live Last Review Date Nvember 22, 2013 Next Review Date Annually r therwise established by PSC CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 5

CnnectingGTA Privacy and Security Training Plicy (PS.Pl.051), v11 Nvember 22, 2013 Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information