pt Health is committed to respecting the privacy of individuals and to recognizing the need of our patients and employees for the appropriate management and protection of any personal and personal health information that we receive. We acknowledge the responsibility in regards to personal and personal health information that is collected, used, retained or disclosed. pt Health is compliant with federally and similar provincially mandated legislation, specifically, PIPEDA, BC’s PIPA, Alberta’s PIPA and Ontario’s PHIPA.
DEFINITION OF PERSONAL AND/OR PERSONAL HEALTH INFORMATION
Under PIPEDA, personal information is defined as including any factual or subjective information about an identifiable individual, recorded or otherwise. Examples include:
Personal information does NOT include the name, title, business address or telephone number of an employee of an organization.
Under PHIPA in Ontario, personal health information is defined as identifying information about an individual, in oral or recorded form, if the information:
Under PHIPAA in
Relates to an individual’s physical or mental health, family history or health-care history, including genetic information about the individual;
Under PIPA in Alberta, personal information is defined as information about an identifiable individual. In BC, PIPA defines personal information as information about an identifiable individual and includes employee personal information, but does NOT include contact information or work product information.
Accountability for pt Health’s compliance with the policy rests with the pt Health Privacy Officer. The Privacy Officer is responsible for monitoring company-wide adherence to privacy policies; ensuring pt Health is in compliance with applicable legislation and acting as a liaison with the Federal and Provincial Privacy Commissioner’s offices as needed. The Privacy Officer acts as a resource for employees within pt Health who are responsible for the day-to-day collection and use of personal information. The Privacy Officer manages complaints and responds on behalf of pt Health to any internal or external requests for personal and personal health information and any inquiries about pt Health’s health information management. pt Health is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing.
As an organization, pt Health:
In addition, all pt Health employees sign an internal confidentiality agreement which states that they agree to comply with all applicable legislative regulations as well as pt Health’s own internal privacy codes.
COMMITTMENT TO PRIVACY
i. COLLECTION – pt Health collects, uses, discloses and retains personal and personal health information in order to provide superior health care and service. pt Health makes all reasonable efforts to fully inform patients and employees about the planned use and disclosure of their personal and personal health information and will obtain explicit consent from patients in regards to their information when necessary.
The collection of personal and personal health information is limited to that which is necessary for the purposes identified by pt Health. Information is collected by fair and lawful means.
For patients, the primary purposes for collecting personal and personal health information are the delivery of direct patient care, the administration of the health care systems, research, teaching, statistics, and meeting legal and regulatory requirements.
At the time of collection, pt Health staff:
ii. CONSENT FOR COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION
pt Health will limit collection and use of personal and personal health information to that which the person has provided consent for.
The knowledge and consent of the individual is required for the collection, use or disclosure of personal or personal health information, except where inappropriate.
Note: In certain circumstances personal or personal health information can be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In these circumstances, the pt Health representative should, where possible, seek consent from a substitute decision maker. In addition, if pt Health does not have a direct relationship with the individual, it may not be possible to seek consent.
iii. ACCURACY OF PERSONAL OR PERSONAL HEALTH INFORMATION
pt Health will make every reasonable effort to ensure that personal and personal health information collected and used is accurate. Patients providing personal information will have the opportunity to review and correct their personal information.
If pt Health discloses personal or personal health information about an individual, pt Health will take reasonable steps to ensure that the information is accurate, complete and up-to-date for the purposes that are known to pt Health at the time of the disclosure. Otherwise, pt Health will clearly set out any limitations or qualifications relating to the accuracy of the disclosure.
iv. LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
pt Health will store personal and personal health information using hard copy and/or electronic means in such a way as to prevent unauthorized collection, access, use, disclosure or disposal of the personal information. pt Health will not disclose any personal or personal health information unnecessarily to employees or any third party unless the affected patient consents or unless required by law.
Personal or personal health information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal or personal health information is retained only as long as necessary for the fulfillment of those purposes and/or as required by an applicable regulatory body.
v. ENABLING SAFEGUARDS FOR PERSONAL INFORMATION
Security safeguards appropriate to the sensitivity of the information protect personal information. Security safeguards protect personal information against loss, theft, unauthorized access, disclosure, copying, use or modification or destruction. pt Health protects personal information regardless of the format in which it is held. The nature of the safeguards varies depending on the sensitivity of the information that has been collected, the amount of information collected, the extent of the distribution of information, the format of the information and the method of storage. A higher level of protection safeguards more sensitive information, such as personal health information records. Extreme care is taken when disposing or destroying personal information in order to prevent unauthorized parties from gaining access to the information.
The methods of protection include:
pt Health makes its staff and agents aware of the importance of maintaining the confidentiality of personal information. As a condition of employment, appointment, or agency, all pt Health staff and agents must sign the pt Health Confidentiality Agreement. In addition, those with access to electronic health records must sign individual User Agreements.
vi. ACCESS TO PERSONAL OR PERSONAL HEALTH INFORMATION
pt Health promotes an employee’s or patient’s right of access to his/her personal or personal health information and will provide this information in an understandable format.
pt Health will provide access to information upon request within 30 days as required under federal law, although the Privacy Officer may request an extension of another 30 days.
Upon request, an individual is informed of the existence, use, and disclosure of his or her personal information and is given access to that information. pt Health may ask the individual to supply enough information in order to confirm the existence, use and disclosure of the personal or personal health information. pt Health will inform the individual how the information is or has been used and will provide a list of any organization to which it has been disclosed (if any). An individual is able to challenge the accuracy and completeness of the information and have it corrected or amended as appropriate.
When a challenge is not resolved to the satisfaction of the individual, pt Health records the nature of the unresolved challenge. When appropriate, the existence of the unresolved challenge is transmitted to third parties having access to the information in questions (if any).
Note: In certain situations, pt Health may not be able to provide access to all the personal information they hold about an individual. Exceptions to the access requirement are limited and specific. The reasons for denying access are provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
vii. OPENNESS ABOUT PERSONAL INFORMATION POLICIES AND PRACTICES
pt Health makes readily available to individuals specific information about its policies and practices relating to the management of personal information. Individuals are able to acquire information about pt Health policies and practices without unreasonable effort. This information is made available in a form that is generally understandable.
The information made available includes:
pt Health makes information on their policies and practices available in a variety of ways to address varied information needs and to ensure accessibility to information: for example,
pt Health may choose to make brochures available in its places of business, mail information to its clients, post signs, provide online access, or through the Internet and Intranet.
viii. CHALLENGING COMPLIANCE
pt Health has established procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. In case of a complaint, the complainants will be informed about how to proceed. On its website and consent forms, pt Health provides contact information for the pt Health Privacy Officer. The Privacy Officer tracks and investigates all complaints made about pt Health’s personal and personal health information management and will take appropriate action to correct any inaccurate personal information or modify policies and procedures if needed.
The privacy officer can be reached at our toll-free number, (866) 749-7461.