|
|
Personal Health Information And
Privacy Policy
Download the printable version.
Privacy
Halton Healthcare Services considers any type of health care information, which can be
linked to an identifiable person, to be confidential. Accordingly, all clinical information
collected in support of the treatment administered at HHS will be disclosed only to
authorized individuals who require this information to ensure that the best possible care is
provided. This includes designated individuals who reside within a “circle of care” and
require access to personal information in order to deliver treatment.
Halton Healthcare Services follows the Ten Privacy Principles as outlined in the Federal
“Personal Information Protection and Electronic Documents Act” (PIPEDA) and the Ontario
Provincial “Personal Health Information Protection Act” (PHIPA). These principles are
used below as a guide to Halton Healthcare’s commitment to ensure compliance.
Accountability
HHS is responsible for personal information under its control, and has designated the
Director of Clinical Information Services (Marci MacDonald, 905-338-4634) as its Privacy
Officer. The Privacy Officer is accountable for compliance with this policy, ensuring all
existing and future policies meet legislative requirements.
All personnel employed by HHS, Students, Volunteers and Physicians will receive
orientation and training related to privacy policies and procedures, and will sign the
“Confidentiality Policy”, indicating their understanding and commitment to comply.
HHS is responsible for personal information in its possession or custody, including
information that has been transferred to a third party for processing. HHS will use
contractual or other means to provide a comparable level of protection while the
information is being processed by a third party.
Identifying Purposes
HHS will identify the purposes for which personal information is collected at the time that
information is collected. Posters and patient brochures will provide additional information.
Personal Information is collected for the purposes of:
- providing medical treatment
- administration and management of the health care system
- research, teaching and statistics
- complying with legal and regulatory requirements
- patient satisfaction surveys
- fundraising
In support of the HHS philosophy of a General Practitioner Based Hospital Care Delivery
Model, copies of reports are automatically forwarded to the patient’s Family Physician.
Consent
Consent is required for the collection of personal information, and the subsequent use or
disclosure of this information.
Personal information is only used for the provision of health care, to which there is either
implied or expressed consent by the patient.
All individuals about whom personal information is collected, who do not wish to be
included in fund raising initiatives, or patient satisfaction surveys, are required to inform the
registration clerk, who will ensure they are excluded.
Anyone not wishing their information to be shared with their Family Physician need simply
mention this fact at the time of their registration, and steps are taken to ensure the
information is not shared with the Family Physician.
Limiting Collection
HHS will limit the collection of personal information to that which is necessary for the
purposes of providing health care and treatment. Information will be collected by fair and
lawful means.
Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes other than those for which
it was collected, except with the consent of the individual or as required by law.
Accuracy
Personal information will be as accurate, complete, and up-to-date as is necessary for the
purposes for which it is to be used.
Safeguards
HHS has developed and implemented security safeguards to protect personal information
against loss, theft, unauthorized access, disclosure, copying, use or modification. HHS is
committed to the protection of all personal information, regardless of the format in which it
is held.
Openness
HHS will make readily available to individuals specific information about its policies and
practices relating to the management of personal information.
HHS will be open about its policies and practices with respect to the management of
personal information. Information concerning policies and practices will be made available
in a form that is generally understandable and easily accessible.
The information made available will include:
- the name, title and address of the Privacy Officer
- the means of gaining access to personal information held by HHS.
- a copy of any brochure or other information that explain HHS’s policies, and standards, including what information is made available to related organizations (ie. fundraising activities).
Individual Access
Upon request, a patient will be directed to the Privacy Officer, who will coordinate access
to their personal information in accordance with this policy and related governing
legislation (The Public Hospitals Act, the Mental Health Act, Personal Health Information
Protection Act).
HHS will respond to an individual’s request immediately, with access to be arranged within
10 working days of the request. HHS may extend the time for responding, if meeting the
time limit would unreasonably interfere with the activities of HHS.
A cost recoverable fee will be charged for copies of personal/health information.
Patients who wish to challenge the accuracy and completeness of the information, will be
asked to document and sign an addendum – which will be affixed to their permanent
patient file. Where appropriate, HHS will transmit the amended information to third parties,
who received the original documents.
Challenging Compliance
A patient will be able to address a challenge concerning compliance with the above
principles to the Privacy Officer, who is accountable for HHS compliance.
HHS will investigate all complaints. If a complaint is found to be justified, HHS will take
appropriate measures to rectify the situation.
If a patient is not satisfied with the response from the Privacy Officer, he or she may have
recourse to the Office of the Information and Privacy Commissioner of Ontario:
Phone 416-326–3333
commissioner@ipc.on.ca
June 2004
|
|
