The AFHT acknowledges that the Legislation applies to all health information about our patients;
The term “Privacy” includes both the confidentiality and security of Patient Information;
The Atikokan Medical Associates, as the Health Information Custodian of the EMR, and the AFHT, whom is the agent of the EMR, are accountable and responsible for the protection of all personal patient information within its care
Accountability for AFHT compliance with privacy rests with the Privacy Officer who is designated to act on behalf of the AFHT in matters related to privacy;
Each individual has a right to expect his or her personal information will be reasonably protected;
Each Health Care Professional and AFHT Employee has a duty to protect the personal information of those seeking our services;
Access permission will be granted on a need-to-know basis. Access will facilitate employees to effectively perform their assigned duties;
The AFHT acknowledges the appropriate use of notice, implied and expressed consent in compliance with the legislation.
Privacy Investigations will be conducted in a fair and consistent manner. The process will ensure that numbers of contacts are kept to a minimum to maintain confidentiality;
Contractual agreements between third party partners/suppliers/vendors will be in place to ensure privacy compliance to AFHT policies and procedures.
Due to the sensitive nature of health information, the AFHT will apply the following principles across all aspects of its operation:
Accountability for Personal Information: The AFHT is responsible for the personal information of patients under its control and will delegate an individual(s) who is/are accountable for its compliance with the privacy principles and relevant legislation. The name of the Privacy Officer designated by the AFHT to oversee its compliance with these principles is a matter of public record.
Identify Purposes for the Collection of Personal Information: The AFHT and its personnel will identify the purposes for which personal information is collected at or before the time the information is collected.
Consent for Collection, Use and Disclosure of Personal Information: The AFHT recognizes that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Note: In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, if the AFHT does not have a direct relationship with the individual, it may not be able to seek consent.
Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Typically, the AFHT will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when the AFHT wants to use information for a purpose not previously identified).
The AFHT will make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.
The form of the consent sought by the AFHT may vary, depending upon the circumstances and the type of information. In determining the form of consent to use, the AFHT will take into account the sensitivity of medical and health information.
In obtaining consent, the reasonable expectations of the individual are also relevant. The AFHT can assume that an individual’s request for treatment constitutes consent for specific purposes. On the other hand, an individual would not reasonably expect that personal information given to the AFHT would be given to a company selling health-care products.
The way in which the AFHT seeks consent may vary, depending on the circumstances and the type of information collected. The AFHT will generally seek express consent when the information is likely to be considered sensitive (e.g., genetic testing). Implied consent would generally be appropriate when the information is less sensitive. An authorized representative (such as a legal guardian or a person having power of attorney) can also give consent.
Individuals can give consent in many ways. For example:
- a) Consent may be given at the time an individual presents for or uses a health service this is an implied consent;
- b) A check-off box may be used to allow individuals to request that their names and addresses not be given to other organizations. Individuals who do not check the box are assumed to consent to the transfer of this information to third parties; or
- c) Consent may be given orally when information is collected over the telephone.
An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The AFHT will inform the individual of the implications of such withdrawal.
Limit Collection of Personal Information: Information will be collected through fair and lawful means to that which is necessary for the purposes identified. The AFHT will not collect personal information indiscriminately. Both the amount and the type of information collected will be limited to that which is necessary to fulfill the purposes identified.
Consent with respect to collection will not be obtained through deception.
Limit Use, Disclosure and Retention of Personal Information: Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of knowledge of the individual as required by law. Personal information will be retained only as long as is legally required or is necessary to fulfill its stated purpose.
The AFHT has policies and procedures in place with respect to the retention of personal information, which include minimum and maximum retention periods. The AFHT is subject to legislative requirements with respect to retention periods.
Personal information that is no longer required to fulfill the identified purposes will be destroyed as per the AFHT destruction of Patient Records, policies & procedures.
Ensuring Accuracy of Personal Information: Personal information will be as accurate, complete, and up-to-date as is necessary for the purpose for which it is used.
Ensuring Safeguards for Personal Information: personal information will be protected by security methods appropriate to the format and sensitivity of the information.
The security safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The AFHT will protect personal information regardless of the format in which it is held.
The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. A higher level of protection will safeguard more sensitive information, such as medical and health records.
The methods of protection will include:
- a) Physical measures, for example, locked filing cabinets and restricted access to offices;
- b) Organizational measures, for example, limiting access on a “need-to-know” basis, and
- c) Technological measures, for example, the use of passwords, encryption, and security audits.
The AFHT will make its employees aware of the importance of maintaining the confidentiality of personal information. As a condition of employment, all AFHT employees/agents (e.g., employee, clinician, physician, allied health, volunteer, researcher, student, consultant, vendor, or contractor) must sign the AFHT Confidentiality Agreement.
Care will be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.
Openness about Privacy Policies: the AFHT will make readily available to individuals specific information about its policies and procedures relating to the management of personal information.
The AFHT will be open about its policies and practices with respect to the management of personal information. Individuals will be able to acquire information about its policies and practices without unreasonable effort. This information will be made available in a form that is generally understandable.
The information made available will include:
- a) The name or title and the address of the Privacy Officer, who directs the AFHT’s privacy policies and practices, and to whom complaints or inquiries can be forwarded;
- b) The means of gaining access to personal information held by the AFHT;
- c) A description of the type of personal information held by the AFHT, including a general account of its use;
- d) A copy of any brochures or other information that explains the AFHT’S ‘s privacy policies, standards, or codes, and
- e) What personal information is made available to related organizations.
Individual Access to Personal Information: Upon request, an individual will be informed of the existence use and disclosure of his/her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it noted or amended as appropriate.
Note: In certain situations, the AFHT may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific. The reasons for denying access will be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal or security reasons or information that is subject to solicitor-client or litigation privilege.
Upon request, the AFHT will inform an individual whether or not it holds personal information about the individual. The AFHT will seek to indicate the source of this information and will allow the individual access to this information. However, it may choose to make sensitive medical information available through a medical practitioner. In addition, the AFHT will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.
In providing an account of third parties to which it has disclosed personal information about an individual, the AFHT will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the AFHT will provide a list of the organizations to which it may have disclosed information about the individual.
The AFHT will respond to an individual’s request within 30 days. This can be extended by an additional 30 days with reasonable grounds communicated to the requestor. The Atikokan Medical Associates as part of their business model will determine cost to the individual.
The requested information will be provided or made available in a form that is generally understandable. For example, if the AFHT uses abbreviations or codes to record information, an explanation will be provided.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the AFHT will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
When a challenge is not resolved to the satisfaction of the individual, the AFHT will record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.
The AFHT will put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.
The AFHT will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. A range of these procedures may exist.
The AFHT will investigate all complaints. If a complaint is found to be justified, the AFHT will take appropriate measures, including, if necessary, amending its policies and practices.
Changes to this Policy
The AFHT reserve the right to modify or supplement this Policy from time to time to respond to legislative or other changes.
ADOPTION AND REVIEW GUIDELINES
Approved by: Atikokan Family Health Team Board
Date of most recent review: September 2017
Approximate date of next review: September 2020