Privacy Policy

STATEMENT of POLICY and PROCEDURE

Section

Governance

 

 

Subject:

Confidentiality and Privacy

Effective:

February 22, 2011

Issued to:

All Manual Holders

Reviewed & Revised

August 20, 2013

 

 

 

 

1 PURPOSE:
This Statement of Policy and Procedure outlines Good Neighbours Active Living Centre’s (GNALC) compliance with privacy legislation, principles and practices.

2 DEFINITIONS
2.1 “PIPEDA” is the Personal Information Protection and Electronics Document Act, the Canadian law governing the commercial collection, use and disclosure of personal information.
2.2 “PHIA” is the Personal Health Information Act, which provides clients with the right to
      a) access their personal health information, and
      b) have their personal health information kept private
when that information is held by a health care provider, health care facility or public body (referred to in the Act as “trustees”).
2.3 “Right of Access” means that clients can ask to see, or get a copy of, personal health information about them. They also have the right to request a correction to this information if they feel it is inaccurate or incomplete. Access to the client’s health records allows them to make informed decisions, based on complete information, about their health and health care.
2.4 “Privacy” under PHIA also recognizes that personal health information is private and should be held in confidence by those who maintain it. To protect the client’s right to privacy. PHIA imposes obligations on trustees when they collect, maintain, use and share their personal health information. When trustees collect personal health information from the client, they will normally use that information for the reasons it was provided. Before trustees can use this information for other reasons, or share it with people outside their organization, they should generally get consent.
2.5 “Personal information” refers to all information related to a unique individual including name and contact information, identification numbers or codes, and sensitive personal information.
2.6 “Cookies” refers to log files planted in an individual’s computer hard drive to record and save personal information about the individual’s location and preferences for future use.
2.7 “Privacy Commissioner of Canada” refers to the individual who has been identified by the federal government to inform and enforce PIPEDA.

3 POLICY
3.1 GNALC, its employees and volunteers will take all reasonable steps to maintain the confidentiality of all confidential, organizational and personal information.
3.2 GNALC, its employees and volunteers will respect and protect the privacy of personal information by complying with the 10 privacy principles required by the Personal Information Protection and Electronic Documents Act (PIPEDA), as follows:

      a) Accountability
      b) Identifying purpose
      c) Consent
      d) Limiting collection
      e) Limiting use, disclosure and retention
      f) Accuracy
      g) Safeguards
      h) Openness
      i) Individual access, and
      j) Challenging compliance.
3.3 Personal health information is recorded information about clients, their health and health care. This information is held by trustees. It can include:
      a) Name, address and phone number
      b) Information about a client’s health, health care history and family history
      c) Information about the type of care or treatment a client is receiving 
      d) Personal Health Information Number
PHIA applies to all recorded personal health information no matter if it is kept in a paper file, on a computer, or in any other form.
3.4 GNALC will maintain a privacy policy for distribution to members, clients and other interested parties, and will post this policy on its website (Appendix 1). The policy will include references to:
      a) Restrictions placed on that disclosure;
      b) The process by which individuals may access their personal information.
3.5 GNALC will maintain high standards of physical and electronic security whenever personal information is being handled.
3.6 The Executive Director shall be GNALC’s Privacy Officer. All requests for access to personal information and all contact with the Privacy Commissioner of Canada will go through the Privacy Officer.
3.7 Employees, clients, members and volunteers have a right to understand, access and correct their personal information. Personal information collected, used or disclosed will be subject to the same care and conditions as outlined for other personal information.

4 SCOPE
4.1 This policy applies to all GNALC’s employees and volunteers.
4.2 Compliance with the principles outlined in this policy shall be treated as essential for contract compliance with suppliers, consultants and other contracted organizations.

5 PROCEDURES
5.1 All employees and volunteers will protect and respect confidential and personal information by:
a) Taking all reasonable steps to secure and protect the information, as follows:
      i) Electronic records of personal information will be subject to limited access by authorized personnel in the performance of their duties.
      ii) Printed records of personal information, when they are not under the control of authorized personnel, will be kept in a secure location.
b) Disclosing to individuals that personal information is being collected and directing them to the privacy policy.
c) Destroying the information when it is no longer required. Personal information will be destroyed two years after it is no longer required.

6 APPOINTMENT AND RESPONSIBILITIES OF THE PRIVACY OFFICER
6.1 It is the responsibility of every employee and volunteer to ensure that privacy of personal information is protected and respected.
6.2 The Privacy Officer is responsible for:
      a) Developing and maintaining GNALC’s privacy policies both for the public and for employee records.
      b) Reviewing GNALC’s collection, use and disclosure of personal information to ensure that only required information is dealt with.
      c) Communicating the privacy policy to the public and to all employees and volunteers, including necessary employee and volunteer training.
      d) Acting as an expert resource for GNALC on matters relating to privacy of personal information.
      e) Ensuring that the systems and procedures of GNALC meet all legal compliance requirements and also a standard of excellence for respect of personal information.
      f) Documenting and analyzing all complaints regarding the use, retention or disclosure of personal information.
      g) Instituting changes to the policy and related procedures he/she deems necessary to respect the principles of this policy.

7 DETAILED GUIDELINES
a) Personal information may be collected without knowledge or consent only in the following circumstances:
      i) In the event of an emergency that threatens the life, health or security of an individual.
      ii) If there are reasonable grounds to believe that the information could be useful to investigate the contravention of a law.
      iii) The collection is in the interest of the individual and consent cannot be obtained in a timely way.
      iv) The collection of the information with the individual’s knowledge or consent would compromise the availability or accuracy of the information and the collection is required to investigate the contravention of a law.
      v) The information is publicly available.
b) Personal information may be disclosed without knowledge or consent only in the following circumstances:
      i) In the event of an emergency that threatens the life, health or security of an individual.
      ii) To the lawyer representing GNALC.
      iii) To collect a debt owed to GNALC by the individual.
      iv) To a government institution that has indicated disclosure is required on a matter relating to national security or the conduct of international affairs.
      v) The information is publicly available.
      vi) If required by law.
      vii) For other circumstances listed in subsection 7(3) of PIPEDA.
      viii) For other circumstances listed in subsection 22 (1-3) of PHIA.
c) Requests from an individual to provide information about their personal information being collected, used or disclosed by GNALC will be answered within 20 working days. No fee will be charged for this service.
d) If an individual withdraws consent for the use of personal information, the Privacy Officer will take all necessary steps to cease GNALC’s use of the information within 20 working days.