Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Public Policy

Confidentiality Policy

advertisement 
Page |1
POLICY
Title
Created By*
PRIVACY OFFICE
Confidentiality Policy
Review Required*
Administrative Approval Required*
Privacy Office
SYSTEMS SUPPORT
VP of Corporate Services
VP of Corporate Services
CEO
Original Policy Date*
January, 2005
Revision Date*
July 13, 2012
Last Reviewed Date*
JULY 13, 2012
Key Words*
Personal, confidential, confidentiality, information, release, protection, disclosure, protect,
accountability, transparency, records, right of access, public records, data privacy, privacy, data, login,
connect, privacy, e-mail, fax
Purpose
St. Thomas Elgin General Hospital (STEGH) has a legal and ethical responsibility to protect the privacy
of patients/residents/clients, their families, and staff/hospital affiliates/other affiliates, and ensure
confidentiality is maintained. The purpose of this policy is:



To outline the hospital’s expectations and standards of behaviour related to
confidentiality.
To safeguard and protect the privacy of patients, staff and hospital affiliates, according to
legislative requirements.
To build upon the existing Position Statements/standards of confidentiality established
by regulatory and professional bodies.
Policy
STEGH considers the following types of information to be confidential:



Personal information and personal health information regarding patients/residents/clients
(hereafter referred to as “patients”) and their families;
Personal information, personal health information, employment information, and
compensation information regarding staff and hospital affiliates; and,
Information regarding the hospital’s operations, which is not publicly disclosed by the
hospital (e.g., unpublished financial statements, legal matters).
This policy applies whether this information is verbal, written, electronic, or in any other format.
In addition to standards of confidentiality, which govern Regulated Health Professionals, staff and
hospital affiliates are bound by the hospital’s responsibility to maintain confidentiality. The hospital
expects staff/hospital affiliates to keep information, which they may learn or have access to
because of their employment/affiliation, in the strictest confidence. It is the responsibility of every
staff/hospital affiliate:


To become familiar with and follow the hospital’s policies and procedures regarding the
collection, use, disclosure, storage, and destruction of confidential information (See
References).
To collect, access, and use confidential information only as authorized and required to
provide care or perform their assigned duties.
A PAPER COPY OF THIS PROCEDURE EXPIRES 3 WORKDAYS AFTER: 2/6/16 3:03 PM
Page |2





To divulge, copy, transmit, or release confidential information only as authorized and
needed to provide care or perform their duties.
To safeguard passwords or any other users’ codes to access computer systems and
programs and to assume full responsibility for activity undertaken using their security
codes/passwords.
To identify confidential information as such when sending E-mails or fax transmissions
and to provide direction to the recipient if they receive a transmission in error.
To discuss confidential information only with those who require this information to
provide care or perform their duties and never within range of others who should not
have access to this information.
To continue to respect and maintain the terms of the Confidentiality Agreement after an
individual’s employment/affiliation with the hospital ends.
It is a condition of employment/privileging contract/association that staff and hospital affiliates
review this policy and sign the Confidentiality Agreement before receiving access to information or
records, or performing any duties at the hospital, and on an annual basis thereafter.
Affiliation Agreements with educational institutions must contain confidentiality agreements to
ensure that students and faculty abide by the hospital’s standards of confidentiality
Misuse, failure to safeguard, or the disclosure of confidential information without appropriate
approvals may be cause for disciplinary action up to and including termination of
employment/contract or loss of privileges or affiliation with the hospital, reporting to an individual’s
professional College, civil action /criminal prosecution and/or institutional and/or personal fines
levied by the Ontario Privacy Commissioner.
Procedure*
A.
Confidentiality Agreement








B.
Staff/hospital affiliates must review this policy and sign a Confidentiality Agreement
before they receive hospital privileges or begin their work at the hospital.
Confirmation of the successful completion of the educational program and confidentiality
agreement will be kept on the individual’s file in:
Human Resources for staff,
Medical Affairs Office for Physicians, Residents, Medical Students, Dentists, and
Midwives.
Volunteer Services for volunteers
Offices of Program under whose supervision students, contract staff, vendors, or
consultants are working (i.e., any individual employed by third-party organizations who
are performing work in the hospital on a temporary basis).
Staff/hospital affiliates must participate in the hospital’s Privacy and Confidentiality
education program and reconfirm their Confidentiality Agreement annually.
It is the responsibility of Professional Practice Leaders to stipulate in Affiliation
Agreements with education institutions, the obligation to ensure that students and faculty
abide by the hospital’s standards of confidentiality.
E-mail and Fax Transmissions
See E-mail policy
A PAPER COPY OF THIS PROCEDURE EXPIRES 3 WORKDAYS AFTER: 2/6/16 3:03 PM
Page |3
When sending confidential information (both inside and outside the hospital), E-mails and fax
cover sheets must contain the following confidentiality statements:
Fax transmissions
CONFIDENTIALITY NOTICE
If you do not receive all of the pages, please telephone our office immediately. The contents
of this telecommunication are highly confidential and intended only for the person(s) named
above. Any other distribution, copying or disclosure is strictly prohibited. If you have
received this telecommunication in error, please notify us immediately by telephone and
return the original transmission to us by mail without making a copy.
E-mails
E-mails containing confidential information sent within STEGH must be flagged as
“Confidential” using Groupwise flagging. Users must also identify the communication as
“Confidential” in the subject line.
The confidentiality notice below is automatically attached to all e-mails sent external to
STEGH.
CONFIDENTIALITY/PRIVACY NOTICE
This information is directed in confidence solely to the person named above and may
contain confidential and/or privileged material. This information may not otherwise be
distributed, copied or disclosed. If you have received this e-mail in error, please notify the
sender immediately via a return e-mail and destroy original message. Thank you for your
cooperation.
C.
Reporting/Investigating Alleged Breaches of Confidentiality
See Privacy Breach Policy.
Staff/hospital affiliates must report to their Manager suspected breaches of confidentiality, or
practices within the hospital that compromise confidential information. If the Manager is the
individual suspected of the breach, staff/hospital affiliates may contact Human Resources or the
Privacy Officer.
Managers, in conjunction with Human Resources, Risk Management, and Privacy, will investigate
alleged breaches of confidentiality. If allegations are substantiated, the individual may be subject to
disciplinary action up to and including termination of employment/contract or loss of privileges or
affiliation with the hospital, reporting to an individual’s professional College, civil action/criminal
prosecution and/or institutional and/or personal fines levied by the Ontario Privacy Commissioner.
Departments Affected
Organization wide.
Definitions
Hospital Affiliates
Community Support Services and Independent Health Facilities, whose employees work in and serve
the patients of St. Thomas Elgin General Hospital, may apply for Hospital Affiliate status. The Hospital
Affiliate status will permit the access of information and/or permit documentation in the hospital records,
as required for patient care.
A PAPER COPY OF THIS PROCEDURE EXPIRES 3 WORKDAYS AFTER: 2/6/16 3:03 PM
Page |4
Other Affiliates
Individuals who are not employed by the organization but perform specific tasks at or for the
organization, including appointed professionals (e.g., physicians/midwives/dentists), students,
volunteers, researchers, contractors, or contractor employees who may be members of a third-party
contract or under direct contract to the organization, and individuals working at the organization, but
funded though an external source.
Personal health information
Personal information with respect to an individual, whether living or deceased and includes:
a) information concerning the physical or mental health of the individual;
b) information concerning any health service provided to the individual;
c) information concerning the donation by the individual of any body part of any bodily substance
of the individual;
d) information derived from the testing or examination of a body part of bodily substance of the
individual;
e) information that is collected in the course of providing health services to the individual, or
f) information this is collected incidentally to the provision of health services to the individual.
Personal information
Information about an identifiable individual, but does not include the name, title or business address or
telephone number of a staff member of an organization.
References
College of Nurses of Ontario, Standards of Practice – Confidentiality
http://www.cno.org/nursing/standard/confidentiality.html
College of Physicians and Surgeons of Ontario – Confidentiality and Access to Patient Information
http://www.cpso.on.ca/Policies/confidentiality.htm
Personal Information Protection and Electronic Documents Act, (PIPEDA) (2004)
Personal Health Information Protection Act (PHIPA) (2004)
Public Hospitals Act, 1990 (as amended)
Privacy Policy
Regulated Health Professional Act, 1991 (as amended)
Acceptable Use of Information Technology Resources
Attachments
Confidentiality Agreement - Appendix “A”
Read Confirmation*
Yes
No
X
Is this a policy that is mandatory for all individuals to read & do you require confirmation that it has been
read?
*Required information
A PAPER COPY OF THIS PROCEDURE EXPIRES 3 WORKDAYS AFTER: 2/6/16 3:03 PM
Related documents
Observation of Associate Teacher by Student Teacher
Observation of Associate Teacher by Student Teacher
Developing Effective Communication in Health and Social Care
Developing Effective Communication in Health and Social Care
Wagner College Confidentiality Agreement
Wagner College Confidentiality Agreement
CONFIDENTIALITY REQUIREMENTS FOR OBSERVATION
CONFIDENTIALITY REQUIREMENTS FOR OBSERVATION
HST 132-Chap 2
HST 132-Chap 2
DATA PROTECTION ACT 1998 – IMPLEMENTATION PROJECT
DATA PROTECTION ACT 1998 – IMPLEMENTATION PROJECT
Employee Orientation LifeScope
Employee Orientation LifeScope
Chap 7 Responsibility to Clients
Chap 7 Responsibility to Clients
Download
advertisement