PRIVACY POLICY
BACKGROUND:
The mission of the London Family Health Team is to maintain and improve the health of our community by creating a medical home that emphasizes medical care, health promotion and patient education. We are committed to providing compassionate and respectful care following best practice guidelines. As part of our mission, we are committed to promoting patient privacy and protecting the confidentiality of the health information we hold. Physicians belong to the Primary Care London Family Health Organization (PCLFHO) under which each physician is a health information custodian according to the Personal Health Information Protection Act, 2004 (PHIPA). For purposes of privacy obligations, the London Family Health Team and staff are agents of the physicians and PCLFHO. All of us abide by this policy.
POLICY STATEMENT:
Protecting the privacy and confidentiality of personal information is an important aspect of the way the London Family Health Team conducts its business. Collecting, using, and disclosing personal information in an appropriate, responsible, and ethical manner is fundamental to London Family Health Team’s daily operations.
Privacy and Confidentiality
The health information of all patients is treated with respect and privacy is protected. Access to a patient’s personal health information is available only to those: i) who need to know, ii) who are involved in the care of the patient, and iii) who have received a patient’s consent. These may include Physicians, Specialists, and Allied Health Professionals. When a patient’s personal health information is collected, the privacy and confidentiality of the information is protected.
Electronic Health Records
Patient health information is to be maintained in electronic health records that are password and firewall protected. The software allows for monitoring by health professionals identified as involved in a patient’s health care.
Legislation
The London Family Health Team complies with the Health Information Protection Act (November 2004), comprised of both the Personal Health Information Act (2004) and the Quality of Care Information Protection Act (2004).
Website Links
Personal Health Information Protection Act 2004
Quality of Care Information Protection Act 2004
From these Acts key privacy principles include:
Principle 1- Accountability for Personal Information
The London Family Health Team is responsible for any personal health information it holds. The Executive Director of the London FHT and the FHO Lead have been designated as Privacy Officers. The London Family Health Team demonstrates its commitment to privacy by implementing privacy policies and procedures to protect the personal health information it holds and by educating staff and others who collect, use or disclose personal health information on its behalf about their privacy responsibilities. All London Family Health Team staff and those who act on behalf of the team, must abide by PHIPA, this policy and any applicable rules of professional conduct.
Principle 2 – Identifying Purposes for Collecting Personal Health Information
The London Family Health Team collects personal health information for purposes related to direct patient care, administration and management of our programs and services, patient billing, administration and management of the health care system, research, statistical reporting, meeting legal obligations and as otherwise permitted or required by law. When personal health information that has been collected by the London Family Health Team is used for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new purpose is permitted or required by law, consent will be required before the information can be used for that purpose.
Principle 3 – Consent for the Collection, Use and Disclosure of Personal Health Information
The London Family Health Team requires consent in order to collect, use, or disclose personal health information. However, there are some cases where the London Family Health Team may collect, use or disclose personal health information without consent as permitted or required by law. For example, the London Family Health Team does not require consent for using or disclosing information for billing, or quality improvement purposes or to fulfill mandatory reporting obligations.
The London Family Health Team assumes that a patient’s request for treatment constitutes implied consent for specific purposes, unless expressly instructed otherwise.
If consent is sought by the London Family Health Team, a patient may choose not to give consent. If consent is given, a patient may withdraw consent at any time, but the withdrawal cannot be retrospective. The withdrawal may also be subject to legal or contractual restrictions and reasonable notice.
Principle 4- Limiting Collection of Personal Health Information
The London Family Health Team limits the amount and type of personal health information collected to that which is necessary to fulfill the purposes identified. Information is collected directly from the patient, unless the law permits or requires collection from third parties. For example, from time to time we may need to collect information from patients’ family members or other health care providers.
Principle 5 – Limiting Use, Disclosure and Retention of Personal Health Information
Personal health information will not be used or disclosed by London Family Health Team for purposes other than those for which it was collected, except with the consent of the patient or as permitted or required by law. Personal health information will be retained by the London Family Health Team only as long as necessary for the fulfillment of those purposes. Personal health information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous safely and securely. Medical records shall be maintained as per CMPA/CPSO guidelines.
Principle 6 – Accuracy of Personal Health Information
The London Family Health Team will take reasonable steps to ensure that information held is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about a patient.
Principle 7 – Safeguards for Personal Health Information
The London Family Health Team has put in place safeguards for the personal health information held, which include:
- Physical safeguards (such as locked filing cabinets and rooms);
- Organizational safeguards (such as permitting access to personal health information by staff on a “need-to-know” basis only); and
- Technological safeguards (such as the use of passwords, encryption, and audits)
The London Family Health Team requires anyone who collects, uses or discloses personal health information on our behalf to be aware of the importance of maintaining the confidentiality of personal health information. This is done through the signing of confidentiality agreements, privacy training, and contractual means. The London Family Health Team takes steps to ensure that the personal health information we hold is protected against theft, loss and unauthorized use or disclosure. Care is used in the disposal or destruction of personal health information, to prevent unauthorized parties from gaining access to the information.
Principle 8 – Openness about Personal Health Information
Information about the London Family Health Team’s policies and practices relating to the management of personal health information are available to the public, including:
- Contact information for our Privacy Officers, to whom complaints or inquiries can be made;
- The process for obtaining access to personal health information we hold, and making requests for its correction;
- A description of the type of personal health information we hold, including a general account of our uses and disclosures; and
- A description of how a patient may make a complaint to the London Family Health Team or to the Information and Privacy Commissioner of Ontario.
Principle 9 – Patient Access to Personal Health Information
Patients may make written requests to have access to their records of personal health information, in accordance with the London Family Health Team’s policy for access and correction to records. The London Family Health Team will respond to a patient’s request for access within reasonable timelines and reasonable cost to the patient, as governed by law. The London Family Health Team will take reasonable steps to ensure that the requested information is made available in a format that is understandable. Patients who successfully demonstrate the inaccuracy or incompleteness of their personal health information may request that the London Family Health Team amend their information. In some cases instead of making a correction, patients may ask to append a statement of disagreement to their file.
Please Note: In certain situations, the London Family Health Team may not be able to provide access to all the personal health information held about a patient. Exceptions to the right of access requirement will be in accordance with law. Examples may include information that could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege.
Principle 10 – Challenging Compliance with London Family Health Team Privacy Policies and Practices
Any person may ask questions or challenge our compliance with this policy or with PHIPA by contacting our Privacy Officers, Executive Director of the London Family Health Team and the Lead Physician from Primary Care London Family Health Organization.
The London Family Health Team will receive and respond to complaints or inquiries about our policies and practices relating to the handling of personal health information. We will inform patients who make inquiries or lodge complaints of other available complaint procedures. The London Family Health Team will investigate all complaints. If a complaint is found to be justified, the London Family Health Team will take appropriate measures to respond. The Information and Privacy Commissioner of Ontario oversees our compliance with privacy rules and PHIPA. Any individual can make an inquiry or complaint directly to the Information and Privacy Commissioner of Ontario by writing to or calling:
2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8
Phone: 1 (800) 387-0073
www.ipc.on.ca