Principle 1- Accountability
The Home is responsible for personal and health information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.

1.1 The owner of the Home has ultimate accountability for protecting the personal and health information of clients and residents. The owner may be supported in this activity by delegating the day-to-day operational privacy responsibilities to another individual(s). All staff share responsibility for adhering to the organization’s privacy policies and procedures.
1.1 The name and contact information of the individual(s) designated by the Home to oversee the compliance with the principles is available upon request.

1.3 The Home is responsible for personal and health information in its possession or custody, including information that has been transferred to a third party for processing. The Home will endeavour to ensure that such third parties provide a comparable level of protection while the information is being processed.

1.4 The Home shall implement policies and practices to give effect to this policy, including(a) implementing procedures to protect personal and health information;(b) establishing procedures to receive and respond to complaints and inquiries;(c) training staff and communicating to staff information about the policy

Principle 2 - Identifying Purposes
The purposes for which personal and health information is collected shall be identified by the Home at or before the time the information is collected. The primary purposes are the delivery of care and services, quality improvement, benchmarking, communication with health professionals, government agencies, care providers and suppliers, research, billing, and meeting legal and regulatory requirements.

2.1 Identifying the purposes for which personal and health information is collected at or before the time of collection allows the Home to determine the information they need to collect to fulfill these purposes.

2.2 The identified purposes are specified at or before the time of collection to the individual from whom the personal and health information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. As examples, an admissions or application for services form, a posted notice or a web-site posting may give notice of the purposes.

2.3 When personal and health information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.

2.4 Persons collecting personal and health information should be able to explain to individuals the purposes for which the information is being collected.

Principle 3 – Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal and health information, except where inappropriate.
Note: In certain circumstances personal and health information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Acquiring consent may be impossible or inappropriate when the individual is cognitively impaired, seriously ill or psychotic and the substitute decision maker is not available. Organizations are advised to follow the rules provided in the Health Care Consent Act and Substitute Decisions Act.

3.1 Consent is required for the collection of personal and health information and the subsequent use or disclosure of this information. Typically, the Home will assume consent for the use or disclosure of the information from the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when the Home wants to use information for a purpose not previously identified).

3.2 The principle requires “knowledge and consent''. The Home shall make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed.

3.3 The Home as a condition of the supply of a product or service, may require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the explicitly specified and legitimate purposes.

3.4 The form of the consent sought by the Home may vary, depending upon the circumstances and the type of information. In determining the form of consent to use, the Home shall take into account the sensitivity of the information.

3.5 In obtaining consent, the reasonable expectations of the individual are also relevant. For example, an individual seeking service/admission should reasonably expect that the Home, in addition to using the individual's name and address for administration purposes, would also contact the individual to advise on the availability of the room in the facility. As well, the individual would reasonably expect the Home to use and disclose information for the purposes of care delivery, quality control, management purposes, liaison with professionals, agencies, suppliers and others, billing, etc. On the other hand, an individual would not reasonably expect that personal and health information given to a health-care professional would be given to a company selling health-care products, unless consent were obtained. Consent shall not be obtained through deception.

3.6 The way in which the Home seeks consent may vary, depending on the circumstances and the type of information collected. The Home will generally assume consent for personal and health information. Express consent may be required in certain situations. Consent can also be implied or given by an authorized representative. Organizations are advised to follow the rules for an authorized representative provided in the Substitute Decisions Act.

3.7 Individuals can give consent in many ways. For example:(a) a form may be used for express consent. By completing and signing the form, the individual is giving consent to the collection and the specified uses;(b) consent may be given orally; or(c) consent may be implied by the individual’s use of an organization’s product or service;A copy of this Home’s Privacy Policy is posted on our web-site and is also available from the Administrator. The Home will assume consent unless otherwise notified.

3.8 An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The Home will inform the individual of the implications of such withdrawal.

Principle 4 - Limiting Collection
The collection of personal and health information shall be limited to that which is necessary for the purposes identified by the Home. Information shall be collected by fair and lawful means.

4.1 The Home shall not collect personal and health information indiscriminately. Both the amount and the type of information collected shall be limited to that which is necessary to fulfill the purposes identified.

4.2 The requirement that personal and health information be collected by fair and lawful means is intended to prevent the Home from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. This requirement implies that consent with respect to collection must not be obtained through deception.
Principle 5 - Limiting Use, Disclosure, and Retention
Personal and health information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal and health information shall be retained only as long as necessary for the fulfillment of those purposes.

Principle 5 - Limiting Use, Disclosure, and Retention
Personal and health information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal and health information shall be retained only as long as necessary for the fulfillment of those purposes.

5.1 If the Home uses personal and health information for a new purpose, it will document this purpose.

5.2 The Home will develop guidelines and implement procedures with respect to the retention of personal and health information. These guidelines will include minimum and maximum retention periods. Personal and health information that has been used to make a decision about an individual shall be retained long enough to allow the individual access to the information after the decision has been made. Organizations and long-term-care facilities may be subject to legislative requirements with respect to retention periods. In Ontario, retention periods are not defined for long-term-care facilities and community care organizations.

5.3 Personal and health information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous. The Home will develop guidelines and implement procedures to govern the destruction of personal and health information.

Principle 6 – Accuracy
Personal and health information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

6.1 The extent to which personal and health information shall be accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.

6.2 The Home will not routinely update personal and health information, unless such a process is necessary to fulfill the purposes for which the information was collected.

6.3 Personal and health information that is used on an ongoing basis, including information that is disclosed to third parties, will generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

Principle 7 – Safeguards
Security safeguards appropriate to the sensitivity of the information will protect personal and health information.

7.1 The security safeguards will protect personal and health information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Home will protect personal and health information regardless of the format in which it is held.

7.2 The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.

7.3 The methods of protection could include:

  • Physical measures, for example, locked filing cabinets and restricted access to offices and other areas;
  • Organizational measures, for example, security clearances and limiting access on a “need-to-know'' basis;
  • Technological measures, for example, the use of passwords and encryption.
7.4 The Home will make their employees aware of the importance of maintaining the confidentiality of personal and health information.

7.5 Care shall be used in the disposal or destruction of personal and health information, to prevent unauthorized parties from gaining access to the information

Personal and health information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

Principle 8 – Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal and health information.

8.1 The Home will be open about their policies and practices with respect to the management of personal and health information. Individuals should be able to acquire information about an organization's policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.

8.2 The information made available shall include:
  • the name/title and address of the person (privacy officer) who is accountable for the Home policies and practices and to whom complaints or inquiries can be forwarded;
  • the means of gaining access to personal and health information held by the Home
  • a description of the type of personal and health information held by the Home, including a general account of its use;
  • a copy of any brochures or other information that explain the Home policies, standards, or codes;
  • what personal and health information is made available to related organizations (eg, other healthcare providers, suppliers, agencies, etc.).
8.3 The Home may make information on its policies and practices available in a variety of ways. For example, the Home may choose to make brochures available in its place of business, mail information to its customers, provide online access, or establish a toll-free telephone number.

Principle 9 - Individual Access
Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal and health information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, the Home may not be able to provide access to all the personal and health information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.

9.1 Upon written request and with reasonable notice, the Home will inform an individual whether or not the organization holds personal and health information about the individual. The Home will indicate the source of this information. The Home will allow the individual access to this information. However, the Home may choose to make sensitive medical information available through a medical practitioner. In addition, The Home will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.

9.2 An individual may be required to provide sufficient information to permit the Home to provide an account of the existence, use, and disclosure of personal and health information. The information provided shall only be used for this purpose.

9.3 In providing an account of third parties to which it has disclosed personal and health information about an individual, the Home will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, the Home will provide a list of organizations to which it may have disclosed information about the individual.

9.4 When an individual successfully demonstrates the inaccuracy or incompleteness of personal and health information, The Home will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

9.5 When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge should be recorded by the Home. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.

Principle 10 – Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance.

Note: The individual will be able to address a challenge concerning compliance with the above principles to the owner or delegate.

 

 

 

 

 

 


About Us :: Program & Services :: Our Homes:: Privacy Policy :: Newsletter :: Join Us :: Community Events :: FAQ :: Popular Links :: Contact Us :: Sitemap :: Home

©The Rekai Centres 2007
Web site developed by Wind-Net with The Rekai Centres