Page | 1
/ POLICYTitle
Confidentiality Policy / Created By*
Privacy Office
Review Required*
Privacy Office
Systems Support
VP of Corporate Services / Administrative Approval Required*
VP of Corporate Services
CEO
Original Policy Date* / Revision Date* / Last Reviewed Date*
January, 2005 / July 13, 2012 / July 13, 2012
Key Words*
Personal, confidential, confidentiality, information, release, protection, disclosure, protect, accountability, transparency, records, right of access, public records, data privacy, privacy, data, login, connect, privacy, e-mail, fax
Purpose
St. Thomas Elgin General Hospital (STEGH) has a legal and ethical responsibility to protect the privacy of patients/residents/clients, their families, and staff/hospital affiliates/other affiliates, and ensure confidentiality is maintained. The purpose of this policy is:
· To outline the hospital’s expectations and standards of behaviour related to confidentiality.
· To safeguard and protect the privacy of patients, staff and hospital affiliates, according to legislative requirements.
· To build upon the existing Position Statements/standards of confidentiality established by regulatory and professional bodies.
Policy
STEGH considers the following types of information to be confidential:
· Personal information and personal health information regarding patients/residents/clients (hereafter referred to as “patients”) and their families;
· Personal information, personal health information, employment information, and compensation information regarding staff and hospital affiliates; and,
· Information regarding the hospital’s operations, which is not publicly disclosed by the hospital (e.g., unpublished financial statements, legal matters).
This policy applies whether this information is verbal, written, electronic, or in any other format.
In addition to standards of confidentiality, which govern Regulated Health Professionals, staff and hospital affiliates are bound by the hospital’s responsibility to maintain confidentiality. The hospital expects staff/hospital affiliates to keep information, which they may learn or have access to because of their employment/affiliation, in the strictest confidence. It is the responsibility of every staff/hospital affiliate:
· To become familiar with and follow the hospital’s policies and procedures regarding the collection, use, disclosure, storage, and destruction of confidential information (See References).
· To collect, access, and use confidential information only as authorized and required to provide care or perform their assigned duties.
· To divulge, copy, transmit, or release confidential information only as authorized and needed to provide care or perform their duties.
· To safeguard passwords or any other users’ codes to access computer systems and programs and to assume full responsibility for activity undertaken using their security codes/passwords.
· To identify confidential information as such when sending E-mails or fax transmissions and to provide direction to the recipient if they receive a transmission in error.
· To discuss confidential information only with those who require this information to provide care or perform their duties and never within range of others who should not have access to this information.
· To continue to respect and maintain the terms of the Confidentiality Agreement after an individual’s employment/affiliation with the hospital ends.
It is a condition of employment/privileging contract/association that staff and hospital affiliates review this policy and sign the Confidentiality Agreement before receiving access to information or records, or performing any duties at the hospital, and on an annual basis thereafter.
Affiliation Agreements with educational institutions must contain confidentiality agreements to ensure that students and faculty abide by the hospital’s standards of confidentiality
Misuse, failure to safeguard, or the disclosure of confidential information without appropriate approvals may be cause for disciplinary action up to and including termination of employment/contract or loss of privileges or affiliation with the hospital, reporting to an individual’s professional College, civil action /criminal prosecution and/or institutional and/or personal fines levied by the Ontario Privacy Commissioner.
Procedure*
A. Confidentiality Agreement
· Staff/hospital affiliates must review this policy and sign a Confidentiality Agreement before they receive hospital privileges or begin their work at the hospital.
· Confirmation of the successful completion of the educational program and confidentiality agreement will be kept on the individual’s file in:
· Human Resources for staff,
· Medical Affairs Office for Physicians, Residents, Medical Students, Dentists, and Midwives.
· Volunteer Services for volunteers
· Offices of Program under whose supervision students, contract staff, vendors, or consultants are working (i.e., any individual employed by third-party organizations who are performing work in the hospital on a temporary basis).
· Staff/hospital affiliates must participate in the hospital’s Privacy and Confidentiality education program and reconfirm their Confidentiality Agreement annually.
· It is the responsibility of Professional Practice Leaders to stipulate in Affiliation Agreements with education institutions, the obligation to ensure that students and faculty abide by the hospital’s standards of confidentiality.
B. E-mail and Fax Transmissions
See E-mail policy
When sending confidential information (both inside and outside the hospital), E-mails and fax cover sheets must contain the following confidentiality statements:
Fax transmissions
CONFIDENTIALITY NOTICE
If you do not receive all of the pages, please telephone our office immediately. The contents of this telecommunication are highly confidential and intended only for the person(s) named above. Any other distribution, copying or disclosure is strictly prohibited. If you have received this telecommunication in error, please notify us immediately by telephone and return the original transmission to us by mail without making a copy.
E-mails
E-mails containing confidential information sent within STEGH must be flagged as “Confidential” using Groupwise flagging. Users must also identify the communication as “Confidential” in the subject line.
The confidentiality notice below is automatically attached to all e-mails sent external to STEGH.
CONFIDENTIALITY/PRIVACY NOTICE
This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.
C. Reporting/Investigating Alleged Breaches of Confidentiality
See Privacy Breach Policy.
Staff/hospital affiliates must report to their Manager suspected breaches of confidentiality, or practices within the hospital that compromise confidential information. If the Manager is the individual suspected of the breach, staff/hospital affiliates may contact Human Resources or the Privacy Officer.
Managers, in conjunction with Human Resources, Risk Management, and Privacy, will investigate alleged breaches of confidentiality. If allegations are substantiated, the individual may be subject to disciplinary action up to and including termination of employment/contract or loss of privileges or affiliation with the hospital, reporting to an individual’s professional College, civil action/criminal prosecution and/or institutional and/or personal fines levied by the Ontario Privacy Commissioner.
Departments Affected
Organization wide.
Definitions
Hospital Affiliates
Community Support Services and Independent Health Facilities, whose employees work in and serve the patients of St. Thomas Elgin General Hospital, may apply for Hospital Affiliate status. The Hospital Affiliate status will permit the access of information and/or permit documentation in the hospital records, as required for patient care.
Other Affiliates
Individuals who are not employed by the organization but perform specific tasks at or for the organization, including appointed professionals (e.g., physicians/midwives/dentists), students, volunteers, researchers, contractors, or contractor employees who may be members of a third-party contract or under direct contract to the organization, and individuals working at the organization, but funded though an external source.
Personal health information
Personal information with respect to an individual, whether living or deceased and includes:
a) information concerning the physical or mental health of the individual;
b) information concerning any health service provided to the individual;
c) information concerning the donation by the individual of any body part of any bodily substance of the individual;
d) information derived from the testing or examination of a body part of bodily substance of the individual;
e) information that is collected in the course of providing health services to the individual, or
f) information this is collected incidentally to the provision of health services to the individual.
Personal information
Information about an identifiable individual, but does not include the name, title or business address or telephone number of a staff member of an organization.
References
College of Nurses of Ontario, Standards of Practice – Confidentiality
http://www.cno.org/nursing/standard/confidentiality.html
College of Physicians and Surgeons of Ontario – Confidentiality and Access to Patient Information
http://www.cpso.on.ca/Policies/confidentiality.htm
Personal Information Protection and Electronic Documents Act, (PIPEDA) (2004)
Personal Health Information Protection Act (PHIPA) (2004)
Public Hospitals Act, 1990 (as amended)
Privacy Policy
Regulated Health Professional Act, 1991 (as amended)
Acceptable Use of Information Technology Resources
Attachments
Confidentiality Agreement - Appendix “A”
Read Confirmation* Yes No
Is this a policy that is mandatory for all individuals to read & do you require confirmation that it has been read?
*Required information
A PAPER COPY OF THIS PROCEDURE EXPIRES 3 WORKDAYS AFTER: 9/4/14 10:29 AM