If personal information about an individual will be used by a public body to make a decision that directly affects the individual, the public body shall take reasonable steps to ensure that the information is accurate and complete. Written request A request must be in writing. Notice to others 39 5 On correcting a record or adding a request for correction to a record under this section, the head of the public body shall, where practicable, notify any other public body or third party to whom the information has been disclosed during the year before the correction was requested that the correction has been made or a request for correction has been added. Protection of personal information The head of a public body shall, in accordance with any requirements set out in the regulations, protect personal information by making reasonable security arrangements against such risks as unauthorized access, use, disclosure or destruction. Limit on amount of information used or disclosed Every use and disclosure by a public body of personal information must be limited to the minimum amount of information necessary to accomplish the purpose for which it is used or disclosed. Fundraising agreement 44 1.
|Published (Last):||7 October 2015|
|PDF File Size:||11.7 Mb|
|ePub File Size:||8.7 Mb|
|Price:||Free* [*Free Regsitration Required]|
Register and Login to view comments and participate in all variety of discussions. In BC, three different legislative Acts govern the privacy and protection of individual personal health information. This includes Health Authorities and the hospitals and clinics they operate and other BC Government Ministries that deliver health and social services.
This law allows the Minister of Health to designate certain health care databases as "health information banks". What is Personal Information? Personal information is not only information that you might expect to be private, like health information, PINs or workplace reviews.
It is any information that allows you to be identified, except business contact information. In terms of consent, there are three types — express, deemed or implied. In the Doctors Office. When a patient sees a doctor a record of the visit is made whether on paper or on computer and possibly consisting of different parts; the medical chart and billing records.
Patient information provided to the doctor is with the understanding of confidentiality and the doctor is responsible for assuring that confidentiality is maintained regardless of how the information is stored and formatted, whether it is paper or electronic.
This may be through implied consent rather than express consent, but nonetheless consent is required. In a Hospital or Clinic operated by the Health Authority. What happens when your doctor shares information with a hospital or a clinic operated by the Health Authority? How is this different? Under FIPPA, while patients need to be notified their information is collected, no consent is needed for the use or access to this information as long as it is "consistent with the initial purpose".
This means that while information access is supposed to be somewhat restricted, it may not be. Patients and physicians need to be aware of this when working with the health authority. This may sound reasonable, but we do not know for certain who will access the information. Everyone should be aware of this, doctors and their patients, so the patient has a full understanding of the potential access to their information under these circumstances, as the information will no longer be under direct control of the doctor.
FIPPA also permits personal information to be used or disclosed for certain additional purposes that are extremely broad and include purposes related to the payments made to a public body, licensing and regulatory purposes, law enforcement purposes or for any purpose authorized by law.
Furthermore, because FIPPA states that personal information may be used for any purpose authorized by law, the government can do just about anything with personal information once they have collected it, simply by passing a law to give it the necessary authority. The information in the health information bank can be shared and used by various health care providers and administrators for purposes ranging from providing health care to managing the health care system.
Individual consent is not required, and there is no requirement for individuals to be told that their health information has been put into a health information bank. The law gives individuals limited rights to restrict who can see and use their personal health information and limited rights of access to their health information held in a health information database.
Privacy Toolkit - FAQs
Register and Login to view comments and participate in all variety of discussions. In BC, three different legislative Acts govern the privacy and protection of individual personal health information. This includes Health Authorities and the hospitals and clinics they operate and other BC Government Ministries that deliver health and social services. This law allows the Minister of Health to designate certain health care databases as "health information banks". What is Personal Information? Personal information is not only information that you might expect to be private, like health information, PINs or workplace reviews. It is any information that allows you to be identified, except business contact information.
Maintaining Privacy while Supporting Innovation
Encrypting cell phones, laptops, USBs Locking the keyboard when stepping away from the computer Mobile phone password lock Role-based security access based on need to know Transport Layer Security for transmission of files between organizations Usernames and passwords Can I contract with a third party outside Canada for appointment and recall services? Physicians are discouraged from letting personal information of patients leave Canada, even though there is no requirement under PIPA. If you do want to use a service provider that is outside Canada, you can obtain consent from the patient to use their email address for appointment and recall services. Please contact our office to make an appointment. Can I contract with a third party outside Canada for transcription services? If you do want to use a service provider that is outside Canada, you can anonymize the data by using initials instead of name or by using an ID number that is not associated with their government-issued IDs. Can I grant remote access to a third party outside Canada for transcription services?