Your Health Information Matters
Our clinic respects the privacy rights of our patients and is committed to protecting the health information that we collect from you. We have developed our privacy practices based on the HIA requirements. This legislation applies to health information we collect, use and disclose to provide our patients with health services, before and after the HIA came into effect. While patient consent can be granted in an informal way, such as providing us with an individual insurance card to document your insurance provider, in some situations we must have formal consent to collect, use, and disclose your personal information.
Principle 1 - Accountability / Management
We are accountable for the health information that you give to us.
Our clinic is accountable for all health information in our possession or control, including any health information that we disclose to other custodians or that we are required to share with third parties in order to provide you with health services.
We have established policies and procedures aimed at maintaining the privacy of our patients. We have appointed a Privacy Officer to oversee privacy issues for our clinic. We have educated our employees about our Privacy Policy and their role in protecting your privacy.
Principle 2 - Notice
We will explain why we collect individually identifying health information before we collect it.
We have posted a notice explaining why we collect your individually identifying health information, and the legal authority that authorizes us to collect it.
We will collect individually identifying health information only for the following purposes, or as otherwise permitted by law:
· Provision of health services.
· Verify eligibility or obtain and process payment for health services.
· Health-Related Educational Communications (e.g. appointment reminders, providing information about treatment alternatives, or other health-related benefits and services that may be of interest to you).
· Health Service Provider Education: Our clinic trains physicians, nurses, etc. who will use your health information in providing service to you.
Principle 3 - Collection
We limit the amount and type of health information we collect.
Our clinic will only collect health information for the purposes that we have identified or as otherwise permitted by law. In addition, we will only collect as much health information as is essential to carry out the purpose for which we are collecting it.
Your health information will be collected directly from you, except in the limited circumstances where we are authorized by the HIA to indirectly collect such information.
Principle 4 - Use and Disclosure
We will use and disclose your health information only for the reasons for which it was provided to us, unless otherwise permitted by law.
In providing health services to you, we may use your health information within the clinic or may disclose it to other custodians to provide you with health services on a need to know basis for the purpose it was collected. Any third party disclosure of information requires your written consent, unless otherwise permitted by law.
The HIA also identifies situations in which the disclosure is mandatory or discretionary. In all cases, we will only disclose as much information as is essential for the purpose it is being disclosed or per HIA requirements.
In the future, some of your health information will be deemed “prescribed health information” and we will be required to make it accessible to authorized custodians via the Alberta Electronic Health Record (EHR) [commonly called Alberta Netcare]. Consideration of expressed wishes of the patient will be considered when making your information accessible, and patients can ask for some of their health information to be “masked”. When authorized health service providers access health information in Alberta Netcare it is considered a use of health information, not disclosure.
Principle 5 - Consent
We may disclose your health information to a third party with your written consent to that disclosure.
If you consent to disclosure of your health information, you may revoke that consent at any time per the requirements set out in HIA (s34). The consequences of withdrawal of consent will be discussed with you and documented.
Principle 6 - Access
You have a right to access your health information that is in our clinic's custody and control within the provisions of HIA.
Patients own the health information in their medical record; the clinic owns the medical record. During the provision of health services, we will share your health information with you or your authorized representative verbally, and allow access to or provide
copies of your health information records when practical (including information in Alberta Netcare).
As a patient you are entitled to a copy of your medical record but our clinic also has the right to refuse to disclose health information under some circumstances [HIA s11 (1) & (2)] and to make access subject to payment of fees as allowed per HIA regulations.
Principle 7 - Safeguards
We will protect your health information from unauthorized access, use, disclosure or destruction.
We have assessed the risks to your health information and implemented administrative, technical and physical safeguards to eliminate or minimize the risk. Examples of these safeguards include: office policies and procedures that ensure that health information cannot be seen by unauthorized persons, having employees sign oaths of confidentiality to ensure they understand the importance of confidentiality, electronic security mechanisms like firewalls and password protection, and securing the clinic when we are closed.
Principle 8 - Quality
We take efforts to ensure the health information in our custocy or control is accurate and complete before using or disclosing that health information.
We update our registration and billing data as required. We ensure our clinic records are complete and accurate, and track additions and amendments. We correct inaccurate or incomplete factual information.
Subject to limited and specific exceptions in the HIA, individuals have a right of request corrections or amendments to this information whether in the clinic EMR or Alberta Netcare.
Principle 9 - Retention and Destruction of Records
We will retain your health information per the College of Physicians and Surgeons of Alberta (CPSA) guidelines, and securely destroy of your health information when it is no longer needed.
We will keep your health information per CPSA record retention guidelines or as long as necessary to accomplish the purpose for which it was collected (whichever is longer).
We also follow the ten year retention period per the HIA with regard to use and disclosure logs.
We destroy paper health information by shredding, and destroy or use professional disk wiping software to remove health information from computer hard drives and other media.
In the event our clinic changes in its provision of health care, patients will be contacted with information about the change and, when applicable, where information has been transferred. You will be free to continue to use that clinic or to have your information transferred to the clinic of your choice.
Principle 10 – Monitoring & Enforcement
We monitor compliance with our privacy policies and procedures, and have a process for handling complaints about handling of health information.
We regularly assess our health information safeguards, and ensure our physicians and staff know what they are and that they follow them. We have put in place sanctions for anyone who breaches or attempts to breach our safeguards to demonstrate the important we place on preserving privacy and confidentiality. We investigate all privacy complaints or suspected privacy breaches, and take appropriate remedial measures including amending our policies, disciplining staff, etc.
Privacy Officer
We have a process for handling requests for correction or amendments to health information, or in the event of a privacy breach.
The Office of the Information and Privacy Commissioner (OIPC) oversees the HIA and monitors how it is administered in the health system. For more information visit the OIPC website.
If you have general questions concerning our Privacy Policy or privacy practices, please contact our Privacy Officer at: Privacy@albertaobesitycentre.ca.
Copyright © 2022 Alberta Obesity Centre - All Rights Reserved.
Powered by GoDaddy Website Builder