The AFHT is committed to promoting patient privacy and protecting the confidentiality of the health information we hold. As such, the AFHT has developed a comprehensive policy which outlines the standards to which AFHT will attain in protecting the confidentiality of our patientâ€™s health information.
Our physicians as part of the Amherstburg Family Health Organization are the Health Information Custodians under the Personal Health Information Protection Act, 2004. The Amherstburg Family Health Team partners with the physicians in providing services to AFHT patients. For purposes of privacy obligations, our physicians and all FHT staff are agents of the AFHO and abide by this policy.
Principle 1 â€“ Accountability for Personal Health Information
Principle 2 â€“ Identifying Purposes for Collecting Personal Health Information
We collect personal health information for purposes related to direct patient care, administration and management of our programs and services, patient billing, administration and management of the health care system, research, teaching, statistical reporting, quality improvement, meeting legal obligations and as otherwise permitted or required by law. When personal health information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use. Unless the new purpose is permitted or required by law, consent will be required before the information can be used for that purposes.
Principle 3 â€“ Consent for the Collection, Use and Disclosure of Personal Health Information
In general, we require consent in order to collect, use, or disclose personal health information. However, there are some cases where we may collect, use or disclose person health information without consent as permitted or required bylaw.
Implied consent (Disclosures to other health care providers for health care purposes)
Patient information may be released to a patientâ€™s other health care providers for health care purposes relying on implied consent and without requiring the express written or verbal consent of the patient as long as it is reasonable in the circumstances to believe that the patient wants the information shared with the other health care providers. No patient information will be released to other health care providers if a patient has stated they do not want the information shared. A patient’s request for treatment constitutes implied consent to use and disclose their personal health information for health care purposes, unless the patient expressly instructs otherwise.
Patients may also provide a verbal or written consent if they wish for their physician or Amherstburg Family Health Team to release their information to their external health care providers. Should a patient wish their lawyer, insurance company, family, employer, landlord or other third party individuals or agencies (non-health care providers) to have access to their health record, the patient must provide verbal or written consent to this effect.
There are certain activities for which consent is not required to collect, use or disclose personal health information. These activities are permitted or required by law. For example, we do not need consent from patients to (this is not an exhaustive list): Plan, administer and manage our internal operations, programs and services, get paid, engage in quality improvement or train our team members.
Withholding or Withdrawal of Consent
A patient may choose not to give consent. If consent is given, a patient may withdraw consent at anytime, but the withdrawal cannot be retrospective. The withdrawal may also be subject to legal or contractual restrictions and reasonable notice.
Principle 4 â€“ Limiting Collection of Personal Health Information
We limit the amount and type of personal health information we collect to that which is necessary to fulfill the purposes identified. Information is collected directly from the patient, unless the law permits or requires collection from third parties.
Principle 5 â€“ Limiting Use, Disclosure and Retention of Personal Health Information Use
Personal health information is not used for purposes other than those for which it was collected, except with the consent of the patient or as permitted or required by law.
Personal health information is not disclosed for purposes other than those for which it was collected, except with the consent of the patient or as permitted or required bylaw.
Principle 6 â€“ Accuracy of Personal Health Information
We will take reasonable steps to ensure that information we hold is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about a patient.
Principle 7 â€“ Safeguards for Personal Health Information
We have put in place safeguards for the personal health information we hold, which include:
- Physical safeguards such as locked filing cabinets
- Organizational safeguards such as permitting access to personal health information by staff on a “need-to-know” basis only
- Technological safeguards such as the use of passwords, encryption, and audits.
We require anyone who collects, uses or discloses personal health information on our behalf to be aware of the importance of maintaining the confidentiality of personal health information. This is done through the signing of confidentiality agreements, privacy training, and contractual means. Care is used in the disposal or destruction of personal health information, to prevent unauthorized parties from gaining access to the information.
Principle 8 â€“ Openness about Personal Health Information
Information about our policies and practices relating to the management of personal health information are available to the public, including:
- Contact information for our Privacy Officer, to whom complaints or inquiries can be made;
- The process for obtaining access to personal health information we hold, and making requests for its correction;
- A description of the type of personal health information we hold, including a general account of our uses and disclosures;Â and
- A description of how a patient may make a complaint to our Privacy Officer or to the Information and Privacy Commissioner of Ontario.
Principle 9 â€“ Patient Access to Personal Health Information
Patients may make written requests to have access to their records of personal health information, in accordance with the Access and Correction Policy.
We will respond to a patient’s request for access within reasonable timelines and costs to the patient, as governed by law. We will take reasonable steps to ensure that the requested information is made available in a format that is understandable.
Patients have a right to ask for their records to be corrected if they can demonstrate that the records we hold are inaccurate or incomplete in some way for the purposes for which we hold that information. In some cases, instead of making a correction, we may offer a patient an opportunity to append a statement of disagreement to their file.
Please Note: In certain situations, we may not be able to provide access to all the personal health information we hold about a patient. Exceptions to the right of access requirement will be in accordance with law. Examples may include information that could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege.
Principle 10 â€“ Challenging Compliance with Our Privacy Policies and Practices
Any person may ask questions or challenge our compliance with this policy or with PHIPA by contacting our Executive Director.