8/3/2019 Accessing Safeguarding Personal Health Information Capital Health

1/2

At Capital Health, it is our responsibility to respect confidentiality and privacy. We recognize that personal health information of our

patients is sensitive and protecting the information of our patients, clients and co-workers is important. Access to personal health

information is available to those who need-to-know to provide care, including clinicians, technicians, therapists and other healthprofessionals. We collect and use personal health information while taking measures to ensure privacy and confidentiality of the

information is protected and secure.

Personal information is information about an identifiable individual. It includes name, address, phone number, age, characteristic,

family status, marital status, health information such as blood type DNA or any combination of personal information that can be

linked to identify the individual. An individual has the right to retain control over the collection, use and disclosure of his/her personal

information by law in Canada.

Personal health information may refer to: information on the physical or mental health of the individual, information on any health

service provided to the individual, or information collected incidentally to the provision of health information to the individual. InNova Scotia, the Freedom of Information and Privacy Act (FOIPOP), Personal Information International Disclosure Protection Act

(PIIDPA) and the Hospitals Act provide privacy protection to patients. In addition, Capital Health and the Nova Scotia Department of

Health and Wellness have policies and procedures in place to protect your personal (health) information.

What You Want to Know

Accessing Personal Health Information. Under Capital

Health policies only staff involved in the care of the patient are

permitted to access health information on a need-to-know basis.

Health professionals are also bound by confidentialityrequirements from their professional colleges/regulatory

associations and by the policies at Capital Health.

Consent and Authorized Disclosure: The Hospital Act

enables provisions for clinical access to personal health

information for those clinicians providing ongoing clinical care

to the individual and for other healthcare professionals involved

in your care on a need-to-know basis. Access to personal health

information for administrative, legal, research or personal

inquiry by a family member requires consent of the patient.

Safeguarding Personal Health Information. There are three

components of protecting health information at Capital Health.

Administrative SafeguardCapital Health has a privacy policy

which governs the manner in which service providers andemployees manage personal information. Staff, volunteers and

students sign a pledge of confidentiality as a condition of

employment upon orientation.

Physical SafeguardCapital Health has a number of physical

safeguards which range from locked cabinets, secure fax, screen

savers for terminals and wearing photo identification to ensure

limited access to personal information.

Technical safeguardAccess to personal information is password

protected; all databases must be saved on secure networks; and

personal information is located within a firewall for protection.

Accessing & Safeguarding Personal Health

Information at Capital Health

8/3/2019 Accessing Safeguarding Personal Health Information Capital Health

2/2

Granting Access to Electronic Personal Health Information:

A User ID Request Form must be completed and signed by

authorized Managers to access systems at Capital Health. A

role-based access model is used to determine what level of

access will be granted. Individual passwords are assigned for

system protection. Individual system application training is

provided to ensure users accurately access the applications

provided. Processes are in place to suspend user access upontermination of employment.

Monitoring: Capital Health strives to protect and monitor both your

personal information and your personal health informationby:

educating staff, physicians, volunteers and students on the

importance of respecting privacy rights and the importance of

maintaining confidentiality. Capital Health monitors role-based

access to personal health information; adheres to security practices

for electronic and paper records; conducts random audits of user

access and reports potential mis-use of personal health information.

Privacy, Confidentiality and Security: Capital Health has

developed information security policies, standards, and

procedures which are managed through privacy, confidentiality

and security specialist roles across the organization. Our

specialists are trained to look for the weaknesses and

vulnerabilities in target systems and to identify report and

mitigate risk. Our privacy officer oversees the development,

implementation, maintenance of and adherence to Capital

Health privacy principles, policies and procedures.

Enhanced Security of Electronic Information: Capital Health has

implemented an electronic filing system for patient health

information that can only be accessed by authorized members of

your healthcare team through Capital Health computer systems. To

access your personal health information, your healthcare team must

use a series of passwords within a network service. This enhances

security within an electronic record versus paper-based

documentation. In many ways, it is much more secure than moving

paper files from location to location.Network & password protection combined with audit functionality

provides the ability to monitor the access of personal health

information for each patient.