Personal Health Information Protection policy

February 1, 2005

Privacy Principle
All personal health information collected for use in the provision of health care belongs to the patient.  This information may reside in paper, electronic or other formats (i.e. microfilm, tapes, etc.).  The custodian of this information is responsible for ensuring that it complies with the Personal Health Information Protection Act.

Definitions – see Appendix A

Policy
The hospital is the “custodian” of personal health information collected for the purpose of the provision of health care to all registered in-patients and out-patients.

Employees, medical staff, volunteers, students, contractors who act for or on behalf of the hospital for the purposes of the hospital and not their own purposes, are “agents” of the hospital.

Custodian Responsibilities:

  1. The hospital, as custodian, relies on consent, implied or expressed, to collect, use or disclose personal health information.  For delivery of care to our patients, expressed consent is not required.  Disclosure of personal health information, refer to policy:
    • KGH 9-50 - Medical Records: Release of Information/Patient Confidentiality

  2. The hospital, as custodian, will only collect, use or disclose personal health information for the purposes of:
    • planning and delivering our health care programs and services;
    • communicating with other allied health care professionals who will provide your follow-up care;
    • performing activities to improve and maintain the quality of the care that we deliver to you;
    • conducting risk management activities;
    • teaching health care professionals;
    • planning, administering and managing our internal operations;
    • obtaining payment for delivery of your health care (e.g. from OHIP, WSIB or others);
    • fundraising to improve our healthcare services and programs (information limited to name and address);
    • supporting approved health care research;
    • complying with legal and regulatory requirements.

  3. The hospital, as custodian, will provide patient access to personal health information in accordance with current legislation.  Refer to policy:
    • KGH 9-140 - Access to Personal Health Information (currently under revision)

  4. The hospital, as custodian, will ensure appropriate safeguards are in place for the security, retention and destruction of personal health information. Refer to policies:
    • KGH 9-180, HDH 2660 - Patient Records: Medical Record Retention/Destruction;
    • KGH 9-150 - Medical Records: Duplication of Patient Information (Photocopying, Facsimile);
    • HDH 660 - Transmission of Confidential Information by Facsimile.

  5. With respect to the disclosure of personal health information for research purposes the hospital, as custodian, will ensure there is an appropriate research plan, which has been approved by an appropriate research ethics board.  Refer to policy:
    • KGH 11-150 - Health Research.

Agent Responsibilities:

  1. Agents will collect, use and disclose Personal Health Information only:
    • as it relates to the role they are providing for the custodian,
    • as defined in the contract with the custodian,
    • as outlined in the hospital/departmental policy and procedure. 
APPENDIX A – Personal Health Information Protection Policy
Definitions:
 

Personal Health Information - in the Act is described as “Identifying information about an individual in oral or recorded form” as it:

  • Relates to the physical or mental health of the individual, including information that consists of the health history of the individuals family,
  • Relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,
  • Is a plan of service within the meaning of the Long-Term Care Act, 1994 for the individual,
  • Relates to payments or eligibility for health care in respect of the individual,
  • Relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,
  • Is the individual’s health number, or,
  • Identifies an individual’s substitute decision-maker.

Custodian – as defined in the Personal Health Information Protection Act, 2004 (PHIPA) states “a person or organization who has custody or control of Personal Health Information as a result of or in connection with performing the person’s or organization’s powers or duties or the work as described in section 3 (1) of the act.”

Agent – a person who acts on behalf of the custodian in exercising powers or performing duties with respect to personal/private information whether or not employed (or remunerated) including volunteers, students, physicians, consultants, nurses, vendors and contractors.

Implied consent – permits one to conclude from surrounding circumstances that a patient would reasonably agree to the collection, use or disclosure of the patient’s personal health information.

Express consent - is obtained when patients explicitly agree to the collection use and disclosure of their personal health information.

Research – Means a systematic investigation designed to develop or establish principles, facts or generalizable knowledge, or any combination of them, and includes the development, testing and evaluation of research.

 

 


How Do I?

Popular Links

University Hospitals Kingston Foundation

University Hospitals Kingston Foundation is the fundraising arm for Kingston General Hospital, Hotel Dieu Hospital and Providence Care. Our mission: Enabling our community to support excellence in patient care, teaching and research at the university hospitals of Kingston, through raising funds and awareness. Since 2005 the Foundation has raised more than $72 million in pledges and gifts for Kingston's hospitals, thanks to the generosity of more than 40,000 community donors.  For more information go to www.uhkf.ca

All contents © 2010 KGH Privacy | Using this Site | Site Map | About Us | Contact