Community Living Essex County is committed to maintaining confidentiality and protecting the privacy of the personal information it collects, uses or discloses on behalf of the individuals we support, employees we hire or other individuals who interact with us throughout the course of our activities. Compliance will be maintained with all relevant legislation including the Personal Information Protection and Electronic Documents Act of Canada (PIPEDA) and Personal Health Information Protection Act (Ontario) (PHIPA).
To preserve the confidentiality of personal information we collect and the privacy of the people we support/families and employees, this policy outlines employee obligations and the procedures to be followed when dealing with such personal, privileged and/or confidential information. This policy applies to all employees and to anyone who is granted access to personal, privileged and/or confidential information about a person supported and/or about employees.
An individual we support, a member of their family, guardian, trustee, an employee, a volunteer, a person being recruited to support one of our fundraising initiatives or others we do business with, and any individual from whom or about whom we collect Personal Information.
Personal information is factual or subjective information, recorded or not, about an identifiable person. It includes but is not limited to name, home address, telephone numbers, age, sex, marital or family status, identifying numbers such as social insurance number, drivers licence or passport, race, national or ethnic origin, colour, religious or political beliefs or associations, educational history, medical history, disabilities, blood type, employment history, financial history, criminal history, anyone else’s opinions about a person, a person’s personal views or opinions, and name, address and phone number of parent, guardian, spouse or next of kin.
The knowledge and consent of the person are required for the collection, use or disclosure of personal information. Consent is obtained from the person about to receive supports or the new employee, to collect, store, use and exchange or disclose personal information for the purposes stated herein at the time of acceptance of service or in the hiring agreement. This consent may be express or implied.
Personal Health Information
Personal health information means information about an identifiable person that relates to the physical or mental health of the person, the provision of health care to the person, the person’s entitlement to payment for health care, the person’s health care number, the identity of providers of health care to the person or the identity of substitute decision-makers on behalf of a person.
Third party means individuals or organizations other than the subject of the records or representatives of Community Living Essex County who may request or provide personal information.
Community Living Essex County will do its utmost to abide by the ten fair information principles of PIPEDA.
1. Accountability/Privacy Officer
The Privacy Officer is responsible for ensuring that Community Living Essex County is in compliance with the PIPEDA and PHIPA and the policy and procedures contained therein. The Manager of Human Resources is designated as the Privacy Officer.
2. Purpose of the Collection of Personal Information
Personal information is collected by Community Living Essex County from a person. The purpose for which personal information is collected shall be identified at or before the time the information is collected.
All personal information is used for one or more of the following purposes:
The knowledge and express or implied consent of the person are required for the collection, use or disclosure of personal information. Consent is obtained from the person about to receive supports or the new employee, to collect, store, use and exchange or disclose personal information for the purposes stated herein at the time of acceptance of service or in the hiring agreement. See Confidentiality/Release of Confidential Information policy (ADM-100-04).
4. Limiting Collection of Information
The personal information collected is limited to what is necessary to achieve the purposes stated above, in 2. Purpose of the Collection of Personal Information. The collection of information will be by open, fair and lawful means. The method of collection may include, but is not limited to, from the person, in person, over the telephone, by fax or by correspondence via mail or e-mail or on the internet through our website or by any other means.
5. Limiting Use, Disclosure and Retention of Information
Personal information will only be used for the purpose stated above, in 2. Purpose of Collection of Personal Information. A separate explicit consent is obtained from the person or unless required or allowed by law. If a person’s personal information is disclosed or exchanged with a third party, such as another service provider, Community Living Essex County will take reasonable steps to ensure that such party agrees to comply with the provisions of PIPEDA and PHIPA. A person’s personal information will be retained as long as necessary to achieve the stated purposes and to comply with legislation and regulations regarding records retention. When information is no longer required to be kept, this Agency will follow policies and procedures as stated in Management of Individual Records (PROG 300-03) and Personnel Records (PER 100-07). Privacy statements to protect personal information may be used on various forms.
All best efforts will be undertaken to maintain the accuracy and currency of all personal information contained in our files and to update such information when advised by the person of a change.
Community Living Essex County commits to doing its utmost to protect the personal information in its possession from unauthorized access, disclosure, copying, use, error, loss or modification. Personal information about a person, both paper and electronic, will be stored in files to which only authorized personnel have access. The storage area will be locked and computer files protected by passwords. All employees and Members of the Board of Directors sign an Oath of Confidentiality (PER-06) in which they acknowledge their duties subject to this policy and Rules of Conduct (PER-100-04).
A Copy of this policy will be posted on the website. Paper copies are available at each location operated by the Agency and further, copies are available upon request from the Privacy Officer.
9. Individual Access
All persons shall have access to the paper and electronic files containing their personal information, as per Personnel Records policy (PER-100-07) and Management of Individual Records (PRO-300-03).
10. Challenging Compliance
A person who has a complaint concerning compliance with these principles shall address the complaint to the Privacy Officer. The procedures are set out under Complaint Procedures.
Privacy Officer is responsible for:
Management is responsible to ensure:
Employees are responsible for:
Questions or complaints regarding a breach in privacy may be resolved by following the Appeals Process for Individuals/Families (PROG-200-05) or the Employee Concern Process (PER-100-03) or by contacting the Privacy Officer who will assist you through the process.
Approved on November 5, 2008