Privacy and Confidentiality
Our Commitment to Privacy and Confidentiality
Privacy, confidentiality, and trust are cornerstones of ErinoakKids’ relationship with its clients. Health and personal information are highly sensitive, and are collected under the condition of expressed consent. Our clients trust that we will keep their information private and confidential. Trust plays a central role in the provision of care and treatment.
Collection of Personal Information shall be limited to that which is necessary for the fulfillment of ErinoakKids services.
LIMITING DISCLOSURE AND RETENTION
Personal Information will not be disclosed except in accordance with ErinoakKids’ obligations under its Agreements.
ErinoakKids is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Information (PI) or Personal Health Information (PHI).
ErinoakKids will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to the health records and data quality team, and will correct all data integrity issues in a timely manner.
A process for the correction of any PI/PHI will be implemented as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.
ErinoakKids implements security safeguards appropriate to the sensitivity of the information to protect Personal Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.
- Disseminate to each client and to the public a plain language description of the services that is appropriate for sharing with the individuals to whom the PI/PHI relates, including a general description of the safeguards in place to protect against loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal, and to protect the integrity of the Personal Information;
- Disseminate to the public any directives, guidelines, and policies of ErinoakKids that apply to client services;
- Disseminate to the public a general description of the safeguards implemented by ErinoakKids in relation to the security and confidentiality of Personal Information.
ErinoakKids has a documented process and procedure, with clear accountabilities, to comply with applicable legislation referring to individual access.
Systems and documented processes and procedures are developed with adequate controls and audit trails to respond to privacy and security violations and breaches, and to individual requests for access.
In order to meet its governance obligations and its Agreements with its clients, ErinoakKids has:
- Assigned a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.
- Assigned an information security officer (ISO) to be responsible for overseeing the information security aspects of the solution(s) being used.
- Developed a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to ErinoakKids’ obligations in client systems.
- Used or developed practices, processes, and procedures to:
- Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.
- Review the ErinoakKids privacy and security policy, practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry, and regulatory standards and requirements and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.
ErinoakKids uses and develops practices, processes, and procedures to ensure that employees, consultants, or permitted agents who perform services or otherwise have access to Personal Information will:
- Sign a confidentiality agreement and code of conduct.
- Be informed of all privacy and security related policies and procedures and ensure that all privacy and security related policies and procedures are readily accessible to all personnel.
- Obtain a satisfactory background screening, in accordance with its Agreement(s).
TRAINING AND AWARENESS
ErinoakKids believes that a culture of privacy and security is necessary to meet the individual and collective responsibilities of the organization, and delivers comprehensive training and ongoing awareness initiatives.
AUDITING POLICY AND PROCEDURES
For each project, ErinoakKids will draft policies, procedures, and processes to regularly, and with a predefined frequency, audit projects to monitor that ErinoakKids is in accordance with partner agreements and legislation, and to identify privacy incidents and breaches.
BREACH RESPONSE PROTOCOL
ErinoakKids promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of a privacy or security breach or incident. Accordingly, ErinoakKids will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Information.
ErinoakKids has documented procedures, with clear accountabilities, to ensure that it promptly notifies clients in writing of any enquiry or complaint received by ErinoakKids relating to the processing of Personal Information.
ErinoakKids has practices, processes, and procedures in place to ensure that it meets all requirements of the Personal Health Information Protection Act and its Client Agreements.
INFORMATION WE COLLECT
USE OF PERSONAL INFORMATION
ErinoakKids may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct satisfaction surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.
DISCLOSING YOUR PERSONAL INFORMATION
ErinoakKids will never sell or disclose Personal Information without purpose.
Any disclosure to third parties is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared should ErinoakKids become part of a merger, amalgamation, joint venture, joint project deliver or otherwise sell its business or part of its business.
PROTECTING YOUR PERSONAL INFORMATION
We follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect Personal Information. We do not warrant that the safeguards we have implemented are sufficient to protect Personal Information that you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to ErinoakKids may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government of one of those jurisdictions, or its agencies, under a lawful order made in that country. For further information, please contact us at the address below.
USING GOOGLE ANALYTICS
Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behaviour on that specific website. According to Google, the data collected cannot be altered or retrieved by services from other domains.
If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics.
Google Analytics Terms of Service:
Google Analytics Cookie Usage on Websites:
By way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties (e.g., Google Analytics) with your Personal Information.
If you have questions about your personal information
If you want to view your personal information or have any concerns about the way in which your personal information is used or disclosed, please contact the ErinoakKids Privacy Officer at.
1230 Central Parkway West
Mississauga, ON L5C 0A5
Telephone: (905) 855-2690
We will make every effort to address your concerns. Concerns and complaints can also be addressed with the Information and Privacy Commissioner of Ontario.