arrow_back close
Donate

Privacy and Confidentiality

Our Commitment to Privacy and Confidentiality

ErinoakKids has a privacy framework, a privacy policy, in addition to website media policies that govern the collection, retention, use, disclosure of personal and personal health information.

Privacy, confidentiality, and trust are cornerstones of ErinoakKids’ relationship with its clients.  Health and personal information are highly sensitive, and are collected under the condition of expressed consent. Our clients trust that we will keep their information private and confidential. Trust plays a central role in the provision of care and treatment. 

Privacy Policy

ErinoakKids Privacy Policy for Clinical Services

Policy:

LIMITING COLLECTION
Collection of Personal Information shall be limited to that which is necessary for the fulfillment of ErinoakKids services.

LIMITING DISCLOSURE AND RETENTION
Personal Information will not be disclosed except in accordance with ErinoakKids’ obligations under its Agreements.

ErinoakKids is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Information (PI) or Personal Health Information (PHI).

ENSURING ACCURACY
ErinoakKids will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to the health records and data quality team, and will correct all data integrity issues in a timely manner.

A process for the correction of any PI/PHI will be implemented as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.


SAFEGUARDS
ErinoakKids implements security safeguards appropriate to the sensitivity of the information to protect Personal Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.

OPENNESS
ErinoakKids will:

  • Disseminate to each client and to the public a plain language description of the services that is appropriate for sharing with the individuals to whom the PI/PHI relates, including a general description of the safeguards in place to protect against loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal, and to protect the integrity of the Personal Information;
  • Disseminate to the public any directives, guidelines, and policies of ErinoakKids that apply to client services;
  • Disseminate to the public a general description of the safeguards implemented by ErinoakKids in relation to the security and confidentiality of Personal Information.


INDIVIDUAL ACCESS
ErinoakKids has a documented process and procedure, with clear accountabilities, to comply with applicable legislation referring to individual access.
Systems and documented processes and procedures are developed with adequate controls and audit trails to respond to privacy and security violations and breaches, and to individual requests for access.
 
GOVERNANCE
In order to meet its governance obligations and its Agreements with its clients, ErinoakKids has:

  • Assigned a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.
  • Assigned an information security officer (ISO) to be responsible for overseeing the information security aspects of the solution(s) being used.
  • Developed a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to ErinoakKids’ obligations in client systems.
  • Used or developed practices, processes, and procedures to:
  • Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.
  • Review the ErinoakKids privacy and security policy, practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry, and regulatory standards and requirements and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.


HUMAN RESOURCES
ErinoakKids uses and develops practices, processes, and procedures to ensure that employees, consultants, or permitted agents who perform services or otherwise have access to Personal Information will:

  • Sign a confidentiality agreement and code of conduct.
  • Be informed of all privacy and security related policies and procedures and ensure that all privacy and security related policies and procedures are readily accessible to all personnel.
  • Obtain a satisfactory background screening, in accordance with its Agreement(s).


TRAINING AND AWARENESS
ErinoakKids believes that a culture of privacy and security is necessary to meet the individual and collective responsibilities of the organization, and delivers comprehensive training and ongoing awareness initiatives.

AUDITING POLICY AND PROCEDURES
For each project, ErinoakKids will draft policies, procedures, and processes to regularly, and with a predefined frequency, audit projects to monitor that ErinoakKids is in accordance with partner agreements and legislation, and to identify privacy incidents and breaches.

BREACH RESPONSE PROTOCOL
ErinoakKids promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of a privacy or security breach or incident. Accordingly, ErinoakKids will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Information.
 
COMPLAINT MANAGEMENT
ErinoakKids has documented procedures, with clear accountabilities, to ensure that it promptly notifies clients in writing of any enquiry or complaint received by ErinoakKids relating to the processing of Personal Information.

OPERATING PROCEDURES
ErinoakKids has practices, processes, and procedures in place to ensure that it meets all requirements of the Personal Health Information Protection Act and its Client Agreements.

Web (erinoakkids.ca) and Social Media Privacy Policy 

INFORMATION WE COLLECT
ErinoakKids has adopted a privacy policy that limits what it can do with Personal Information collected through its website, email, or other social media. Personal Information includes information about an identifiable individual (other than name, address, email, and phone number) such as demographic information, information collected through our website, or other information we may collect from you from time to time. Submitted job applications, including resumes and references, would also be included as Personal Information.

USE OF PERSONAL INFORMATION
ErinoakKids may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct satisfaction surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.

DISCLOSING YOUR PERSONAL INFORMATION
ErinoakKids will never sell or disclose Personal Information without purpose.

Any disclosure to third parties is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared should ErinoakKids become part of a merger, amalgamation, joint venture, joint project deliver or otherwise sell its business or part of its business.
 
PROTECTING YOUR PERSONAL INFORMATION
We follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect Personal Information. We do not warrant that the safeguards we have implemented are sufficient to protect Personal Information that you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to ErinoakKids may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government of one of those jurisdictions, or its agencies, under a lawful order made in that country. For further information, please contact us at the address below.

USING GOOGLE ANALYTICS
We use Google Analytics to collect information about the use of our website. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use (as amended for government websites) and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.

Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis.  This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behaviour on that specific website.  According to Google, the data collected cannot be altered or retrieved by services from other domains.

If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics.

Google Analytics Terms of Service:
http://www.google.com/analytics/tos.html

Google Analytics Cookie Usage on Websites:
https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
 
YOUR CONSENT
By way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties (e.g., Google Analytics) with your Personal Information.

Contact Information 

If you have questions about your personal information

If you want to view your personal information or have any concerns about the way in which your personal information is used or disclosed, please contact the ErinoakKids Privacy Officer at.
Privacy Officer
ErinoakKids
1230 Central Parkway West
Mississauga, ON L5C 0A5
Telephone: (905) 855-2690

We will make every effort to address your concerns. Concerns and complaints can also be addressed with the Information and Privacy Commissioner of Ontario.