Please review the following agreement in its entirety:
This Agreement pertains to the access, use and disclosure of any Confidential Information and material pertaining to the GBIN Hospitals and/or its patients.
Definitions:
“The Hospital” is defined as Brightshores/SBGHC/HDH/MAHC/OSMH/AGH wherein “Brightshores” means Brightshores Health System, “SBGHC” means South Bruce Grey Health Centre, “HDH” means Hanover & District Hospital, “MAHC” means Muskoka Algonquin Healthcare, “OSMH” means Orillia Soldiers’ Memorial Hospital, and “AGH” means Almonte General Hospital.
“Confidential Information” is defined as:
(a) any information found in a patient’s medical record or pertaining to a patient’s personal health information; and/or
(b) any personal or work-related information and material relating to the Hospital, its functions, and all persons affiliated with the Hospital.
This agreement is applicable to all individuals affiliated with the Hospital and its functions, and to all users of the Hospital Health Information Systems and all other information systems, who have access to Confidential Information held in any media.
As a condition of my association with the Hospital, I hereby agree and acknowledge the following:
1. I shall respect the privacy of the Hospital’s patients/clients, employees and all persons affiliated with the Hospital. Further, I shall keep in strict confidence and only collect, use and/or disclose personal information relating to these individuals as required by the performance of my duties under the terms of my association with the Hospital and in accordance with the laws of Ontario and Canada. As such, I will not attempt to gain access to information to which I am not specifically authorized.
2. I agree that I will not alter, destroy or interfere with any information provided to me/ or that I may have access to or overhear during the terms of my association with the Hospital except with authorization of the Hospital or otherwise agreed to as a part of my association with the Hospital, and such is documented with appropriate authorization.
3. I shall maintain the confidentiality and security of any systems User ID(s) and Password(s) that have been assigned to me by the Hospital to enable my access to any networks, applications and acknowledge that I am responsible for all actions taken and access carried out under them. I will not provide my access codes to anyone nor will I attempt to use those of others. If I have reason to believe that my access codes have been compromised, I will immediately inform my manager and/or contact the Privacy Officer of the Hospital.
4. I will protect any physical access devices (for example keys and badges). I will not lend my devices out to another individual, nor will I attempt to use those of others. I will immediately report any compromised, lost, or stolen devices to my manager and/or to the Privacy Officer.
5. I understand that the Personal Health Information Protection Act establishes a set of uniform rules about how personal health information may be collected, used or disclosed. I further understand that the Act includes provisions that require consent, keeps information confidential and grants an individual the right to complain to the Information and Privacy Commissioner about the practices of a health information custodian in addition to privacy breaches.
6. I am aware that email messages can be modified, forwarded, intercepted and shared, without my knowledge or permission, making email messages vulnerable to fraud, privacy breaches and unintended disclosure to third parties. Further, I am aware that the privacy and security of external email cannot be guaranteed and that external emails can damage Hospital Information Systems. I acknowledge that the Hospital does not endorse the use of external email systems and that Personal Health Information should not be transmitted through external email.
7. I agree that faxed documents must be sent and received in a secure environment. To maintain the integrity and confidentiality of information transmitted by fax, I will follow the established protocol, which includes adhering to standardized controls (i.e., defining who to contact and return information to if received in error, double checking recipient and fax number before sending, retention of confirmation sheets and the maintenance of preprogrammed fax numbers).
8. I will adhere to Hospital issued policies and procedures that relate to the confidentiality, privacy and security of information and I understand that the compliance with the terms of these policies are required to maintain an association with the Hospital.
9. I understand that any unauthorized access, use or disclosure of Confidential Information will be reported to the Privacy Officer of the Hospital. I agree to report any issues to the Privacy Officer and I also understand that a breach of Confidential Information may result in disciplinary action up to and including termination of employment and/or association with the Hospital.
10. I understand that the Hospital will conduct routine audits to ensure compliance with this Agreement and will act on any issues of concern. I understand that any breaches of Confidentiality may result in notification to the applicable regulatory college and/or notification to the Information and Privacy Commissioner of Ontario, and may also include criminal prosecution.
11. Regardless of any changes that may occur to my title, duties, status and/or other terms of my association with the Hospital, I understand and agree that the terms of this Agreement will continue to apply and/or may need to be maintained indefinitely.
12. I understand and agree to abide by all the conditions outlined above. I further understand and agree that should my association with the Hospital terminate, I may be required to return or destroy any pertinent Confidential Information, as requested by the Hospital.
The following reference materials are associated with this Agreement, as per the Information and Privacy Commissioner of Ontario:
- (1) Breach Notification Assessment Tool;
- (2) Detecting and Deterring Unauthorized Access to Personal Health Information