Accessing & Safeguarding Personal Health Information at Capital Health

At Capital Health, it is our responsibility to respect confidentiality and privacy. We recognize that personal health information of our patients is sensitive and protecting the information of our patients, clients and co-workers is important. Access to personal health information is available to those who need-to-know to provide care, including clinicians, technicians, therapists and other health professionals. We collect and use personal health information while taking measures to ensure privacy and confidentiality of the information is protected and secure. Personal information is information about an identifiable individual. It includes name, address, phone number, age, characteristic, family status, marital status, health information such as blood type DNA or any combination of personal information that can be linked to identify the individual. An individual has the right to retain control over the collection, use and disclosure of his/her personal information by law in Canada. Personal health information may refer to: information on the physical or mental health of the individual, information on any health service provided to the individual, or information collected incidentally to the provision of health information to the individual. In Nova Scotia, the Freedom of Information and Privacy Act (FOIPOP), Personal Information International Disclosure Protection Act (PIIDPA) and the Hospitals Act provide privacy protection to patients. In addition, Capital Health and the Nova Scotia Department of Health and Wellness have policies and procedures in place to protect your personal (health) information.

What You Want to Know

Accessing Personal Health Information. Under Capital Health policies only staff involved in the care of the patient are permitted to access health information on a need-to-know basis. Health professionals are also bound by confidentiality requirements from their professional colleges/regulatory associations and by the policies at Capital Health. Consent and Authorized Disclosure: The Hospital Act enables provisions for clinical access to personal health information for those clinicians providing ongoing clinical care to the individual and for other healthcare professionals involved in your care on a need-to-know basis. Access to personal health information for administrative, legal, research or personal inquiry by a family member requires consent of the patient. Safeguarding Personal Health Information. There are three components of protecting health information at Capital Health. Administrative Safeguard Capital Health has a privacy policy which governs the manner in which service providers and employees manage personal information. Staff, volunteers and students sign a pledge of confidentiality as a condition of employment upon orientation. Physical Safeguard Capital Health has a number of physical safeguards which range from locked cabinets, secure fax, screen savers for terminals and wearing photo identification to ensure limited access to personal information. Technical safeguard Access to personal information is password protected; all databases must be saved on secure networks; and personal information is located within a firewall for protection.

Granting Access to Electronic Personal Health Information: A User ID Request Form must be completed and signed by authorized Managers to access systems at Capital Health. A role-based access model is used to determine what level of access will be granted. Individual passwords are assigned for system protection. Individual system application training is provided to ensure users accurately access the applications provided. Processes are in place to suspend user access upon termination of employment. Privacy, Confidentiality and Security: Capital Health has developed information security policies, standards, and procedures which are managed through privacy, confidentiality and security specialist roles across the organization. Our specialists are trained to look for the weaknesses and vulnerabilities in target systems and to identify report and mitigate risk. Our privacy officer oversees the development, implementation, maintenance of and adherence to Capital Health privacy principles, policies and procedures.

Monitoring: Capital Health strives to protect and monitor both your personal information and your personal health informationby: educating staff, physicians, volunteers and students on the importance of respecting privacy rights and the importance of maintaining confidentiality. Capital Health monitors role-based access to personal health information; adheres to security practices for electronic and paper records; conducts random audits of user access and reports potential mis-use of personal health information. Enhanced Security of Electronic Information: Capital Health has implemented an electronic filing system for patient health information that can only be accessed by authorized members of your healthcare team through Capital Health computer systems. To access your personal health information, your healthcare team must use a series of passwords within a network service. This enhances security within an electronic record versus paper-based documentation. In many ways, it is much more secure than moving paper files from location to location. Network & password protection combined with audit functionality provides the ability to monitor the access of personal health information for each patient.