DONATE NOW

Hill House Hospice
  • Home
  • About
    • Admission
    • History
    • Vision Mission Values
    • Team
    • Privacy
    • FAQs
  • Help
    • Donate
    • Get Involved
    • Work or Volunteer With Us
  • News
    • Expansion
    • Partnerships
    • Annual Report
    • Fall 2024 Newsletter
  • Gifts for
    • RelitaLing
    • EdandNancy
    • Geraldine
    • DaisyManYukChu
    • MichelinaMagnante
  • WALK FOR HHH
  • Gala
  • Subscribe
  • Contact
  • More
    • Home
    • About
      • Admission
      • History
      • Vision Mission Values
      • Team
      • Privacy
      • FAQs
    • Help
      • Donate
      • Get Involved
      • Work or Volunteer With Us
    • News
      • Expansion
      • Partnerships
      • Annual Report
      • Fall 2024 Newsletter
    • Gifts for
      • RelitaLing
      • EdandNancy
      • Geraldine
      • DaisyManYukChu
      • MichelinaMagnante
    • WALK FOR HHH
    • Gala
    • Subscribe
    • Contact
Hill House Hospice
  • Home
  • About
    • Admission
    • History
    • Vision Mission Values
    • Team
    • Privacy
    • FAQs
  • Help
    • Donate
    • Get Involved
    • Work or Volunteer With Us
  • News
    • Expansion
    • Partnerships
    • Annual Report
    • Fall 2024 Newsletter
  • Gifts for
    • RelitaLing
    • EdandNancy
    • Geraldine
    • DaisyManYukChu
    • MichelinaMagnante
  • WALK FOR HHH
  • Gala
  • Subscribe
  • Contact

Privacy & Confidentiality

Policy Statement, Scope and Purpose

Hill House Hospice is committed to safeguarding the privacy and confidentiality of all personal health information (PHI) and sensitive data. The purpose of this policy is to establish clear guidelines for protecting personal, organizational, and health information related to residents, staff, volunteers, donors, and other stakeholders of Hill House Hospice in accordance with Ontario’s Personal Health Information Protections Act (PHIPA), 2004, and other applicable laws and regulations. This policy also outlines the processes for managing suspected or confirmed breaches of privacy and confidentiality in accordance with Ontario legislation. 

This policy applies to all Hill House Hospice employees, contractors, volunteers, students, and anyone who has access to PHI or sensitive data in the course of their duties. It encompasses all forms of information, including electronic, paper, verbal, and visual formats and is inclusive of the collection, use, and disclosure of information, and the storage, retention, transfer, and disposal of resident and organizational records.


Definition of Terms

a) Residents: Individuals participating in any Hill House Hospice services.

b) Expressed Consent: Verbal or written consent given by an individual authorizing the collection, use, and/or disclosure of their personal health information. 

c) Implied Consent: Consent inferred from and individual’s actions or inactions in specific circumstances.

d) Personal Health Information (PHI): Information about an individual’s health or healthcare that can identify the individual, including but not limited to:

· Physical or mental health details, including family health history.

· Provision of healthcare services.

· Care plans under the Home and Community Services Act, 1994. 

· Identifying details such as name and date of birth.

· Health numbers or substitute decision-makers.  

e) Confidential Information: Non-health-related sensitive date, including staff employment records, operational strategies, and financial details. 

f) Authorized User: A person who has been granted access to information as part of their professional responsibilities at Hill Houst House. 

g) Electronic Medical Record System: The secure, digital format used by Hill House Hospice to document resident care. 

h) Organizational information: Non-public information about Hill House Hospice’s operations, staff, financials, strategic plans, and confidential reports or communications. 

i) Privacy Breach or Breach of Confidentiality: Any unauthorized collection, retention, use, disclosure, or disposal of personal information, contrary to Ontario’s privacy laws. 


Policy

Hill House Hospice is committed to maintaining the privacy and confidentiality of personal, organizational, and health information in compliance with the Personal Health Information Protections Act (PHIPA, Bill 31), public expectations, and internationally recognized privacy principles. This includes:

· Proper collection, use, and disclosure of personal health information.

· Secure storage, retention, transfer, and disposal of resident and organizational records. 

· Alignment with Section 12(1) of PHIPA to protect information against theft, loss, unauthorized access, copying, modification, or disposal. 

Personal and health information will only be utilized or shared with relevant healthcare providers or individuals identified through expressed or implied consent. 


1. Privacy Practices

Hill House Hospice ensures the integrity of personal and health information through the following measures.

1.1 Collection and Use of Information

· PHI will only be collected, used, and disclosed for the purposes directly related to the provision of hospice care, compliance with legal obligations, and organizational operations. 

· Consent will be obtained from residents, their Power or Attorney (POA), or their Substitute Decision Makers (SDMs) before collecting or sharing PHI unless otherwise permitted by law. 

1.2 Access to Information

· Access to PHI is restricted to authorized users on a need-to-know basis.

· Role-based access controls will be implemented in the electronic medical record system to ensure appropriate access. 

1.3 Disclosure of Information

· PHI will only be disclosed to third parties with the resident’s, POA’s, or SDM’s explicit consent or as required by law. 

· Requests for information mush be directed to the Privacy Officer for review and approval. 

1.4 Safeguarding Information

· PHI and confidential information must be stored securely to prevent unauthorized access, loss, or theft. 

· All electronic devices used for accessing information must be password protected, encrypted, and comply with Hill House Hospice’s IT security policies. 

· Physical records will be stored in locked cabinets within secure areas. 

1.5 Electronic Medical Record System Protocols

· Authorized users must use unique login credentials and adhere to the electronic medical record system’s security protocols. 

· Documentation must be accurate, timely, and reflect professional standards of care. 

· Any system issues or breaches must be reported immediately to the IT department.

1.6 Confidentiality Obligations

· All staff, contractors, and volunteers must sign a confidentiality agreement upon joining Hill House Hospice, as well as on an annual basis.

· Breaches of confidentiality will be investigated and may result in disciplinary action, including termination and legal consequences. 

1.7 Training and Awareness

· Regular privacy and confidentiality training will be mandatory for all staff, volunteers, contractors, and students.

· Updates to policies and procedures will be communicated promptly to ensure ongoing compliance. 

1.8 Retention and Disposal of Information

· PHI and other records will be retained in accordance with applicable legal and organizational requirement. 

· Records will be securely destroyed when no longer required, using methods such as shredding or digital wiping. 

1.9 Resident Rights

· Residents have the right to access their PHI, request corrections, and inquire about disclosures. 

· Requests must be submitted in writing and will be address within the timelines stipulated by PHIPA.


2. Responsibilities

2.1 Privacy Officer

· Oversees compliance with this policy and relevant legislation.

· Provides guidance on privacy-related issues and coordinates responses to breaches.

2.2 Staff and Volunteers

· Adhere to the privacy and confidentiality standards as outlined in this policy.

· Report any breaches or concerns to the Privacy Officer immediately. 

2.3 Administration or Management

· Ensure all team members understand and comply with this policy. 

· Allocate resources for training and the implementation of privacy safeguards. 


3. Privacy Breaches

All suspected or confirmed breaches mush be reported immediately to the Privacy Officer. An investigation will be conducted, and affected individuals will be notified in accordance with legal requirement. Corrective actions will be implemented to prevent further occurrences. 

3.1 Breach of Privacy of Confidentiality Procedures

a) Step 1: Contain the Breach

· Notify the Privacy Officer and relevant staff immediately. 

· Identify the nature, scope, and individuals affected by the breach. 

· Take corrective action, including:

o Securing or retrieving unauthorized disclosures.

o Suspending access rights if internal staff are involved. 

o Deleting unauthorized electronic records permanently.

b) Step 2: Notify Affected Individuals

· Inform individuals promptly if there is a risk of significant harm.

· Notification methods may include phone calls, letters, email, or in-person communication.

· Provide details of the breach, potential impacts, and actions taken. 

· Coordinate with law enforcement if necessary to avoid interfering with investigations. 

c) Step 3: Investigate and Mitigate

· Analyze the events leading to the breach and identify system issues. 

· Review and update privacy practices and training. 

· Implement corrective actions to prevent reoccurrence. 

· Communicate findings and remedial measures to the Information and Privacy Commissioner (IPC) if required.

d) Step 4: Notify the IPC

· Report significant breaching involving sensitive information, large-scale impacts, or challenges in containment to the IPC promptly.

· Seek IPC guidance for managing notifications and response plans. 

e) Step 5: Prevent Future Breaches

· Conduct privacy impact assessments for new or updated technologies, systems, and processes. 

· Provide ongoing education to staff, volunteers, and students about privacy laws and best practices. 

· Consult legal counsel, security experts, and IPC representatives as needed.


4. Policy Communication and Contact Information

This policy is included in orientation sessions for all new staff, volunteers and students, and is reviewed annually during refresher training sessions and signing of the Confidential Agreement form. 


Contact Information


Privacy Officer: Hill House Hospice’s Executive Director

Hill House Hospice, Richmond Hill, Ontario. 

For questions or concerns related to this policy, please contact the Privacy Officer by: Email: executivedirector@hillhousehospice.com

Telephone: 905-737-9308. 

Prompt responses to privacy breaches, inquires, concerns, and complaints will be addressed as defined in the Concerns, Complaints, and Compliments Policy. 


5. Policy Review, Updates, and Acknowledgement

This policy will be reviewed biannually or as needed to reflect changes in legislation, technology, or organizational practices. Any updates will be communicated with all relevant parties.

All employees, contractors, volunteers, and students are required to acknowledge their understanding and acceptance of this policy. Records of acknowledgement will be maintained by Human Resources. 


6. References

Information and Privacy Commissioner of Ontario (ICP of Ontario)

ICP of Ontario “Guidance for organizations: Health privacy”

Personal Health Information Protection Act, 2004

Privacy Act, 2013

Summary of Privacy Laws in Canada

Back to Top

Charitable Business No. 869834648 RR0001

Copyright © 2023 Hill House Hospice - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept