The ‘Privacy of Personal Information and Electronic Documents Act’ (PIPEDA) became law on January 1, 2004 and applies to any ‘commercial activities’ of an organization that involve personal information. Personal information means information about an identifiable individual.
The purpose of this law is to ensure confidentiality and proper use of personal information collected by companies in the course of their business.
Community Solutions is under the jurisdiction of PIPEDA because it is a ‘for profit’ company and because it collects, stores and is responsible for client information in the course of its ‘commercial activities’: providing specific client support services to individuals with Acquired Brain Injury.
The privacy principles set out in PIPEDA include:
- Purpose for collecting Personal Information (PI)
- Consent for collecting Personal Information (PI)
- Limiting collection of Personal Information (PI)
- Limiting use, disclosure and retention of Personal Information (PI)
- Accuracy of Personal Information shared
- Appropriate safeguards to protect Personal Information (PI)
- Individual Access to one’s Personal Information (PI)
- Quality Program Assurance
- Community Solutions bases its privacy policies and procedures on the above privacy principles.
A Director of Community Solutions or an assigned delegate is responsible to ensure that every Community Solutions employee is trained to implement the privacy policies and procedures that are established throughout the organization.
Procedure 7.2.1:Application and Definition
The Privacy Protection Policy will apply to all client information that is collected by Community Solutions employees.
Clients’ Personal Information (PI) includes all information related to clients’ medical, health and social history and information used for billing and/or program quality assurance purposes.
Procedure 7.2.2:Training and Monitoring
Community Solutions employees review and learn to implement all privacy policies and procedures, as part of employee orientation and continuing education, on a regular basis. This includes training to respond to clients’ questions about: confidentiality and its exemptions; corrections to personal information on file; requests for access to personal information; and maintaining quality services.
Each employee is responsible to maintain confidentiality, as agreed to in the Employment Agreement and the Policy and Procedure manual.
The Director of Community Solutions or an assigned delegate annually reviews the privacy policies and procedures and updates them as required. Updates are communicated to the employees through memos, supervisory review and regional meetings.
The Director of Community Solutions or delegate will conduct annual audits throughout the company to facilitate and encourage understanding and compliance with procedures.
The company develops and provides self audits and encourages employees to use them on a regular basis, as a form of self monitoring.