Breathe Easy is committed to respecting the privacy of individuals and recognizes the need of our employees and those whom we do business with (clients, allied health professionals, community partners, suppliers, etc.), for the appropriate management and protection of any Personal Information or Personal Health Information that is consensually provided to us.
Policy and Procedure
- The Operations Manager, under direction of the Vice President, will be responsible for compliance with all federal and provincial legislations and regulations regarding privacy, confidentiality and security.
- All employees with permitted legal access to personal information/personal health information will be held accountable for their compliance to this policy for the collection, storage, use, disclosure, retention and destruction of this information.
- This policy will be evaluated annually, or more frequently as required, to reflect current privacy legislation and guidelines.
- Breaches of this policy may result in disciplinary actions being taken up to and including termination of an employee.
- Breathe Easy has established processes for receiving and addressing questions, concerns and complaints in a fair and timely manner.
- The need and use of personal information/personal health information obtained will be identified by the Breathe Easy employee prior or during its actual collection. The organization collects PI/PHI about individuals (clients, suppliers, employees, etc.) in order to better manage its business. The organization will make all reasonable efforts to fully inform such individuals about the purpose for its collection, use and/or disclosure.
- All employees are to be aware of the purpose(s) for which information, whether be personal or health related, are collected. Employees are to seek clarification from the Operations Manager if and when required.
- Previous PI/PHI collected for a new purpose may only be used or disclosed once its new purpose has been identified, and when consent has been obtained where legally.
- Knowledge and consent will be obtained from each individual or their legal representative prior to the collection, use or disclosure of personal information and personal health information according to federal and provincial legislation, regulations and acts.
- Consent will also be obtained when new purpose is identified.
- The organization will limit the collection and use of personal or health and health information to that required for valid business purposes or to comply with federal, provincial and/or municipal legislation.
- PHI/PI will be collected in a fair and legal manner to fulfil the identified purpose.
- PHI/PI will be obtained directly from the individual and/or their substitute decision maker, or other legal representative, as permitted by law.
- Any information obtained or collected that does not fall within the identified purpose will properly destroyed and/or returned to limit the collection of unnecessary information.
Limiting Use, Disclosure and Retention
- Use: Personal information will be used only for the purpose it was intended for, with the consent of the individual and/or as required by law.
- Retention: The organization will establish a retention period for all personal information collected. This period may be related to legislation other than PIPEDA. PHI/PI that has fulfilled its purpose and is no longer required, will be properly destroyed after its retention period has expired.
- Disclosure: The organization will not disclose personal information unnecessarily to employees or any third party, unless the effected individual or their legal representative (i.e. substitute decision maker) consents, or as required to do so by law.
- The organization will make every reasonable effort to ensure that the personal information it collects and uses is accurate, complete and up-to-date as required to fulfil its identified purpose.
- Individuals providing personal information will have the opportunity to review and correct their personal information, and on written request by an individual to whom the information relates, the organization will modify the information as required.
- Personal information will be protected against loss, theft, unauthorized access, disclosure, copying use or modification by established safeguards.
- The organization will store personal information using hard copy and/or electronic means in such a way as to prevent unauthorized collection, access, use, disclosure or disposal of the personal information. This may include: Physical Measures (lock & key, alarm system, locked filing cabinets, etc.); Organizational Controls (Confidentiality Agreements, policies and procedures, employee performance assessment, orientation and training, need-to-know basis, etc.); and Technological safeguards (passwords, firewalls, etc.).
- Breathe Easy policies and practices for the management of personal information shall be readily made available as required or requested.
- The organization promotes individuals’ right of access to personal information about themselves.
- The organization will provide access to an employee or client’s information upon request. Access will be provided according to established procedures. Access to a record may be subject to the payment of a fee as determined by Management.
Breathe Easy Respiratory Home Care
c/o Operations Manager
233 Horton St. E.
London, Ontario N6B 1L1
Toll Free: 1-800-267-3279
- All questions, concerns and complaints will be addressed in a timely manner.
- Employees are encouraged to report a breach or suspected breach to Management without fear of reprisal.
- In addition to the care that Breathe Easy takes directly, we are also working with all our partner organizations that may at some point handle personal information gathered by us. Each third party partner has agreed to meet our standards of privacy, confidentiality and security.