Privacy Policy

Introduction

Breathe Easy is committed to respecting the privacy of individuals and recognizes the need of our employees and those whom we do business with (clients, allied health professionals, community partners, suppliers, etc.), for the appropriate management and protection of any Personal Information or Personal Health Information that is consensually provided to us.

Scope

This privacy policy covers the collection, use, disclosure, management, safeguarding, retention and destruction of Personal Information based on the ten principles from the Office of the Privacy Commissioner of Canada’s Guidance Documents, which are also part of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Policy and Procedure

Our Privacy Policy includes 10 principles in relation to the collection, storage, use, disclosure, retention and destruction of Personal information (PI) and Personal Health Information (PHI), which are as follows:

Accountability

  1. The Operations Manager, under direction of the Vice President, will be responsible for compliance with all federal and provincial legislations and regulations regarding privacy, confidentiality and security.
  2. All employees will be required to sign a Confidentiality Agreement, participate in an orientation/training program upon employment with the organization, and participate in all mandatory training sessions in relation to this privacy policy.
  3. All employees with permitted legal access to personal information/personal health information will be held accountable for their compliance to this policy for the collection, storage, use, disclosure, retention and destruction of this information.
  4. Breathe Easy will be responsible for maintaining confidentiality according to legal and ethical requirements when personal information is transferred to a third party. All third parties must adhere to this privacy policy and any other agreements established, and according to all applicable legislation, regulations and acts.
  5. This policy will be evaluated annually, or more frequently as required, to reflect current privacy legislation and guidelines.
  6. Breaches of this policy may result in disciplinary actions being taken up to and including termination of an employee.
  7. Breathe Easy has established processes for receiving and addressing questions, concerns and complaints in a fair and timely manner.

Identifying Purposes

  1. The need and use of personal information/personal health information obtained will be identified by the Breathe Easy employee prior or during its actual collection. The organization collects PI/PHI about individuals (clients, suppliers, employees, etc.) in order to better manage its business. The organization will make all reasonable efforts to fully inform such individuals about the purpose for its collection, use and/or disclosure.
  2. All employees are to be aware of the purpose(s) for which information, whether be personal or health related, are collected. Employees are to seek clarification from the Operations Manager if and when required.
  3. Previous PI/PHI collected for a new purpose may only be used or disclosed once its new purpose has been identified, and when consent has been obtained where legally.

Consent

  1. Knowledge and consent will be obtained from each individual or their legal representative prior to the collection, use or disclosure of personal information and personal health information according to federal and provincial legislation, regulations and acts.
  2. Consent will also be obtained when new purpose is identified.

Limiting Collection

  1. The organization will limit the collection and use of personal or health and health information to that required for valid business purposes or to comply with federal, provincial and/or municipal legislation.
  2. PHI/PI will be collected in a fair and legal manner to fulfil the identified purpose.
  3. PHI/PI will be obtained directly from the individual and/or their substitute decision maker, or other legal representative, as permitted by law.
  4. Any information obtained or collected that does not fall within the identified purpose will properly destroyed and/or returned to limit the collection of unnecessary information.

Limiting Use, Disclosure and Retention

  1. Use: Personal information will be used only for the purpose it was intended for, with the consent of the individual and/or as required by law.
  2. Retention: The organization will establish a retention period for all personal information collected. This period may be related to legislation other than PIPEDA. PHI/PI that has fulfilled its purpose and is no longer required, will be properly destroyed after its retention period has expired.
  3. Disclosure: The organization will not disclose personal information unnecessarily to employees or any third party, unless the effected individual or their legal representative (i.e. substitute decision maker) consents, or as required to do so by law.

Accuracy

  1. The organization will make every reasonable effort to ensure that the personal information it collects and uses is accurate, complete and up-to-date as required to fulfil its identified purpose.
  2. Individuals providing personal information will have the opportunity to review and correct their personal information, and on written request by an individual to whom the information relates, the organization will modify the information as required.

Safeguards

  1. Personal information will be protected against loss, theft, unauthorized access, disclosure, copying use or modification by established safeguards.
  2. The organization will store personal information using hard copy and/or electronic means in such a way as to prevent unauthorized collection, access, use, disclosure or disposal of the personal information. This may include: Physical Measures (lock & key, alarm system, locked filing cabinets, etc.); Organizational Controls (Confidentiality Agreements, policies and procedures, employee performance assessment, orientation and training, need-to-know basis, etc.); and Technological safeguards (passwords, firewalls, etc.).

Openness

  1. Breathe Easy policies and practices for the management of personal information shall be readily made available as required or requested.

Individual Access

  1. The organization promotes individuals’ right of access to personal information about themselves.
  2. The organization will provide access to an employee or client’s information upon request. Access will be provided according to established procedures. Access to a record may be subject to the payment of a fee as determined by Management.

Challenging Compliance

  1. Questions, concerns or complaints in relation to this privacy policy are to be directed to the Operations Manager at:
    Breathe Easy Respiratory Home Care
    c/o Operations Manager
    233 Horton St. E.
    London, Ontario N6B 1L1
    Tel: 519-439-1166
    Toll Free: 1-800-267-3279
    Fax: 519-439-5665
    Email: breatheeasyresp@gmail.com
  2. All questions, concerns and complaints will be addressed in a timely manner.
  3. Employees are encouraged to report a breach or suspected breach to Management without fear of reprisal.
  4. Employees are also encouraged to refuse participation in any interactions or activities that oppose this privacy policy.

Additional Information

  1. In addition to the care that Breathe Easy takes directly, we are also working with all our partner organizations that may at some point handle personal information gathered by us. Each third party partner has agreed to meet our standards of privacy, confidentiality and security.
  2. All employees and third party staff who in any way handle or manage Personal Information have acknowledged and agreed to adhere to our Privacy Policy and procedures that support the code.