Policy Statement
Ensemble is committed to maintaining confidentiality and protecting the privacy of the personal information it collects, uses or discloses on behalf of the individuals we support, employees we hire or other individuals who interact with us throughout the course of our activities. Compliance will be maintained with all relevant legislation including the Personal Information Protection and Electronic Documents Act of Canada (PIPEDA) and Personal Health Information Protection Act (Ontario) (PHIPA).
Scope
To preserve the confidentiality of personal information we collect and the privacy of the people we support/families and employees, this policy outlines employee obligations and the procedures to be followed when dealing with such personal, privileged and/or confidential information. This policy applies to all employees and to anyone who is granted access to personal, privileged and/or confidential information about a person supported and/or about employees.
This Policy addresses two broad issues:
- The way in which Ensemble collects, uses, discloses and protects personal information as well as privileged and confidential information.
- The right of the people supported/families and employees or a third party to have access to personal information, and if necessary, to correct the information.
Definitions
Person
An individual we support, a member of their family, guardian, trustee, an employee, a volunteer, a person being recruited to support one of our fundraising initiatives or others we do business with, and any individual from whom or about whom we collect Personal Information.
Personal Information
Personal information is factual or subjective information, recorded or not, about an identifiable person. It includes but is not limited to name, home address, telephone numbers, age, sex, marital or family status, identifying numbers such as social insurance number, drivers licence or passport, race, national or ethnic origin, colour, religious or political beliefs or associations, educational history, medical history, disabilities, blood type, employment history, financial history, criminal history, anyone else’s opinions about a person, a person’s personal views or opinions, and name, address and phone number of parent, guardian, spouse or next of kin.
Consent
The knowledge and consent of the person are required for the collection, use or disclosure of personal information. Consent is obtained from the person about to receive supports or the new employee, to collect, store, use and exchange or disclose personal information for the purposes stated herein at the time of acceptance of service or in the hiring agreement. This consent may be express or implied.
Personal Health Information
Personal health information means information about an identifiable person that relates to the physical or mental health of the person, the provision of health care to the person, the person’s entitlement to payment for health care, the person’s health care number, the identity of providers of health care to the person or the identity of substitute decision-makers on behalf of a person.
Third Party
Third party means individuals or organizations other than the subject of the records or representatives of Ensemble who may request or provide personal information.
Legal Requirements
Ensemble will do its utmost to abide by the ten fair information principles of PIPEDA.
1. Accountability
The Manager is responsible for ensuring that Ensemble is in compliance with the PIPEDA and PHIPA and the policy and procedures contained therein.
2. Purpose of the Collection of Personal Information
Personal information is collected by Ensemble from a person. The purpose for which personal information is collected shall be identified at or before the time the information is collected.
All personal information is used for one or more of the following purposes:
- confirm the person’s identity, communicate with the person, respond to inquiries from the person, to provide the person with support and services, to fulfill the legal and business requirements of the Ensemble and/or to ask for their financial support and to provide donor recognition for charitable gifts.
- to determine eligibility of a person to receive support and services or to be offered employment;
- fulfill legislated and reporting requirements (such as but not limited to, Ontario Disability Support Program, Canada Pension Plan, Employment Insurance, Income Tax);
- to provide a high quality of support;
- to protect individuals receiving support, employees and Ensemble from legal activity:
- to provide information about educational seminars or workshops, notice of professional development, career or volunteer opportunities or participation in special interest groups;
- to support research, analysis and overall management of supports and services;
- from time to time personal information may be shared with third party vendors, suppliers, data processors, and other providers responsible for administering supports or services on behalf of the person and ensure the health and safety of the person. Any such third party will be required to have policies in place regarding the collection and use of personal information which are consistent with this policy.
3. Consent
The knowledge and express or implied consent of the person are required for the collection, use or disclosure of personal information. Consent is obtained from the person about to receive supports or the new employee, to collect, store, use and exchange or disclose personal information for the purposes stated herein at the time of acceptance of service or in the hiring agreement.
4. Limiting Collection of Information
The personal information collected is limited to what is necessary to achieve the purposes stated above, in 2. Purpose of the Collection of Personal Information. The collection of information will be by open, fair and lawful means. The method of collection may include, but is not limited to, from the person, in person, over the telephone, by fax or by correspondence via mail or e-mail or on the internet through our website or by any other means.
5. Limiting Use, Disclosure and Retention of Information
Personal information will only be used for the purpose stated above, in 2. Purpose of Collection of Personal Information. A separate explicit consent is obtained from the person or unless required or allowed by law. If a person’s personal information is disclosed or exchanged with a third party, such as another service provider, Ensemble will take reasonable steps to ensure that such party agrees to comply with the provisions of PIPEDA and PHIPA. A person’s personal information will be retained as long as necessary to achieve the stated purposes and to comply with legislation and regulations regarding records retention. Privacy statements to protect personal information may be used on various forms.
6. Accuracy
All best efforts will be undertaken to maintain the accuracy and currency of all personal information contained in our files and to update such information when advised by the person of a change.
7. Safeguards
Ensemble commits to doing its utmost to protect the personal information in its possession from unauthorized access, disclosure, copying, use, error, loss or modification. Personal information about a person, both paper and electronic, will be stored in files to which only authorized personnel have access. The storage area will be locked and computer files protected by passwords.
8. Openness
This policy is posted on the website.
9. Individual Access
All persons shall have access to the paper and electronic files containing their personal information.
10. Challenging Compliance
A person who has a complaint concerning compliance with these principles shall address the complaint to Management.
Responsibility
Management is responsible to ensure:
- through established policies and training; ensure appropriate consents are obtained for the collection, use and disclosure of personal information and third party requests.
- polices and procedures regarding collection, use and disclosure of personal information are consistently adhered to;
- that systems and procedures are in place to ensure records are kept private;
- requests from persons for access to their files are responded to;
- proper disposal of unnecessary files/information as per policy;
- cooperation with Management to investigate complaints or breaches of policy;
- that disclosure of personal information or personal health information to a third party is done with the approval of a Director in order to minimize the risk of non-compliance with applicable legislative or regulatory regimes;
- this policy is explained to the people we support, their families and others and referring them to Management if necessary.
- that employees return any personal, privileged and/or confidential information in their possession upon request, or before or immediately upon, termination of employment.
Employees are responsible for:
- understanding and following policies and procedures regarding personal, privileged and/or confidential information;
- keeping their own employee files current regarding their personal information; including consent to disclose.
- immediately reporting any breaches of confidentiality to the Management;
- keeping private passwords and access to personal information privileged and confidential;
- explaining this policy to the people we support, their families and others and referring them to the Management if necessary;
- returning to management, any personal, privileged and/or confidential information in their possession upon request, or before or immediately upon, termination of employment.