Presentation is loading. Please wait.

Presentation is loading. Please wait.

One university. Many futures. The University of Manitoba FIPPA and PHIA at University of Manitoba Access & Privacy Coordinator’s Office.

Similar presentations


Presentation on theme: "One university. Many futures. The University of Manitoba FIPPA and PHIA at University of Manitoba Access & Privacy Coordinator’s Office."— Presentation transcript:

1 One university. Many futures. The University of Manitoba FIPPA and PHIA at University of Manitoba Access & Privacy Coordinator’s Office

2 One university. Many futures. Access & Privacy Coordinator’s Office Access & Privacy Office Access & Privacy Coordinator’s Office 233 Elizabeth Dafoe Library University of Manitoba Winnipeg, MB. R3T 2N2 Fax:

3 One university. Many futures.  To provide a basic understanding of FIPPA and PHIA  To identify roles and responsibilities under FIPPA and PHIA  To give you information to enable you to sign the PHIA Pledge of Confidentiality. Access & Privacy Coordinator’s Office Objectives

4 One university. Many futures. FIPPA/PHIA Training Program The FIPPA/PHIA Training Program consists of: a) reading the UM Policies and Proceduresreading the UM Policies and Procedures b) reviewing this training presentation c) signing the PHIA Pledge of Confidentiality. Access & Privacy Coordinator’s Office

5 One university. Many futures. Policies and Procedures Access & Privacy Coordinator’s Office The University has Policies and Procedures that provide specific rules about access to and protection of personal information held by the institution. The Policies and Procedures are available at the University/Access & privacy office website. website. Key in “PHIA” for information about PHIA. Key in “FIPPA” for information about FIPPA.

6 One university. Many futures. Overview Access & Privacy Coordinator’s Office What are FIPPA and PHIA? Key Definitions Access to Information Protection of Privacy and Confidentiality Collection, Use, Disclosure, Storage and Disposal Breaches of Confidentiality Pledge of Confidentiality

7 One university. Many futures. The Freedom of Information and Protection of Privacy Act (FIPPA) FIPPA is a provincial statute that: provides an individual with the legal right to access the information of a public body* and requires public bodies to protect personal information held in their records. * Subject to certain exceptions Access & Privacy Coordinator’s Office

8 One university. Many futures. The Personal Health Information Act (PHIA) Is a Manitoba law that protects the privacy of all personal health information (“PHI”) that can identify an individual. Access & Privacy Coordinator’s Office A government Act is a law or rule that must be obeyed

9 One university. Many futures. The Personal Health Information Act (PHIA) The purposes of PHIA are: to provide the right to examine or receive a copy of PHI to provide the right to request corrections to your own PHI to establish rules for collection, use and disclosure of PHI to control the collection, use and disclosure of PHIN to provide for an independent review of the actions of a trustee. Access & Privacy Coordinator’s Office

10 One university. Many futures. Principles of Privacy Legislation These principles summarize the requirements of FIPPA and PHIA: 1.Controlled Collection of Personal Information 2.Limited Use of Personal Information 3.Limited Disclosure of Personal Information 4.Information Management - retention, security, disposal 5.Ensured Individual Access to Personal Information 6.Openness 7.Accountability 8.Independent review – Manitoba Ombudsman/Adjuticator Access & Privacy Coordinator’s Office

11 One university. Many futures. Balancing Access and Privacy Access & Privacy Coordinator’s Office Access Privacy

12 One university. Many futures. FIPPA and PHIA at the University of Manitoba Access & Privacy Coordinator’s Office The University of Manitoba is a local public body, which falls under both FIPPA and PHIA. Under PHIA, the University is considered a Trustee of personal health information.

13 One university. Many futures. The University of Manitoba The University of Manitoba has a duty to: help individuals gain access to information, particularly their own personal information; and protect the privacy of individuals in the collection, use, disclosure, storage and destruction of Personal Information and Personal Health Information. Access & Privacy Coordinator’s Office

14 One university. Many futures. Key Definitions What is Personal Information? Access & Privacy Coordinator’s Office

15 One university. Many futures. Personal Information is: Recorded information about an identifiable person including: name, home contact information age, sex, sexual orientation, marital or family status ancestry, race, colour, nationality, national or ethnic origin religion, creed religious belief, association or activity blood type, fingerprints, hereditary characteristics political belief, association or activity education, employment or occupation, history of these three source of income, financial circumstances, activities or history criminal history, including regulatory offences individual’s own personal views, except if about another person views or opinions about the individual expressed by another person identifying number, symbol or other particular assigned to the individual personal health information Access & Privacy Coordinator’s Office

16 One university. Many futures. Key Definitions What is Personal Health Information? Access & Privacy Coordinator’s Office

17 One university. Many futures. Personal Health Information (PHI) is: Access & Privacy Coordinator’s Office Recorded information about an identifiable individual that relates to: 1.the individual’s health, or health care history, including genetic information about the individual; 2.the provision of health care to the individual, including a doctor’s note; 3.payment for health care provided to the individual, and includes bills, receipts, etc.; 4.the PHIN and any identifying number, symbol or particular assigned to an individual; and 5.any identifying information about an individual that is collected in the course of, and is incidental to, the provision of health care or payment for health care.

18 One university. Many futures. Personal Information does NOT include: Anonymous or statistical information that does not permit individuals to be identified However, if two or more seemingly anonymous or statistical data items can be combined to readily identify an individual, the data may be considered personal information Access & Privacy Coordinator’s Office

19 One university. Many futures. Individuals have a right to: Review their personal information Request corrections be made where necessary Receive a copy upon request *Some restrictions apply to these rights Access & Privacy Coordinator’s Office Access to Personal Information

20 One university. Many futures. COLLECTION of Personal Information Access & Privacy Coordinator’s Office

21 One university. Many futures. Collection of PHI When collecting Personal Information: Individuals are to be NOTIFIED about the PURPOSE for which PI is collected. PI should be used only for the purpose for which it was originally collected. Public Bodies may only collect as much PI as is reasonably necessary to accomplish the purpose for which it is collected. Whenever possible, PI is to be collected directly from the individual concerned. Access & Privacy Coordinator’s Office

22 One university. Many futures. USE and DISCLOSURE of PI Access & Privacy Coordinator’s Office

23 One university. Many futures. Use and Disclosure of PI USE means revealing PI to someone within the trustee’s organization. DISCLOSURE means revealing PI to someone outside the trustee’s organization. Access & Privacy Coordinator’s Office

24 One university. Many futures. Use and Disclosure of PHI You may use or disclose personal health information ONLY if: you need to know this information to do your job you are a person permitted to exercise the rights of another individual (e.g., you are the son or daughter of an elderly person) you are entitled by PHIA, ss. 21, 22, or by other legislation you have consent from the individual the PHI is about Access & Privacy Coordinator’s Office

25 One university. Many futures. Use and Disclosure of PI You cannot use or disclose personal information: In the presence of those that are NOT entitled to the information; or In public places, such as elevators, lobbies, cafeterias, off premises, etc. Be aware of surroundings. Personal Information, especially health information, is best discussed in a closed setting. Access & Privacy Coordinator’s Office

26 One university. Many futures. Quick Review Access & Privacy Coordinator’s Office  A person has a right to request a copy of his/her PI from the holding trustee/public body.  Individuals may request that a trustee make corrections to their PI.  Individuals need to be notified about how their PI will be used and disclosed.  Access to PI should be limited to those who need to know to do their jobs.

27 One university. Many futures. PROTECTION of Personal Information Access & Privacy Coordinator’s Office

28 One university. Many futures. SECURITY and STORAGE of PI Personal Information is to be properly secured and maintained to protect privacy and confidentiality. Personal Information is to be protected from accidental destruction or deterioration or loss by heat, cold, moisture, theft, or vandalism. Access & Privacy Coordinator’s Office

29 One university. Many futures. Protection of Privacy General responsibilities of trustees: o Limit on amount of Personal Information used or disclosed o Limit access to those who NEED TO KNOW to carry out their responsibilities Restrictions on Use of PI Restrictions on Disclosure of PI Ensure Accuracy of PI Security safeguards on PI Access & Privacy Coordinator’s Office

30 One university. Many futures. Protecting and Safeguarding PI Access & Privacy Coordinator’s Office Four main types of Safeguards: 1.Administrative – procedures, controlled distribution of keys, combinations, codes 2.Technical – locked doors, deadbolts and filing cabinets, limited access to office machines, e.g. fax 3.Physical – office arrangement, segregation of PI, clean desks, positioning of computer so passers-by cannot observe monitor 4.Electronic – passwords, encryption, anti-virus software, firewalls

31 One university. Many futures. Privacy and Confidentiality Privacy and confidentiality must be protected during: collection – taking information from a patient, client, research participant or other; having an individual give information on a form access – gaining entrance to use – transferring the information within the trustee disclosure – transferring the information beyond the trustee storage – holding the information after its day-to-day use is ended destruction – destroying the information after the need for retention is ended Access & Privacy Coordinator’s Office

32 One university. Many futures. Disposal of PI A trustee must ensure that Personal Information is destroyed by methods that protect the privacy of the individual the information is about. Access & Privacy Coordinator’s Office

33 One university. Many futures. Breach of Security A Breach of Security occurs whenever personal information records (electronic or non-electronic) are improperly collected, used, disclosed, or destroyed, or when the integrity of the information is compromised. Access & Privacy Coordinator’s Office

34 One university. Many futures. Breach of Security Examples A Breach of Security occurs when: PI is shared (used or disclosed) with those not entitled to that information. PI is removed from the custody of the trustee without authorization. PI is accessed by someone not entitled to that information. The integrity of a record is compromised. Access & Privacy Coordinator’s Office

35 One university. Many futures. Breach of Security Access & Privacy Coordinator’s Office A breach of security can result in identity theft, financial and other losses, and exposure of an individual or individuals to personal danger.

36 One university. Many futures. Breaches at the University If you know or suspect a Breach of Security has occurred, immediately notify: The head of your UM office, UM health unit, or health care agency. The head will notify the dean or director, the VP Administration, and the Access & Privacy Coordinator’s Office. Access & Privacy Coordinator’s Office

37 One university. Many futures. Breaches at the University The VP Administration, in consultation with others, will decide whether an investigation is necessary; If the decision is “yes,” the VP Administration will appoint an investigator who will: - inquire into the allegation - consult with appropriate persons - document findings - determine whether a breach has occurred - recommend disciplinary action Access & Privacy Coordinator’s Office

38 One university. Many futures. Policies and Procedures Access & Privacy Coordinator’s Office The University has FIPPA and PHIA Policies and Procedures that provide specific rules about access to and protection of personal information held by the institution. The University’s FIPPA and PHIA Policies and Procedures are available at:

39 One university. Many futures. PHIA Policies and Procedures 1) All University employees and persons associated with the University are responsible for protecting the security and confidentiality of all personal health information (verbal or recorded in any form) that is obtained, handled, viewed, heard, or learned, in the course of their work or association with the University. Access & Privacy Coordinator’s Office

40 One university. Many futures. PHIA Policies and Procedures Access & Privacy Coordinator’s Office 2) Personal health information shall be protected during its collection, access, use, retention, storage and destruction. 3) You may only use or disclose PHI in the discharge of your responsibilities and duties (including reporting duties imposed by legislation) and based on the NEED To KNOW.

41 One university. Many futures. PHIA Policies and Procedures Access & Privacy Coordinator’s Office 4) Discussion regarding personal health information shall not take place in the presence of persons not entitled to such information, or in public places (elevators, lobbies, cafeterias, off premises, etc.).

42 One university. Many futures. PHIA Policies and Procedures 5) Unauthorized use or disclosure of confidential information shall result in a disciplinary response up to and including termination of employment/contract/association/appointment. 6) A person convicted of an offence under The Personal Health Information Act may be required to pay a fine of up to $50,000. Access & Privacy Coordinator’s Office

43 One university. Many futures. PHIA Policies and Procedures Access & Privacy Coordinator’s Office 7) A confirmed breach of confidentiality may be reported to the individual’s professional body. 8) All individuals who become aware of a possible breach of the security or confidentiality of personal health information shall follow the procedures outlined under “Breach of Security.”

44 One university. Many futures. PHIA PLEDGE of CONFIDENTIALITY At the University, a Personal Health Information Pledge of Confidentiality (“Confidentiality Pledge”) is required of individuals as a condition of their employment, appointment, contract, or association with designated faculties, programs and offices, and as a condition of research involving humans. The requirement extends to student employees and researchers. Access & Privacy Coordinator’s Office

45 One university. Many futures. PLEDGE Access & Privacy Coordinator’s Office A solemn promise to do or to refrain from doing something

46 One university. Many futures. Access & Privacy Coordinator’s Office Thank You!


Download ppt "One university. Many futures. The University of Manitoba FIPPA and PHIA at University of Manitoba Access & Privacy Coordinator’s Office."

Similar presentations


Ads by Google