Health Information Custodian (HIC) A person or organization who has custody or control of personal health information as a result of, or in connection with, the person’s or organization’s power or duties. Health information custodians listed under the Personal Health Information Protection Act, 2004 include, among others health care practitioners, hospitals, long-term care facilities, laboratories, pharmacies, community care access corporations, the MoLTC, medical officer of health or a board of health, and community or mental health centers whose primary purpose is the provision of health care (the Personal Health Information Protection Act, 2004, s.3 (1).)
Personal Health Information (PHI) Identifying information about an individual in oral or recorded form, if the information, relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family, relates to the providing of health care to the individual, including the identification of a person as provider of health care to the individual, is a plan of service within the meaning of the Long Term Care Act, 1994 for the individual, relates to payment or eligibility for health care in respect of the individual, relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance, is the individual’s health number or identifies an individual’s substitute decision-maker (the Personal Health Information Protection Act, 2004, s.4 (1).)
Privacy Privacy is the right of an individual to control the collection, use, and disclosure of personal information about him or herself (Canadian Institute for Health Information, 2002).
Confidentiality Confidentiality refers to the obligation of an individual or organization to safeguard entrusted information. The ethical duty of confidentiality includes obligations to protect information from unauthorized access, use, disclosure, modification, loss or theft. Fulfilling the ethical duty of confidentiality is essential to the trust relationship between researcher and participant, and to the integrity of the research project. (Government of Canada Panel on Ethics, 2003).
Identifying Information Means information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information to identify and individual (the Personal Health Information Protection Act, 2004, s.4 (2).)
Google Workspace Kate Urquhart Psychotherapy utilizes Google Workspace for professional email services. Utilizing their top of the line encryption and built in features such as email expirations and password strength enforcement ensures clients to communicate safely via email.
Digital Ocean Kate Urquhart Psychotherapy currently utilizes Digital Ocean for Web-Hosting. No PHI is stored on Digital Ocean, and patients can rest assured that their personal information will never be stored on my Web-Hosting services.
Jane Kate Urquhart Psychotherapy utilizes Jane to book, invoice, process payments, and facilitate online appointments. Jane was selected for these purposes due to its proven track record of PHIPA & HIPAA compliance, and respect for patient privacy.
Encryption At Rest All devices and platforms are encrypted at rest including cloud services as well as local devices.
Continuous Improvement As data security is not a final destination but a constant journey Kate Urquhart Psychotherapy is always looking to improve how data is handled and stored. Additionally, all relevant softwares are kept up to date with the latest security patches.
Physical Protection Any physical PHI generated (notes, etc) is stored in a secure locked location, and frequently checked for PHI that is no longer relevant, which is then destroyed.
Data Expiration After any e-PHI has become no longer relevant it is promptly destroyed.