Privacy Compliance Program
Policy
It is the policy of Catholic Family Services of Durham to fully comply with provincial and/or federal legislation pertaining to the protection of personal health information through the implementation and maintenance of a privacy compliance program.
Standard
A chief privacy officer shall be appointed and shall be responsible for overseeing the agency’s privacy compliance program and ensuring the organization’s compliance with its privacy obligations in accordance with the act.
Guidelines and Procedures
The Chief Privacy Officer shall be the Executive Director or designate and be responsible for:
A. ensuring that the organization has policies and procedures which address the requirements as regulated in the Ontario Personal Health Information Protection Act (PHIPA, 2004), and any applicable regulations that may serve as best practices in the Personal Information Protection and Electronics Documents Act(PIPEDA, 2004);
B. conducting an audit at least every four years, or more often if required, of the personal information policies and practices of the organization;
C. reviewing and analyzing the organization’s policies and practices for collecting, using and disclosing personal information regarding staff, volunteers, clients, users of Family Life Education and Wellness services and donors;
D. implementing procedures to safeguard personal information;
E. taking appropriate action in response to any breach of privacy, in accordance with the Personal Information Protection Action (PIPA)2004, as outlined in detail in the Board Policy on Secure Storage of Client Records (5.13);
F. ensuring individuals have the right to access and correct any personal information about themselves held by the organization;
G. implementing a retention and destruction of information policy;
H. acting as a contact person for inquiries from the public or clients and ensuring that public access obligations are met regarding privacy (confidentiality) policies;
I. ensuring that there is an established process of handling complaints about the organization’s information practices and/or alleged violations;
J. training the organization’s staff, students on field placement and volunteers.