PART I:
Privacy Policy
The Personal Information Protection and Electronic Documents Act (PIPEDA) became effective on January 1, 2004. Although as a provincially regulated employer, our interactions with employees/contractors are not governed by PIPEDA, we use its guidelines to help secure the collection and use of your own personal information with Personalized Prescribing Inc. (PPI). PPI’s Privacy officer is the CEO of PPI
In response to the Act, PPI has developed a Privacy Policy so as to comply with the Act. The following is our Privacy Policy:
PPI will adhere to the provisions and principles of the Personal Information Protection and Electronic Documents Act (PIPEDA).
PPI is committed to protecting the privacy, confidentiality, security and accuracy of the personal information we have collected and will collect from you. We will disclose only the necessary personal information to other insurers for the purpose of facilitating eligibility for benefits and for claims adjudication purposes.
Consent and Use:
PPI collects personal information from clients and patients using consent and other forms. These forms will have a declaration as to the purpose of collecting the personal information. The forms will contain consent that we may use the collected information for research and other purposes not consented to.
Information Collection:
PPI collects limited personal information from clients and patients for the specific purpose of processing our pharmacogenomics testing and consulting including to:
- Provide ongoing products and services offered by PPI.
- And otherwise to meet regulatory requirements.
Disclosure
PPI will disclose to the individual client all the information we have on record for that client at the written request of the client. The individual may challenge and amend the information on hand. PPI reserves the right to request proof for some or all the personal information provided by a client.
PPI reserves the right to withhold or refuse to provide information to any party, with the exception of the individual whose information is being requested, if we believe disclosure may breach PIPEDA.
Any person on whom we keep information may advise us in writing to cease to use the information on the individual, and to destroy such information. Such person shall bear full responsibility for the consequences of his/her request.
PPI will keep abreast of Privacy Legislation and developments and will amend our policies accordingly.
Deemed Notices
This document is deemed to be our notification to you of our Privacy Policy. We will proceed with implementing our Privacy Policy as it applies to you. Please notify us immediately if there is anything in our Privacy Policy that you object to.
Personal Information Retention Policy
PPI will maintain, keep and archive the information collected on individuals in the course of our services for a period of 25 years unless the client requests that we destroy such information. PPI will destroy the information both electronic and in paper form in a manner that ensures that the information cannot be used in any form by others.
PART II:
Confidentiality Policy
The Privacy Policy sets out PPI’s commitment for respecting and protecting the data we collect from our clients; the policy also sets out the confidentiality commitment PPI requires from its employees and contractors. All PPI’s information is the property of PPI; employees/contractors may use the information strictly in the course of performing their work at PPI and may not be used by employees/contractors for any other purpose whatsoever.
PPI’s employees/contractors may not remove any information from the office unless they obtained expressed approval from the CEO. All employees/contractors are required to sign this agreement and must abide by it. Employees/contractors need to be fully aware that breaching the Confidentiality Agreement is a serious act that may result in termination of relationships and/or prosecution as afforded under law.
Outside Contractors must sign a confidentiality/non-disclosure agreement before they are provided access to any part of the PPI system.
Transmission of Information
Information may not be removed from the PPI premises and may not be transmitted electronically or by any other means to persons outside PPI unless such transmission is specifically permitted by the client in the consent form. All transmissions outside PPI must be made only to the following persons:
- To the client at an email or fax supplied by the client.
- To the client’s healthcare professional via email or fax supplied by the client.
- To any other person as directed by the client in writing.
Transmitted information must be done through a secure path, such as a private fax or a protected email. If information is transmitted by mail or fax, it must be clearly labeled as “Confidential”.
Destruction and Shredding
All paper information that is no longer needed must be placed in a shredding box to be shredded by our outside shredding Contractors. Paper that does not contain private or confidential information may be placed in one of the blue recycling boxes.
Security Policy
PPI is committed to a secure premises and working environment. The office is guarded by a full security system which is part of the security of the building. Each employee/contractor is issued an access card which allows the employees/contractors to access the office and the building in business and off hours. In off hours only employees/contractors on the 5th floor are able to access the 5th floor.
All the offices at PPI are lockable offices, allowing each occupant to secure the contents of their office. Two offices are deemed “secure” offices; they are the Administration office and the Accounting office. Secure Offices must be locked at all times that the occupant in not present in the office for any period of time.
Employees/contractors must sign receiving their office key and may never give it to any other employees/contractors under any circumstance and must guard it well at all times. If a key is forgotten or lost altogether, the employees/contractors needs to approach the CEO or an authorized officer of the company to obtain entrance to their office and a new key if necessary.
Passwords
Every employee is issued a user login and password as soon as they join the company. Employees/contractors are required to immediately change their password to one that only they know. Employees/contractors must never share their password with any other employees/contractors or person.
Password must be at least eight characters long and must contain at least one number and one capital character. Employees/contractors must change their passwords periodically (recommended every 12 weeks), but at least once every 6 months.
The Admin & Systems manager may not disclose the master passwords to any party unless the General Manager has approved such disclosure in writing.