Promyse Home Care
LET'S TALK

Privacy Policy

Commitment to Privacy

The appropriate collection, use and disclosure of patients’ personal health information (PHI) is fundamental to our day-to-day operations and to patient care. This PHI may include verbal information, written documentation or electronic documentation. 

Protecting the privacy and the confidentiality of patient personal information is important to the nurses and staff at Promyse Home Care.

We strive to provide our patients with excellent medical care and service. Every member of Promyse Home Care must abide by our commitment to privacy in the handling of personal information. This policy was last modified on June 8th, 2020.

Applicability of This Privacy Policy

Our Privacy Policy attests to our commitment to privacy and demonstrates the ways we ensure that patient privacy is protected. Our Privacy Policy applies to the personal health information of all our patients that is in our possession and control.

What is Personal Health Information (PHI)?

Personal health information means identifying information about an individual relating to their physical or mental health (including medical history), the providing of health care to the individual, payments or eligibility for health care, organ and tissue donation and health number.

The 10 Principles of Privacy

Our Privacy Policy reflects our compliance with fair information practices, applicable laws and standards of practice.

1. Accountability

We take our commitment to securing patient privacy very seriously. Each nurse and employee associated with Promyse Home Care is responsible for the personal information under his/her control. Our employees are informed about the importance of privacy and receive information periodically to update them about our Privacy Policy and related issues.

2. Identifying Purposes: Why We Collect Information

We ask you for information to establish a relationship and serve your medical needs. We obtain most of our information about you directly from you, or from other health practitioners whom you have seen and authorized to disclose to us. You are entitled to know how we use your information, and this is described in the Privacy Statement posted at Promyse Home Care. We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose.

3. Consent

You have the right to determine how your personal health information is used and disclosed. For most health care purposes, your consent is implied as a result of your consent to treatment, however, in all other circumstances express consent must be written.

Your written Consent will be forwarded to the Privacy Officer who will document the request in patient’s medical records and notify appropriate Health care providers and their supporting staff.

Patients who have withdrawn consent to disclose PHI must sign and date the Consent to Withdrawal Form. It is understood that the consent directive applies only to the PHI which the patient has already provided, and not to PHI which the patient might provide in  the future: PHIPA permits certain collections, uses, and disclosures of the PHI, despite the consent directive; healthcare providers may override the consent directive in certain circumstances, such as emergencies; and the consent directive may result in delays in receiving health care, reduced quality of care due to healthcare provider’s lacking complete information about the patient, and healthcare provider’s refusal to offer non-emergency care. Your written Consent to Withdrawal Form will be forwarded to the Privacy Officer who will document the request in patient’s medical records and notify appropriate Health care providers and their supporting staff.

4. Limiting Collection

We collect information by fair and lawful means and collect only that information which may be necessary for purposes related to the provision of your medical care.

5. Limiting Use, Disclosure and Retention

The information we request from you is used for the purposes defined. We will seek your consent before using the information for purposes beyond the scope of the posted Privacy Statement.

Under no circumstances do we sell patient lists or other personal information to third parties. There are some types of disclosure of your personal health information that may occur as part of this Organization fulfilling its routine obligations and/or practice management. This includes consultants and suppliers to Promyse Home Care, on the understanding that they abide by our Privacy Policy, and only to the extent necessary to allow them to provide business services or support to this Organization.

We will retain your information only for the time it is required for the purposes we describe and once your personal information is no longer required, it will be destroyed. However, due to our on-going exposure to potential claims, some information is kept for a longer period.

Patients may be required to sign and date a Consent to Disclose PHI Form and there are no fees prior to release of information.

6. Accuracy

We endeavour to ensure that all decisions involving your personal information are based upon accurate and timely information. While we will do our best to base our decisions on accurate information, we rely on you to disclose all material information and to inform us of any relevant changes.

7. Safeguards: Protecting Your Information

We protect your information with appropriate safeguards and security measures. Promyse Home Care maintains personal information in a combination of paper and electronic files. Recent paper records concerning individuals’ personal information are stored in files kept onsite at our office.  

Access to personal information will be authorized only for the employees associated with the Organization, and other agents who require access in the performance of their duties, and to those otherwise authorized by law. There is no requirement to release health information to actively assist police in investigating a crime, although it is a criminal offence to obstruct police. Health records or information should not be disclosed simply upon request of a police officer. Police may obtain a court order giving them the legal authority to access health records. Police officers who question an employee about a patient’s medical condition or health record should be referred to the appropriate administrator within the organization.

We provide information to health care providers acting on your behalf, on the understanding that they are also bound by law and ethics to safeguard your privacy. Other organizations and agents must agree to abide by our Privacy Policy and may be asked to sign contracts to that effect. We will give them only the information necessary to perform the services for which they are engaged, and will require that they not store, use or disclose the information for purposes other than to carry out those services.

Our computer systems are password-secured and constructed in such a way that only authorized individuals can access secure systems and databases.  

If you send us an e-mail message that includes personal information, such as your name included in the “address”, we will use that information to respond to your inquiry. Please remember that email is not necessarily secure against interception. If your communication is very sensitive, you should not send it electronically unless the e-mail is encrypted or your browser indicates that the access is secure.

8. Openness: Keeping You Informed

Promyse Home Care has prepared this plain-language Privacy Policy to keep you informed.  

If you have any additional questions or concerns about privacy, we invite you to contact us by phone and we will address your concerns to the best of our ability.

9. Access and Correction

With limited exceptions, we will give you access to the information we retain about you within a reasonable time, upon presentation of a written request and satisfactory identification.

If you find errors of fact in your personal health information, please notify us as soon as possible and we will make the appropriate corrections. We are not required to correct information relating to clinical observations or opinions made in good faith. You have a right to append a short statement of disagreement to your record if we refuse to make a requested change.

If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and you may then challenge our decision.

10. Challenging Compliance

We encourage you to contact us with any questions or concerns you might have about your privacy or our Privacy Policy. We will investigate and respond to your concerns about any aspect of our handling of your information.

In most cases, an issue is resolved simply by telling us about it and discussing it. You can reach us at:

Ashley Fox, RPN (Privacy Officer) Promyse Home Care

15 Hazelglen Dr, Suite 2 Kitchener, ON N2M 2E2
519-208-2000

If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you have the right to complain to the Information and Privacy Commissioner/Ontario. The Commissioner can be reached at:

2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8

1-800-387-0073 – 1-416-325-9195 (fax)

Roles and Responsibility:

Employees are responsible for:

  • keeping their own employee files current regarding name, address, phone number, dependents, etc.
  • being familiar with and following policies and procedures regarding personal information;
  • obtaining the proper consents and authorizations prior to disclosure of personal, privileged and/or confidential information;
  • immediately reporting any breaches of confidentiality to their Supervisor;
  • keeping private passwords and access to personal, privileged and/or confidential data;
  • Use of trusted devices or accessing data from a trusted source;
  • explaining this policy to clients and referring them to Executive Director/office manager if necessary;
  • relinquishing any personal, privileged, confidential or client information in their possession before or immediately upon termination of employment.

Supervisors are responsible for:

  • obtaining consent to the collection and use of personal information from employees;
  • ensuring policies and procedures regarding collection, use and disclosure of information of personal information are consistently adhered to;
  • Use of trusted devices or accessing data from a trusted source;
  • responding to requests for disclosure after the proper release is obtained;
  • cooperating with Executive Director/office manager to investigate complaints or breaches of policy;
  • obtaining from terminated employees prior to their termination any personal, privileged, confidential or client information in their possession.

Human Resources and/or Payroll Personnel are responsible for:

  • ensuring that appropriate consents have been obtained from employees with respect to the collection and use of personal information; 
  • ensuring policies and procedures regarding collection, use and disclosure of information of personal information are consistently adhered to;
  • maintaining systems and procedures to ensure employee records are kept private;
  • obtaining the proper consents and authorizations prior to disclosure of information contained in employee records;
  • responding to employees’ requests for access to their files;
  • Use of trusted devices or accessing data from a trusted source;
  • ensuring proper disposal of unnecessary files/information;
  • maintaining separate files to ensure that personal health information is protected.

The Executive Director and/or Office Manager are responsible for:

  • internal compliance with applicable policies or legislation;
  • Use of trusted devices or accessing data from a trusted source;
  • cooperating with supervisors, human resources and/or payroll personnel in developing internal policies for the collection, use and disclosure of personal information and personal health information of employees and clients;
  • monitoring and responding to Third Party requests for personal information or personal health information;
  • ensuring appropriate consents are obtained for the collection, use and disclosure of personal information and personal health information;
  • where collection, use or disclosure is permitted without prior consent, notifying individuals of the collection, use and disclosure of personal information and/or personal health information after such occurrence.

Subcontractors

It is the policy to ensure that all subcontractors of Promyse Home Care sign a Confidentiality Agreement for the protection of clients’ personal and health information.

This agreement ensures that the subcontractors are aware of Promyse Home Care’s privacy policies and they are responsible for the privacy of all client information that comes into their possession for the purposes of supplying in-home services.

Substitute Decision Making

Substitute decision making is when one person makes decisions on behalf of another when the other is not mentally capable.

In Ontario, substitute decision making is a fundamental element of the informed consent process when a patient is not mentally capable for health decision-making. Health practitioners are required to get an informed consent before providing any treatment, subject to the emergency exception, from the patient if capable or from the incapable patient’s Substitute decision maker (SDM).[1] The law specifies who is the patient’s SDM for this purpose. [2]

When a Substitute becomes the decision maker for an incapable patient, that SDM is required to “step into the shoes” of that patient and must try to make decisions for the patient in the same way that the patient would have if still capable. This is described as the SDM making decisions for the incapable patient following any wishes about future care the patient may have expressed after the age of 16 and when still capable.[3] The last known capable wishes should be followed as the person may have changed their minds about what they wished, particularly as their health changed. [4]

If the SDM doesn’t know of any wishes applicable to the decision to be made, then the SDM is required to act in the “best interests” of the patient.[5] This includes the SDM considering the values and beliefs that the SDM knows that the incapable person held when capable and believes he or she would still act on if capable as well as considering whether the benefit the incapable person is expected to obtain from the treatment outweighs the risk of harm to him or her.

Source: Speak Up Ontario

[1] Health Care Consent Act , s 10(1)

[2] Health Care Consent Act, s 20

[3] Health Care Consent Act , s 21 (1)

[4] Health Care Consent Act, s.5(3)

[5] Health Care Consent Act, s21(1) and (2)

The Substitute Decision Maker Hierarchy in Ontario

The person, or persons, in your life ranked highest in the substitute decision maker hierarchy who meet(s) the requirements to act as a substitute decision maker will be your SDM(s) for health care.

Source: Speak Up Ontario

Estate Trustee

It is the executor’s responsibility to gather the assets of the estate, pay the debts of the deceased, apply for probate (if necessary) and distribute the assets of the estate in accordance with the terms of the Will.

The Collection Of Personal Information

Client Files

  1. Before the start of service, all new clients will have a file opened in ClearCare App (electronic file) with personal, financial and health data, as well as care requirements. This information is gathered at the inquiry stage and/or assessment stage and may be documented by the Executive Director, Office Manager, and Nurse Case Manager. Only the approved list of abbreviations will be used and these files are protected by firewall and pass codes.
  2. A hard copy file will be kept in the client’s place of residence for the purpose of recording. This file will be kept in a private place in the client’s place of residence. Documentation will be retrieved quarterly (or more often as necessary) and at the end of service, and returned to the office for filing.
  3.  A master hard copy file will be kept in the office in a secure, locked location and may include (but is not limited to) the following: initial assessment, financial information pertaining to the invoicing process, any signed/legal documents such as consent, release of information or advance directives, medical directives, any documentation received from the home file and any other documentation pertaining to that client. Client files are stored alphabetically
  4. Dated Notes and progress notes must be entered at time of occurrence or identified as a late entry.
  5. All clients will have a discharge summary documented in the dated notes at time of discontinuation of service. 
  6. The electronic file and the hard copy file will compliment each other – not all information will be duplicated.
  7. All electronic files will be archived and kept indefinitely. All hard copy files are kept for five (5) years and shredded afterwards.
  8. Client files will be reviewed and purged annually. At that time a file audit will be conducted for completeness, accuracy and timely completion.
  9. Destruction of files will be by commercial shredding.
  10. Promyse Home Care retains personal and medical information on all its clients for a period of ten (10) years from the last date that the client received services. Once this time frame has passed, the information will be thoroughly shredded and/or destroyed. 

Employment Files

  1. At the time of employment, all employees will have a file opened in ClearCare App (electronic file) with personal and employment-related data, as well as documentation relating to criminal record check, registrations/certificates/health information required for the performance of their work. Any performance and/or health-related issues will only be privy to the human resources department. These files are protected by firewall and pass codes. 
  2. A hard copy file will be kept in the office in a secure, locked location and may include (but not limited to): resume, references, legal/government documents such as release of information or record of employment, copies of documents required for the performance of their work, time sheets, and performance appraisals. Another file containing all health-related information will be kept in a separate secure and locked location. Employee files are stored alphabetically.
  3. A master hard copy file will be kept in the office in a secure, locked location and may include (but is not limited to) the following: initial assessment, financial information pertaining to the invoicing process, any signed/legal documents such as consent, release of information or advance directives, medical directives, any documentation received from the home file and any other documentation pertaining to that client. Client files are stored alphabetically
  4. Dated Notes will be entered at time of occurrence or identified as a late entry.
  5. All employees will have a termination summary in the dated notes at time of cessation of employment.
  6. The electronic file and the hard copy files will complement each other – not all information will be duplicated.
  7. Information contained in the files will only be shared in accordance with the PIPEDA guidelines. Employees will be granted access to information in their file in the presence of the Human Resources Manager.
  8. All electronic files will be archived and kept indefinitely. All hard copy files are kept for five (5) years and shredded afterwards.
  9. Employee files will be reviewed and purged annually. At that time, a file audit will be conducted for completeness, accuracy and timely completion.
  10. Destruction of files will be by commercial shredding.
  11. Promyse Home Care retains personal and medical information on all its employees for a period of ten (10) years from the date of termination of services. Once this time frame has passed, the information will be thoroughly shredded and/or destroyed.

 

Privacy Breach Definitions

A privacy breach occurs when personal information is stolen or lost or is collected, used or disclosed without authority.

In the event of a privacy breach, you should immediately notify the relevant staff in your organization and then identify the scope of the breach and take the steps necessary to contain it. We recommend that you have a privacy breach protocol in place detailing the steps to take in response to a breach, in what order, and by whom.

You should take the following steps to contain a privacy breach:

  • retrieve and secure any personal information that has been collected, used or disclosed without authority
  • ensure that no copies, including digital copies, have been made or retained by the individual who was not authorized to receive or use the information
  • determine whether the breach would allow unauthorized access to any other personal information – for example on an electronic information system – and take necessary steps to prevent a further breach, such as changing passwords or temporarily shutting down your system


You must notify individuals at the first reasonable opportunity of any breach in which their personal information in your custody or control was lost, stolen or used or disclosed without authority. 84 This notice must:

  • provide a general description of the breach in easy-to-understand language
  • inform the individual of any steps you have taken to:
    • mitigate adverse effects on the individual and
    • prevent a similar breach from happening
  • provide contact information for one of your employees who can provide additional information and
  • advise the individual of their right to complain to the IPC


You must also notify the IPC and the Minister of Children, Community and Social Services of any privacy breach that meets certain criteria. 85 This includes any breach you determine to be significant based on the sensitivity and volume of the information breached, the number of service providers involved and the number of people affected.

These types of privacy breaches must also be reported to the IPC:

  • those involving stolen personal information
  • breaches in which personal information was used or disclosed by someone who knew or should have known they were doing so without authority
  • breaches where it is likely personal information has or will be further used or disclosed again without authority
  • a privacy breach that is part of a pattern of similar breaches
  • a breach that results in an employee being terminated, suspended or disciplined, or resigning


Breach reports can be submitted to the IPC by mail or online. The IPC will review the information you provide, including a description of the breach and your response to it and may, in some cases, decide to conduct an investigation

Source: Information and Privacy Commissioner of Ontario

Definitions

Circle of care: the group of health care providers (e.g. nurse, physician, resident, clinical clerk, and any other health care practitioner providing care to the patient) treating a patient who need the patient’s personal health information in order to provide health care. This can also include employees and/or administrative staff who need the personal health information to carry out their duties.

A person outside a patient’s circle of care would include:

  • a person or entity who is not a health care provider (e.g. family, friends, the police, an insurance company, or the patient’s employer); and

 

E-Communications: electronic communication tools including email, messages transmitted through electronic medical record platforms, online forums, patient portals, social media applications, instant messaging and texting, and telemedicine (including audio and videoconferencing).

An Executor is the personal representative appointed by the deceased in his/her Will. If there is no will a court can appoint someone an Estate Trustee without a Will to be the personal representative of the estate.

It is the executor’s responsibility to gather the assets of the estate, pay the debts of the deceased, apply for probate (if necessary) and distribute the assets of the estate in accordance with the terms of the Will.

Lockbox: a term used to describe a patient’s express instruction to withhold or withdraw their consent to disclose all or part of their personal health information to another health care provider.

Mobile device: includes, for example, a mobile phone, laptop, USB drive, external hard drive, tablet, and wearable device.

Personal health information (PHI): any information relating to a person’s health that identifies the person, including, for example, information about their physical or mental health, family health history, information relating to payments or eligibility for health care, and health card numbers.

Substitute decision-maker (SDM): a person authorized to consent on behalf of a patient to the collection, access, use, or disclosure of PHI about the patient.

Subpoena: can be issued to compel a person to give evidence in court, produce documents to the court or both. A subpoena for production requires a person to provide the court with the documents outlined in the subpoena by a specified date and time. Importantly, these documents are provided to the court, and not to the party who requested that they be produced. 

If a medical practitioner believes that the whole or a part of a patient’s medical record should not be disclosed because it contains clinically sensitive information or for some other reason, they can make an objection to the court

Warrant: a document that allows the police or immigration authorities to arrest you.

519 208 2000

Our compassionate team is here  to find solutions to help your loved one live happily at home.

CONTACT US TODAY

have questions?

explore our faq

frequently asked questions

stay connected to your loved one's health

learn about family room

have questions?

jobs in home care

jobs in home care

We want to hear your story

At Promyse Home Care, we’re here to support your loved one’s journey towards independence at home. Our compassionate team is ready to listen and tailor care that respects their unique needs. Let’s chat about creating a comforting, personalized care experience. Reach out to us for a caring conversation – we’re eager to be part of your family’s story in ensuring the best home care for your loved one.

About Promyse

Locally Owned
© copyright 2024

our service area

We service all of Waterloo Region & surrounding areas.

keep updated by following us

Facebook-f Linkedin Instagram Google
519-208-2000

in-home care services

nurse case
management
personal
care
companion
care
medication
management
Family-Managed
Home Care Program
home
support
live-in
care
nursing
care
in-home
foot care

specialty services

24 hour
care
palliative
care
alzheimers &
dementia care
after surgery
care
stroke
recovery care
parkinson's
care
diabetes
care
motor vehicle
accident care

help outside your home

help in long term care
help in hospitals
help in retirement homes

about promyse

our core mission
our caregivers
testimonials

stay connected to your loved one's health

learn about family room

explore our blog

book a free health-care consultation

I am looking for:
What is the best time to call?

BOOK YOUR FREE CONSULTATION

hire your personalized nursing team today

519-208-2000
CALL 519-208-2000