Protecting Personal Health Information

All personal health information collected, used and disclosed via ClinicalConnect is subjected to the Personal Health Information Protection Act, 2004 (PHIPA). PHIPA establishes the legal privacy roles and responsibilities for each organization participating in the use of ClinicalConnect. Each participating organization is required by PHIPA to have privacy and security policies, procedures and training programs in place. These existing statutory-based controls also serve to protect patient information accessed via ClinicalConnect.

The steps taken to manage patient privacy include:

1. Signing of a Participation Agreement
2. Project Due Diligence via Privacy Impact Assessments and Threat Risk Assessments
3. Completion of Privacy & Security Attestations by each Participant Organization which is assessed by the ClinicalConnect Program Office, and examines an organization’s:
   • Governance
   • Privacy Breach Management and Auditing
   • Service Level Agreements and Confidentiality Agreements
4. Ongoing Communication and Education & Training
5. End users agree to the set User Agreement on an annual basis

For more information about ClinicalConnect in regards to privacy and security matters, please contact:

ClinicalConnect Program Office
Phone: 905-577-8270 ext. 9
Fax: 905-577-8260
E-mail: privacy@clinicalconnect.ca