Date of Last Revision: May 19, 2022
The Caredove Referral Network (“CRN”) allows Users of Caredove Services (also referred to as Caredove.com) to handle referrals to health and community services. When you sign up to use Caredove.com you become a Caredove Referral Network Member (“CRN Member”) and are eligible to be assigned a Caredove Referral Network Role (“CRN Role”).
CRN Members agree to act responsibly in accordance with their assigned roles, as set out in this document.
“Referral Sender” means any CRN Member who sends referral information to other CRN members via Caredove.com.
“Referral Receiver” means any CRN Member who receives referral information from other CRN members via Caredove.com.
“Listings Manager” means any CRN Member who updates service listings information for an organization.
“Organization Administrator” means any CRN Member who administers the use of Services within their organization and also administers the User Accounts of CRN members working for this organization (“Authorized Workforce”).
“Network Administrator” means any CRN Member who administers the use of all CRN Members’ User Accounts within a network of Organizations (a “Network”) that have each agreed to the Caredove Terms and Conditions.
“Network Listings Manager” means any CRN Member who can update service listings for any Member Organization that is part of a Network.
“Caredove Administrator” means a person employed by Caredove who operates and oversees Caredove.com.
Note: All roles except for Referral Sender require that the CRN member is part of an “Authorized Workforce”.
Terms capitalized but not defined here are defined in the Terms and Conditions.
(a) Comply with relevant privacy laws and will have implemented the required internal policies and procedures to be compliant with these laws.
Different jurisdictions have different legislation, often with different (but complementary) laws for personal information and for Protected Health Information. For example, in Canada, there are two federal privacy laws (the Privacy Act & the Personal Information Protection and Electronic Documents Act) as well as provincial laws (such as Ontario’s Personal Health Information Protection Act – PHIPA). View a summary of Canadian privacy laws. In the USA, the Health Information Portability & Accountability Act (HIPAA) establishes the national standards for health privacy.
There are some common themes within most privacy laws, such as (but not limited to):
(b) Safeguard referral information by having technical and procedural safeguards to protect access to referral records shared within Caredove.com and manage referral information in a secure manner (e.g., storage/transfer/disposal of downloaded referral files and Caredove User Account credentials). Caredove publishes an audit record of users’ activity to support this.
(c) Submit Content to Caredove.com such that it does not disclose information unsuitable for public disclosure, violate the privacy rights of others, contain inaccurate information and does not violate any intellectual property rights, copyrights, trademarks, or trade secrets. The CRN Member is solely responsible for any content they post.
(d) Be subject to account management by the Organization Administrator, the affiliated Network Administrator, and/or the Caredove Administrator. Administrators may monitor, modify, revoke, suspend, deactivate, archive and delete User Account information and permissions.
(e) May leave the Caredove Referral Network at any time by revoking agreement with the Member Agreement. When leaving the network, the CRN Member loses access to all Roles within Caredove.com. Consequently, the CRN Member cannot make or receive referrals, view Protected Health Information or access historical records via Caredove.com.
(f) Maintain accurate User Account information in Caredove.com including name, email, phone, organization, job title, etc.
(g) Notify Caredove of any breach or suspected breach of Caredove’s services of which the CRN Member becomes aware and will take such action to mitigate the breach.
Upon discovery of referral information breach, where the breach involves the application of Caredove’s technology, this will trigger an application of Caredove’s Breach Management Policy. The impacted CRN Members will cooperate with Caredove in the resulting investigation.
(h) Notify their organization’s designated privacy lead of any suspected privacy incidents and breaches and respond in accordance with their organization’s privacy policies.
The organization’s privacy policies should also provide a definition of privacy incidents, breaches, and the procedures to follow. Learn about how Caredove defines privacy breaches and incidents for our employees.
CRN Members can be assigned a variety of roles, each of which comes with different responsibilities that are described in detail in this section.
(a) Collect express consent from the client for the purpose to collect, use and send referral information to the receiving organization (except when relevant legislation explicitly permits implied consent). Referral Senders do this by informing the client of the purpose of the referral, the Referral Receiver’s name, service information, other referral information as appropriate and sending the referral with the client’s agreement (usually verbal).
Express consent (or direct consent) means that an individual is clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information. Most privacy legislation allows for implied consent (or implicit/deemed/indirect consent), which is where the behaviour of the client clearly implies that usage of the information is appropriate. The option to use implied consent is usually limited by legislation, thus Caredove recommends always collecting express consent unless the sender clearly understands the legislative framework and appropriateness of implied consent.
(b) Withdraw consent upon request from the client by promptly revoking the referral or unbooking the appointment on Caredove.com. Note that this can only be done via Caredove.com before the referral has been viewed in Caredove.com by the Referral Receiver, after which time the receiving organization should be contacted and notified directly by the Referral Sender.
In some jurisdictions this is referred to as a “Consent Directive” or “Lock Box”, to block the record(s) from being shared with specified people. Referral Senders should ensure that medical records the client has marked confidential are not included in referrals.
(c) Provide accurate referral information by exercising a high level of care to ensure that the referral information is correct, complete and up-to-date for the purpose of the referral. Referral Senders are exclusively responsible for the quality of referral data. Caredove is not responsible for the quality of client data.
(d) Correct erroneous referral information that can be reasonably expected to have an effect on the provision of health care to the client. To make a correction, the Referral Sender shall notify the Referral Receiver of the changes required to the referral via a method of their choosing (e.g., via phone, fax) or update the referral in Caredove which will notify the Referral Receiver automatically.
(f) Take reasonable efforts to follow up on referrals to ensure referral completion, in accordance with their own internal policies and procedures. On Caredove.com Referral Senders can view if the referral has been downloaded by the Referral Receiver, can view the referral outcomes as set by Referral Receivers, or otherwise contact Referral Receivers to determine status.
Caredove is not responsible for ensuring Referral Receivers process referrals in a timely way, or that clients receive referred services.
(g) Provide the referral information to the client when the referral is sent, and at any other time by the client’s request.
The client can also request to view the referral’s activity history (e.g., who viewed, date and time of actions, changes, etc…). Such requests will be addressed by the Referral Sender.
(a) Keep client information private that has been received through Caredove.com, in keeping with privacy laws and organizational policies.
(b) Retrieve referrals in a timely manner by downloading the referral from Caredove.com promptly after it has arrived in the Caredove.com referral box. It is the responsibility of the Referral Receiver to monitor Caredove.com (and any notification emails) for incoming referrals on an ongoing basis and retrieve the referral information after which it will be permanently deleted from the Caredove database.
If the Referral Receiver was booked for an appointment, it is their responsibility to attend to the appointment at the selected time, or otherwise notify the client of any modified time, location, etc.
(a) Maintain accurate service listing information to enable the Referral Sender to make well informed referrals. Ensuring accuracy of contact information (such as phone number or email addresses) is especially important to prevent inadvertent transmission of personal information to an incorrect location.
(a) Support the maintenance of accurate service listing information to help Organizations within the Network manage their own service listings, or to manage service listings on behalf of an Organization.
(a) Oversee and support Organization Administrators within the Network, including initial User Account setup and identity verification of Organization Administrator accounts, monitoring use, troubleshooting, and providing guidance.
(b) Adopt the Organization Administrator’s relevant responsibilities when acting on behalf of an Organization Administrator such as ensuring that training has been provided when inviting new users. Network Administrators have full Organization Administrator privileges with their member organizations, which is provided primarily for the purpose of supporting the responsible Organization Administrators. In the circumstances when the Network Administrator is performing an Organization Administrator action, the Network Administrator will maintain full responsibility for their own actions and act with the same diligence and responsibility as the Organization Administrator.
(c) Grant CRN Members roles as Referral Senders who are able to refer to any service in the Network. The Network Administrator is responsible for identity verification of newly invited CRN Members.
(a) Bind the Organization to the Caredove Terms and Conditions, warranting that they have the authority required to do so. It is the first Organization Administrator that binds the organization, after which the Organization is considered to have entered into the Caredove Terms and Conditions.
(b) Be the primary Organization contact with Caredove for activities related to Caredove Services.
(c) Grant minimum required user permissions in Caredove.com for CRN Members to perform activities with their Organization including:
(d) Remove their Organization from a Network if the Organization wishes to be removed from a Network.
(e) Verify identities of CRN Members when inviting new users and granting permissions to Caredove.com. Caredove provides some tools to support this process, including an email verification process and other functionality.
An Organization Administrator’s identity can be verified by:
(f) Oversee account information of their Organization’s Authorized Workforce on Caredove.com by monitoring and auditing Caredove User Account integrity (e.g., change phone numbers, resetting passwords, changing permission levels, etc.).
(g) Monitor and audit account activity of their Authorized Workforce using Caredove.com audit logs and monitoring access to their organization’s referral activity.
(h) Terminate permissions promptly in their Authorized Workforce when permissions with Caredove.com are no longer required (e.g., leave Workforce or change positions within the Workforce).
(j) Confirm the presence of a privacy lead in the Organization who is the designated contact responsible for privacy issues. Duties of privacy leader (or privacy delegate) must include the development of privacy policies and procedures, monitoring privacy compliance, overseeing enforcement, developing and implementing privacy training programs, receiving and responding to privacy complaints and breaches.
(k) Configure Caredove.com service settings (e.g., retention policies, referral settings, calendar settings, etc.) in a manner that is aligned with the Organization’s policies & procedures.
(l) Avoid overcollection of Protected Health Information by, for example, ensuring referral forms used by the Organization in Caredove limit the collection of Protected Health Information to that which is needed for completing the relevant service intake process.