Caredove Referral Network Roles & Responsibilities

Date of Last Revision: May 19, 2022
The Caredove Referral Network (“CRN”) allows Users of Caredove Services (also referred to as to handle referrals to health and community services. When you sign up to use you become a Caredove Referral Network Member (“CRN Member”) and are eligible to be assigned a Caredove Referral Network Role (“CRN Role”).

CRN Members agree to act responsibly in accordance with their assigned roles, as set out in this document.

1. Caredove Referral Network Roles

“Referral Sender” means any CRN Member who sends referral information to other CRN members via

“Referral Receiver” means any CRN Member who receives referral information from other CRN members via

“Listings Manager” means any CRN Member who updates service listings information for an organization.

“Organization Administrator” means any CRN Member who administers the use of Services within their organization and also administers the User Accounts of CRN members working for this organization (“Authorized Workforce”).

“Network Administrator” means any CRN Member who administers the use of all CRN Members’ User Accounts within a network of Organizations (a “Network”) that have each agreed to the Caredove Terms and Conditions.

“Network Listings Manager” means any CRN Member who can update service listings for any Member Organization that is part of a Network.

“Caredove Administrator” means a person employed by Caredove who operates and oversees

Note: All roles except for Referral Sender require that the CRN member is part of an “Authorized Workforce”.

Terms capitalized but not defined here are defined in the Terms and Conditions.

2. Caredove Referral Network Member Responsibilities

2.1. All CRN Members will:

(a) Comply with relevant privacy laws and will have implemented the required internal policies and procedures to be compliant with these laws.

Different jurisdictions have different legislation, often with different (but complementary) laws for personal information and for Protected Health Information. For example, in Canada, there are two federal privacy laws (the Privacy Act & the Personal Information Protection and Electronic Documents Act) as well as provincial laws (such as Ontario’s Personal Health Information Protection ActPHIPA). View a summary of Canadian privacy laws. In the USA, the Health Information Portability & Accountability Act (HIPAA) establishes the national standards for health privacy.

There are some common themes within most privacy laws, such as (but not limited to):

  • The client consenting to the collection, use, and disclosure of their records;
  • Limiting collection, use, and disclosure of records to their intended purpose;
  • Ensuring the accuracy of information;
  • Implementing safeguards to protect records against loss, theft or unauthorized access;
  • Notifying the client of unauthorized access to their records;
  • Granting clients the right to obtain a copy of their records (with exceptions), request corrections, be notified of privacy breaches, control who has access to records and make complaints.

(b) Safeguard referral information by having technical and procedural safeguards to protect access to referral records shared within and manage referral information in a secure manner (e.g., storage/transfer/disposal of downloaded referral files and Caredove User Account credentials). Caredove publishes an audit record of users’ activity to support this.

(c) Submit Content to such that it does not disclose information unsuitable for public disclosure, violate the privacy rights of others, contain inaccurate information and does not violate any intellectual property rights, copyrights, trademarks, or trade secrets. The CRN Member is solely responsible for any content they post.

(d) Be subject to account management by the Organization Administrator, the affiliated Network Administrator, and/or the Caredove Administrator. Administrators may monitor, modify, revoke, suspend, deactivate, archive and delete User Account information and permissions.

(e) May leave the Caredove Referral Network at any time by revoking agreement with the Member Agreement. When leaving the network, the CRN Member loses access to all Roles within Consequently, the CRN Member cannot make or receive referrals, view Protected Health Information or access historical records via

(f) Maintain accurate User Account information in including name, email, phone, organization, job title, etc.

(g) Notify Caredove of any breach or suspected breach of Caredove’s services of which the CRN Member becomes aware and will take such action to mitigate the breach.

Upon discovery of referral information breach, where the breach involves the application of Caredove’s technology, this will trigger an application of Caredove’s Breach Management Policy. The impacted CRN Members will cooperate with Caredove in the resulting investigation.

(h) Notify their organization’s designated privacy lead of any suspected privacy incidents and breaches and respond in accordance with their organization’s privacy policies.

The organization’s privacy policies should also provide a definition of privacy incidents, breaches, and the procedures to follow. Learn about how Caredove defines privacy breaches and incidents for our employees.

3. Caredove Referral Network Roles & Responsibilities

CRN Members can be assigned a variety of roles, each of which comes with different responsibilities that are described in detail in this section.

3.1. A Referral Sender will:

(a) Collect express consent from the client for the purpose to collect, use and send referral information to the receiving organization (except when relevant legislation explicitly permits implied consent). Referral Senders do this by informing the client of the purpose of the referral, the Referral Receiver’s name, service information, other referral information as appropriate and sending the referral with the client’s agreement (usually verbal).

Express consent (or direct consent) means that an individual is clearly presented with an option to agree or disagree with the collection, use, or disclosure of personal information. Most privacy legislation allows for implied consent (or implicit/deemed/indirect consent), which is where the behaviour of the client clearly implies that usage of the information is appropriate. The option to use implied consent is usually limited by legislation, thus Caredove recommends always collecting express consent unless the sender clearly understands the legislative framework and appropriateness of implied consent.

(b) Withdraw consent upon request from the client by promptly revoking the referral or unbooking the appointment on Note that this can only be done via before the referral has been viewed in by the Referral Receiver, after which time the receiving organization should be contacted and notified directly by the Referral Sender.

In some jurisdictions this is referred to as a “Consent Directive” or “Lock Box”, to block the record(s) from being shared with specified people. Referral Senders should ensure that medical records the client has marked confidential are not included in referrals.

(c) Provide accurate referral information by exercising a high level of care to ensure that the referral information is correct, complete and up-to-date for the purpose of the referral. Referral Senders are exclusively responsible for the quality of referral data. Caredove is not responsible for the quality of client data.

(d) Correct erroneous referral information that can be reasonably expected to have an effect on the provision of health care to the client. To make a correction, the Referral Sender shall notify the Referral Receiver of the changes required to the referral via a method of their choosing (e.g., via phone, fax) or update the referral in Caredove which will notify the Referral Receiver automatically.

(e) Retain a copy of the sent client referral information for the Referral Sender’s own records (e.g., downloaded copy, or copy/paste into an EMR), in accordance with the Referral Sender’s organizational privacy and security policies. Information is retained in Caredove in accordance with our Privacy Policy.

(f) Take reasonable efforts to follow up on referrals to ensure referral completion, in accordance with their own internal policies and procedures. On Referral Senders can view if the referral has been downloaded by the Referral Receiver, can view the referral outcomes as set by Referral Receivers, or otherwise contact Referral Receivers to determine status.

Caredove is not responsible for ensuring Referral Receivers process referrals in a timely way, or that clients receive referred services.

(g) Provide the referral information to the client when the referral is sent, and at any other time by the client’s request.

The client can also request to view the referral’s activity history (e.g., who viewed, date and time of actions, changes, etc…). Such requests will be addressed by the Referral Sender.

3.2. A Referral Receiver will:

(a) Keep client information private that has been received through, in keeping with privacy laws and organizational policies.

(b) Retrieve referrals in a timely manner by downloading the referral from promptly after it has arrived in the referral box. It is the responsibility of the Referral Receiver to monitor (and any notification emails) for incoming referrals on an ongoing basis and retrieve the referral information after which it will be permanently deleted from the Caredove database.

If the Referral Receiver was booked for an appointment, it is their responsibility to attend to the appointment at the selected time, or otherwise notify the client of any modified time, location, etc.

Protected Health Information is retained per our Privacy Policy.

3.3. A Listings Manager will:

(a) Maintain accurate service listing information to enable the Referral Sender to make well informed referrals. Ensuring accuracy of contact information (such as phone number or email addresses) is especially important to prevent inadvertent transmission of personal information to an incorrect location.

3.4. A Network Listings Manager will:

(a) Support the maintenance of accurate service listing information to help Organizations within the Network manage their own service listings, or to manage service listings on behalf of an Organization.

3.5. A Network Administrator will:

(a) Oversee and support Organization Administrators within the Network, including initial User Account setup and identity verification of Organization Administrator accounts, monitoring use, troubleshooting, and providing guidance.

(b) Adopt the Organization Administrator’s relevant responsibilities when acting on behalf of an Organization Administrator such as ensuring that training has been provided when inviting new users. Network Administrators have full Organization Administrator privileges with their member organizations, which is provided primarily for the purpose of supporting the responsible Organization Administrators. In the circumstances when the Network Administrator is performing an Organization Administrator action, the Network Administrator will maintain full responsibility for their own actions and act with the same diligence and responsibility as the Organization Administrator.

(c) Grant CRN Members roles as Referral Senders who are able to refer to any service in the Network. The Network Administrator is responsible for identity verification of newly invited CRN Members.

3.6. An Organization Administrator will:

(a) Bind the Organization to the Caredove Terms and Conditions, warranting that they have the authority required to do so. It is the first Organization Administrator that binds the organization, after which the Organization is considered to have entered into the Caredove Terms and Conditions.

(b) Be the primary Organization contact with Caredove for activities related to Caredove Services.

(c) Grant minimum required user permissions in for CRN Members to perform activities with their Organization including:

  • Organization Administrators;
  • Referral Senders;
  • Referral Receivers;
  • Listings Managers.

(d) Remove their Organization from a Network if the Organization wishes to be removed from a Network.

(e) Verify identities of CRN Members when inviting new users and granting permissions to Caredove provides some tools to support this process, including an email verification process and other functionality.

An Organization Administrator’s identity can be verified by:

  • other pre-existing Organization Administrators in that organization;
  • a relevant Caredove Network Administrator;
  • the Caredove Administrator.

(f) Oversee account information of their Organization’s Authorized Workforce on by monitoring and auditing Caredove User Account integrity (e.g., change phone numbers, resetting passwords, changing permission levels, etc.).

(g) Monitor and audit account activity of their Authorized Workforce using audit logs and monitoring access to their organization’s referral activity.

(h) Terminate permissions promptly in their Authorized Workforce when permissions with are no longer required (e.g., leave Workforce or change positions within the Workforce).

(i) Be responsible to ensure that privacy policy & procedure training has been provided to members of their Workforce prior to granting permissions in

(j) Confirm the presence of a privacy lead in the Organization who is the designated contact responsible for privacy issues. Duties of privacy leader (or privacy delegate) must include the development of privacy policies and procedures, monitoring privacy compliance, overseeing enforcement, developing and implementing privacy training programs, receiving and responding to privacy complaints and breaches.

(k) Configure service settings (e.g., retention policies, referral settings, calendar settings, etc.) in a manner that is aligned with the Organization’s policies & procedures.

(l) Avoid overcollection of Protected Health Information by, for example, ensuring referral forms used by the Organization in Caredove limit the collection of Protected Health Information to that which is needed for completing the relevant service intake process.