Date of Last Revision: May 19, 2022
Caredove respects the privacy concerns of all users of The Platform, and is committed to protecting the Personal Information (PI) of its users and the Protected Health Information (PHI) of all patients and clients referred using Caredove software. The purpose of this policy is to establish all the mandatory requirements and responsibilities for the protection of such information.
“Personal Information (PI)” means identifiable information about an individual such as:
“Protected Health Information (PHI)” means information such as:
Health Information Network Provider (HINP): An entity that provides services to two or more Health Information Custodians (HIC) where the services are provided primarily to enable the custodians to use electronic means to disclose Protected Health Information (PHI) to one another. Caredove is a HINP. As a HINP, Caredove may have PHI within its systems while providing service; however the HIC remains fully accountable to the patient for the privacy practices associated with the PHI.
Health Information Custodian (HIC): A person or organization that delivers health or community care services. Physicians, hospitals, pharmacies, laboratories, community care access centres and community support agencies are examples of HICs. A HIC has custody or control of PHI as a result of the work it does. The HIC has the right to deal with the PHI and create records, as well as the responsibility to maintain the confidentiality and security of the PHI. Caredove is not a HIC, but rather helps HICs. For example, Caredove provides HICs a more secure means of sharing information than traditional faxing methods.
Agent: Someone acting for or on behalf of the HIC in respect of collecting, using or disclosing PHI, for the purposes of the HIC, and not the agent’s own purposes. For example, a HIC may designate Caredove as its agent to correct a specific record in Caredove. Caredove does not make any independent decisions with respect to handling PHI when acting as an agent, but acts only in accordance with the terms of its agreement with a HIC and in compliance with Canadian laws and regulations in this regard.
Although Caredove does not meet the definition of a HIPAA Business Associate or Covered Entity as these are defined in the HIPAA Regulations, Caredove hereby acknowledges its obligation to protect the privacy and security of Individually Identifiable Health Information (“IIHI”) generally, and Protected Health Information (“PHI”) as defined in the HIPAA Regulations, voluntarily under the regulations implementing HIPAA, lawfully under other federal and state laws protecting the confidentiality of PI, and under principles of general and professional ethics.
The “principle of accountability” means that an organization is responsible for PI and PHI under its control and has designated an individual or individuals who are accountable for the organization’s compliance with privacy principles. Caredove has assigned an individual to be our Privacy Officer. This person is primarily responsible for our compliance with this policy. Additionally, other Caredove personnel may be responsible for the day-to-day processing of PI or PHI or for acting on behalf of the Privacy Officer from time to time. Caredove is committed to respecting personal privacy, safeguarding confidential information, and ensuring the security of information when it is in our custody. When confidential information is not in our custody, Caredove supports our customers and their privacy programs. Caredove meets this commitment through our comprehensive Privacy & Security Program. The Privacy & Security Program is overseen by the Privacy Officer who reports directly to Caredove Chief Executive Officer. Key components of this Program include:
The Chief Privacy Officer (CPO) is responsible for compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with legal counsel as applicable. The CPO will:
The “principle of identifying purposes” means that the purposes for which PI and PHI are collected shall be identified by the organization at or before the time the information is collected.
Caredove collects Personal Information (PI) about users of Caredove with the intention of helping users find and connect with health care and community care services. Such collected information about users may be for one or more of the following purposes:
Caredove may store Protected Health Information (PHI) while providing an electronic service that allows HICs to streamline patient referrals. Such information may be for one of the following purposes:
Caredove may manage and temporarily store PHI collected and entered by the Health Information Custodian (HIC). The HIC is responsible for providing notice to their patients regarding consent and their purpose for collecting PHI, which may be beyond the purposes of Caredove.
When a patient chooses to self-refer through Caredove, PHI will be collected only for the purposes of transmitting their referral information to the receiving organization, and sharing referral information back to the patient. These purposes will be shared directly with the patient at the time of each referral.
The “principle of consent” means that the knowledge and consent of the individual are required for the collection, use or disclosure of PI or PHI, except when inappropriate. Gathering consent is the obligation of the person collecting the PHI and using Caredove to make the referral. Caredove assists referrers to record the acquisition of consent: In the case of revoked consent, referrers and can revoke the referral at any time before the referral has been received. Also, receiving Organizations are able to create and revoke user access to referral PHI and log access to received and sent referrals. Caredove does not directly acquire consent from patients for the collection of PHI. On any occasion where a patient self-refers through Caredove, the patient will be provided with all identifying purposes and be asked to provide consent in a click-through agreement.
The principle of “limiting collection” means that the collection of PI and PHI shall be limited to that which is necessary for the purposes identified by the organization. PI and PHI shall be collected by fair and lawful means. Caredove will collect only the amount of PI that we require to achieve the purposes identified in (Principle 2) above, unless we receive consent from the individual or agency to collect it for another purpose. When acting in the capacity of a Health Information Network Provider, Caredove never collects information directly from patients. Caredove only receives what HICs share. Caredove provides an electronic means for HICs to present an online referral form for recording client PHI, specifying and limiting which information to collect. HICs can use Caredove to enable Clients to self-refer to their services. In this case, the providing HIC is using Caredove as the method to collect PHI from the client. On the online form the client fills in their own information, and is asked directly to provide consent.
The “principle of limiting use, disclosure and retention” means PI and PHI shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
The HIC determines whom to send (disclose) a form containing PHI. Caredove applies a role based access control authorization model. User transactions and access to PHI is based on the user’s role established by the organization (receiving HIC) for that user within Caredove. The licensee of Caredove, or their agent, is responsible for inviting, deleting or otherwise managing users who will be authorized to receive referrals. Credentialing of these users is the responsibility of the Caredove licensee or their agent. Caredove Inc does not ‘use’ or ‘disclose’ PHI. PHI is retained in Caredove for only as long as necessary (as defined by the HIC) for the fulfillment of our identified purposes in Section 2, while acting as a HINP for HICs. Where legitimate access to PHI data by Caredove and its agents is required, it is done according to Caredove’s established Privacy and Security policies. All access is logged and audited. The following activities are considered to be permitted and necessary uses of PHI by Caredove.
An audit log of referral activity and PHI access is readily accessible at any time for relevant users through Caredove. Users are not permitted to share access credentials. Caredove shall disclose PHI only as directed by the HICs to which it provides services, when acting as their agent, or as permitted or required by law. Caredove does not modify PHI.
HICs determine the retention policy for the information that they are the custodian for within Caredove. Caredove applies that policy to their information by deleting the data from the platform at which point it is unavailable to any user. Data can be recovered up until 120 days after the data was initially deleted after which time the data is permanently deleted. Data recovery is by written request to Caredove personnel. Permanently deleted data can not be recovered.
It is the policy of Caredove that all patient-related uses and disclosures of PHI shall be the responsibility of the HIC and the healthcare entities that may employ them. Caredove is not designed to facilitate or process requests for information for patient records. Instead, HICs or the entities who partner with Caredove assume full responsibility for responding to all requests for uses and disclosures of PHI.
All requests for PHI or other data that are received by Caredove from patients or others shall be immediately referred to the appropriate HIC or healthcare entity so they may respond promptly and appropriately. Caredove staff shall be instructed to make clear that Caredove cannot respond to requests involving fulfillment of patient rights to information. Marketing materials and Caredove platform functions shall be designed to direct such requests to the appropriate HIC so they can respond appropriately.
PI may be accessed by a limited number of Caredove personnel for a limited number of purposes while they are performing their duties. These purposes are outlined in (Principle 2) above. We will not use or disclose an individual’s PI for any other purpose, or to any third party, unless we have been given consent to do so. Access controls are used to prevent unauthorized or inappropriate access to PHI by Caredove employees or third party providers. Caredove only grants access to PHI to authorized persons who require access to PHI based on role. The Caredove Privacy Officer grants and revokes this directly based on the access control matrix that maps roles to types of PHI access. Most Caredove personnel never have access to PHI. Caredove maintains procedures for its own personnel that:
Caredove assigns unique credentials to each Caredove staff member or third party service provider with access to PHI.
Caredove collects browser information for performance and usage analytics. For both anonymous visitors and known visitors to our website, information is collected such as the server the computer is logged onto, the domain name of the internet service provider, browser type and version (for example, Firefox or Internet Explorer) and IP address. Caredove may also derive the general geographic area associated with an IP address.
Caredove makes use of some 3rd party web services to support its functionality (e.g., mapping, translation, email, customer support, faxing and analytics services services), to which some information may be transferred. Caredove only uses these 3rd party services in ways that are consistent with the Caredove Privacy & Security Program.
The principle of "accuracy" means that PI and PHI shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used. The accuracy of information is the responsibility of the HIC who collects it. Any corrections or changes to information must be completed only by the HIC who has custody of the information. Caredove provides methods to support the accurate entry of information, such as input validation controls. Caredove also maintains mechanisms to protect the security and integrity of information (See Principle 7 Safeguards). Patients have the right to request that their service provider (HIC) correct information that may have been shared in a referral sent through Caredove.
The principle of "safeguards" means that PI and PHI shall be protected by security safeguards appropriate to the sensitivity of the information. Caredove protects PI and PHI under with safeguards that are appropriate to the sensitivity of the information. These safeguards are designed to protect information in all formats against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification. Security Safeguards are put in place by Caredove to protect PI and PHI and include administrative, technical and physical safeguards appropriate to the sensitivity of information. This includes:
A Privacy Impact Assessment (PIA) is completed for Caredove to ensure all privacy risk issues are identified. Caredove creates plans to address the findings of PIAs. A summary of this assessment is available. This assessment is updated periodically and remedial action taken, as necessary.
A detailed security safeguard description is found in the Data Security policy, which discusses practices such as use of complex passwords, firewalls, encryption of data, continuous vulnerability assessments, Privacy Incident & Breach Management, and access based on least privilege.
The principle of "openness" means that an organization shall make readily available to individuals specific information about its policies and practices relating to the management of PI and PHI. Caredove makes available plain language descriptions of its approach to privacy and security. Caredove posts its privacy program overview on its website. Additional information about Caredove’s privacy-related policies and procedures is available upon request.
Caredove contains minimal PI. Primarily, this data includes the names, work phone numbers, email address, job titles, photo and employer of the people sending and receiving referrals (typically in their employment as clinicians). Caredove users have the ability to edit and update their own PI. Users may at any time audit who has edited their PI, through Caredove. Subject to our legal rights and obligations, we will also, upon receipt by our Privacy Officer of a written request for access, inform any person about our possession, use or disclosure of PI, if any, and permit that person to access that PI if it is controlled by us. If a person requests such information, that person must provide sufficient information with the request to permit Caredove to provide an account of the existence, use and disclosure of that PI. Caredove will respond to a request within a reasonable time, usually 30 days of receipt of the request. We will provide written notice of any response period extension within 30 days of your request. We will respond to a request for access at minimal or no cost. If a person demonstrates to our satisfaction that PI that is held or controlled by Caredove is inaccurate or incomplete, we will make appropriate amendments (correction, deletion or addition of PI).
As a HINP, when information is transmitted by a provider through Caredove, Caredove does not provide patients with direct access to their information. Caredove is not authorized by the HIC to disclose these records to their patients. Individuals must make their request for access to their PHI in Caredove through their HIC.
It is the Policy of Caredove to respond in a timely and positive manner to all complaints submitted by any persons or parties, including patients, workforce members and any other person or party.
In addition to a written response, complaints that are found to have merit will be resolved with some remediation that is appropriate given the severity of the situation. Such remediations may include:
Complaints submitted by government will receive full cooperation. No personnel or agent, or contractor of Caredove shall impede an investigation into a complaint.
Caredove Privacy Officer
Tim Berezny, Caredove Inc.
PO Box 2307, Orillia, Ontario L3V 6S2