Access
The process of obtaining personal health information from a health organization by a client, his or her legally authorized representative, or a user.
Access control
The management of who can obtain what information, and what they can do with it.
Audit
An independent examination of information systems and processes to detect unauthorized activities.
Audit log
A chronological listing of access to information resources. Items that are typically logged include: user ID, time of access, resources that were accessed, device used to access the information and modifications that were made.
Audit mechanisms
The tools used to record in chronological order users who have accessed, modified, distributed, and deleted personal health information.
Breach
An action by an authorized or unauthorized user which results in a negative impact or which causes interruption, disclosure, unauthorized access, modification, destruction, or denial of service. An information security breach is sometimes referred to as an information security incident.
Care provider
Any individual employed or engaged in the delivery of health services or products.
Collection
The process of gathering or obtaining personal health information. Information can be obtained directly - for example, from a client's authorized legal representative or another care provider.
Confidentiality
Ensures that information is accessible only to those authorized to have access.
Consent
Permission from a client or his or her legally authorized representative to collect, use or disclose his or her own personal health information. Consent can be express, where a client specifically agrees to some action, or implied, where consent is implicit in some action such as the delivery of client care.
Custodian
A manager or trustee who has responsibility for one or more repositories of personal health information.
Disclosure
The release of personal health information to a third party for specific and defined purposes.
Electronic health record
An electronic client record that resides in a system specifically designed to support users by providing accessibility to complete and accurate data, alerts, reminders, clinical decision support systems, links to medical knowledge, and other aids.
Encryption
The process of mathematically converting information so as to render it unintelligible without a key to decode it.
Firewall
A set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks.
Health organization
Any organization engaged in the planning, funding, management, manufacture, or delivery of health services and products.
Health information system
An organized array of technologies used to coordinate the collection, filing, storage, retrieval, and transmission of personal health information.
Individual
"Individual", in relation to personal health information, means the individual, whether living or deceased, with respect to whom the information was or is being collected or created.
Personal health information
Any information in any form - electronic, written, verbal, etc. - about an identifiable person. This includes information that is specifically health related, such as a person's medical condition or prescription medications, as well as information, which is not always considered directly related to a person's health, such as his or her name, address, telephone number, or health insurance number. It also includes genetic information and blood and tissue samples.
Privacy
The right of an individual to control who has access to his or her personal health information and under what circumstances. This is known as the right of information self-determination.
Privacy impact assessment (PIA)
A tool used to assess the possible privacy impacts of new technologies or projects. A PIA is usually required if there is significant change to information management practices in a health organization.
Privacy officer
The individual in an organization whose role is to assist management in providing leadership for protecting the privacy, confidentiality and security of personal health information through specialist skills and advice. The Privacy Officer should report directly to the Chief Executive Officer, President, or the Chief Operating Officer.
Retention
The process of holding data or information in a secure or intact manner usually for a defined period of time after which it may be permanently discarded.
Secondary purpose
Information that is used by authorized persons or agencies for purposes other than direct client care. These include: administrative planning, accreditation and licensing, payment for services and treatment, quality improvement activities, research, teaching, or legal use as required by law.
Security
Information security is characterized as the preservation of the confidentiality, integrity, and availability of personal health information. Information security is achieved by implementing policies and procedures based on relevant legislation, standards, and ethical principles, careful planning, design, implementation and maintenance of appropriate technology solutions, and managing ongoing operations related to the collection, classification, access and disclosure of personal health information.
Third party
Any individual or organization that is not the client, the original collector of information, or the health organization where a client is directly seeking information and/or services.
Threat Risk Assessment (TRA)
A tool used to identify information assets, threats to those assets and possible security safeguards. A TRA has three major components - a Threat Analysis, a Risk Analysis and an Assessment of Safeguards.
Virtual private network (VPN)
A network having a combination of security layers and security procedures that facilitate the secure transmission of information over public telecommunication systems. Privacy of information transmission is enhanced because a VPN encrypts information before it is sent into the public network and then decrypts it at the receiving end.
To contact us about our privacy program, please phone (519) 749-4275 or send an email to
confidentiallyspeaking@grhosp.on.ca.
|
