Here at iionIT Network Solutions Inc. we want to help dental offices in Ontario understand the nature of their legal technology requirements in simple terms. As Personal Health Information (PHI) Custodians and Agents, it’s your responsibility to protect the sensitive information you hold for your patients in your practice. In our next few articles we will be exploring different elements of the PHIPA Act and how they relate to your technology. Each post we will cover another topic that you will be able to evaluate against your current setup, and it is our hope that as time progresses, you will become more confident in understanding your requirements, and by knowing when you are and are not compliant.
So without further ado, let’s get started!
This month we would like to share with you a sample confidentiality agreement. This document should not be a substitute for legal advice, but instead can be used as a starting point for those of you who don’t have something like it in place already.
Here’s why we’re sharing this with you. I’m sure you know better than most how important it is to protect the Personal Health Information that’s kept in your practice. Most often practice owners will have a confidentiality agreement in place with employees and that’s a great place to start. It serves to let the employee know that they have a legal responsibility to protect this information, and it places the liability of their actions back on them if they choose not to comply.
What seems to be less known is that there are a number of PHIPA guides out there giving advice on how to setup your practice and what kinds of things you can do to keep yourself protected. Included in these guides is the RCDSOs “Compliance with Ontario’s Personal Health Information Protection Act” pdf file found on their website. At iionIT Network Solutions Inc. we’ve reviewed a number of documents outlining what kinds of things are being recommended to Ontario dentists, and one that comes up in most of them is the recommendation to have a confidentiality agreement signed not just with employees, but with any contractor/consultants who will be coming into your office and who could come into contact with PHI in any way. The RCDSO guide goes as far as listing a number of examples of the types of consultants/contractors you should have one of these agreements signed with. They include “IT Service companies, cleaners, Legal, bookkeeping and accounting, file storage, credit card companies, website manager, office security, building maintenance, hazardous waste disposal, lanadlord, and temporary workers”. Although there were other lists in some of the other guides we read, we felt that this one was the best at illustrating quite clearly the kinds of situations where it’s recommended and it makes it easy to evaluate other possible providers who you may want to consider.
A confidentiality agreement is an important part of protecting yourself from the actions of others, and it can mean a world of difference if there is ever an issue with a breach of confidentiality in your practice that was outside of your control.
If you have any questions or would like more information, please feel free to reach out to our team at 613-604-2461.