Accountability for SMH compliance with the principles rest with the Chief Executive Officer, although other individuals within the centre are responsible for the day to day collection and processing of personal information. The hospital has appointed the Support Services Manager as the Privacy Officer to oversee compliance.
SMH will identify the purposes for which personal information is collected at or before the time of collection. The primary purposes are:
- To provide clinical care to patients
- To monitor and evaluate the quality of care and the outcomes resulting from that care
- To assess resource utilization in the delivery of care; to plan for the development and delivery of care and services
- To support research and education
- To support and promote fundraising in relation to SMH
- To meet legal and regulatory requirements
The knowledge and consent of the individual are required for the collection, use or disclosure of personal health information, except when appropriate.
The collection of personal health information will be limited to that which is necessary for the purposes identified by SMH. Information will be collected by fair and lawful means.
Personal health information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Information will be retained only as long as necessary for the fulfillment of those purposes or as legislated. Disposal of personal health information will be done in a secure and confidential manner.
Personal health information should be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Personal health information shall be protected by security safeguards appropriate to the sensitivity of the information, regardless of the format in which is it stored.
The security safeguards will protect personal health information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage.
SMH will make readily available to individuals specific information about its policies and practices relating to the management of personal health information under its custody or control.
Upon request, an individual shall be informed of the existence, use, and the disclosure of his or her personal health information and may access, inspect, or copy (upon payment of cost recovery fee) his or her personal health information, subject to legal restrictions. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal health information, SMH will amend the information as required. Depending on the nature of the information challenged, amendment may involve the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
An individual shall be able to address a challenge concerning compliance with SMH’s Privacy, Confidentiality and Security to the Privacy Officer. All formal complaints must be submitted in writing to the Privacy Officer. All complaints will be investigated and remedial action taken when appropriate including, if necessary, amending its policies and practices.