Protecting the Privacy of Personal Health Information
medEKS Technologies Inc. (medEKS) provides services to healthcare clients across Canada. These services involve working with all types of health information in all formats, whether written, verbal or electronic. At medEKS, we are very aware of the need to ensure confidentiality of health information and record security.
We are committed to ensuring protection of health information. All medEKS employees and subcontractors are bound by our policy and as a condition of their employment or work with us, sign a confidentiality agreement. All our coders and auditors are certified HIM professionals who abide by the “Code of Ethics” of the Canadian Health Information Management Association (CHIMA), which includes safeguarding of health information.
To ensure privacy and confidentiality is maintained, medEKS policies meet the principles identified in the Personal Information Protection and Electronic Document Act (PIPEDA) (https://www.priv.gc.ca/information/pub/guide_org_e.pdf) and the Personal Health Information Protection Act (PHIPA) (https://www.ipc.on.ca/english/decisions-and-resolutions/the-acts/defaults.aspx)
Accountability for Personal Health Information
medEKS Technologies Inc. is responsible for personal health information under its control.
- medEKS Technologies Inc. has established procedures to protect privacy of health information. Procedures are reviewed annually or as CIHI and or CHIMA principles and guidelines change.
- medEKS’ Chief Privacy Officer is accountable for compliance with privacy principles.
- medEKS will immediately terminate an employee or subcontractor who improperly accesses or discloses personal information contained in any client health records.
- medEKS includes a privacy statement in all proposals/contracts to clients and informs clients about how confidentiality of health information will be maintained.
Indentifying Purposes for Personal Health Information
medEKS does not directly obtain personal health information from patients.
medEKS Technologies Inc. identifies the purpose for which it requires and or processes health information at the start of each project. Health information is accessed at client sites or remotely when performing the following functions:
- Coding/Data Quality Audits
- Scanning and photocopying services
- Hosting of electronic patient record systems and files
- Assistance with Coding and Abstracting backlogs
- Utilization Management services
- Other consulting services
medEKS employees and subcontractors are informed prior to commencing each project about the purpose for which the information will be used in the project.
Consent for the Use or Disclosure of Personal Health Information
medEKS does not use personal health information for any purpose other than providing the services outlined in our proposals or contracts. Any “transfer” of information to/from medEKS Technologies Inc. is authorized by the client in accordance with client’s policies and governing legislation.
Limiting Use of Personal Health Information
medEKS Technologies Inc. limits the use of personal health information to that which is necessary for the purposes outlined in our contracts with clients.
medEKS clearly delineates the type and amount of information required to accomplish contracted services.
medEKS accesses/uses only personal health information from clients that is necessary for the successful completion of contracted assignments.
Limiting Use, Disclosure and Retention of Information
medEKS Technologies Inc. does not store, use or disclose personal health information for purposes other than those for which it was provided. Personal health information is retained only as long as is necessary for the completion of projects.
- Viewing health records data is limited to medEKS staff and subcontractors directly associated with each assignment.
- medEKS returns provided information to the client or, with consent from the client, ensures secure destruction of the information. Paper documents are shredded and electronic data is erased from the medium they have been kept in.
Accuracy of Personal Health Information
Information requirements are clearly defined by medEKS prior to commencing each assignment. Accuracy and completeness of information provided to medEKS is the responsibility of the client.
medEKS Technologies Inc. provides clear instructions to all employees and subcontractors for each individual project to ensure consistency in accessing and use of information
medEKS Technologies Inc. periodically audits completed work for completeness, consistency and accuracy to ensure compliance with CIHI standards and client-specific guidelines
medEKS corrects without delay any errors or inconsistencies detected by the client.
Safeguards for Personal Health Information
medEKS Technologies Inc. protects personal health information against loss or theft, unauthorized access, disclosure, copying, use, or modification.
Safeguards for the protection of personal health information include:
- Secure access to client data using VPN (Virtual Private Network) and latest available data security systems
- Restricted login and password access only
- Signed confidentiality agreements by all staff and subcontractors who have authorized access to confidential information
- Upon completion of each assignment user access is deactivated
Openness About the Management of Information
medEKS’ policy and procedures are written to be easily understood.
medEKS Technologies Inc. is open to providing individuals with information regarding its privacy and confidentiality policy and practices.
Complaints About Handling of Personal Health Information
medEKS Technologies Inc. is accountable for the handling of clients’ health information and will address any challenge concerning compliance.