Physiomed Group Inc., doing business as, “Physiomed Physician Services” (“Physiomed”) takes patient privacy and confidentiality seriously. When Physiomed is engaged to act as a Physician’s agent in providing services relating to the administration of their medical practice, it will be necessary for the Physician to disclose to Physiomed certain personal health information. This Privacy Commitment outlines how Physiomed will use and maintain the Physician’s patient information.
Definitions. For the purposes of this Privacy Commitment:
“Administrative Services” means the services that a Physician has engaged Physiomed to deliver either to the Physician directly, or to the Physician’s Patients on the Physician’s behalf, as are specified in the service-specific agreements between the Physician and Physiomed;
“Personal Health Information” (“PHI”) refers to the term “personal health information” as it is defined the Personal Health Information Protection Act, S.O. 2004, c. 3, Sched. A (“PHIPA”); and
“Processing” or “Process” means the use and/or management of PHI.
Without limiting the foregoing, in the course of rendering the Administrative Services, Physiomed shall:
a) only Process PHI for the purposes of rendering the Administrative Services and as otherwise expressly instructed by the Physician in writing from time to time, and not Process any PHI in any other manner without the express prior written consent of the Physician;
b) not disclose (and not allow any of its employees, or permitted agents or representatives to disclose) in any manner whatsoever any PHI to any third party without the prior written consent of the Physician, except as expressly set out herein;
c) where any disclosure or transfer of PHI is required by law, promptly notify the Physician in writing before complying with any such requirement for disclosure or transfer and promptly comply and fully cooperate with all instructions of the Physician relating thereto;
d) immediately notify the Physician in writing of any (i) enquiry received from an individual relating to, among other things, the individual’s right to access, modify or correct PHI, (ii) complaint received by Physiomed relating to the Processing of PHI, and (iii) subpoena or other judicial or administrative order, demand, warrant or any other document purporting to compel the production of any PHI, and to promptly comply and fully co-operate with all instructions of the Physician with respect to any action taken with respect to such enquiry or complaint;
e) implement and maintain all necessary physical, technical and administrative and other organizational measures, including such measures requested by the Physician from time to time or as otherwise required under applicable Health Privacy Laws to safeguard the PHI against loss, theft, damage or unauthorized or unlawful access or Processing;
f) establish, maintain and fully comply with comprehensive written information, security policies, and procedures as necessary for Physiomed to deliver the Administrative Services (including, without limitation) providing copies of any such policies and procedures to the Physician as well as any amendments thereto;
g) limit access to PHI only to those employees and authorized agents of Physiomed who need to have access to the PHI solely for the purposes of Physiomed rendering the Administrative Services;
h) notify the Physician in sufficient detail in writing immediately upon Physiomed becoming aware of, or suspecting, any loss, theft, damage or unauthorized or unlawful access or Processing, comply with all instructions of the Physician in connection therewith, and fulfill the notification obligations imposed upon Physiomed under PHIPA;
i) except as otherwise agreed to in writing by the Physician, to only maintain and otherwise process the PHI in Canada;
j) ensure or cause each of the employees and permitted contractors of Physiomed who render services under the Agreement to execute the Patient Privacy and Confidentiality Agreement substantially in the form attached hereto and to otherwise properly advise and train each of its employees and permitted sub-contractor of the requirements of Physiomed under this agreement and applicable law;
k) provide the Physician (or its representative) with access to the records, facilities and premises of Physiomed for the purposes of monitoring, auditing, inspecting, examining and otherwise verifying Physiomed’s compliance with this Agreement, and in the event that any such audit, inspection or examination reveals that Physiomed is non-compliant with its obligations under the foregoing provisions, to promptly bring itself into compliance; and
l) upon the termination of this Agreement or at such other times as instructed by the Physician in writing, immediately return (or, upon the written instruction of the Physician, securely destroy or render permanently unreadable of) all PHI in every media in the possession or control of Physiomed and certify to the Physician in writing, in a form satisfactory to the Physician upon completion of any such delivery or disposal.
If you have any questions regarding Physiomed’s Privacy Commitment, we invite you to contact our Chief Privacy Officer, Dr. Scott Wilson, by e-mail at firstname.lastname@example.org or by phone at 1.866.534-3627, Ext. 7044.
APPENDIX A – SAMPLE EMPLOYEE/CONTRACTOR
PATIENT PRIVACY & CONFIDENTIALITY AGREEMENT
This agreement pertains to information received from physicians regarding their patients and their practices (the “Patient Information”). A physician (the “Physician Custodian”) acting for him/herself or acting on behalf of a group of physicians, or a person designated by a physician or group of physicians (a “Physician’s/Physicians’ Designate”) but under the direct control of a Physician Custodian, may from time to time authorize Physiomed Group Inc., doing business as, “Physiomed Physician Services” (“Physiomed”) and its employees or contractors to have access to Patient Information.
As a Physiomed employee or contractor, you and Physiomed agree to the following:
AGREED TO AND ACCEPTED BY:
|Print Name:||Print Name:|