Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Clinics & Appointments
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Patients

SERVICES

Family Medicine
Urgent Care
Pediatrics
Specialized Medicine
Private Care
Mental Health
View All Services

ELNA NETWORK

Clinics
Our Medical team
Packages

RESOURCES

Medesync Portal
Medfar Portal
Articles & Insights
Discover the App
Articles & Insights
Patient Stories
Healthcare
Professionals

ELNA NETWORK

Practice With Us
Flagship Clinic at Rockland Centre
Continuing Professional Development (CPD)
Partner With Us
Ambulatory Patient Monitoring
Our Medical Team
View All Services
Clinics

RESOURCES

Medesync Portal
omnimed Portal
Articles & Insights
Businesses

CORPORATE MEDICINE

Occupational Health
Aviation Medicine
COVID-19 Screening for Businesses

ELNA NETWORK

Partner With Us
Articles & Insights
About Us
About ELNA
Executive Team
History
Diversity, Equity & Inclusion
In the Community
Work at ELNA
Partner With Us
Newsroom

Confidentiality Incident Reporting

Introduction and Purpose

Protecting your personal information and health data is not only our legal obligation but also a promise we make to you. This policy compliments our Privacy Policy by outlining our response to any confidentiality incidents that may occur. This policy represents a key facet of ELNA’s privacy governance program that establishes an accountability framework encompassing the entire life cycle of data collected by the Enterprise.

Who Does this Policy Apply to?

This policy is relevant to everyone within the ELNA community who interacts with your personal information and health data. This includes our employees, contractors, clinical staff, physicians, nurses, medical students, volunteers, vendors, and any third parties who may handle your information [Concerned Persons].

Understanding Confidentiality Incidents

A confidentiality incident involves ANY case of access, use, communication, loss, or breach of personal information and/or personal health information that is not authorized by law. Examples of a confidentiality incident include, but are not limited to the following scenarios:

  • Any unauthorized copying, modification, or disposal of personal health information.
  • Any unauthorized profiling of an individual based on their personal health information.
  • Any consultation (access/viewing) of personal health information by an unauthorized individual.
  • Any identifiable information, including insurance data, about an individual that is sent to an unauthorized location (incorrect email address, fax number, or courier).
  • Loss of patient data, or personal information (SIN, Passport Number, Credit Card Number, Biometrics information.
  • Internal non-compliance amongst Concerned Persons (a T4 or other identifying documentation being sent to the wrong individual).
  • Mass email or marketing lists sent to unauthorized third parties.
  • An accidental public disclosure of any personal health information.
  • Quebec Specific: Any unauthorized communication of personal health information outside of Quebec without prior consent of the individual in question, subject to the policies of ELNA Medical Group, Inc. and in accordance with the exceptions outlined in the Protection of Personal Information in the Private Sector Act.

Reporting Incidents

Any Concerned Person who suspects or become aware of a potential confidentiality incident involving your personal information or health data, must report it promptly. This includes any unauthorized access, use, loss, or breach. The Concerned Person must inform a supervisor or ELNA’s Privacy Officer. If there is uncertainty as to whether an incident has occurred, ELNA instructs all its personnel to report.

The Reporting Process

Our reporting procedure is encompassed in the following process:

  1. Incident Reporting. Concerned Persons inform a Supervisor or ELNA’s Privacy Officer immediately if they believe there’s a potential confidentiality incident.
  2. Minimize the incident. We take measures to limit the impact of the incident whenever possible.
  3. Assessment. Once the Privacy Officer has been notified, the Concerned Person or their Supervisor needs to complete the ELNA Confidential Information Incident Report Form. This form requires details like incident description, individuals affected, incident extent, and date and time of the incident.

How We Assess the Incident

We evaluate the incident based on:

  • Sensitivity: Determining whether the incident is sensitive or highly sensitive.
  • Probability of Misuse: Considering factors like potential harm, exposure, intent, and the likelihood of harm.

Next Steps After Reporting

  1. Review by Privacy Officer. Our Privacy Officer reviews the incident report and may involve management if necessary.
  2. Reporting/Nomination. If there’s a real risk of significant harm, we’ll report the incident to relevant authorities and affected individuals.
  3. Monthly Privacy Meeting. We hold monthly meetings with our Privacy Team to discuss incidents and ongoing solutions.

Summary of the Policy

This policy ensures we comply with the law and maintain the highest standards of confidentiality. It reflects our commitment to safeguarding your personal information and health data.

Contact Us

If you have questions or concerns about this Policy, our information handling practices, any other aspect of privacy and security of your Personal Information, or if you have reason to believe that a confidentiality incident regarding your personal information has taken place, please contact us at:

ATTN: PRIVACY OFFICER
ELNA Medical Group Inc.
5990 Ch. de la Côte-des-Neiges
Montréal, QC H3S 1Z6
PrivacyOfficer@elnamedical.com 

Elna_Medical_Vert_WHITE_Transparent_RGB_EN
About Us
About ELNA
Newsroom
Our Partners
Work With Us
Practice With Us
Careers
Download the App
Privacy Policy
Terms & Conditions
Confidentiality Incident Reporting

Copyright ELNA Medical
© 2023 All rights reserved