Confidentiality Incident Reporting

Introduction and Purpose

Protecting your personal information and health data is not only our legal obligation but also a promise we make to you. This policy compliments our Privacy Policy by outlining our response to any confidentiality incidents that may occur. This policy represents a key facet of ELNA’s privacy governance program that establishes an accountability framework encompassing the entire life cycle of data collected by the Enterprise.

Who Does this Policy Apply to?

This policy is relevant to everyone within the ELNA community who interacts with your personal information and health data. This includes our employees, contractors, clinical staff, physicians, nurses, medical students, volunteers, vendors, and any third parties who may handle your information [Concerned Persons].

Understanding Confidentiality Incidents

A confidentiality incident involves ANY case of access, use, communication, loss, or breach of personal information and/or personal health information that is not authorized by law. Examples of a confidentiality incident include, but are not limited to the following scenarios:

  • Any unauthorized copying, modification, or disposal of personal health information.
  • Any unauthorized profiling of an individual based on their personal health information.
  • Any consultation (access/viewing) of personal health information by an unauthorized individual.
  • Any identifiable information, including insurance data, about an individual that is sent to an unauthorized location (incorrect email address, fax number, or courier).
  • Loss of patient data, or personal information (SIN, Passport Number, Credit Card Number, Biometrics information.
  • Internal non-compliance amongst Concerned Persons (a T4 or other identifying documentation being sent to the wrong individual).
  • Mass email or marketing lists sent to unauthorized third parties.
  • An accidental public disclosure of any personal health information.
  • Quebec Specific: Any unauthorized communication of personal health information outside of Quebec without prior consent of the individual in question, subject to the policies of ELNA Medical Group, Inc. and in accordance with the exceptions outlined in the Protection of Personal Information in the Private Sector Act.

Reporting Incidents

Any Concerned Person who suspects or become aware of a potential confidentiality incident involving your personal information or health data, must report it promptly. This includes any unauthorized access, use, loss, or breach. The Concerned Person must inform a supervisor or ELNA’s Privacy Officer. If there is uncertainty as to whether an incident has occurred, ELNA instructs all its personnel to report.

The Reporting Process

Our reporting procedure is encompassed in the following process:

  1. Incident Reporting. Concerned Persons inform a Supervisor or ELNA’s Privacy Officer immediately if they believe there’s a potential confidentiality incident.
  2. Minimize the incident. We take measures to limit the impact of the incident whenever possible.
  3. Assessment. Once the Privacy Officer has been notified, the Concerned Person or their Supervisor needs to complete the ELNA Confidential Information Incident Report Form. This form requires details like incident description, individuals affected, incident extent, and date and time of the incident.

How We Assess the Incident

We evaluate the incident based on:

  • Sensitivity: Determining whether the incident is sensitive or highly sensitive.
  • Probability of Misuse: Considering factors like potential harm, exposure, intent, and the likelihood of harm.

Next Steps After Reporting

  1. Review by Privacy Officer. Our Privacy Officer reviews the incident report and may involve management if necessary.
  2. Reporting/Nomination. If there’s a real risk of significant harm, we’ll report the incident to relevant authorities and affected individuals.
  3. Monthly Privacy Meeting. We hold monthly meetings with our Privacy Team to discuss incidents and ongoing solutions.

Summary of the Policy

This policy ensures we comply with the law and maintain the highest standards of confidentiality. It reflects our commitment to safeguarding your personal information and health data.

Contact Us

If you have questions or concerns about this Policy, our information handling practices, any other aspect of privacy and security of your Personal Information, or if you have reason to believe that a confidentiality incident regarding your personal information has taken place, please contact us at:

ELNA Medical Group Inc.
5990 Ch. de la Côte-des-Neiges
Montréal, QC H3S 1Z6