Page 11 - Policies
P. 11

Enforcement

                   The Enterprise Privacy and Access Office will monitor adherence to this policy using a
                   risk-based model, and report to the appropriate governance bodies.

                   Accountability for UHN's compliance with this policy rests with the President and Chief
                   Executive Officer, although other individuals within UHN, authorized agents, and/or third-
                   parties will be responsible for the day-to-day collection and processing of personal
                   health information. In addition, other individuals within UHN are delegated to act on
                   behalf of the Chief Executive Officer, such as the Senior Vice-president and Chief
                   Information Officer or the designated privacy contact person, the director of Privacy and
                   Access.

                   Breaches of this policy and related privacy policies may be subject to disciplinary action,
                   as outlined in Sanctions for Breaches of Personal Health Information policy 2.50.008 and
                   the Confidentiality Agreement (form D-3236).

                   UHN and its agents are also subject to the fines and penalties set out in PHIPA.

                   Responsibilities

                   Enterprise Privacy and Access Office (EPAO) / Information Security Office (ISO)


                         enterprise governance, framework, strategy
                         development of enterprise policies, procedures, controls, standards
                         reporting and escalation to senior management team/board

                   Affiliates of UHN

                   Affiliates of UHN include, but are not limited to:

                         foundations
                         Global Centre for eHealth
                         Techna
                         Altum Health
                         International Patient Program

                   Affiliate responsibilities include:

                         customizing policies for their own line of business
                         implementing their own procedures

                   Management / Supervisor


                         comprehend and adhere to this policy
                         develop operating procedures/practices within department (including supporting


             This material has been prepared solely for use at University Health Network (UHN). UHN accepts no responsibility for use of this material by
               any person or organization not associated with UHN. No part of this document may be reproduced in any form for publication without
                    permission of UHN. A printed copy of this document may not reflect the current, electronic version on the UHN Intranet.
            Policy Number  1.40.007                             Original Date   08/02
            Section      Privacy & Information Security         Revision Dates  07/05; 11/14; 11/16
            Issued By    Privacy Office                         Review Dates
            Approved By   Senior Vice-president & Chief Information   Page     5 of 8
                         Officer
   6   7   8   9   10   11   12   13   14   15   16