Page 11 - Policies
P. 11
Enforcement
The Enterprise Privacy and Access Office will monitor adherence to this policy using a
risk-based model, and report to the appropriate governance bodies.
Accountability for UHN's compliance with this policy rests with the President and Chief
Executive Officer, although other individuals within UHN, authorized agents, and/or third-
parties will be responsible for the day-to-day collection and processing of personal
health information. In addition, other individuals within UHN are delegated to act on
behalf of the Chief Executive Officer, such as the Senior Vice-president and Chief
Information Officer or the designated privacy contact person, the director of Privacy and
Access.
Breaches of this policy and related privacy policies may be subject to disciplinary action,
as outlined in Sanctions for Breaches of Personal Health Information policy 2.50.008 and
the Confidentiality Agreement (form D-3236).
UHN and its agents are also subject to the fines and penalties set out in PHIPA.
Responsibilities
Enterprise Privacy and Access Office (EPAO) / Information Security Office (ISO)
enterprise governance, framework, strategy
development of enterprise policies, procedures, controls, standards
reporting and escalation to senior management team/board
Affiliates of UHN
Affiliates of UHN include, but are not limited to:
foundations
Global Centre for eHealth
Techna
Altum Health
International Patient Program
Affiliate responsibilities include:
customizing policies for their own line of business
implementing their own procedures
Management / Supervisor
comprehend and adhere to this policy
develop operating procedures/practices within department (including supporting
This material has been prepared solely for use at University Health Network (UHN). UHN accepts no responsibility for use of this material by
any person or organization not associated with UHN. No part of this document may be reproduced in any form for publication without
permission of UHN. A printed copy of this document may not reflect the current, electronic version on the UHN Intranet.
Policy Number 1.40.007 Original Date 08/02
Section Privacy & Information Security Revision Dates 07/05; 11/14; 11/16
Issued By Privacy Office Review Dates
Approved By Senior Vice-president & Chief Information Page 5 of 8
Officer