documentation that support this policy)
                         know where the policies/supporting tips are published on the intranet
                         ensure staff, consultants, contractors, fellows, students, vendors and volunteers
                          are knowledgeable of policies, standards and procedures
                         ensure that EPAO and ISO are aware of all technologies that are being utilized
                          for storing and transporting PHI and corporate confidential information (CCI)

                   Physician Offices / Surgeon Offices


                         comprehend and adhere to this policy
                         develop operating procedures/practices within department (including supporting
                          documentation)
                         know where the policies/supporting tips are published on the intranet
                         ensure staff are knowledgeable of policies
                         ensure that EPAO and ISO are aware of all technologies that are being utilized
                          for storing and transporting PHI and CCI

                   Employees, Consultants, Contractors, Fellows, Students, Vendors, Volunteers, &
                   Residents

                         comprehend and adhere to this policy and supporting departmental procedures
                         know where the policies/supporting tips are published on the intranet
                         only use technologies that are supported by UHN policies
                         ask questions when unsure of a policy or procedure

                   Related Documents

                         Access to Archival Records policy 1.30.008
                         Acting with Integrity: A Code of Workplace Ethics
                         Confidentiality Agreement (form D-3236)
                         Consent for the Collection, Use & Disclosure of Personal Health Information
                         Data Ownership, Stewardship & Security of Health Information policy 40.50.004
                         Data Quality policy 1.40.016
                         Incident Reporting & Review policy 3.20.005
                         Appropriate Use of Information & Information Technology policy 1.40.012
                         Information Security policy 1.40.028
                         Limiting Collection, Use and Disclosure of Personal Health Information
                         Patient Access to the Medical Record policy 1.40.003
                         Patient Requests for Correction to Medical Record policy 1.40.010
                         Personal Information Protection policy 2.10.013
                         Release of Patient Information policy 1.40.002
                         Sanctions for Breaches of Personal Health Information policy 2.50.008
                         Storage, Transport & Destruction of Confidential Information policy 1.40.006





             This material has been prepared solely for use at University Health Network (UHN). UHN accepts no responsibility for use of this material by
               any person or organization not associated with UHN. No part of this document may be reproduced in any form for publication without
                    permission of UHN. A printed copy of this document may not reflect the current, electronic version on the UHN Intranet.
            Policy Number  1.40.007                             Original Date   08/02
            Section      Privacy & Information Security         Revision Dates  07/05; 11/14; 11/16
            Issued By    Privacy Office                         Review Dates
            Approved By   Senior Vice-president & Chief Information   Page     6 of 8
                         Officer