Page 7 - Policies
P. 7
CONFIDENTIALITY AGREEMENT
1. During my association with University Health Network (UHN), I will have access to information and
material relating to patients, medical staff, employees, other individuals, or UHN, which is of a private and
confidential nature.
2. At all times, I shall respect the privacy and dignity of patients, employees, and all associated individuals.
Specifically, with respect to personal health information, I acknowledge that any such personal health
information maintained by UHN is subject to the Personal Health Information Protection Act and its
regulations and I am familiar with and agree to comply with the Act's provisions related to access
disclosure, retention and disposal.
3. I shall treat all UHN administrative, financial, patient, employee and other records as confidential
information, and I will protect them to ensure full confidentiality, including, but not limited to, de-
identifying the data, whenever possible. I shall not read records or discuss, divulge, or disclose such
information about UHN, unless there is a legitimate purpose related to my association with UHN. This
obligation does not apply to information in the public domain. I shall not remove confidential information
from UHN premises except when necessary for the provision of health care. When in transit, I shall
securely store and ensure the confidential information is in my custody and control at all times. If
confidential information must be removed from UHN, I shall ensure it is de-identified, where possible.
4. I shall ensure that confidential information is not inappropriately accessed, used, or released either
directly by me, or by virtue of my signature or security access to premises or systems.
5. Violations of this policy include, but are not limited to:
• accessing information that I do not require for job purposes;
• misusing, disclosing without proper authorization, or altering patient or personnel
information,
• disclosing to another person your user name and/or password for accessing electronic records.
6. I shall only access, process, and transmit confidential information using hardware, software, and other
authorized equipment, as required by the duties of my position. I shall store all electronic confidential
information on a UHN secure network. Where electronic confidential information is stored on the local
drive, I shall ensure it is de-identified, where possible. I shall report any tools or software requiring hard
drive storage for patient care functions to the UHN Privacy Office.
7. I shall immediately report all lost or stolen confidential information to my immediate supervisor and to the
UHN Privacy Office.
8. I understand that UHN will conduct periodic audits to ensure compliance with this agreement and its
privacy policy.
9. I also understand that should any of these conditions be breached, I may be subject to corrective action up
to and including termination of employment, loss of privileges, termination of a contract, or similar action
appropriate to my association with UHN. I UNDERSTAND TOO THAT A PRIVACY BREACH IS
AN OFFENCE UNDER PHIPA AND I MAY BE SUBJECT TO PROSECUTION BY
PROVINCIAL AUTHORITIES IF I AM FOUND GUILTY OF THIS OFFENCE.
10. I understand and agree to abide by the conditions outlined in this agreement, and they will remain in
force even if I cease to have an association with UHN. When my relationship with UHN comes to an
end, I agree to securely return all property belonging to UHN, including but not limited to keys, devices
and any record of personal health information in my possession.