Orion Health Limited is a Health Information Network Provider (HINP) for the Care Coordination Tool (CCT). The CCT is a tool that will make the patient’s coordinated care plan accessible by Health Information Custodians (HICs) in the circle of care and facilitate secure messaging between HICs. As a HINP, Orion Health provides the electronic means to enable HICs to share personal health information with one another for the purpose of providing or assisting in providing healthcare to individuals. Orion Health is subject to Ontario Regulation 329/04 to the Personal Health Information Protection Act, 2004 (PHIPA).
Services Provided to Health Information Custodians
Orion Health provides the following services to HICs to enable the disclosure of Personal Health Information (PHI) to other HICs:
- Provides the electronic means to enable HICs to collect, use, modify, disclose, retain or dispose of PHI;
- Provides the electronic means to enable two or more HICs to disclose PHI to one another;
- Hosts and maintains a secure technical infrastructure including all hardware, software and network connectivity needed to support the CCT;
- Coordinates access to CCT data by authorized users, including the termination of access privileges as required;
- Establishes a disaster recovery plan, including a data backup facility and processes and procedures to ensure the continued availability of the assessment data in the event of a disaster;
- Implements, in conjunction with the HICs, an integrated incident management process to deal with Privacy/Security Breaches by the Participants and Privacy/Security Breaches by the HINP, which includes notification to affected individuals;
- Implements, in conjunction with the HICs, an integrated client privacy support process to handle Client/Patient’s request for access or correction to the record of PHI or to challenge the privacy practices of the HIC or Orion Health; and
- Implements, in conjunction with the HICs, logging, auditing and monitoring policies and procedures including communication of these controls to all Authorized Users and to the HICs.
Practices and Safeguards to Protect the Confidentiality and Security of PHI
Orion Health has implemented administrative, physical and technical safeguards, consistent with industry best practices, to protect the Personal Health Information being transferred, processed or stored from theft, loss, unauthorized use, modification, disclosure, destruction and/or damage. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy and security risk assessments, staff training and confidentiality agreements.
Accessing and Correcting Your PHI Records
PHIPA provides individuals with a right to access their PHI and, if they believe it is incorrect, to ask for it to be corrected.
All requests from individuals for access or corrections to their PHI should be directed to the health information custodian (e.g., their primary care provider, family physician or other healthcare provider) who originally collected the information or who is directly involved in their care and treatment.
Orion Health is not a health information custodian. Accordingly, if an access request is made to Orion Health, then Orion Health will notify the individual(s) to contact the HIC that provided services to the individual in order for the individual to request access to their PHI.
Inquiries and Complaints
Any individual who has an inquiry or complaint about Orion Health’s information handling practices, including access to directives, guidelines and policies associated with Orion Health’s services, is welcome to contact the Orion Health Privacy Officer at firstname.lastname@example.org