Safeguards employed for the eServices eReferral network

In its capacity as a Health Information Network Provider (HINP) for the Ontario eServices Program (eReferral) under the Personal Health Information Protection Act (PHIPA, 2004), the Amplify Care adheres to the following practices for safeguarding personal health information:

Individuals have been designated as being responsible for privacy and security compliance.

The Amplify Care has entered into written agreements with Participants in the eReferral Network.

Organizational policies and procedures for privacy and security management have been developed, implemented and are monitored and enforced.  A mechanism is in place for reviewing and updating the policies and procedures. Employees, contract staff, students and volunteers are required to comply with these policies as a condition of their employment or applicable relationship with Amplify Care.

The Amplify Care has contracted third-party Service Providers to assist in the fulfillment of our accountabilities. These third parties are required to comply with Amplify Care’s organizational policies and procedures for privacy and security management.

Confidentiality and/or non-disclosure agreements (as applicable) are in place for all employees, contract staff, students, volunteers and service providers.  These agreements contain appropriate measures for breach of privacy, confidentiality, or security, up to and including dismissal or termination of the contract or agreement, as appropriate.

Mandatory and ongoing privacy, confidentiality, and security awareness training is conducted for all employees, contract staff, students and volunteers. Service Providers are required to complete Amplify Care privacy & security awareness training or agree in writing to providing substantially similar content to their personnel.

The Amplify Care employees and consultants generally have no ability or need to collect, use or access personal health information. If collection, access/use of personal health information is required in the course of providing an eHealth Centre of Excellence service, employees and consultants are required to do adhere to the Amplify Care Privacy Policy and are prohibited from collection, use or disclosure of such information for any purpose other than the provision of the service.

The Amplify Care ensures that Service Providers maintain audit logs of user activities and system administrator activities. These logs are audited and monitored. 

A Privacy/Security Breach protocol with respect to the privacy and security of personal information has been developed and implemented. (IN PROGRESS)