Like other medical services, all data must be collected and securely stored according to the Freedom of Information and Protection of Privacy Act (FOIPPA).
The only people accessing personal data are those who are collecting it. Clinicians who are overseeing your care (the intake team) would be the only people who would access your data, and only on a need to know basis. Data can be viewed as a cohort by the quality improvement lead, but this data has been anonymized (no names or overtly identifying qualities). Any information you share with a clinician is only known by that clinician, unless another member of our team has a “need to know”.
Collection and Use of Information. Personal information should only be collected when it relates directly to and is necessary for a program or activity of VIU, and only from the individual, rather than from a third party. When personal information is collected from an individual, the individual should be informed of the purpose for collecting the information. Personal information can only be used for the purpose for which it was obtained or compiled, or for a use consistent with that purpose. Personal information may be disclosed to other VIU staff on a “need-to-know” basis. Disclosure of personal information outside VIU is highly restricted and should only be done with the authorization of the University Secretary59.
Safeguarding Personal Information. Under the FIPPA, you are required to make “reasonable security arrangements” to safe-guard personal information in VIU’s custody or under its control. Personal information stored in electronic format is especially vulnerable to loss or misuse. Wherever possible, it should be stored on secure servers rather than PCs or portable devices. If it is essential to store personal information on portable devices, it must be encrypted. Personal information may not be stored or accessed outside Canada. This restricts VIU’s use of “cloud computing” applications, e.g., Gmail and Facebook.
Request for Records. Requests for records that may contain sensitive or confidential information are called Freed of Information (FOI) requests. These requests are processed by the Office of the University Secretariat in accordance with procedures set out in the Freedom of Information and Protection of Privacy Act (FIPPA). FOI requests may be made in writing in a letter, fax, or email and sent to the Office of the University Secretariat. VIU has 30 business days, from the date received, to respond to the request.
Information Retention. Personal information must be retained for at least one year after it is used to make a decision that directly affects the individual. If the information has not been used to make a decision, this retention requirement does not apply.
Privacy Breaches. Unauthorized collection, use, disclosure, or disposal or personal information is a serious matter and must be reported immediately to the Office of the University Secretariat for investigation.