Yes, Jane is PIPEDA compliant.
We’ve been very careful designing Jane to ensure that we are compliant with The Personal Information Protection and Electronic Documents Act (PIPEDA). We accomplish this by providing you with security and privacy controls needed to protect data entered into Jane.
In this Guide document, we will:
- Review how privacy laws apply in Canada.
- Briefly discuss the role of PIPEDA for health clinics.
- Discuss PIPEDA’s ten fair information principles and how Jane can help comply with them.
This information is not a legal interpretation of the law and is not binding on the Office of the Information and Privacy Commissioner for Canada. This information is not intended to nor should it ever replace formal legal counsel.
The role of PIPEDA in Health Clinics
PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of commercial activity.
What is personal information?
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type;
- Opinions, evaluations, comments, social status, or disciplinary actions; and
- Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).
PIPEDA’s 10 fair information principles
PIPEDA’s 10 fair information principles are rules designed for the collection, use and disclosure of personal information, as well as for providing access to personal information. Down below, we’ll be going over the 10 fair information principles and how Jane can help you comply with them.
Reference Link: PIPEDA Fair Information Principle 1 – Accountability
“An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.”
2. Identifying Purposes
Reference Link: PIPEDA Fair Information Principle 2 – Identifying Purposes
“The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.”
Reference Link: PIPEDA Fair Information Principle 3 – Consent
“The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.”
How can Jane help? At Jane, you can create and customize your own consents by using our Intake Form feature to support with your PIPEDA compliance.
4. Limiting Collection
Reference Link: PIPEDA Fair Information Principle 4 – Limiting Collection
“The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.”
This means ensuring that all information collected by an individual is only for the identified purpose. For example, if a patient is visiting your clinic, PIPEDA states that you should only be collecting information for the sole purposes of their treatment.
5. Limiting Use, Disclosure, and Retention
“Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.”
How can Jane help? As mentioned, we don’t control the data entered into Jane. If a clinic is required to remove data that has been collected, we recommend the Account Owner reach out to us, and we can provide them with the steps to remove data from the account.
Reference Link: PIPEDA Fair Information Principle 6 – Accuracy
“Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.”
How can Jane help? To ensure accuracy, we recommend that each staff member has their own account to minimize and manage data entered into Jane. The Account Owner can control what staff members have access to by using our Staff Access Levels feature.
Reference Link PIPEDA Fair Information Principle 7 – Safeguards
“Personal information must be protected by appropriate security relative to the sensitivity of the information.”
How can Jane help?
We take security and privacy very seriously here at Jane. Here you’ll find our documentation that will provide you with information on the processes we have implemented to keep everything secure:
Reference Link: PIPEDA Fair Information Principle 8 – Openness
“An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.”
We recommend creating your own policies and best practices that are in line with PIPEDA compliance. If needed, you can use our Intake Form feature to customize your own consents by adding a policy template.
9. Individual Access
Reference Link: PIPEDA Fair Information Principle 9 – Individual Access
“Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.”
How can Jane help? If a patient is requesting their personal information, you have the ability to export chart data at any time from within the Jane account or use our shared chart feature for patients.
10. Challenging Compliance
Reference Link: PIPEDA Fair Information Principle 10 – Challenging Compliance
“An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.”
How can Jane help? While each clinic will need to appoint a privacy representative who will monitor privacy compliance within the clinic, if you have any questions about Jane’s privacy compliance, you can reach our privacy team via firstname.lastname@example.org.