PHIPA Compliance

Mobirise

IT Service Provider Responsibilities

A health information network provider, who manages technology containing personal health information, must:

  • Notify the custodian of any breach of the restrictions on its use and disclosure of personal health information or unauthorized access;
  • Make available to the public, information about the services provided to the custodian; any directives, guidelines and policies of the provider that apply to the services provided; and a general description of the safeguards that have been implemented;
  • Provide to the custodian… electronic record of all accesses and transfers of personal health information associated with the custodian;
  • Perform and provide to the custodian a threat risk assessment and privacy impact assessment of the services provided;
  • Ensure that any third parties that you retain comply with the restrictions and conditions necessary for the provider to comply with its requirements; and
  • Enter into an agreement with the custodian that describes the services provided; describes the administrative, technical, and physical safeguards; and requires the provider to comply with the Act and its regulations.

For a complete PHIPA compliance audit, contact us today.

If your service provider does not keep an audit log of remote connections made to your environment, this means your service provider is not PHIPA compliant. You should also understand as a health data custodian, that you should not request your service provider to use a tool that does not keep an audit log.

Address

35 McBrine Place
Kitchener, ON N2R 1H5

View in Map

Contact Us

Email: fredw@cedarcreek.ca
Phone: 519-571-9394 

Pages

Home
About Us
Services
      Help Desk Services
      Infrastructure Services
      Networking
      Security
Free Network Assesement

© Copyright 2023 Cedarcreek Networking Inc. - All Rights Reserved

This website was started with Mobirise template