Privacy Policy

Privacy Statement July 2020

Audience:

All Alembico users or support agents.

Purpose:

Review of the main elements of privacy protection
Your privacy obligations when using Alembico

Definitions:

Privacy: Privacy is defined as the right of an individual to keep his/her individual health information from being disclosed. This is typically achieved through policy and procedure. Privacy encompasses controlling who is authorized to access patient information; and under what conditions patient information may be accessed, used and/or disclosed to a third party.

PHI: Personal health information (PHI) includes oral or written information about the individual, if the information:

relates to the individual’s physical or mental health, including family health history;
relates to the provision of health care, including the identification of persons providing care;
is a plan of service for individuals requiring long-term care;
relates to payment or eligibility for health care;
relates to the donation of body parts or bodily substances or is derived from the testing or examination of such parts or substances;
is the individual’s health number; or
identifies an individual’s substitute decision-maker.

Any other information about an individual that is included in a record containing personal health information is also included in the definition.

Personal health information (PHI) is one of the most sensitive types of personal information that is frequently shared for a variety of purposes, including care and treatment, health research, and managing health care systems.

PHIPA: The Personal Health Information Protection Act (PHIPA) sets out rules for the collection, use and disclosure of personal health information.

The rules apply to all health information custodians and to individuals and organizations that receive personal health information from health information custodians.

Privacy Breach: A privacy breach occurs when PHI is lost, stolen or subject to unauthorized access, or when policies aimed at protecting privacy are violated.

PHIPA Privacy Law:

Under PHIPA privacy Law, you must protect PHI.

Access only PHI you need to know to perform your duties.
Report every suspected privacy breach such as stolen credentials, missing PHI records, unauthorized access and changes.

By using Alembico:

You confirm that you are authorized to access the personal health information (PHI) in accordance with your clinical and/or administrative duties as defined by PHIPA regulations.
You understand that you may be subject to disciplinary and/or legal actions as applicable for unauthorized access to PHI.
You cannot share your Alembico username and/or password with anyone and you must take reasonable measures for its protection.
You agree on MED49’s end user agreement

What you should do:

Log into the system only with your own credentials.
Never let others use your credentials.
If you are leaving, log out of your account.
Ensure unauthorized people cannot see your display screen.
Don’t take pictures or screenshots of the display.
Print only if the system has a Print button, and then print only what you need.
If you must download PHI, download only what you need, and only to a secure location using a password-protected file or encrypted device.

Don’t try to access restricted or blocked content intentionally.
Only send information through secure and trusted email or Secure File Transfer Protocol (SFTP).
Don’t send confidential information such as passwords over email, and don’t click untrusted external links and attachments.

Client Data Access Policy:

MED49 is responsible to maintain and store all EMR data, the majority of client data is anonymous during the system maintenance and operation.
MED49 as a vendor will not use, market, process or transfer any data without clients’ consent.
By obtaining client’s consent, Alembico support personnel may access clinic data directly or indirectly in response to client’s support request.
MED49 will perform investigation from audit system for any concerns of privacy breach.