Privacy Policy

Last Updated: January 8, 2025

1. Introduction

Nisichawayasihk Personal Care Home ("we", "our", or "us") is committed to protecting the privacy and confidentiality of personal health information (PHI) in accordance with the Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

We collect and maintain the following types of information:

• Demographic Information: Name, date of birth, gender, room number
• Health Identifiers: PHIN, Manitoba Health Number, Band & Treaty Number
• Clinical Information: Diagnosis, allergies, medications, vitals, care plans
• Care Documentation: Shift notes, care conferences, incident reports
• Contact Information: Next of kin, emergency contacts

3. How We Use Your Information

We use your personal health information for:

• Providing direct care and treatment
• Care planning and coordination
• Quality improvement and safety monitoring
• Regulatory compliance and reporting
• Communication with healthcare providers and family

4. Who Has Access

Access to your information is limited to:

• Healthcare providers directly involved in your care
• Administrative staff for care coordination
• Quality and safety personnel for monitoring
• Authorized family members or substitute decision makers

All staff are bound by confidentiality agreements and professional obligations.

5. How We Protect Your Information

We implement comprehensive safeguards including:

• Technical: Encryption, secure passwords, session timeouts, audit logging
• Administrative: Access controls, staff training, privacy policies
• Physical: Secure servers, restricted access, encrypted backups

6. Your Rights

You have the right to:

• Access: Request a copy of your personal health information
• Correction: Request corrections to inaccurate information
• Accounting: Receive an accounting of disclosures
• Restriction: Request restrictions on use or disclosure
• Complaint: File a complaint about privacy practices

7. How to Access Your Information

To request access to your personal health information:

1. Submit a written request to our Privacy Officer
2. We will respond within 30 days
3. There is no fee for the first copy
4. You may request electronic or paper format

8. Data Retention

We retain your personal health information for:

• 10 years after discharge or last service
• Longer if required by law or ongoing care needs
• Secure disposal after retention period expires

9. Third-Party Services

We may use third-party services for:

• Cloud hosting (DigitalOcean - Canadian datacenter)
• AI assistance (local processing only, no data shared externally)
• Backup services (encrypted)

All third parties sign Business Associate Agreements and comply with PHIPA/PIPEDA.

10. Breach Notification

In the event of a privacy breach:

• We will notify you within 72 hours if your information was compromised
• We will notify the Information and Privacy Commissioner
• We will take immediate steps to contain and remediate the breach

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

12. Contact Information

13. Consent

By using this system, healthcare providers acknowledge their responsibility to protect personal health information in accordance with PHIPA, PIPEDA, and professional standards.