Privacy & Security Policy
Privacy & Security
The privacy officer is responsible for all information under our control, and is specifically responsible for training our employees in appropriate practices and system design.
Medinet is the temporary custodian of medical information created by its clients, and is responsible for delivering that information safely and securely. Medinet does not engage in patient interaction, nor does it originate any personally identifiable information on its own, other than that relating to its employees.
Medinet provides access to the British Columbia PharmaNet system for medical professionals in the province; provides Medinet Mail, a secure email and encrypted attachments for patients, physicians and other clinicians; and offers medical billing services to physicians and others who receive fees from the BC Medical Services Plan.
In each case, the information that passes over our systems is intended for external users. Accordingly, the information is not kept on our servers or workstations beyond the temporary period required for secure transmission of the information, for quality assurance and to maintain our audit and operational logs.
Personal information from Medinet employees is collected to maintain our human resources records, as required by law and current practice.
As temporary custodian of personal information originated by our clients, we do not assume responsibility for patient consent. Consent is obtained by ordering physicians and other health professionals where required by current medical standards in British Columbia.
Information is not disclosed to third parties without the consent of the individual patient.
As a temporary custodian of personal information originated by our clients, we are not involved in the collection process. Limiting collection of information is the responsibility of ordering physicians and other health professionals.
In addition, the collection of personal information from our staff is limited to that required for administrative and accounting requirements.
Limiting Use, Disclosure, and Retention
Personal information traveling over our system is not used or disclosed for purposes other than those for which is was collected. Specifically, PharmaNet information is provided only to users registered on the system. Medinet Mail messages are available only to those who are specified by the sender. Medinet Medical Billing information is forwarded to the Medical Services Plan as part of normal billing processes.
Medinet retains clinical information on its systems as follows: Medinet Mail is maintained in a permanent archive, and is available only to addressees on the system. PharmaNet clinical information is not retained after it is displayed on the screen. Medinet Medical Billing information is retained in the accounting records of individual client physicians stored on our servers.
In addition, Medinet maintains billing and audit logs which enable it to carry out its business. These logs may contain patient identifiers, used for audit purposes.
As a temporary custodian, Medinet is not responsible for the accuracy of personal information flowing across its system. Personal information is provided by our clients, and it is not altered in any way as it passes along to the final user. When errors in the information are discovered, we direct inquiries to the originating lab, agency or user for correction.
Personal information on our system is protected by security safeguards appropriate to the sensitivity of the information. Access to secure files is limited to specially trained staff. External network connections use TLS 2.0+ encryption. Our servers are located in Canada, in secure level 4 information centres.
Medinet is committed to make specific information available to individuals about its policies and practices relating to the management of personal information.
Subject to the laws and regulations of the Province of British Columbia relating to access to PharmaNet, upon request an individual will be informed of the existence, use, and disclosure of his or her personal information. If an individual wishes to challenge the accuracy and completeness of the information, we will assist the individual in identifying the source agency, where the individual may apply to have it amended as appropriate.
Any individual is able to address a challenge concerning compliance with the above principles to the designated Privacy Officer.