Privacy Compliance
What is Pathways used for?
The primary use of Pathways is to facilitate efficient, high quality patient referrals. In addition, Pathways provides the following:
- A range of approved resources (reviewed by a Newfoundland & Labrador (NL) physician panel), including but not limited to physician resources, patient information resources, allied health supports, calculators and forms.
- The results of Shared Care work, typically with an emphasis on improving the efficiency and quality of referrals.
- Urgent clinical information notices that health care providers need to be aware of (e.g. disease outbreaks).
What privacy legislation, if any, is applicable to Pathways?
As a not-for-profit society, Pathways is governed federally by the Personal Information Protection and Electronic Documents Act (PIPEDA). Pathways makes available limited personal and contact information to authorized users.
Who is authorized to use Pathways?
Pathways is available for use by all family physicians and consultants in NL and their teams (e.g., MOAs), nurse practitioners, and health professionals (clinical/non-clinical). Different levels of access are available based on an individual's role and whether they are directly involved in making patient referrals. The levels of access are;
Super Administrator – unlimited editing abilities
Administrator - limited editing abilities on profiles
Reports Administrator - Access to the reports for their Region
Medical User - anyone who is making or helping with referrals to consultants
General User - access to everything except the consultant profiles
Forms User - can only see the forms on Pathways
Evaluator - General User
Evaluator - Medical User
Community Service User - can leave feedback on public facing site
Community Service Administrator - can manage and update homepage for public facing site
How can I be sure that access to Pathways is limited to authorized users?
Access to Pathways is limited to authorized and verified users who have been assigned an access key. Users provide their own password, which must meet industry standards. The Pathways Administrator(s) is provided comprehensive Privacy and Security training before distributing access keys.
What medical practice/ clinic information is collected?
The only primary care practice (‘practice’)/ clinic data that is collected is the information that is required to make effective, efficient referrals, as requested in authorized data collection survey forms. This includes a combination of the following public & personal information:
- Office contact information
- Hours of operation
- Procedures done at the practice/ clinic
- Referral information
- Languages spoken in the office
- Patient instructions (e.g., appointment instructions)
- Cancellation policies
- Clinic/hospital associations
How do you ensure that information about my practice or clinic has been collected with my consent?
When collecting this information, the Pathway Administrator(s) will identify themselves as contacting you on behalf of Pathways and clarifying that the information is being collected for the purposes of listing on Pathways. You will then have the option of choosing to participate or not.
How is this information collected?
This information is collected and/or verified with the practice or clinic directly, via a survey (either through the Pathways user interface or fillable electronic format) and accompanying letter outlining the purpose for which the information will be used, the fact that providing information implies consent for it to be published on Pathways and who users can contact if they have questions or concerns. If required, data collection may also involve phone calls and/or personal office visits in order to ensure correct, complete primary care practice/ clinic data has been collected.
What steps are taken to maintain the accuracy of the information about my primary care practice or clinic?
Maintaining the accuracy of the practice or clinic information is a priority for Pathways and to that end a number of strategies are used. These include:
- Upon initial data entry, each consultant or clinic are provided with an access key and encouraged to log onto Pathways, review their profile and make any needed corrections.
- Following that initial data collection, consultant/clinics are encouraged to regularly review their information. Approximately every 6 months each health care provider on Pathways is sent a link to their profile for review and update as needed.
- Pathways users are encouraged to send the Pathways Administrator(s) information about practices/ clinics in their area and updates to any outdated information they notice on consultant or clinic profiles on Pathways. These updates are validated with the practice or clinic and the profile is then revised accordingly.
How long will my information be retained?
The information will be retained as long as your practice or clinic is in operation or until you indicate that you no longer wish to have your practice or clinic information listed on Pathways. If you request your profile to be deleted, your information will no longer be available to users and your data will be removed from the active database and will only be stored in database backups.
Medical providers who retire or leave their practice, or practices/ clinics who close, remain on Pathways for 2 years with very limited information identifying their current status. Thereafter their information is only stored in database backups.
All removed data is automatically backed up for 1 year so that, if desired, a medical provider/ clinic can review the data that was previously displayed in Pathways. After 1 year the medical provider/ clinic’s data is permanently removed from all backups.
Where is this information stored?
Pathways information is currently stored on Amazon Web Services servers located in Canada.
This provider has been selected because it's rigorous security policies and practices are consistent with the Pathways security policy, the Pathways privacy policy, and with best practice industry standards.
What steps are taken to ensure that personal information provided by physicians and clinics is properly safeguarded?
Pathways maintains industry standard privacy and security protocols. These include:
- Maintenance of a list of authorized users by Pathways Administrators
- Requiring users to enter a valid access key and set a password prior to being able to access Pathways
- Compliance with industry standard database security protocols, and ongoing reviews of our privacy and security policies
If I have a question or complaint related to privacy or would like to confirm the accuracy and completeness of my information, who can I speak to?
To contact the Pathways NL Privacy Officer, please email us at: