Jane's Guide Here's all the help you need to use Jane.

Is Jane PIPEDA compliant?

Yes, Jane is PIPEDA compliant.

We’ve been very careful designing Jane to ensure that we are compliant with The Personal Information Protection and Electronic Documents Act (PIPEDA). We accomplish this by providing you with security and privacy controls needed to protect data entered into Jane.

In this Guide document, we will:

  • Review how privacy laws apply in Canada.
  • Briefly discuss the role of PIPEDA for health clinics.
  • Discuss PIPEDA’s ten fair information principles and how Jane can help comply with them.

This information is not a legal interpretation of the law and is not binding on the Office of the Information and Privacy Commissioner for Canada. This information is not intended to nor should it ever replace formal legal counsel.

The role of PIPEDA in Health Clinics

PIPEDA applies to private-sector organizations across Canada that collect, use or disclose personal information in the course of commercial activity.

What is personal information?

Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:

  • Age, name, ID numbers, income, ethnic origin, or blood type;
  • Opinions, evaluations, comments, social status, or disciplinary actions; and
  • Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).

PIPEDA’s 10 fair information principles

PIPEDA’s 10 fair information principles are rules designed for the collection, use and disclosure of personal information, as well as for providing access to personal information. Down below, we’ll be going over the 10 fair information principles and how Jane can help you comply with them.

1. Accountability

Reference Link: PIPEDA Fair Information Principle 1 – Accountability

“An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.”

How can Jane help? As per our Privacy Policy, Jane doesn’t control access or use of the data that you enter into Jane. This is something that every clinic controls individually through contracts, internal agreements, access levels and settings in Jane.

What a clinic can do to comply with the accountability principle is to ensure that whoever is appointed to be accountable for its compliance can also be considered the Account Owner in Jane. As per Jane’s Terms of Use, the Account Owner is the legal custodian of data entered into Jane.

2. Identifying Purposes

Reference Link: PIPEDA Fair Information Principle 2 – Identifying Purposes

“The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.”

How can Jane help? As we make clear in our Privacy Policy, Jane acts purely as a service provider to you, the custodian of your patient’s data. We will never sell or trade the patient data that you store with us. This frees you to describe how you will utilize the patient data that you collect, and allows you to be bound by your professional and legal obligations with respect to data storage.

Reference Link: PIPEDA Fair Information Principle 3 – Consent

“The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.”

How can Jane help? At Jane, you can create and customize your own consents by using our Intake Form feature to support with your PIPEDA compliance.

4. Limiting Collection

Reference Link: PIPEDA Fair Information Principle 4 – Limiting Collection

“The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.”

This means ensuring that all information collected by an individual is only for the identified purpose. For example, if a patient is visiting your clinic, PIPEDA states that you should only be collecting information for the sole purposes of their treatment.

5. Limiting Use, Disclosure, and Retention

Reference Link: PIPEDA Fair Information Principle 5 – Limiting Use, Disclosure, and Retention

“Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.”

How can Jane help? As mentioned, we don’t control the data entered into Jane. If a clinic is required to remove data that has been collected, we recommend the Account Owner reach out to us, and we can provide them with the steps to remove data from the account.

6. Accuracy

Reference Link: PIPEDA Fair Information Principle 6 – Accuracy

“Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.”

How can Jane help? To ensure accuracy, we recommend that each staff member has their own account to minimize and manage data entered into Jane. The Account Owner can control what staff members have access to by using our Staff Access Levels feature.

7. Safeguards

Reference Link PIPEDA Fair Information Principle 7 – Safeguards

“Personal information must be protected by appropriate security relative to the sensitivity of the information.”

How can Jane help?

We take security and privacy very seriously here at Jane. Here you’ll find our documentation that will provide you with information on the processes we have implemented to keep everything secure:

8. Openness

Reference Link: PIPEDA Fair Information Principle 8 – Openness

“An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.”

We recommend creating your own policies and best practices that are in line with PIPEDA compliance. If needed, you can use our Intake Form feature to customize your own consents by adding a policy template.

9. Individual Access

Reference Link: PIPEDA Fair Information Principle 9 – Individual Access

“Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.”

How can Jane help? If a patient is requesting their personal information, you have the ability to export chart data at any time from within the Jane account or use our shared chart feature for patients.

10. Challenging Compliance

Reference Link: PIPEDA Fair Information Principle 10 – Challenging Compliance

“An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.”

How can Jane help? While each clinic will need to appoint a privacy representative who will monitor privacy compliance within the clinic, if you have any questions about Jane’s privacy compliance, you can reach our privacy team via [email protected].

Subscribe to our monthly newsletter.