Confidentiality Policy 1. Horizon Health Network (Horizon) is committed to collecting, using, disclosing and disposing of confidential information including personal information (PI) and personal health information (PHI) entrusted to it in a manner that is accurate, confidential, secure and private. Horizon is committed to protecting the confidentiality and privacy of PI and PHI in its custody or control. 2. Horizon is subject to and complies with the Right to Information and Protection of Privacy Act (RTIPPA) and the Personal Health Information Privacy and Access Act (PHIPAA) and the regulations under these Acts. 3. Horizon has established obligations for the handling of confidential information by employees and non-employee personnel, and promotes compliance by requiring the signing of the Confidentiality – Declaration of Understanding. 4. Employees and non-employee personnel access, use, and disclose confidential information, PI and/or PHI on a need-to-know basis only, and as defined or required by their role within the organization. 5. Employees and non-employee personnel may see, hear or be given access to confidential or sensitive information about employees, patients, and the operations of business partners/associates, and the operations of the health partners. Such information is to be held in strict confidence and is not to be disclosed or discussed with anyone other than those authorized to receive such information, in the course of performing their duties. 6. Access to Horizon’s records and information or the records and information of business partners/associates, or the records and information of the health partners, by employees and non-employee personnel is granted only for the purpose of performing employment duties, or conducting business as per a contract or agreement. Employees and non-employee personnel are strictly prohibited from accessing records and information to which they are not entitled within the scope of their duties. 7. Managers or their delegate are required to review this policy with each of their employees at the time of hire and also at the time of each performance review. Each employee, at the time of hire and at the time of the performance review, after reviewing the policy, signs a Confidentiality – Declaration of Understanding. Managers remain responsible to ensure this has been done. 8. Employees, with the exception of physicians, complete the Privacy in Healthcare e-learning modules at the time of hire and also at the time of each employee performance review. 9. Non-employee personnel, with the exception of physicians, who have access to confidential information within the scope of their work related duties or contract / agreement are required, on an annual basis, to: review this policy,sign a Confidentiality – Declaration of Understanding, andcomplete the required Privacy in Healthcare e-learning modules. 9.1 All Physicians review this policy and sign a Confidentiality – Declaration of Understanding and complete the Privacy in Healthcare e-learning modules, at the time of hire, and every 2 years thereafter, upon application for reappointment. 10. Any breach or suspected breach of this policy, such as unauthorized access, collection, use or disclosure, is to be reported immediately to the appropriate manager; the manager notifies the Chief Privacy Officer (CPO) as per Privacy Incident and Breach Management. 11. Violation of this policy may result in disciplinary action, up to and including termination. In the case of non-employee personnel, violation of this policy may result in the termination of negotiations of a potential contract/appointment, or of an existing contract/appointment with Horizon, and may result in legal action.