Privacy, Security and Confidentiality

This desktop has been developed by the Centre for Health Evidence (CHE) to facilitate the use of electronic information resources and to create a custom online learning environment for your group. Everything needed to participate is made available through this private, personalized workspace. You can download the desktop software for use at the office, at home, or wherever you want to access to the material.

Privacy Statement

Your desktop is built with VIVIDESK™ Inventory databooks that provide you with information about people, information products and relationships between people and products. There are privacy and confidentiality considerations that you should be aware of.. These affect who can view information in the databook, who can enter and edit information, limits to information transfer in or out of the databook, and how use of the databook is monitored. The following statements address each of these issues. Please contact the databook editor with any questions about these statements. Also note that this warning applies to the VIVIDESK™ Inventory alone. There may be other information resources made available through VIVIDESK™ desktops that have other, more stringent, privacy and confidentiality considerations.

Monitoring

Monitoring is about how your use of information resources is checked to ensure compliance with licensing regulations.

The VIVIDESK™ desktop simplifies access to a number of different software applications and information resources. A number of these are not in the public domain. They are specially licensed for your use or permission has been obtained for you to use these applications within this initiative. Your access to these resources is protected by the user name and password that you enter to open the desktop. Do not share these access parameters with anyone else. Your access is expressly limited to yourself alone and is not transferable to other individuals.

While connected to the desktop, your use of information resources is monitored, including information about which applications are opened, where, when and for how long. For certain initiatives, the desktop can also be used to monitor keystrokes within individual applications. This information is used to verify compliance with licensing rules and may be used to report to sponsor organizations for a specific initiative about the relative use of different information resources.

All monitoring data is gathered and protected by the Centres for Health Evidence (CHE), a not-for-profit research entity of the University of Alberta by way of protected database server computers (see Security section below) in an alarm-protected Internet server facility controlled by the CHE.

Summative data may be released by the CHE to the sponsoring agency of this programme to provide them with information about the performance of this initiative. Individual identifiers are not stored in monitor databases and are not released by the CHE.

Security

Security is about determining who has access to a databook and who does not.

VIVIDESK™ Inventory databooks are either "Public" or "Private". You can verify the status of a current databook by checking for this information under the "Quick Info" folder on the databook home page.

• Public databooks can be accessed anonymously; no user identifier or password is required to open the databook.
• Private databooks can only be seen by users who have entered a valid user identifier and password.

Once a user has been validated, only the accepted user has access to the databook for a limited period of time (20 minutes) within the that specific computer and Internet browser session that was used when the user logged on.

If a VIVIDESK™ Inventory databook is opened from within VIVIDESK™ desktop, a further level of security is added. VIVIDESK™ validates the user and creates a unique "key" that must be present in order to "unlock" and view the content of a protected databook. This key is automatically destroyed after 5 minutes of inactivity or when the user logs off and it is never re-used.

Privacy

Privacy is about how databook use by authorized users is protected from eavesdropping by unauthorized users.

Connections to VIVIDESK™ Inventory databooks can be either encrypted or unencrypted. You can tell the encryption status of the current databook by checking for this information under the "Quick Info" folder on the databook home page. Encrypted communications are prohibitively difficult to "snoop" by persons who illegally monitor Internet traffic.

Confidentiality

Confidentiality is about determining which authenticated users can see what information within a particular databook.

When authenticated, databook users are recognized as belonging to one of five permissions levels. You can tell your permission level by checking for this information under the "Quick Info" folder on the databook home page.

Each record - indeed each field within a record - can be marked "private" beyond a particular permission level. There are five levels of permissions: Levels 0-5. Level 0 users can only see material marked "public". Level 1 and higher users can see material marked private at their own level of permissions. Master administrators (level 4 and 5) can see anything in the databook.

It is also possible to give specific individuals higher level permissions for specific items or functions in the databook. This enables "permission by exception." Given an assumption of "privacy" designated persons can be given special privileges for specific items of information.

The databook editor can change the permission status of any record or field. Concerns and requests are to be forwarded to this person.

Accountability

Accountability is about monitoring and recording how all of the above privacy rules are heeded.

Use of VIVIDESK™ Inventory databooks can be monitored. One can tell whether the monitor has been activated by checking for this information under the "Quick Info" folder on the databook home page.

If auditing is active, then every addition, edit or deletion of the databook is thoroughly documented, with a record of the databook contents before and after the change. All logons are recorded and all use of information is monitored. A record of the content of any transfers into or out of the databook is recorded. In general, this audit trail complies with Health Information Protection legislation.

If auditing is inactive, then no individual usage information is kept and the only data available to editors and administrators is the general frequency of use of the VIVIDESK™ Inventory website.

Ethical Information Use

Whatever protections are put in place to maximize security, privacy, confidentiality and accountability, the protection of health information is ultimately a matter of trust and honour.

The following principles should be adhered to at all times:

• In general, identifiable patient information is not stored in VIVIDESK™ Inventory databooks. If patient information is stored in VIVIDESK™ Inventory, then the highest levels of security, privacy and confidentiality are enabled and no identifiable patient information is included in import/export functions.
• Databook users should be extremely careful with individually identifiable patient information. This should not be copied to other applications and should not be included in any electronic communications without the patient's permission.
• Auditing and monitoring information will be used to comply with health information legislation and to enable traces of breaches in security, privacy and confidentiality. The data will not be sold or otherwise used for secondary gain.