Privacy and Information Practices

What services does Novari Health provide?

Novari Health™ provides software that improves access to care for patients. It does this through providing software to health care providers to track and manage patients who require services. Our software typically replaces paper-based processes in favour of an improved electronic process, ensuring that patients are managed safely and efficiently.

Novari Health offers these services through the following software products which are all part of the Novari Access to Care Platform™.

Novari ATC™
Novari ATC is a solution used by physicians to manage patients who are waiting for access to procedure-based services such as surgery. It provides physicians with electronic waiting lists, as well as the ability to send scheduling requests electronically, eliminating cumbersome paper-based processes reliant on paper and fax.

Novari eRequest®
Novari eRequest allows any care provider to request services on behalf of their patients, for virtually any kind of health care service. It can be used to support electronic referrals for a huge cross-section of services in the healthcare sector. This includes specialist referrals, diagnostic imaging referrals, requests for access to patient education programs, and more. Requests can, where appropriate, be routed to central intake programs who will coordinate care, and route to the most appropriate and next available resource (often to help load-balance services, ensuring patients are seen faster).

Novari Medical Imaging Requisition Management (MIRM)™
Novari Medical Imaging Requisition Management (MIRM) allows care providers to request services on behalf of their patient for medical imaging services, for any modality. The software allows Technologists and Radiologists to eProtocol requisitions for a quick turnaround and transparency for patient care. Requests can, where appropriate, be routed to central intake programs who will coordinate care, and route to the most appropriate and next available resource. This helps to load-balance services, ensuring patients are seen faster.

Novari Mental Health and Addictions (MHA)™
Novari Mental Health and Addictions (MHA) improves the referral, intake, triage, routing, receiving, and processing of referrals. The system recognizes the complexity of providing coordinated access to mental health services and is scalable to manage high referral volumes with complex workflows.

Novari eVisit™
Novari eVisit allows patients to have direct and timely access to family physicians using their browser or mobile device. Patients can request virtual visits with their own primary care physician, or with on-call physicians who can respond to urgent requests. Virtual visits can take place securely over the phone, video chat, or messaging.

How does Novari obtain personal health information?

For Novari eRequest and Novari ATC, Novari Health receives personal health information (PHI) through health care providers, typically physicians, who are requesting health care services on behalf of their patients. It also collects PHI through hospitals and clinics who coordinate the provision of services.

For Novari eVisit, Novari Health receives personal health information directly from patients, as well as from primary care physicians who are providing services to their patients.

Physicians, hospitals, and clinics are examples of “Health Information Custodians” (HICs).

How does Novari Health use personal health information?

Novari health uses the personal health information it collects as follows:

For Novari ATC™:
a. Coordinate patient access to procedure-based care (usually surgery).
b. Manage and track the steps to prepare a patient for a procedure.
c. Communicate details regarding the patient to hospital scheduling staff.
d. Where permitted by law, report specific wait-time information to government agencies responsible for coordinating access to care.
For Novari eRequest®:
a. Coordinate patient access to a variety of healthcare services.
b. Communicate details of the service request to care, providers, so that they may understand the nature of the request.
For Novari Medical Imaging Requisition Management™:
a. Coordinate patient access to medical imaging services of any modality.
b. Communicate details of the service request to the referring physician, so they may understand the nature of the request for medical imaging services.
For Novari eVisit™:
a. Coordinate patient access to primary care.
b. Communicate details of the request for a virtual visit to primary care physicians.
c. Allow primary care physicians to document virtual visits.
d. For on-call primary care physicians.
For Novari Mental Health and Addictions™
a. Coordinate patient access to mental health and addictions services
b. Communicate details of the service request to the referring physician, so they may understand the nature of the request for mental health and addictions services

How does Novari enable the disclosure of personal health information?

Novari Health is an “Electronic Service Provider” that supplies a software platform that enables healthcare organizations to electronically handle patient personal health information.

Where the Novari Health software provides a network connection between two or more healthcare providers that facilitates the electronic disclosure of patient information between for the purpose of providing health care to patients, Novari is known as a “Health Information Network Provider”.

Novari Health provides an electronic means for health care organizations to send or share patient information between each other to facilitate patient care. Patient consent for the collection, use, and disclosure of personal health information is managed by the Health Information Custodians. As such, Novari Health supports the disclosure of PHI under the following circumstances:

Between Health Information Custodians who are arranging health care services to patients (e.g., a referral between a primary care physician and a specialist, a scheduling request from a surgeon to the hospital)

Where permitted by law report information to government agencies responsible for coordinating access to care

Novari is subject to Ontario’s privacy legislation Personal Health Information Protection Act, 2004 and its regulations.

What safeguards are in place to protect personal health information?

Novari Health is committed to the protection of personal health information at all times. Novari employs administrative, physical, and technical safeguards to protect personal health information from theft, loss, unauthorized use, modification, disclosure, and destruction.

This includes:

All PHI is hosted in secure, access-controlled facilities
All information is encrypted while “at rest” (i.e., stored in a database) and “in transit” (i.e., being viewed in Novari Health software over the internet)
Novari Health uses software access controls to limit access to its software solutions to authorized users
Novari Health software solutions audit all user access to PHI
All privacy and security related activities are logged in the Novari solutions (e.g., accesses and transfers of personal health information)
Novari solutions will maintain logging and monitoring of PHI that will be made available to participating HICs on request.
Novari regularly conducts privacy and security assessments on its software and makes summaries available to participating health care organizations

What policies does Novari Health have in place to ensure personal health information is protected?

Novari Health adheres to a privacy policy to ensure personal health information is protected. This policy includes the following:

All staff are aware of the purposes for which PHI is collected and trained on their legal obligations to protect PHI.
Novari Health ensures that that third parties acting on behalf of Novari are contractually obligated to protect PHI to the same standard that Novari adheres to.
Agreements with participating health care organizations, where the agreements outline privacy and security requirements.
Novari Health has staff to monitor security on a scheduled basis to detect for any possible breaches in privacy or security.
Novari Health will report any privacy or security incident to the affected health information custodian, should they occur.
Novari Health has a privacy officer who is responsible for managing compliance with privacy legislation and implements best practice as it relates to privacy software features and requirements.
PHI is not used or disclosed for purposes other than those for which it was collected.
PHI is retained only as long as necessary for the fulfillment of the purposes above, and / or as required by law.
Novari Health works with Health Information Custodians to ensure that the data in its system is as accurate, complete, and up to date as possible.

Can patients withdraw consent to disclose personal health information?

Yes. Patients may withdraw consent at any time. Patients also have the right to restrict access to all or part of their personal health information. In either case, this is done by notifying the relevant health information custodian (usually, the patient’s physician) who is a user of the Novari Health software.

Who may I speak with if I have questions about Novari Health’s privacy policies and procedures?

If you have complaint, question or concern regarding Novari Health’s privacy policies and procedures, please contact:

Novari Health
Suite 401 – 1473 John Counter Blvd.
Kingston, ON, K7M 8Z6
Attention: Privacy Officer

You may also reach us by email at:
privacy@novarihealth.com

If you are contacting Novari by email, please do not send patient personal health information in the email. Email over the Internet is not secure, and the privacy and security of patient personal health information cannot be assured.