Privacy and Information Practices

Introduction

Novari Health is committed to protecting the privacy, confidentiality, and security of personal health information (PHI) collected, used, and disclosed through its software solutions. This policy outlines our information practices and privacy principles to ensure that all PHI is managed in accordance with recognized data protection practices and applicable privacy regulations. 

About Novari Health & Services Provided

Novari Health provides software solutions designed to improve access to care and enhance healthcare coordination. Our software solutions include, but are not limited to, the following: 

  • Novari ATC™ – Manages patient waitlists and facilitates electronic scheduling requests for procedure-based services. 
  • Novari eRequest® – Supports electronic referrals across a wide range of healthcare services, including specialist referrals, diagnostic imaging, and patient education programs. 
  • Novari MIRM™ (Medical Imaging Requisition Management) – Enables efficient handling of imaging requisitions with eProtocoling for quick turnaround and transparency.
  • Novari MHA™ (Mental Health and Addictions) – Facilitates referral, intake, triage, routing, and processing of mental health and addiction services. 

Collection of Personal Health Information

Novari Health collects PHI to provide healthcare coordination and related services under a lawful basis, including consent-based processing, contractual necessity, legitimate interests of healthcare organizations, and other recognized purposes necessary to fulfill healthcare delivery requirements. Information is collected from healthcare providers, hospitals, clinics, and other authorized organizations to support healthcare coordination and service delivery. 

Collected PHI may include patient identifiers, health card numbers, demographic details, contact information, clinical notes, and relevant medical history necessary for referral, scheduling, and triage processes. Individuals are informed of the purposes for which their PHI is collected wherever appropriate. 

Use of Personal Health Information

PHI collected by Novari Health systems is used for the following purposes: 

  • Facilitating referral processing, scheduling, and coordination of healthcare services. 
  • Communicating referral information to healthcare providers and healthcare organizations. 
  • Supporting centralized intake programs to improve efficiency and reduce patient wait times. 
  • Generating anonymized reports for service planning, monitoring, and improvement where applicable. 
  • Ensuring that PHI is not used or disclosed for purposes other than those for which it was collected. 
  • Working with authorized healthcare organizations to ensure that the data in the system is as accurate, complete, and up to date as possible. 

Disclosure of Personal Health Information

PHI may be disclosed under the following circumstances: 

  • Between healthcare providers and organizations involved in patient care coordination. 
  • When permitted by applicable privacy regulations or required by law. 
  • With patient consent where required or authorized by the referring healthcare provider. 
  • To authorized healthcare organizations upon request, ensuring compliance with applicable privacy standards. 

Safeguards to Protect Personal Health Information

Novari Health ensures that all staff are trained and made aware of their privacy responsibilities and legal obligations related to the collection, use, and protection of PHI. Training is provided upon hiring, and regular refreshers are conducted to reinforce privacy best practices. 

Novari Health requires that third parties acting on its behalf are contractually obligated to protect PHI to the same standard adhered to by Novari Health. Agreements with healthcare organizations also outline privacy and security requirements, ensuring consistency in the protection of PHI across all interactions. 

Novari Health implements administrative, technical, and physical safeguards to protect PHI from unauthorized access, use, disclosure, modification, or destruction. These include: 

  • Encryption of PHI both in transit and at rest. 
  • Role-based access controls ensuring only authorized individuals can access PHI. 
  • Logging and monitoring of all access to PHI to ensure accountability. 
  • Regular privacy and security assessments to maintain compliance with best practices. 
  • Contractual agreements with third parties acting on behalf of Novari to adhere to the same standard of privacy protection. 
  • Monitoring systems on a scheduled basis to detect any potential breaches in privacy or security. 

Retention of Personal Health Information

PHI is retained only as long as necessary to fulfill the purposes for which it was collected or as required by applicable privacy regulations. Once the retention period has expired, PHI is securely deleted or anonymized to prevent unauthorized access. 

Patient Rights & Consent

Patients have the right to make certain requests related to their personal health information. The availability of these rights may vary depending on the privacy regulations governing the patient’s healthcare provider and their jurisdiction. All such requests should be directed through their healthcare provider, who will work with Novari Health’s systems to facilitate these requests where applicable. Patients may: 

  • Request access to their personal health information held within Novari Health systems through their healthcare provider. 
  • Request corrections to their personal health information if it is inaccurate or incomplete, by contacting their healthcare provider. 
  • Withdraw consent for the collection, use, or disclosure of their PHI, where applicable, by notifying their healthcare provider.
  • Request the deletion or anonymization of their personal health information where it is no longer necessary for the purposes for which it was collected, subject to applicable regulations, by contacting their healthcare provider. 
  • Object to the processing of their PHI, where applicable, particularly where processing is conducted based on legitimate interests, by informing their healthcare provider. 
  • Request data portability, where applicable, by receiving their PHI in a structured, commonly used, and machine-readable format through their healthcare provider. 
  • Request to engage with services anonymously or under a pseudonym where applicable and appropriate, by contacting their healthcare provider. 
  • Receive information about how their personal health information is used and disclosed, including details of third-party data sharing where applicable, through their healthcare provider. 

Privacy Breach Response

Novari Health has procedures in place to respond to privacy breaches, including: 

  • Prompt investigation and containment of the breach. 
  • Notification to affected healthcare organizations and relevant authorities as required. 
  • Implementation of corrective measures to prevent recurrence. 
  • Reporting any privacy or security incident to the affected health information custodian. 

Privacy Officer & Contact Information

Novari Health has a designated Privacy Officer responsible for overseeing privacy compliance, ensuring adherence to privacy regulations, managing privacy incident responses, and implementing best practices related to privacy software features and requirements. The Privacy Officer is also responsible for conducting privacy assessments, coordinating with healthcare organizations to ensure privacy standards are maintained, and continually enhancing privacy safeguards within Novari Health’s systems. 

For questions, concerns, or requests related to this policy, please contact: 

Privacy Officer 
Novari Health 
Suite 401 – 1473 John Counter Blvd. 
Kingston, ON, K7M 8Z6 
Email: privacy@novarihealth.com 

Policy Review & Updates

This policy is reviewed and updated regularly to ensure continued compliance with recognized data protection standards and applicable privacy regulations. Updates will be made available on this website. 

Back to Top