Privacy and Confidentiality policy

This policy addresses the management and protection of confidential information within Friends for Mental Health. In particular, it deals with information concerning its members in good standing, members of the Board of Directors, staff members and volunteers.

It applies to relations between all persons, be the administrators, donors, staff members, volunteers, members, partners or any other person working or present in the various premises and/or activities of Friends for Mental Health.

It has the following objectives:

  • Ensure the privacy of individuals and the security of personal information held by Friends for Mental Health, both physically and electronically;
  • Establish guidelines for the exchange of information both inside and outside the organization's premises.

Context

In a context where new provisions are coming into force to regulate the protection of personal information and privacy (Bill 25), Friends for Mental Health wishes to revise its confidentiality and privacy policy with a view to keeping up to date and protecting the privacy and integrity of everyone connected with its organization.

Definitions

Personal information: any information relating to a natural person that enables that person to be identified, directly or indirectly.

Confidentiality: the act of limiting or prohibiting others from accessing private information obtained in the performance of one's duties.

Friends of Mental Health commitments: Friends for Mental Health is committed to the principles of :

Consent - Friends for Mental Health will only collect your personal information if you give us permission to do so by completing a consent form.

Responsibility - Friends for Mental Health assumes responsibility for the path of the information you provide and undertakes to handle it using methods that will protect its confidentiality.

Transparency - Friends for Mental Health is committed to complete transparency in the management of your personal information by informing you of its policy, having you sign a consent form and notifying you in the event of a privacy incident.

In concrete terms

Friends for Mental Health is committed to :

  • Ensure the security and confidentiality of information obtained;
  • Implement mechanisms to protect confidential information;
  • Ensure confidential handling of complaints;
  • Collect only necessary or useful data;
  • Apply the confidentiality policy in accordance with its values.

Discretionary standards

Anyone who has dealings with Friends of Mental Health that are not related to the performance of their duties must act with discretion. Accordingly, they must :

  • Respect the privacy of individuals;
  • Not divulge confidential information obtained within the organization;
  • Keep sensitive information confidential;
  • Act in accordance with the organization's values.

Information exchange standards, record keeping and security measures

Exchanging information outside Friends of Mental Health

The Board of Directors, management, volunteers and employees must not discuss issues, people or decisions specific to Friends for Mental Health with outsiders or persons not involved.

If this is not possible, ensure that the person concerned is not identified and that the discussion takes place in a place conducive to confidentiality.

If this is the case, ensure that telephone conversations dealing with confidential information are not overheard by other people.

Exchanging information with Friends for Mental Health

Friends for Mental Health is committed to :

  • Limit the exchange of information to team members during team meetings, and do so in a secure area (e.g. office with closed door);
  • Avoid discussing files, people or decisions outside these times. If this is not possible, make sure you do not identify the person concerned, and discuss in a place that ensures confidentiality;
  • Ensure that telephone conversations dealing with confidential information are not overheard by others.

Rules governing record-keeping

Friends for Mental Health is committed to

  • Only record true, relevant and necessary information;
  • Avoid noting personal comments, thoughts or perceptions, and stick to the facts reported by the person concerned or observed by the caregiver.

Security measures to limit access to information

Offices

  • Keep files closed and in a safe place, in accordance with Friends of Mental Health standards;
  • Secure filing cabinets containing members' and employees' files, as well as those containing personal information, outside office hours or in the absence of their managers.

Database

  • Our database of confidential customer information is connected to a secure server owned by Friends for Mental Health.
  • Access to Filemaker is secured by different passwords for each employee.
  • Access to confidential information is restricted according to the employee's position within the organization.

Computers and other equipment

  • Change passwords (server, computer, voicemail or other) as needed;
  • Ensure computer system security;
  • Ensure website security;
  • Use 2-step access for e-mail addresses and Google Drive access;
  • Follow the contingency plan: report confidentiality incidents to the Commission d'accès à l'information du Québec.

Procedures for storing and destroying confidential files

Friends for Mental Health respects the right to de-index any person who is directly or indirectly connected with its activities. Therefore, any person who requests may acquire the right to be forgotten and have all their personal information deleted from Friends for Mental Health computer and physical systems.

In addition, Friends for Mental Health undertakes to :

  • Identify an expiry date (retention period) for personal information that may become useless over time;
  • Ensure that closed files are shredded by a member of the work team or the Board of Directors at the end of the retention period;
  • Destroy all other confidential documents in the same way.

Personal rights

Portability - Any individual whose personal information is held by Friends for Mental Health is entitled to request access to that information within a reasonable time and in a common format.

De-indexing - Anyone who requests can acquire the right to be forgotten and have all their personal information deleted from Friends of Mental Health's computer and physical systems.

Terms and conditions

The management or coordination of Friends for Mental Health is responsible for the implementation and application of the confidentiality policy.

Directors, management/coordination, employees and volunteers are required to complete a confidentiality policy commitment form as soon as the policy comes into effect.

In the event of non-compliance with the confidentiality policy by management or coordination, the Board of Directors must intervene.

If a director, employee or volunteer has disclosed confidential information, the competent authority will impose a sanction in accordance with Friends of Mental Health's policies and regulations. The sanction may range from reprimand to exclusion.

Complaints process

Friends for Mental Health agrees to appoint a person responsible for all matters relating to confidentiality and the protection of personal information. The name of this person will be posted on the organization's website. All complaints may be forwarded to this person and will be handled in accordance with the appropriate procedure.

Effective date

This policy takes effect on September 5, 2023, following its adoption by the Board of Directors. It may be modified at the appropriate time after analysis. Amendments must respect the values and by-laws of Friends for Mental Health.

Scroll to Top