Privacy Policy
1. Objective
To maintain privacy and confidentiality of data and clients.
2. Scope
This policy is applicable to all aspects of client and laboratory services.
3. Responsibility
All employees are required to adhere to the guidelines outlined in this document. All employees must sign an acknowledgement form to acknowledge that they have read and understood this policy. This document is reviewed annually by the Human Resources and IT (HR/IT) Manager and Quality Control Manager.
4. Privacy Policy
The Personal Information Protection and Electronic Documents Act (PIPEDA) became effective on January 1, 2004. Although as a provincially regulated employer, our interactions with employees/contractors are not governed by PIPEDA, we use its guidelines to help secure the collection and use of patient’s personal information with PGX Lab Solutions Inc. (PGX Lab). PGX Lab’s Privacy Officer is the Quality Control Manager of PGX Lab.
In response to the Act, PGX Lab has developed a Privacy Policy to comply with the Act. The following is our Privacy Policy:
- PGX Lab will adhere to the provisions and principles of the Personal Information Protection and Electronic Documents Act (PIPEDA).
- PGX Lab is committed to protecting the privacy, confidentiality, security, and accuracy of the personal information we have collected and will collect from our clients.
4.1. Consent and Use
PGX Lab collects patients’ personal information from its clients (healthcare providers) supported by consent and other forms. These forms will have a declaration for collecting personal information.
4.2. Information Collection
PGX Lab collects limited personal information for the specific purpose of processing pharmacogenomics testing that includes providing ongoing products and services offered by our current client, Personalized Prescribing Inc., and otherwise, for meeting regulatory requirements.
4.3. Disclosure
PGX Lab will disclose all the patient’s genetic information to the client.
The client may advise us in writing to cease using any information and destroy it. The client shall bear full responsibility for the consequences of their request.
PGX Lab will keep abreast of privacy legislation and developments and will amend our policies accordingly.
4.4. Deemed Notices
This document is available on our website (www.pgxlabsolutionos.com) and will be deemed our notification to the client(s) of our Privacy Policy. We will proceed with implementing our Privacy Policy as it applies to the client. They may notify us immediately if there is anything in our Privacy Policy that they do not agree with.
4.5. Personal Information Retention Policy
PGX Lab will maintain, keep, and archive the information collected on individuals in the course of our services for a period of 25 years unless the client requests that we destroy such information. PGX Lab will destroy the information in both electronic and paper form in a manner that ensures that the information cannot be used in any form by others.
5. Confidentiality Policy
The Privacy Policy sets out PGX Lab’s commitment for respecting and protecting the data we collect from our clients. The policy also sets out the confidentiality commitment PGX Lab requires from its employees and contractors. All PGX Lab’s information is the property of PGX Lab; employees/contractors may use the information strictly while performing their work at PGX Lab and may not be used by employees/contractors for any other purpose whatsoever.
PGX Lab’s employees/contractors may not remove any information from the office unless they obtain expressed approval from the CEO. All employees/contractors are required to sign this agreement and must abide by it. Employees/contractors must be aware that breaching the Confidentiality Agreement is serious and may result in termination of relationships and/or prosecution as afforded by law.
Outside Contractors must sign a confidentiality/non-disclosure agreement before they are provided access to any part of the PGX Lab system.
5.1. Transmission of Information
Information may not be removed from PGX Lab premises and may not be transmitted electronically or by any other means to persons outside PGX Lab. Any transmissions outside PGX Lab must be made only to the healthcare professional by email.
5.2. Destruction and Shredding
All paper information that is no longer needed must be placed in a shredding box to be shredded by our outside shredding contractors. Paper that does not contain private or confidential information may be placed in one of the blue recycling boxes.
5.3. Facilities Security
PGX Lab is committed to ensuring secure premises and a working environment. The office is guarded by a full security system 24/7. Each employee is issued a key to access the office building. The security system is armed during off-hours and employees need to disarm the security system with a unique code to identify persons entering the office in business and off-hours. The contractors are only allowed in the presence of an employee of PGX Lab.
The laboratory is always locked. Only authorized lab personnel are allowed to enter the lab. All other offices at PGX Lab are lockable offices, allowing each occupant to secure the contents of their office, if required. Only the reception area is accessible to visitors and/or vendors. Offices are kept closed when the assigned occupant is not present in their space for any period.
Employees/contractors must sign an acknowledgement that they have received their office key and security code and may never give it to any other employees/contractors under any circumstance and must always guard it well. If a key is forgotten or lost altogether, the employees/contractors need to approach the CEO or an authorized officer of the company to obtain entrance to their office and a new key if necessary.
5.4. User Authorization Key
Every employee is issued a user login and password as soon as they join the company. Employees/contractors are required to immediately change their password to one that only they know. Employees/contractors must never share their password with any other employees/contractors or person.
Passwords must be at least eight characters long and must contain at least one number and one capital character. PPI’s system passwords and application passwords are set not to expire as there is MFA (Multi Factor Authentication) enforced for all employee accounts. The organization conducts a file change review every month and the organization also has active monitoring of its digital technology infrastructure (e.g., Adlumin, Crowd strike). Thus, if any risks or breaches are identified, a system password change is initiated by the organization and all its users.
If passwords are set to be changed, re-use of the same password shall not be allowed. The initial password shall only be used one time (i.e., it shall be valid only for the involved user’s first login). Password shall be stored and transmitted in protected (e.g., encrypted or hashed) form, if possible.
Passwords shall be immediately changed if there is any suspicion of password compromise; and this shall be reported immediately to the CEO.
The HR/IT manager may not disclose the master passwords to any party unless the CEO has approved such disclosure in writing.
6. Amendments & Termination
PGX Lab reviews this policy annually and reserves the right to modify or terminate as required.
7. Related Documents
| Document No. | Document Name |
| GEN.43022-48750 | Laboratory Information System and Security Policy |
| GEN.59980-66100 | Physical Facilities |
8. Revision History
| Version | Date | Author | Summary of changes |
| 01 | 2024-10-30 | Michelle Fabros/ Amin Kerachian | Initial Release |
| 01 | 2024-10-30 | Amin Kerachian | Approved |
