February 2, 2021 at 10:00am

To OPP Association Members, and our Partners:

Over the past several months, since the outset of the Encompas privacy breach in July of 2020, we have been committed to remedying the situation and remaining transparent and accountable to those who were affected.

We deeply value the positive and trusting relationship we feel fortunate to have built with Ontario Provincial Police Association (OPPA) members and their families. We also recognize that the privacy breach caused some members to feel concerned about placing their trust in the Encompas Mental Health Wellness Program, which we sincerely regret. Upholding your confidence is one of our highest priorities, which is why we took immediate action to address the incident and support those who are directly affected.

To the general OPPA membership, we wish to confirm:

  1. The breach has been contained, the disclosed information has been secured, and the platform has been updated to ensure that this does not happen again;
  2. The Information and Privacy Commissioner conducted a review of this matter, including the actions taken to remedy the breach, and concluded that the action taken by Dalton Associates were satisfactory and that no further review was required;
  3. A voluntary, independent, third-party security audit of the Encompas program concluded that Encompas’ policies are “more than satisfactory in meeting legislative and industry best practices” and that they did not observe any major or heightened risks that would be cause for concern; and,
  4. A feedback survey was launched on November 30, 2020 for all clients who accessed the Encompas Mental Health Wellness Program between March 30 and October 31, 2020 and we will be incorporating the valuable feedback we have received into the evolution of the Encompas program in the coming months.

The privacy breach was a very unfortunate incident, and we know that part of the reason that Encompas has been able to overcome it and continue to serve members of the OPPA over the past months is truly because of the members themselves. Encompas is your program; your engagement and feedback has been critical to the program’s ability to overcome this hurdle and evolve into a valuable resource for members. We sincerely appreciate and value the trust you have put in us, and will continue to engage with OPPA members to ensure that the Encompas Mental Health Wellness Program operates in a manner that is safe, secure, confidential, transparent, and of genuine assistance to those who need it.

While this will be our final formal communication related to the privacy breach, please know that should you have any questions or concerns about the breach or the Encompas program in general, please do not hesitate to reach out to our team at 1-888-245-5516 ext. 121, or encompas@daltonassociates.ca, and we will connect with you within 24 hours.

Sincerely,

Carl Dalton, MSW, RSW

Chief Executive Officer, Dalton Associates

O: 888-245-5516 x121 | F: 519-787-0773

www.daltonassociates.ca

July 31, 2020 at 5:00 pm

To OPP Association Members, and our Partners:

Over the past couple of weeks, we have worked diligently to address the privacy breach that occurred on the Encompas Portal. In the 25 years that Dalton Associates has been providing mental health services throughout the province of Ontario, we have never had a breach of this nature. Our clients’ trust in us, and in the confidentiality of their personal health information, are the reason our organization has been able to provide a safe and effective mental health services over the years, and we are committed to regaining any trust that has been lost as a result of the breach.

Since our initial communication about the breach, we have initiated a Recovery Plan to rebuild trust and confidence in the Encompas Mental Health Wellness Program. We are enhancing our existing Quality Assurance Program for Encompas, through which we have:

  • Disconnected the Encompas Portal, which was the access point where the breach occurred. Encompas clients can still access their plan of care by communicating with their Encompas Care Manager, who will ensure ongoing accessibility to the resources and information needed;
  • Confirmed the security of our IT system/platform, and that the breach occurred as a result of human error and not from a flaw in the program or a computer hack. We are assessing the functionality of the Portal to ensure Encompas clients have transparent and secure access to their plan of care and additional resources in the future;
  • Assigned an additional Masters-level Social Worker to our Clinical Leadership Team, to work directly with our Care Managers on a daily basis, to ensure compliance with our clinical and administrative standards;
  • Initiated an external/third-party audit of the Program’s security, IT systems in place, as well as the Program’s workflows, processes, and procedures;
  • Initiated the development of a Client Feedback Survey that will go out to every Encompas client, to glean their opinions on the Program, as well as any suggestions that will improve the Program’s offerings; and,
  • Created a dedicated Quality Assurance Manager position, which will oversee, implement, and integrate recommendations from the third-party audit of the Program’s security, as well as the information gathered from the Client Feedback Survey.

Our efforts to remedy this situation are ongoing, and we are committed to continuing to offer the Encompas Mental Health Wellness Program, with the ongoing support of the OPP Association, in a way that is safe, transparent and of genuine support to those who reach out for help.

Should you have any questions or concerns, please do not hesitate to reach out to our team at 1-888-245-5516 Ext. 121 or encompas@daltonassociates.ca. I, or a member of the team, will arrange to contact you to answer your questions.

Sincerely,

Chief Executive Officer, Dalton Associates

O: 888-245-5516 x121 | F: 519-787-0773

www.daltonassociates.ca

July 10, 2020 at 12:00 pm

To OPP Association Members, and our Partners:

We regret to inform you that on July 2, 2020, a privacy breach occurred on the online Encompas Portal. Some limited personal information about certain Ontario Provincial Police Association (OPPA) members who had contact with the Encompas Mental Health Wellness Program was inadvertently disclosed to one (1) individual who contacted the program. The affected OPPA members have been notified by secure email transmission with follow-up phone calls occurring during the period of July 6-8, the breach was isolated within minutes of Encompas being made aware of the situation, and the Encompas team is actively working with legal counsel to secure the information. As a result of the investigations that were immediately conducted, we have determined that the breach occurred as a result of a human error, and not from a flaw in the program or as a result of a computer hack. The process that permitted this error to occur has been rectified. A report has also been submitted to the office of the Privacy Commissioner of Ontario and we will be acting on their recommendations, once received.

This breach did not result in any information held by the OPPA being disclosed, and impacts only certain OPPA members who contacted the Encompas program, or whose family members or dependants contacted the Encompas program.

Privacy and confidentiality for clients are cornerstones of the Encompas program and are integral to the provision of mental health services to OPPA members, COA members, retired members and their families, and the Encompas team has taken immediate steps to investigate and resolve this breach, and to prevent any further breach from occurring. While our investigation into this matter is ongoing, we have determined that: (a) we have complete information regarding the identity of those individuals who are affected by this breach and the exact information that was disclosed; (b) the breach was limited to one (1) individual member obtaining access on one (1) occasion and we are fully committed to ensuring that the information is secured and contained as quickly as possible; and (c) the breach occurred through human error in a dual-step authorization process that has now been updated to prevent the possibility of any future breach. We know that this error will have significant impacts on your trust in our program and for this, we sincerely apologize. We are taking this matter extremely seriously, and are committed to regaining your trust in the Encompas program, which we believe provides much needed services for OPPA members, offering unprecedented access to mental healthcare that is typically difficult to navigate, as well as transparency in the process (e.g., one’s ability to view their Plan of Care). The Encompas program is powered by Dalton Associates, a leader in providing dependable, safe and accessible mental health services for over 25 years. We have been careful to ensure the technology we use, and the processes we have put in place, are compliant with legislated privacy laws and are secure. We want to assure you that we have, since the launch of the Encompas program, strictly adhered to our privacy policies and protection measures in place to safeguard OPPA members confidential information.

All affected OPPA members have been sent individual notifications, but if you are concerned that you may have been affected by this breach and have not yet received an email or call from Encompas, please contact encompas@daltonassociates.ca.

If you would like more information about the Encompas privacy policies, including our privacy breach protocols, please visit our Privacy Policy and our Privacy Policy FAQ.

Sincerely,

Carl Dalton, and The Encompas Leadership Team

Chief Executive Officer, Dalton Associates

O: 888-245-5516 x121 | F: 519-787-0773

www.daltonassociates.ca