The following policy outlines how we safeguard the privacy of personal health information and records, and our privacy commitment to patients. All staff are required to adhere to this policy.
Collection, Use and Disclosure of Personal Information
We collect the following personal information:
Patient Identification and Contact Information (examples are name, address, date of birth)
Billing Information (example is private insurance information)
Health Information (examples are medical histories, test results, reports and treatments)
When And To Whom Do We Disclose Personal information:
Implied Consent for the Provision of Care: By virtue of seeking care from us, consent is implied (assumed) for information to be used by the company to provide care and to share information with others involved in your care.
Disclosure to Other Health Care Providers: Relevant information is shared with other providers involved in a patient’s care including, but not limited to, other physicians and specialists, pharmacists and lab technicians.
Disclosures Authorized by Law: There are limited situations where we are legally required to disclose personal information without your consent. These situations include, but are not limited to, billing provincial health plans, infectious disease control, fitness to drive or by court order.
Disclosures to All Other Parties: Express consent is required before we will disclose patient information to third parties for any purpose other than to provide care or unless we are authorized to do so by law. Examples of disclosures to third parties requiring express consent include, but are not limited to, third party medical examinations, provision of charts or chart summaries to insurance companies and enrollment in research studies or trials.
Withdrawing Consent: A patient may withdraw consent to have your information shared with other health care providers or other parties at any time, except where disclosure is authorized by law. We ask patients to first discuss this with their physician.
Patient Rights
How To Access Personal Information Held at This Clinic: Patients have the right to access records in a timely manner. If they request a copy of a record, one will be provided at a reasonable cost. If they wish to view the original record, one of our staff must be present to maintain the integrity of the record, and a reasonable fee may be charged for this access. Patient requests for access to medical information may be made verbally, in writing, directed to a physician or to office staff
Limitations On Access: In extremely rare circumstances access may be denied, but only if providing access would create a significant risk.
What If A Patient Fees A Record Is Not Accurate: We make every effort to ensure that all of information is recorded accurately. If an inaccuracy is identified, the patient may request that a note be made in the file to reflect this.
Privacy Safeguards
Privacy of Information: We take steps to protect the privacy of personal information, regardless of the format in which it’s stored (paper or electronic). These steps protect your personal health information against issues such as theft and loss as well as unauthorized access, use, disclosure, modification or copying. We take many steps to ensure the privacy of personal information is protected and used only for authorized purposes. These include, but are not limited to, Physical, Organizational and Technological methods.
Physical and Organizational Methods: Examples of physical methods by which the privacy of personal information is ensured include, but are not limited to, storing information in secure and locked cabinets, drawers, areas or offices and restricting access to these areas whenever possible. Examples of organizational methods include, but are not limited to, limiting those staff that are granted access to personal health information.
Technological Methods: Examples of technological methods include, but are not limited to, the appropriate use of passwords and the “encryption” (coding of electronic information) of documents and email correspondence and their associated procedures. In addition, adherence to Information Technology Policy supports compliance towards maintaining privacy of electronic personal information.
Training and Compliance: In order to monitor and manage compliance with this privacy policy, we take various steps including training staff, conducting audits, developing and maintaining supporting policies and investigating and resolving any privacy complaints or questions
Destroying Personal Information: The use of appropriate confidential shredding bins are used for the disposal of personal information.
Length of Time Information Is Kept: We keep personal medical information records as required by law and professional regulations.
Complaint and Enquiry Process
If a patient feels the company has not replied to a request to access information, has not handled personal information in a reasonable manner or should a patient have questions concerning our privacy policy they may:
- Address their concern with their physician
- Contact our Privacy Officer at [email protected]
- Upon receiving any enquiries, the Privacy Officer will undertake an investigation
- Contact the provincial Information and Privacy Commissioner