Privacy of personal information is important to Highland Physio. We will collect, use and disclose personal information responsibly, and only the extent necessary for the services we provide. We also try to be open as to how we handle your information.
WHAT IS PERSONAL INFORMATION?
Personal information is information that allows someone to identify an individual. This includes information that relates to their personal characteristics (age, income, address or phone number) their health, or their activities and views (opinions expressed, or evaluation of an individual). This is not the same as business information, which is not protected by privacy legislations.
WHO WE ARE
Highland Physio is made up of Physiotherapists, Kinesiologists, Massage Therapists, and support staff. We use a number of consultants and agencies, that may, in the course of their duties, have limited access to personal information we have. These include bookkeepers and accountants, temporary workers to cover holidays, credit card companies, insurance companies, cleaners and lawyers. We restrict their access to any personal information we have obtained as much as is reasonably possible. We also have signed confidentiality agreements that they will follow appropriate privacy principles.
WHY WE COLLECT PERSONAL INFORMATION
Like all rehabilitation professionals, we collect, use and disclose personal information in order to serve our clients. The main purpose for collecting this information is to provide rehabilitation treatment. We collect information about health history, physical condition, function and social situation in order to help us assess their health needs are, to advise them of their options and then to provide the health care they choose to have. A second reason is to obtain a baseline of health and social information so that in providing ongoing health services, we can identify changes that are occurring over time. It would be rare for us to collect such information without the express consent of the patient, but this might occur in an emergency, or where we believe the patient would consent if asked and it is impractical to get consent.
RELATED REASONS FOR COLLECTING PERSONAL INFORMATION
The most common examples of using personal information for non-treatment purposes are as follows:
- To invoice clients for services that was not paid for, to process credit cards, or to collect unpaid accounts.
- Our clinic reviews client and other files for the purpose that we provide high quality services, including the assessment of staff performance. External consultants may, on our behalf perform audits and continuing quality reviews of our clinics, including reviewing client files and interviewing our staff.
- Physiotherapists and other professional staff are regulated by their respective colleges, who may inspect our records and interview our staff as part of their regulatory activities. As professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. The company believes that it should report information suggesting illegal activities to the authorities. External regulators have their own strict privacy obligations. Various government agencies have the authority to review our files and interview our staff as a part of their mandates. In these cases, we may consult with lawyers or accountants before releasing information.
- Most of our goods and services are paid, either in whole or in part, by third parties (e.g., WSIB, private of auto insurance). These payers often have your consent or legal authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to this funding.
- Upon discharge, charts are kept for a minimum of ten years, massage therapy is ten years. This allows us to answer questions about treatment received in the past.
- In the unlikely event that The Company or its assets were to be sold, the buyer would want to conduct “due diligence”, to ensure that this is a viable business. This may involve review of accounting/service files. None of that information would be recorded, and the buyer would need to sign a written promise to keep all personal information confidential.
PROTECTION OF PERSONAL INFORMATION
Because we understand the importance of protecting personal information, we have undertaken to:
- Supervise or secure paper information in a locked or restricted area.
- Secure electronic hardware in a locked or restricted area. Computers are password protected. Our cell phones are digital, which is harder to intercept.
- Transmit paper information through sealed addressed envelopes or boxes labelled “Private and Confidential” by reputable couriers.
- Transmit electronic information either through a direct line or is anonymized or encrypted.
- Train our staff to collect, use and disclose personal information only as necessary to fulfill their duties.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We keep our clients’ paper files for at least ten years; massage therapy is ten years, after which time they are systematically destroyed by shredding. Electronic information is deleted, and when the hardware is discarded, we ensure that the hard drive is physically destroyed.
YOU CAN LOOK AT YOUR INFORMATION
With some exceptions, you have the right to view your files and personal information. Often all you need to do is ask. We will help you identify which records you need, or would like to view. We will help you to understand what is written, by providing a professional to review the file with you at an appointed time. We will ask you to put your request in writing. As well, there may be a fee charged to allow for the professional’s time. If your information is more than one year old, then there will be an additional fee to retrieve it from storage.
If we are unable to provide access, we will tell you within 30 days, as well as, as best we can, why we are unable to provide access.
If you believe that there is a mistake in the information, you have the right to ask it to be corrected. This applies to facts only, and not to any professional opinions. We will ask you to provide documentation that our files are wrong. Where we agree that we made a mistake we will make the correction and notify any involved third party. If we do not agree that there has been an error, we will include in our file a brief statement from you regarding the mistake and forward it to any involved third party.
DO YOU HAVE A QUESTION?
Our Information Officers, Rob McCall and Paul Jager, can be reached at:
Highland Physio Inc.
30 York Street
Dundas, ON, L9H 1L2
Questions or concerns about the competency of our staff may be directed to the Information Officers. If we cannot satisfy your concerns, you are entitled to complain to the appropriate regulatory body, as defined by the Regulated Health Professions Act (e.g.: The College of Physiotherapists of Ontario, The College of Massage Therapists of Ontario, etc).
This policy is made under the Personal Information Protection and Electronic Documents Act. This is a Complex Act and provides some additional exceptions to the privacy principles outlined above. There are some rare exceptions to the commitments set out above.
For more general inquiries, you may contact the Information and Privacy Commissioner of Canada. He can be reached at:
112 Kent Street
Ottawa, ON, K1A 1H3
Phone 613-995-8210/ Toll Free 800-282-1376/ Fax 613-947-6850/ TTY 613-992-9190