Health in Hands Massage Therapy and Wellness Clinic – Privacy Policy
Frequently Asked QuestionsYour Personal Information, the PIPED Act and Your Therapist
The Personal Information Protection and Electronic Documents Act is a Federal Act that comes into force January 1, 2004. It requires any business or group (non-profit or otherwise, that performs “commercial transactions” (buying or selling), to take responsibility for the personal information they collect.
Personal information is defined as anything other than the sort of information that appears on a business card or in a phone listing. This would include credit card information, dates of appointments, buying preferences, records of past purchases, health information, and any other information that can be connected with a person.
In addition PIPEDA gives people more clearly defined rights to control their personal information.
Privacy Laws for Health Records in Ontario
Private-sector businesses conducting commercial transactions in Ontario - including all disciplines of allied health clinics and solo practitioners - must handle personal information in accordance with Ontario’s privacy legislation:
This is because PHIPA has been deemed “Substantially Similar” to federal privacy law:
PHIPA Ontario, therefore, can in most cases be used in place of Canada’s federal law where health records are concerned. The law applies to all “health information custodians,” including allied health clinics delivering health care services and practitioners who provide health care for payment, regardless of whether the services are publicly funded or not.
You can read more about federal privacy law in Canada and how that relates to provincial law in our Guide document: PIPEDA and Other Privacy Laws in Canada.
Ontario
- Clinics in Ontario will follow: PHIPA Personal Health Information Protection Act – Ontario’s provincial law specifically for health records. It has legally been deemed “Substantially Similar” to PIPEDA, and this is the law allied health clinics in Ontario will need to follow.
- To contact the Privacy Commissioner of Ontario: Toronto Area: 416-326-3333. Long distance: 1-800-387-0073. By email: info@ipc.on.ca. The Commissioner urges: “It is an unfortunate reality of the present Internet that communications carried over it are neither secure nor verifiable. Do not send personal information by e-mail.”
What Does This Mean To You?
Under the new act you have new rights.
- To see any personal information collected about you.
- A business must inform you of what information is collected, why it is being collected, used or disclosed, who will be able to see it, and have your consent to collect it.
- You have the right to request a correction to any of your personal information.
- You have a process available through The Privacy Commissioner of Canada if our response is not satisfactory.
Who We Are
This massage therapy and wellness clinic is a group cooperative clinic. We use a number of consultants that may, in the course of their duties, have limited access to personal information we hold. These include computer consultants, accountants, bookkeepers, website managers, and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
We Collect Personal Information: Primary Purposes
Like all healthcare professionals we collect, use and disclose personal information in order to serve our clients. The primary purpose for collecting personal information is to provide massage therapy treatment, manual osteopathic treatment, physiotherapy treatment, energy medicine treatment and naturopathic treatment. For example, we collect information about a client’s health history, physical condition and function, and social situation, in order to help us assess what their health needs are, to advise them of their options, and then to provide the healthcare they choose to have. A second purpose is to obtain a baseline of health and social information, so that in providing ongoing health services, we can identify changes that are occurring over time. It would be rare for us to collect such information without the client’s express consent. However this might occur in an emergency, or where we believe the client would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message on from our client and we have no reason to believe that the message is not genuine).
We Collect Personal Information: Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples are:
- To invoice clients for goods or services, or to collect unpaid accounts.
- To advise clients of appointments
- To advise clients and others of special events (e.g., seminars, new services or product) that we have available.
- Massage Therapists are regulated by the College of Massage Therapists of Ontario, who may inspect our records and interview us as a part of their regulatory activities in the public interest. In addition, as professionals, we report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. External regulators have their own strict privacy obligations. Sometimes these include personal information about our clients, or other individuals, to support the concern (e.g., improper services). Also, various government agencies (e.g., Canada Customs and Revenue Agency, Information and Privacy Commissioner, etc.) have the authority to review our files and interview us as a part of their mandates. In these circumstances, we may consult with professionals (e.g., lawyers, accountants) who will investigate the matter and report back.
- With your written permission, information may be shared with an insurance company, lawyer or other health care practitioner. As the information requested may be different, it will be addressed on a case-by-case basis.
- Clients or other individuals we deal with may have questions about our goods or services after they have been received. We also provide ongoing services for many of our clients, over a period of months or years, for which our previous records are helpful. We retain our client information, for a minimum of ten years after the last contact to enable us to respond to those questions and provide these services (our regulatory College also requires us to retain our client records).
- On our website, we only collect the personal information you provide, and only use that information for the purpose you gave it to us (e.g. to respond to your email).
Protecting Personal Information
We understand the importance of protecting personal information. To do so, the following steps have been taken:
- Paper information is either under supervision or secured in a locked area.
- All of our devices are password protected.
- Paper information is transmitted through sealed addressed envelopes or boxes by reputable companies.
- External consultants and agencies, with access to personal information, must enter into privacy agreements with us.
- We destroy paper files by shredding. We destroy electronic information by deleting it and, when hardware is discarded, we ensure that the hard drive is physically destroyed.
You Can Look At Your Information
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g. short forms, technical language etc.) We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
If there is a problem, we may ask you put your request in writing. If we cannot give you access, we will tell you within 30 days, if at all possible, and tell you the reason, as best we can.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we have formed. We may ask you provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we still agree to include in our file a brief statement from you on the point, and we will forward the statement to anyone else who received the earlier information.
Questions?
If you have any questions about PIPED Act, the information we collect, and our privacy policies, please do not hesitate to speak with Nancy Scagnetti, Susan Scagnetti or Nikki Tugui, the privacy officers for this clinic.
If you wish to make a formal complaint about our privacy practices, you may make it in writing to the above privacy officers.
p>healthinhandswellness@gmail.com