The Personal Information Protection and Electronic Documents Act is a Federal Act that comes into force January 1, 2004. It requires any business or group (non-profit or otherwise, that performs “commercial transactions” (buying or selling), to take responsibility for the personal information they collect.
Personal information is defined as anything other than the sort of information that appears on a business card or in a phone listing. This would include credit card information, dates of appointments, buying preferences, records of past purchases, health information, and any other information that can be connected with a person.
In addition PIPEDA gives people more clearly defined rights to control their personal information.
Private-sector businesses conducting commercial transactions in Ontario - including all disciplines of allied health clinics and solo practitioners - must handle personal information in accordance with Ontario’s privacy legislation:
This is because PHIPA has been deemed “Substantially Similar” to federal privacy law:
PHIPA Ontario, therefore, can in most cases be used in place of Canada’s federal law where health records are concerned. The law applies to all “health information custodians,” including allied health clinics delivering health care services and practitioners who provide health care for payment, regardless of whether the services are publicly funded or not.
You can read more about federal privacy law in Canada and how that relates to provincial law in our Guide document: PIPEDA and Other Privacy Laws in Canada.
Under the new act you have new rights.
This massage therapy and wellness clinic is a group cooperative clinic. We use a number of consultants that may, in the course of their duties, have limited access to personal information we hold. These include computer consultants, accountants, bookkeepers, website managers, and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
Like all healthcare professionals we collect, use and disclose personal information in order to serve our clients. The primary purpose for collecting personal information is to provide massage therapy treatment, manual osteopathic treatment, physiotherapy treatment, energy medicine treatment and naturopathic treatment. For example, we collect information about a client’s health history, physical condition and function, and social situation, in order to help us assess what their health needs are, to advise them of their options, and then to provide the healthcare they choose to have. A second purpose is to obtain a baseline of health and social information, so that in providing ongoing health services, we can identify changes that are occurring over time. It would be rare for us to collect such information without the client’s express consent. However this might occur in an emergency, or where we believe the client would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message on from our client and we have no reason to believe that the message is not genuine).
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples are:
We understand the importance of protecting personal information. To do so, the following steps have been taken:
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g. short forms, technical language etc.) We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
If there is a problem, we may ask you put your request in writing. If we cannot give you access, we will tell you within 30 days, if at all possible, and tell you the reason, as best we can.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we have formed. We may ask you provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we still agree to include in our file a brief statement from you on the point, and we will forward the statement to anyone else who received the earlier information.
If you have any questions about PIPED Act, the information we collect, and our privacy policies, please do not hesitate to speak with Nancy Scagnetti, Susan Scagnetti or Nikki Tugui, the privacy officers for this clinic.
If you wish to make a formal complaint about our privacy practices, you may make it in writing to the above privacy officers.p>firstname.lastname@example.org