Privacy Policy
By: Danielle Stirrett, Registered Physiotherapist
For physiotherapy services rendered at:
Dynamic Movement Chiropractic and Health Centre
3-110 Anne St. S.
Barrie ON L4N 2E3
PURPOSE
According to the Personal Information Protection and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA), it is required to have a privacy policy in place. The goal of this policy is to let the public know with transparency and openness exactly how I handle personal information. I understand how important my role is in protecting your privacy and I am committed to following all guidelines on maintaining the highest level of client confidentiality, as set out by the College of Physiotherapists of Ontario and the Province of Ontario. All of your information is protected and released only with your written consent. I am committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services I provide.
WHAT IS PERSONAL INFORMATION?
Under PIPEDA, personal information is any factual or subjective information, recorded or not, about an identifiable individual. This includes information that relates to their personal characteristics (e.g., age, name, home address, phone number, income, ethnic origin etc.), their physical and mental well-being (e.g., health history, health conditions, health services received by them etc.) or their activities and views (e.g., religion, politics, opinions, evaluations etc.).
WHO AM I?
My name is Danielle Stirrett. I am a Registered Physiotherapist with the College of Physiotherapists of Ontario. I am an independent contractor who will be providing physiotherapy services at Dynamic Movement Chiropractic and Health Centre. In my practice, I may use external consultants and agencies (e.g., computer consultants, lawyers, accountants, office security and maintenance, temporary workers to cover holidays and cleaners etc.). These individuals may, in the course of their duties, have limited access to personal information I hold. I restrict their access to any personal information I hold as much as is reasonably possible. I also have their assurance that they follow appropriate privacy principles through privacy and confidentiality agreements.
WHY DO I COLLECT PERSONAL INFORMATION?
Clients
As a physiotherapist, I collect, use and disclose personal information in order to serve my clients. My primary reason for collecting personal health information is to be able to competently assess and provide treatment for my clients. I collect information about a client’s health history, (e.g., their family history, physical condition, function, occupational and recreational activities etc.) in order to help me assess what their health needs are, to advise them of their options and then to provide the health care they choose to have. Other examples of the type of personal health information that I collect may include your name, date of birth, address, records of your sessions and details of the treatment that you received during your sessions. Another reason I collect personal information is to obtain a baseline of health and social information so that in providing ongoing health services, I can identify changes that are occurring over time. It would be rare for me to collect such information without the client’s consent, but this might occur in an emergency situation (e.g., the client is unconscious). Other purposes your personal health information may be used and disclosed include:
-
Receiving or directly invoicing for payment for your assessments and treatments (e.g., to your private insurer)
-
Conducting risk management and quality improvement initiatives
-
Complying with legal and regulatory requirements
-
Fulfilling other purposes permitted or required by law
With your consent, I will collect your personal health information directly from you, or from the person acting on your behalf. I may sometimes collect personal health information about you from other sources, only if I have obtained your consent to do so, or if the law permits.
Other Reasons
-
To collect payment by invoicing clients for services that were not paid for on the day the service was rendered or to process credit card payments.
-
To advise clients and others of new opportunities (e.g., development of a new service).
-
I periodically review client and other files for the purpose of ensuring that I provide high quality services. In addition, external consultants (e.g., lawyers, auditors, practice consultants etc.) may on my behalf do audits and continuing quality improvement reviews of my practice, including reviewing client files.
-
Physiotherapists are regulated by the College of Physiotherapists of Ontario, who may inspect my records as a part of their regulatory activities in the public interest.
-
It is my duty and professional obligation to report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to the same or other organizations. Also, I will report information suggesting serious illegal behaviour to the authorities. External regulators have their own strict privacy obligations and may require access to personal information about my clients, or other individuals, to investigate a serious concern. Also, like all organizations, various government agencies (e.g., Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commission, etc.) have the authority to review my files as part of their mandates. In these circumstances, I may consult with professionals (e.g., lawyers, accountants) who will investigate the matter and provide me with advice on how to proceed.
-
Sometimes, the cost of services is covered in part or in full by third parties (e.g., private insurance). These third party payers often have the client’s consent or legislative authority to direct me to collect and disclose to them certain information in order to demonstrate client entitlement to funding.
-
Clients or other individuals I deal with may have questions about my services after they have been received and, in some cases, I see clients for long periods of time, over many months or years. I retain client information for a minimum of 10 years after the last contact to enable me to respond to those questions, provide quality services and abide by my regulatory College rules.
Please note that you can withdraw your consent from some of the above uses and disclosures (subject to legal exceptions) by contacting me.
Contact Person:
Danielle Stirrett, Registered Physiotherapist
Email: daniellephysiotherapy@gmail.com
PROTECTING PERSONAL INFORMATION:
I understand the importance of protecting personal information from theft, loss, unauthorized access, copying, modification, use, disclosure and disposal. For that reason, I have taken the following steps:
-
Personal information stored on paper is kept to a minimum and is either under supervision or secured in a locked or unauthorized area at all times.
-
Electronic hardware is either under supervision or secured in a locked or unauthorized area at all times.
-
My computer is password protected.
-
Personal information stored electronically is password protected.
-
Personal information sent via mail is marked “private & confidential” and sealed in a privacy envelope.
-
Personal information sent via fax and email is only done with your consent and is marked “private & confidential”.
-
The following privacy statement will appear in all email correspondence directly from me:
The information in this email is private and confidential. This email is intended only for the use of the person or entity to which it was addressed. If you have received this email in error; please notify me immediately by reply email and permanently delete the original transmission from me, including any copies or attachments. If this email was not meant for you, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action based on this email, is strictly prohibited. Your cooperation is appreciated.
-
External consultants and agencies with access to personal information must enter into privacy and confidentiality agreements with me.
-
I will ensure to the very best of my abilities that everyone who performs services for me protects your privacy and only uses your personal health information for the purposes you have consented to.
RETENTION OF PERSONAL INFORMATION
I need to retain personal information to ensure that I can answer any questions clients might have about the services rendered and for my own accountability to external regulatory bodies. However, I do not want to keep personal information for too long in order to protect my client’s privacy.
I will keep client files for a minimum of 10 years from the later of the following two dates: the date of the last patient encounter OR the date that the patient reached or would have reached 18 years of age.
DESTRUCTION OF PERSONAL INFORMATION
I destroy paper files containing personal information by shredding. I destroy electronic information by deleting it. I destroy electronic data stored on hardware by physically destroying the hardware.
DID YOU KNOW THAT YOU CAN LOOK AT YOUR INFORMATION?
Please do not hesitate to contact me in order to access or correct your personal health records. With only a few exceptions, you have the right to see what personal information I hold about you. I can help you identify what records I might have about you and try to help you understand any information you do not understand (e.g., short forms, technical language, medical jargon etc.). I will need to confirm your identity before providing you with this access and I may ask you to put your request in writing.
If I cannot give you access for any reason, I will tell you within 30 days and if possible, tell you the reason, as best I can, as to why I cannot give you access.
If you believe there is an error in the information contained in your file, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formulated. Where I agree that I made a mistake, I will make the correction and notify anyone to whom I sent this information. If I do not agree that I have made a mistake, I will include a note in your file on the point in question and I will forward that note to anyone else who received the earlier information.
ANY QUESTIONS?
If you have any questions, please contact me and I will attempt to answer any questions or concerns you might have.
If you wish to make a formal complaint about my privacy practices, please make it out to me in writing. I will acknowledge receipt of your complaint; ensure that it is investigated promptly (within 30 days) and that you are provided with a formal decision and reasons in writing.
Contact Person:
Danielle Stirrett, Registered Physiotherapist
Email: daniellephysiotherapy@gmail.com
You also have the right to file a complaint to the Information and Privacy Commissioner of Ontario if you think I have violated your rights. The Privacy Commissioner can be reached at:
2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8
Tel: 416-326-3333
Long Distance: 1-800-387-0073
Fax: 416-325-9195
TTY: 416-325-7539
This policy is made by Danielle Stirrett (contact person) with guidance from the PIPEDA and PHIPA. These Acts are complex and provide some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitments set out above. Please refer to the entire Acts for more clarification.
For more general inquiries, the Privacy Commissioner of Canada provides advice and information for individuals about protecting personal information. They also enforce federal privacy laws. Contact the Office of the Privacy Commissioner:
30 Victoria Street, Gatineau, Quebec K1A 1H3
Tel: 819-994-5444
Toll-Free: 1-800-282-1376
Fax: 819-994-5424
TTY: 819-994-6591