Our policy, our promise

Protection of Personal and Personal Health Information

1. What is personal and personal health information?
2. Why does CBI Health Group need to collect use and disclose your personal or personal health information?
3. Giving your consent
4. Withdrawing your consent
5. Safety and Accuracy of Personal or Personal Health Information
6. Right of Access
7. Right to request correction or amendment
8. Right to complain to the Chief Privacy Officer for CBI Health Group, federal or provincial Privacy Commissioner
9. Contacts

Commencing January 1^st 2004 the Personal Information Protection and Electronic Documents Act (PIPEDA) applied to all organizations in Canada that collect, use or disclose personal information in the course of doing commercial business. Quebec, British Columbia, Alberta and Ontario (privacy of health information) have enacted provincial legislation which has been deemed substantially similar to the federal legislation and organizations in these provinces have been granted exemption from PIPEDA with respect to their inter-provincial activities. Saskatchewan and Ontario's provincial privacy legislation do not apply generally to the private sector, as PIPEDA does, but rather only regulate health information. New Brunswick has also enacted private sector and health privacy legislation effective September 1^st 2010. 

In Ontario the Personal Health Information Protection Act (PHIPA) came into effect November 1st 2004. PHIPA applies to personal health information across many health care settings, including but not limited to, private clinics, Community Care Access Centres, (CCACs), hospitals, physician's offices, laboratories, diagnostic test facilities, long-term care facilities and homes for the aged. PHIPA considers that all regulated health professionals including physicians, physiotherapists, occupational therapists, chiropractors, massage therapists, psychologists and nurses are "Health Information Custodians" and as such have to abide by PHIPA, including having appropriate policies and procedures in place for the handling of personal health information. In New Brunswick similar principles apply to "Custodians", and in Saskatchewan the Health Information Protection Act establishes the rights of individuals and the obligations of "trustees" with respect to handling personal health information. The use of the word "Trustee" reflects the fact that they hold personal health information "in trust" and must mange it with the best interests of the individual in mind. Whether the term in use in your province is trustee or custodian it conveys a sense of care and responsibility that individuals who work in the health care sector must apply to the sensitive personal and health information entrusted to us by our clients. 

The existence of multiple laws dealing with the protection of information and privacy creates a complex framework from within which CBI Health Group will strive to provide the best possible care to our clients and at the same time to understand and respect your rights no matter where in Canada you are receiving services from CBI Health Group.

The protection of personal and personal health information is important principle to CBI Health Group and its affiliated and partnership organizations. CBI Health Group is committed to collecting, using, and disclosing personal and personal health information responsibly and ONLY to the extent necessary for the services we provide.

 

1.  What is personal and personal health information?

• Personal information includes any identifying information about you. CBI Health Group collects personal information from you such as your name, address, telephone number and when you offer it as a means of payment, your credit card information.
• Personal Health Information is any identifying information in writing or spoken about your physical or mental health; the provision of your health care; the eligibility or payment for your health care; the identity of the provider of your health care; and includes your health card number (a health care provider who does not use your health card for an authorized purpose cannot ask for the number).
• Personal Health Information also includes identifying information about you that is not personal health information but that is contained in the same record or file as personal health information about you.

CBI Health Group collects and generates personal and personal health information in the course of providing you with the services you, or someone else requests.

CBI Health Group has designated a Chief Privacy Officerto be accountable for the organization's compliance with the applicable privacy legislation, including the ten privacy principles set out in PIPEDA and other legislation: accountability; identifying purposes; consent; limiting collection; limiting use, disclosure and retention; accuracy; safeguards; openness; individual access and challenging compliance.

The Chief Privacy Officer, working with your local facility, will receive and respond to questions and complaints about CBI Health Group policies or practices with respect to personal or personal health information and requests for access or amendments to inaccurate personal or personal health information. For information on how to contact the Chief Privacy Officer, please see the end of this notice.

 

2.  Why does CBI Health Group need to collect use and disclose your personal or personal health information?

• To provide assessment, treatment or other services related to your injury or illness, functional restriction, disability or impairment and / or your claim for compensation or benefits.
• To obtain payment for the assessment and/or  treatment or other services we provide, and determine any entitlement to insurance coverage or other benefits
• To identify treatment outcomes and / or the extent of services provided, and share this information with CBI Health Group, payers (for example your insurance company, WCB/WSIB, CCACs) and referral sources (for example your doctor).

CBI Health Group also compiles information for its database that does not identify you (this is neither personal nor personal health information). The anonymous database is used to compile statistics for quality improvement initiatives, for example improving overall performance in different programs, and clinical outcomes research.

CBI Health Group may also collect, use or disclose your personal or personal health information if required by law to do so.

 

3.  Giving your consent

Your consent must be freely given. You need to understand the purposes for which CBI Health Group will collect, use or disclose your personal or personal health information before you give your consent and understand that you are able to withhold consent or may withdraw your consent after it has been given. You also need to understand the consequences of such refusal or withdrawal, which may include the inability of CBI Health Group to provide you with assessment, treatment or other services.

CBI Health Group will make all reasonable efforts to ensure that the purposes for which the information will be used are identified to you so that you can provide knowledgeable consent. A consent form will need to be signed by you or someone you designate, after you understand the purposes for the collection, use and disclosure. If you are unable to read the consent, a verbal explanation will be provided so that you can reasonably understand how your personal or personal health information will be collected, used or disclosed.

 

4.  Withdrawing your consent

You have the right to withdraw your consent to the collection, use or disclosure of personal or personal health information in whole or in part, at any time upon providing reasonable written notice to the manager of the facility you are attending. The manager is responsible for informing you of any potential consequences that may result from the withdrawal of your consent, prior to you making such a decision (for example it may limit the ability of CBI Health Group to provide you with assessment, treatment or other services).

If you withdraw your consent it is not retroactive, and does not apply to personal or personal health information already collected, used or disclosed by CBI Health Group.

The manager of the facility you are attending is required to notify the Chief Privacy Officer for CBI Health Group if you withdraw your consent, in whole or in part, so that any files related to you and held at another location or centrally, can be flagged to indicate your withdrawal of consent.

 

5.  Safety and Accuracy of Personal or Personal Health Information

We will strive to keep your personal or personal health information as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. If you return for a further course of treatment or service, the personal or personal health information in your file will be updated at that time.

CBI Health Group has established a variety of safeguards to protect personal and personal health information in its care, including organizational (for example: training its employees, having employees sign a "Confidentiality Obligation Agreement", performing an annual audit of privacy practices), physical (for example: locking filing cabinets, central filing of active charts, safe storage requirements for archived files, facility security systems) and technological (for example: encryption, virus protection, computer backup, password entry to computer system) safeguards.

CBI Health Group will retain your personal or personal health information for the time necessary to fulfill the purposes for which it was collected and to comply with its legal obligations and to meet its regulatory requirements

 

6.  Right of Access

You may request access to your personal or personal health information by written request addressed to the manager or supervisor of the facility or program you are attending. If you require assistance in preparing the request, the staff will help you.

CBI Health Group will provide a response to your request within 30 days, either providing access to the requested information, or providing a written notice of why an extension of the time to respond is required, or providing you with written reasons why access has been denied.

If your request for access is denied the Chief Privacy Officer will provide you with information about the recourse available through the Chief Privacy Officer for CBI Health Group, the provincial or federal Privacy Commissioner (for contact information see the end of this notice).

It is the responsibility of CBI Health Group staff to ensure that you understand the material to which access has been given. A suitable time should be arranged so that a member of staff or clinic manager can review the material with you and explain abbreviations or medical terminology to avoid any misunderstanding and misinterpretation.

 

7.  Right to request correction or amendment

You have the right to request the correction or amendment of any personal or personal health information held by CBI Health Group, if its accuracy and completeness is challenged and found to be deficient. CBI Health Group is obliged to correct a record that is not accurate or complete, unless CBI Health Group did not create the record, or the information to be amended consists of a professional opinion made in good faith.

If CBI Health Group does not agree to your request to correct or amend your personal or personal health information, this disagreement will be noted in your file, and your written request for the correction or amendment as well as the reasons for the refusal to amend will be included in your file.

When your personal or personal health information has been corrected or amended, or when a disagreement regarding amendment has occurred, all parties that have received the original personal or personal health information may be informed of the changes or informed of the disagreement if it is relevant to do so, and you instruct CBI Health Group to take that action.

 

8.  Right to complain to the Chief Privacy Officer for CBI Health Group, federal or provincial Privacy Commissioner

You have the right to address a complaint to the Chief Privacy Officer for the CBI Health Group if you believe CBI Health Group is not in compliance with its policies and management related to the protection of your personal or personal health information. The complaint must be put in writing and given to the manager of the clinic you are attending who will promptly inform the Chief Privacy Officer. The Chief Privacy Officer will investigate all complaints related to CBI Health Group's management of personal and personal health information.

When necessary the Chief Privacy Officer will work directly with the Director of Operations, manager/supervisor and staff involved, to implement corrective actions. This may involve training or notification of changes to privacy practices throughout the organization.

The Chief Privacy Officer will follow up with you to describe the actions taken and to determine if you are satisfied that your concerns have been resolved. If you are not satisfied, you may make a complaint to the provincial or federal Privacy Commissioner (depending on the subject matter of the complaint) using the contact information provided below. The Chief Privacy Officer for CBI Health Group can help you determine the correct Privacy Commissioner's office to contact in your situation.

 

9.  Contacts

Christina Boyle Chief Privacy Officer Vice President Risk & Corporate Compliance CBI Health Group Corporate Office 3300 Bloor Street West, West Tower, Suite 900, Toronto, Ont. M8X 2X2. Tel: (416) 231 0078 Ext 228 Web site: www.cbi.ca	Jennifer Stoddart Privacy Commissioner of Canada 112, Kent Street Place de Ville, Tower B, 3rd Floor Ottawa, Ontario K1A 1H3 Tel: 1-800-282-1376 Fax: (613) 947 - 6850 Web site: www.privcom.gc.ca
Ann Cavoukian Ph.D Information and Privacy Commissioner of Ontario 2 Bloor Street East, Ste. 1400 Toronto, ON M4W 1A8 Tel: (416) 326 3333 Fax: (416) 325 9195 Web site: www.ipc.on.ca	Gary Dickson QC Information and Privacy Commissioner of Saskatchewan 503 – 1801 Hamilton Street Regina, SK S4P 4B4 Tel: (306) 787 8350 Fax: (306) 798 1603 Web site: www.oipc.sk.ca
Elizabeth Denham Information and Privacy Commissioner, British Columbia P.O Box 9038, Stn. Prov. Govt Victoria, BC V8W 9A4 Tel: (250) 387 5629 Fax: (250) 387 1696 Web site: www.oipc.bc.ca	Frank J. Work QC Information and Privacy Commissioner, Alberta 9925 - 109 Street, #410 Edmonton, AB T5K 2J8 Tel: (780) 422 6860 Fax: (780) 422 5682 Web site: www.oipc.ab.ca
Anne Bertrand Access to Information and Privacy Commissioner, New Brunswick Sterling House, P.O Box 6000 Fredericton, NB E3B 5H1 Tel: (506) 453 2789 Fax: (506) 453 5599 Web site: www.gnb.ca/0073/index-e.asp	Dulcie McCallum Review Officer, Nova Scotia Box 181 Halifax, NS B3J 2M4 Tel: (902) 424 4684 Fax: (902) 424 8303 Web site: www.foipop.ns.ca
Jacques Saint-Laurent Chair, Commission d'acces a l'information du Quebec 575, rue Saint Amable Bureau 1.10 Quebec City, Quebec G1R 2G4 Tel: (418) 528 7741 Fax: (418) 529 3102 Web site: www.cai.gouv.qc.ca	Maria C. MacDonald Information and Privacy, Prince Edward Island 180, Richmond Street P.O Box 2000 Charlottetown, PEI. C1A 7N8 Tel : (902) 368 4099 Fax : (902) 368 5283 Web site: www.gov.pei.ca