Protection of Personal and Personal Health Information
Commencing January 1st 2004 The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all organizations in Canada that collect, use or disclose personal information in the course of doing commercial business. Quebec, British Columbia and Alberta have enacted provincial legislation that has been deemed substantially similar to the federal legislation (PIPEDA) and have been granted exemption from PIPEDA. Saskatchewan and Ontario have implemented provincial legislation but have not at this time been granted exemption from PIPEDA therefore in many provinces more than one piece of privacy legislation is in effect.
In Ontario the Personal Health Information Protection Act (PHIPA) came into effect November 1st 2004. PHIPA applies to personal health information across many health care settings, including but not limited to, assessment centers, private clinics, Community Care Access Centers (CCACs), Hospitals, physician's offices, laboratories, diagnostic test facilities, long-term care facilities and homes for the aged. PHIPA considers that all regulated health professionals including physicians, physiotherapists, occupational therapists, massage therapists, psychologists, nurses etc are "Health Information Custodians" and as such have to abide by PHIPA, including having appropriate polices and procedures in place for the handling of personal health information.
The existence of multiple laws dealing with the protection of information and privacy creates a complex framework from within which Concordia Physio Sport will strive to provide the best possible assessment services to our clients and at the same time understand and respect your rights.
Maintaining the protection of your personal or personal health information is important to Concordia Physio Sport and is required by law. Our organization is committed to collecting, using, and disclosing personal or personal health information responsibly and ONLY to the extent necessary for the services we provide.
What is personal and personal health information?
- Personal information includes any identifying information about you other than certain publicly available information set out in law or regulation.
- Personal Health Information is any identifying information in writing or spoken about your physical or mental health; the provision of your health care; the eligibility or payment for you health care; the provider of your health care; and where applicable includes your health card number (a health care provider who does not use your health card for an authorized purpose cannot ask for the number).
Concordia Physio Sport has designated a Chief Privacy Officer who is accountable for the organization's compliance with the 10 principles of protection of personal and personal health information. These principles are accountability; identifying purposes; consent; limiting collection; limiting use, disclosure and retention; accuracy; safeguards; openness; individual access and challenging compliance.
The Chief Privacy Officer, working with Concordia Physio Sport, will receive and respond to questions and complaints about our policies to protect personal or personal health information, requests for access to personal or personal health information and requests to amend or rectify inaccurate personal or personal health information.
Why does Concordia Physio Sport need to collect use and disclose your personal or personal health information?
- To provide assessment services related to your injury or illness, and / or your claim for compensation or benefits and to report the assessment findings to the referring agency.
- To obtain payment for the assessment services we provide, and determine any entitlement to insurance coverage or other benefits
- To identify the assessment services provided within a stated time period, and share this information with Concordia Physio Sport to plan the resources required for future assessment services.
Concordia Physio Sport also compiles information for its database that does not identify you (this is neither personal or personal health information). The anonymous database is used to compile aggregate statistics for quality improvement initiatives, for example improving overall performance in the timely provision of assessment services.
Concordia Physio Sport may also collect, use or disclose your personal or personal health information if permitted or required by law to do so.
You are required to know of, and give consent to, the collection, use or disclosure of your personal or personal health information.
Your consent must be freely given, you need to understand the purposes why Concordia Physio Sport will collect, use or disclose your personal or personal health information before you give your consent, and understand that you are able to withhold consent or may withdraw your consent after it has been given.
Concordia Physio Sport will make all reasonable efforts to ensure that the purposes for which the information will be used are identified in order that you can provide knowledgeable consent. A consent form will be used to explain the purpose of the personal information to be collected and identify to whom information will be disclosed. If you are unable to read the consent, a verbal explanation will be provided so that you can reasonably understand how your personal or personal health information will be collected, used or disclosed.
Concordia Physio Sport will not collect, use or disclose your personal information without your consent unless otherwise permitted or required by a professional regulatory body or by law.
Withdrawing your consent
You have the right to withdraw your consent to the collection, use or disclosure of personal or personal health information in whole or in part, at any time upon providing reasonable written notice to the manager of Concordia Physio Sport. The manager is responsible for informing you of any potential consequences that may result from the withdrawal of your consent, prior to you making such a decision (for example it may limit the ability of Concordia Physio Sport to provide your assessment services).
If you withdraw your consent it is not retroactive, and does not apply to personal or personal health information already collected, used or disclosed by Concordia Physio Sport.
The manager of Concordia Physio Sport is required to notify the Chief Privacy Officer for CBI Health if you withdraw your consent, in whole or in part, so that any files related to you and held at another location or centrally, can be flagged to indicate your withdrawal of consent.
Concordia Physio Sport will retain your personal or personal health information for the duration necessary to fulfill its stated purposes, its legal obligations or its regulatory requirements.
Your personal or personal health information will be kept as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. If you return for a further assessment service, the personal or personal health information in your file will be updated at that time.
Concordia Physio Sport has established a variety of safeguards to protect personal and personal health information in its care, including organizational (for example: training its employees, having employees sign a "Confidentiality Obligation Agreement", performing an annual audit of privacy practices) physical (for example: locking filing cabinets, central filing of active charts, safe storage requirements for archived files, clinic security systems) and technological (for example: virus protection, computer backup, password entry to computer system) safeguards.
Right of Access
You may request access to your personal or personal health information, by making the request in writing and address it to the manager of Concordia Physio Sport. If you require assistance in preparing the request, the staff will help you.
Concordia Physio Sport will provide a response to your request within 30 days, either providing access to the requested information, providing a written notice of why an extension of the time to respond is required, or provide you with written reasons why access has been declined.
If your request for access is denied the Chief Privacy Officer will provide you with information about the recourse available through the Chief Privacy Officer for Concordia Physio Sport, the provincial or federal Privacy Commissioner (for contact information see the end of this notice).
It is the responsibility of Concordia Physio Sport staff to ensure that you understand the material to which access has been given. A suitable time must be arranged so that a member of Concordia Physio Sport staff can review the material with you and explain abbreviations or medical terminology to avoid misunderstanding and misinterpretation.
Right to request correction or amendment
You have the right to request correction or amendment of any personal or personal health information, if its accuracy and completeness is challenged and found to be deficient. Concordia Physio Sport is obliged to correct a record that is not accurate or complete, unless Concordia Physio Sport did not create the record, or the information to be amended consists of a professional opinion made in good faith.
If Concordia Physio Sport does not agree to your request to correct or amend your personal or personal health information, this disagreement will be noted in your file, and include your written request for correction or amendment as well as the reasons for the refusal to amend.
When your personal or personal health information has been corrected or amended, or when a disagreement regarding amendment has occurred, all parties that have received the original personal or personal health information will be informed of the changes or informed of the disagreement if it is relevant to do so.
Right to complain to the Chief Privacy Officer for Concordia Physio Sport, federal or provincial Privacy Commissioner
You have the right to address a challenge to the Chief Privacy Officer if you believe Concordia Physio Sport is not in compliance with its policies and management related to the protection of your personal or personal health information. The complaint must be put in writing and given to the manager of Concordia Physio Sport who will promptly inform the Chief Privacy Officer. The Chief Privacy Officer will investigate all complaints related to Concordia Physio Sport management of personal and personal health information.
When necessary the Chief Privacy Officer will work directly with the manager and staff involved, to implement corrective actions. This may involve training or notification of changes to privacy practices throughout the organization.
The Chief Privacy Officer will follow up with you to describe the actions taken and determine if you are satisfied. If you are not satisfied that you have received adequate redress from Concordia Physio Sport, you may make a complaint to the provincial or federal Privacy Commissioner using the following contact information:
Ronald Kruzeniski, Q.C.
Anne Bertrand, Q.C.
Karen A. Rose