We’re opening a new clinic at The Well! Stay tuned for more updates.
HEALTHONE’S POLICY ON THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
OBJECTIVE AND SCOPE OF POLICY
At HealthOne, safeguarding your confidentiality and protecting your personal and health information is fundamental to the way we do business. This commitment has not changed with the arrival of services delivered via the Internet or other such online services. Instead, it has been extended to ensure your experiences with us online areas private, secure and as safe as your dealings with us have been in and through traditional business media.
Our obligations as healthcare professionals are governed, in part, by the national and provincial regulations that govern each of our healthcare professionals as members of their applicable regulatory bodies and associations (e.g. Canadian Medical Association, College of Family Physicians of Canada, College of Physicians and Surgeons of Ontario, Collège des médecins du Québec, etc.). The obligations set out in this Policy apply to all professionals, employees, contractors and agents who provide services in connection with our delivery of services to our clients. Other applicable laws and internal policies govern the protection of Personal Information of partners, associates and employees of HealthOne.
For the purposes of this Policy, “Demographic Information” means any information other than personal Health Information (as defined below), recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information.
This Policy does not cover any information, recorded in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred from the information (“Aggregated Information”). HealthOne retains the right to use Aggregated Information in any way that it determines appropriate and reasonable.
For the purposes of this Policy, “Health Information” with respect to an individual, recorded in any form, means (a) information concerning the physical or mental health of the individual; (b) information concerning any health service provided to the individual; (c) information concerning the donation by the individual of any bodily substance or information derived from the testing or examination of a body part or bodily substance of the individual; (d) information that is collected in the course of providing health services to the individual; or (e) information that is collected incidentally to the provision of health services to the individual.
Demographic Information and Health Information are referred to collectively in this document as “Personal Information’’.
PROTECTING YOUR PRIVACY – OUR COMMITMENT TO YOU
We are committed to meeting or exceeding the privacy standards established by federal and provincial laws and industry standards. All of our information-handling practices comply with federal and applicable provincial laws including the Personal Information Protection and Electronic Documents Act (widely known either as “PIPEDA” or the “PIPED Act”), an initiative designed to further protect the privacy of Canadian consumers.
PIPEDA and all other applicable provincial laws have, as their core, the following 10 guiding privacy principles:
WHAT INFORMATION IS COLLECTED? WHY DOES HealthOne COLLECT PERSONAL INFORMATION?
At HealthOne, we generally collect two types of information from our clients and from web site visitors. With your consent, we collect Personal Information. We may also collect anonymous/non-personal information.
Personal Information is information that refers to you specifically, whether factual or subjective.
With your consent, we may gather personal information from you in person, over the telephone or by corresponding with you via mail, e-mail, facsimile, text messaging, social media platform(s), video/virtual conference (including consultations and appointments) or the Internet.
The types of Personal Information that we usually collect and maintain in your file may include, but are not limited to, your:
a) Demographic Information
b) Health Information
HealthOne collects only such information from individuals or organizations as is required for the purposes of providing services or information to them, marketing other services or products to them (as applicable), and for aggregated statistical analyses. To the greatest extent possible, we will collect Personal Information directly from the individual concerned. In certain cases, we will be required to collect Personal Information from other sources, including but not limited to your employer, treating physicians, consulting physicians, and insurers. In those cases, we will request your consent to obtain information from those sources.
In certain circumstances, HealthOne may also collect personal information relating to a client from sources other than the client, if justified by a serious and legitimate reason, and the information is collected in the interest of the client concerned and cannot be collected from him or her in due time.
We collect Personal Information for different purposes, depending on the type of service we are providing to you, your employer, or your insurer, as applicable.
These purposes may include:
ANONYMOUS / NON-PERSONAL INFORMATION
When you visit our web sites, information is not collected that could identify you personally unless you choose to provide it voluntarily. You are welcome to browse these web sites at any time anonymously and privately without revealing any personal or health information about yourself.
To help us better understand our markets, we may also gather information for analytical purposes by conducting anonymous client surveys, by extracting demographic information from existing files and from Statistics Canada.
OWNERSHIP OF PERSONAL INFORMATION
HOW DOES HealthOne OBTAIN CONSENT TO USE AND DISCLOSE PERSONAL INFORMATION?
In some cases, your consent to the use and/or disclosure of your Personal Information will be obtained verbally or in writing, through an informed consent form. In other cases, such as when you book an appointment over the Internet, your consent will be obtained electronically. In providing healthcare services, as outlined in the Canadian Medical Association’s discussion on privacy in medical practices, consent is implied for the collection, use and disclosure of Personal Information needed for care and treatment.
Your provision of Personal Information to HealthOne means that you agree and consent that we may collect, use and disclose your Personal Information in accordance with this Policy. If you do not agree with these terms, you are requested not to provide any Personal Information to HealthOne. Remember, the choice to provide us with Personal Information is always yours, and your consent for us to use your Personal Information can be withdrawn, in writing at any time. However, in providing healthcare services, your decision to withhold particular details may limit the services we are able to provide and make it more difficult for us to advise you, provide services to you, ensure the follow-up required by certain conditions, or suggest appropriate alternatives.
If we are unable to accommodate your request based on the information that has been provided, we may ask for additional details in order to identify other ways to be of assistance. In some instances, we may also maintain a file containing contact history that is used for client inquiry purposes.
As a condition of their employment, all employees of HealthOne are required to abide by the privacy standards we have established. They are also required to work within the principles of ethical behaviour as set out in our internal employee rules and must follow all applicable laws and regulations. Employees are well informed about the importance of privacy and they are required to sign either a code of conduct or a confidentiality agreement that prohibits the disclosure of any Personal Information to unauthorized individuals or parties.
Unauthorized access to and/or disclosure of client information by an employee of HealthOne is strictly prohibited. All employees are expected to maintain the confidentiality of Personal Information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
OUTSIDE SERVICE SUPPLIERS
In these cases, HealthOne may disclose Personal Information to organizations that perform services on our behalf. Personal Information will only be provided to such organizations with your informed consent, if they agree to use such information solely for the purposes of providing services to HealthOne and under the instruction of HealthOne and, with respect to that information, to act in a manner consistent with applicable laws and the relevant principles articulated in this Policy.
WHEN WOULD WE USE YOUR PERSONAL INFORMATION WITHOUT YOUR CONSENT?
Such circumstances may include:
Personal Information may also be subject to transfer to another organization in the event of a merger or change of ownership of all or part of HealthOne. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes permitted by, and in strict conformity with, applicable laws.
ACCURACY OF YOUR PERSONAL INFORMATION
As a client, you can request to check your information to verify, update and correct it (where appropriate).
Requests for access to your Personal Information should be made in writing (see the Contact Us section in this document for the information). After receiving the request, we will provide you with a reasonable cost estimate that reflects the cost of photocopying and staff time for generating the photocopied records. When the request is to see Health Information, in certain cases, the physician will review the record with those staff entrusted with this task.
If you only wish to view the original record, one of our staff must be present to maintain the integrity of the record. Again, a request to do so must be made in writing, and we will provide you with a reasonable cost estimate of the transcription, reproduction or transmission of such information.
In accordance with our obligations as healthcare providers, we will only refuse access to medical records in extremely limited circumstances; for example, when the information could reasonably be expected to seriously endanger the mental or physical health or safety of the individual making the request or that of another person, or if disclosure of the information would reveal personal health information about another person who has not consented to the disclosure. In this case, we will do our best to separate out this information and disclose the remaining information that is applicable.
If you have a sensory disability, we will give you access to your personal information in any alternative format you request if we already have it in that format or if its conversion into that format is reasonable and necessary in order for you to be able to exercise your rights under applicable laws. Again, a request to view your Personal Information in an alternative format must be made in writing, and we will provide you with a reasonable cost estimate that reflects the cost for such conversion.
CORRECTING YOUR PERSONAL INFORMATION
Should you identify any incorrect or out-of-date information in your file(s), we will make the proper annotations and provide you with a copy of the corrected information in a prompt manner. Where appropriate and/or applicable, we will also communicate these changes promptly to other parties who may have unintentionally received incorrect information from us.
For corrections to your Health Information, you can request changes to be made to your record and this request will be documented by an annotation in the record. However, we will only make changes to reflect factual inaccuracies, rather than correcting medical opinions, diagnoses, laboratory evaluations or other medical evidence, which we as healthcare providers are required to keep.
All requests to access or to make corrections and changes to your Personal Information must be made to us in writing. We will deal expeditiously with your request to see your information, and always respond to you within 30 days. If we need to extend the time, or we have to refuse your request, we will provide a written explanation, subject to any legal restrictions, and we will notify you of the new deadline, the reasons for the extension, and your rights under applicable legislation respecting the extension.
RETENTION AND DISPOSAL OF PERSONAL INFORMATION
The length of time we retain information varies, depending on the product or service and the nature of the information. This period may extend beyond the end of a person’s relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date.
For Health Information, depending on the particular service offered, we retain client medical records at least as long as required by law and provincial health regulations. In certain cases, this is 3 to 7 years after the examination, or 7 years after the last entry in the medical record. Currently, the principal places in which HealthOne holds Personal Information are in the cities in which HealthOne has offices and nearby municipalities where off-site storage facilities may be located, or, in instances where HealthOne uses third-party contractors to provide services to you (e.g. Physicians who perform independent medical evaluations, or nurses who perform paramedical examinations), at such premises for those third-party contractors.
When your Personal Information is no longer required for HealthOne’ purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form. We destroy our records in a way that protects client privacy in accordance with regulations made under appropriate provincial legislation. We use supervised shredding contractors who must adhere to contractual privacy obligations.
HealthOne further protects Personal Information by restricting access to it to those employees that the management of HealthOne has determined need to know that information in order that HealthOne may provide its services.
Our computer-security specialists build security into all our computer systems. For information stored in electronic format, this protects your information at all times, when it is stored in data files or handled by our employees. Our systems also protect your information if and when it is transmitted, for example, between our offices.
Our web sites or web applications where Personal Information is collected or stored use Secure Socket Layer (SSL) and 128-bit encryption technologies to enhance security when you visit the secured areas of these sites. SSL is the industry standard tool for protecting and maintaining the security of message transmissions over the Internet. When we access or send information from secured sites, encryption will scramble your data into an unreadable format to inhibit unauthorized access by others.
To safeguard against unauthorized access to your accounts, you are required to “sign-on” using an encrypted password to certain secured areas of our web sites (where applicable). If you are unable to provide the correct password, you will not be able to access these sections. Your password information is encrypted which is presently the most effective way to secure electronic data.
COMMUNICATING PERSONAL INFORMATION TO HealthOne
As do many organizations, HealthOne attempts to strike a reasonable balance between security and convenience. In communicating with clients and others, HealthOne often requests the right to use a method of communication that is less secure than some of its less convenient alternatives. An example of this is email. At this time, when we use email, it may be sent as unencrypted plain text. We do this because HealthOne believes that many of our clients and others cannot readily process encrypted email. This is done for their convenience but has the security concern that, if misrouted or intercepted, it could be read more easily than encrypted email.
HealthOne WEB SITES
AMENDMENT OF HealthOne’ PRACTICES AND THIS POLICY
CONTACTING US – QUESTIONS/ SUGGESTIONS ABOUT THIS POLICY
British Columbia: www.oipc.bc.ca
New Brunswick: https://oic-bci.ca/
Newfoundland and Labrador: www.oipc.nl.ca
Northwest Territories: https://atipp-nt.ca/
Nova Scotia: https://oipc.novascotia.ca/
Prince Edward Island: http://www.assembly.pe.ca/index.php3?number=1013943