Toronto Brain Health seeks to maintain the strictest standards of confidentiality and privacy with respect to your personal health information. We are committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for the services we provide. We aim to be open and transparent as to how we handle personal health information. This document describes our privacy policies.
Toronto Brain Health and its staff are bound by law and ethics to safeguard your privacy and the confidentiality of your personal health information. This information is regulated provincially under the Personal Health Information Act, 2004 (PHIPA) and federally under the Personal Information Protection and Electronic Documents Act, 2004 (PIPEDA). Moreover, confidentiality is an integral part of the code of ethics for regulated health professionals.
What is personal health information?
Throughout the course of your assessment and treatment with Toronto Brain Health personal health information is collected about you. Personal health information includes identifying information about an individual, such as their address of residence, birthdate, phone number, or email address. It can also include identifying details specific to an individual’s health such as physical or mental health problems and information about health services received, as well as identifying details specific to an individual’s activities (work, recreation, relationships) and their views and opinions. Personal health information may also include records of your visits to Toronto Brain Health and the care services that you received during those visits.
Some Reasons Why Personal Health Information is Collected
- To respond to people who are referred to us or who contact us by phone or email with information about the services we provide at Toronto Brain Health.
- To be able to diagnose and treat the psychological, physical and/or neurological challenges you may be facing, we need to know information about you such as your current age, educational history, work experience, social relationships, medical history, family history and the exact nature of the challenges you are experiencing and how they are impacting your life.
- To process payments for services
- To communicate with third party payers whom you have consented for us to disclose your personal information.
Limits of Privacy: Confidentiality
There are some limited circumstances where regulated healthcare professionals at Toronto Brain Health are required by law or by professional ethics to disclose your personal health information and where such disclosure can occur without your consent. These circumstances are primarily ones where either your, or another person’s, health and safety is believed to be at imminent risk. Depending on the nature of the circumstances this could include legal obligation to disclose information, for example to the Children’s Aid Society, Retirement Home Regulatory Authority, Ministry of Health and Long-Term Care, or the healthcare professional’s regulatory College. It also includes legal obligation to release information by court order, such as a subpoena, for the clinical health record or for testimony.
Personal Health information may be seen in the process of a formal audit by the government or by the healthcare professional’s regulatory College. These audits are strictly confidential, and a record of the audit will be inserted into any file reviewed by the auditors.
Toronto Brain Health uses a number of consultants and agencies that may, in the course of their duties, have limited access to some of the personal information we hold. These include computer consultants, office security and maintenance, bookkeepers and accountants, credit card companies, website managers, cleaners and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
Protecting Your Personal Information
- We ask your permission before we collect, use, or show your information to anyone for any purpose other than our main activities, such as providing care.
- Client personal health information is entered into an electronic medical record (EMR). Toronto Brain Health has taken reasonable steps to ensure these records are secure and protected from theft, loss and unauthorized use or disclosure, including copying, modification, or disposal.
- We take steps to ensure your information is not lost or stolen. We further ensure that your information is not copied, changed, shared, discarded or used unless permitted.
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic information is hosted on a secure server in Canada and is protected from unauthorized access, loss, theft, or disclosure.
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used on computers and telephone voicemail boxes.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
- Electronic information is transmitted either through a direct line or has identifiers removed or is encrypted.
- Personal Health Information is kept only for as long as it is needed or required by the healthcare professional’s College. Ten years for psychologists and physiotherapists, and fifteen years for medical doctors.
Electronic Medical Record (EMR) Safeguards
Only authorized staff use the EMR. No unauthorized person can access identifiable health information.
Each authorized user is assigned a unique identity in the EMR.
The information each authorized user can access is based on their role (e.g., a receptionist may have access only to client identification and appointment information).
The EMR is protected by password controls and data encryption.
Identifiable health information is always transmitted securely.
Data is regularly backed up and the backed-up data is stored securely.
Patient records within the EMR are accessible and readable for at least 10 years after the last patient visit, even if the technology has changed (as per the healthcare professional’s College regulations – see above).
Before any hardware containing EMR data is disposed of, all identifiable health information is removed and can never be reconstructed.
Retention and Destruction of Information
Toronto Brain Health needs to retain personal information of individuals inquiring about our services for a short period to ensure that we can adequately answer any questions you might have and for our own accountability to external regulatory bodies. However, we do not keep your personal information for more than a few months in order to protect your privacy.
We keep our client files for a minimum of ten years (as per the healthcare professional’s College regulations – see above). We keep any personal information relating to our general correspondence (i.e., with people who are not clients), pertaining to newsletters, seminars and marketing activities, for approximately six months after the newsletter ceases publication or a seminar or marketing activity is over.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed.
Seeing and correcting your personal health information
With only a few exceptions, a client and/or the substitute decision maker legally responsible for a client have the right to see what personal information we hold about the client. Often all you have to do is ask. We will also try to help you understand any information you do not understand (e.g., abbreviations, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests. If there is a problem, we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If a client believes that there is a mistake in the information, he/she or the substitute decision maker has the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
Questions or concerns about your privacy
Our currently designated Privacy Officer is Dr. Sabrina Lombardi, Ph.D., C. Psych. You may contact our Privacy Officer by phone at 416-258-2367, by e-mail at firstname.lastname@example.org or by mail at:
Privacy Officer, Toronto Brain Health 20 De Boers Drive, Suite 535 Toronto, ON, M3J 0H1
If you have a concern about the professionalism or competence of our services or the mental or physical capacity of any of our professional staff, we ask that you discuss those concerns with us directly. However, if we cannot satisfy your concerns, you may take your concern to the appropriate healthcare regulatory body:
College of Psychologists of Ontario
110 Eglinton Avenue West, Suite 500
Toronto, Ontario, M4R 1A3
You have the right to complain to the Information and Privacy Commissioner/Ontario if you think we have violated your rights.
The Commissioner can be reached by phone at 416-326-3948, by fax at 416-325-9195, by e-mail at email@example.com, through www.ipc.on.ca or by mail at:
Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8