Your Privacy Is Important
Canabo Medical Clinic is committed to maintaining the privacy and confidentiality of all personal health information that we collect, use and disclose. Canabo Medical Clinic strives to protect the privacy rights of our patients by meeting or exceeding the standards established by law, including the Personal Health Information Protection Act, 2004 (“PHIPA”).
Personal Health Information
“Personal health information” is identifying information about an individual in oral or recorded form. It includes any information about an individual’s health or health care history that could identify an individual when used alone or with other information.
What Information Do We Collect From You?
The types of personal health information Canabo Medical Clinic collects, uses and stores may vary depending upon the individuals involved and the nature of their relationship with the clinic. The information we collect may include, for example
- a patient’s name, address, date of birth, health card information, health history, family health history; and
- information related to assessment, diagnosis, medication, counseling and treatment.
With limited exceptions, we obtain most PHI directly from our patients and collect only as much information as is necessary to meet the purpose of the collection. Occasionally, we may collect information about you from other sources, including other health care providers, where we have obtained your consent to do so or if the law permits.
We will not collect PHI if other information we have will serve the purpose of the collection. In addition, we will not collect more PHI than is reasonably necessary to meet the purpose.
How We Use The Information We Collect
Canabo Medical Clinic will identify the purposes for which PHI is being collected, in advance, and will inform patients of these purposes. We will only collect, use and store information that is necessary for these purposes.
Patient’s personal health information may be used, for example:
- to provide assessment, treatment and other health care services;
- to obtain payment for health care services, including payment from the Ontario Health Insurance Plan;
- to conduct research (according to PHIPA procedures);
- for quality assurance purposes;
- to comply with legal and regulatory requirements; and
- to fulfil other purposes permitted or required by law to plan, administer and manage our internal operations.
If we intend to use your information for any other purposes, we will ask for your consent before doing so, unless required to do so by law.
When Do We Need Consent?
Canabo Medical Clinic will not collect, use or disclose PHI without a patient’s consent, or his or her substitute decision maker’s consent, or as required by law. Consent to the collection, use or disclosure of PHI may be express or implied.
“Express Consent” means permission that we have specifically obtained from you.
“Implied Consent” means that we have concluded from surrounding circumstances that you would agree to the collection, use or disclosure of your information, and we need not ask you for your express consent.
For most health care purposes, consent is implied as a result of consent to treatment. However, in some circumstances, express and sometimes written, consent may be required.
Unless the law requires such disclosure, we will always ask for your express consent before:
- disclosing your information to someone who is not a health information custodian (e.g. to an insurance company, employer, WSIB, lawyer, etc.); or
- disclosing your information to a health information custodian for purposes other than providing you with health care (e.g. a doctor working for an insurance company).
You may withdraw or limit your consent at any time, unless doing so prevents us from recording the information we require from you by law or under professional standards. You can give an express (written) instruction, however, that specific information is only to be used or disclosed by certain individuals or for certain purposes. The Contact Person or any of our health professionals who are dealing with you will assist you with this process.
We may collect, use or disclose your information without your consent in certain limited circumstances that are expressly permitted by PHIPA . For example, some laws require disclosure of your information, such as the Health Protection and Promotion Act and the Workplace Safety and Insurance Act, 1997.
We may also disclose a patient’s personal health information where the patient has provided uswith their written consent to do so, such as to our parent company, Canabo Medical Corporation, for its research activities.
If you are found to be incapable of making decisions about your information, we will consult your substitute decision-maker, as determined by law.
Sharing Personal Health Information
Unless instructed otherwise, we may disclose a patient’s personal health information without consent to other health care providers in the “Circle of Care”, who need to know this information to help provide the patient with care. The “Circle of Care” includes other health care professionals, pharmacies, laboratories, ambulance services, nursing homes, Community Care Access Centres and home service providers who provide you with health care services.
The only exception to this is that we may be required or permitted by law in certain instances to disclose personal health information without consent, such as to the Ontario Health Insurance Plan for payment purposes.
Safeguards And Security
Canabo Medical Clinic recognizes the importance of safeguarding PHI and will take all steps that are reasonable in the circumstances to ensure that PHI Information in our custody is protected against theft, loss or unauthorized access, use, or disclosure. We will also ensure that the records containing this information are protected against unauthorized copying, modification or disposal.
In order to protect your information, we have taken steps to meet the need for physical security, technological security and administrative controls.
The measures we have taken for the physical security of personal health information include:
- restricting office access to authorized individuals; and
- maintaining all records in our office which has a security system installed.
The personal health information records we maintain are kept in electronic format. Such records are protected through technological security measures we have taken including the use of:
- password controls and search controls;
- firewalls and anti-virus software;
- logging, auditing and monitoring of all access to electronic records of personal health information;
- privacy notices and privacy warning flags; and
- encryption of all mobile electronic devices and of all information transmitted electronically.
We have also implemented administrative controls to safeguard the personal health information records we maintain, including:
- providing mandatory initial and ongoing privacy training to all agents;
- conducting regular audits of our practices to ensure compliance with our policies; and
- requiring agents to sign confidentiality agreements and end-user agreements on a regular basis.
Retention Of Personal Health Information
Our policy is to retain personal health records for fifteen (15) years from the date of the last entry in the record or in accordance with any minimum retention period that is established by law.
Disposal Of Personal Health Information
When personal health information is disposed of, Canabo Medical Clinic will take reasonable steps to ensure secure destruction. Where a third party is retained to dispose of personal health information, we will enter into a written agreement with the third party that sets out the requirements for secure disposal and require the third party to confirm in writing that secure disposal has occurred.
In the event that a patient’s PHI has been stolen, lost or subject to unauthorized use, access, disclosure, copying or modification, our first priority will be to identify and contain the breach, and then to take steps to correct it. We will notify any patient whose PHI may have been disclosed, lost or shared in an unauthorized manner, at the first reasonable opportunity.
Access To Personal Health Information
Patients have a general right to access all personal health information about them in Canabo Medical Clinic’s custody or control. Patients may also request a copy of this information.
If a patient would like to request access to or a copy of his or her personal health information, he or she must make a written request to any Canabo Medical Clinic staff member, who will forward the request to the Contact Person.
A patient’s right to access his or her personal information is not absolute. We may deny an access request where:
- the information does not exist or cannot be found; ● denial of access is required or authorized by law; or ● the request is frivolous, vexatious, or made in bad faith.
All requests for access to PHI will be responded to within 30 days. If the Contact Person refuses you access to your records, there will be a reason provided to you as to why we are not able to do so. You will also be notified of your right to contact the Information and Privacy Commissioner of Ontario.
We may charge a reasonable fee for making information available and/or providing copies of information. If we choose to do so, we will provide notice of the fee in advance of processing the request.
Accuracy Of Personal Health Information
We take all reasonable steps to ensure all personal health information is as accurate, complete and up-to-date for the purpose the information is being used.
We will not routinely conduct updates on information in our control unless routine updates are necessary to fulfil the purposes for which the information was collected.
We will take reasonable steps, however, to ensure that any information that is used on an ongoing basis, including any information that is routinely disclosed to others under this Policy, is accurate, complete and up-to-date. Where we know that information is not accurate, complete or up-to-date, this fact will be indicated at the time of use or disclosure.
We use advanced technology and well-defined practices to ensure personal health information is processed promptly, accurately, and completely. We ask that our patients advise us of any changes to personal health information so that we may ensure our information is accurate.
Correction To Personal Health Information
If a patient believes that his or her PHI is not accurate or complete, he or she may make a written request to the Contact Person to have the information corrected.
Canabo Medical Clinic will correct PHI where it is demonstrated that the information in the patient’s record is, in fact, inaccurate or incomplete and necessary information is provided to correct the record.
However, we may refuse to correct PHI where:
- we are not satisfied that the record is incomplete or inaccurate for the purposes for which we collected, use or have used the information;
- the record containing the PHI was not originally created by us and we do not have sufficient knowledge, expertise and authority to correct the record;
- the request consists of a professional opinion or observation that a health care provider has made in good faith; or
- the request is frivolous , vexatious, or made in bad faith.
All requests for correction of PHI will be responded to within 30 days. Where a correction request is denied, patients will be notified of the reasons for the refusal and will be informed that they are entitled to prepare a short statement of disagreement to have appended their record. In addition, patients are entitled to make a complaint about the refusal to the Information and Privacy Commissioner of Ontario.
Compliance With This Policy
Any breach of this Policy by our agents may result in disciplinary action, including:
- suspension, demotion, and termination; ● termination of contractual relationship; or ● termination of affiliation.
All agents must notify the Contact Person at the first reasonable opportunity if a patient’s personal health information is lost, stolen or accessed without authorization.
If you have any questions or concerns about privacy at the Canabo Medical Clinic, please speak with our Contact Person:
Canabo Medical Clinic takes the privacy of its patients seriously and will investigate all written privacy concerns. If a concern is found to have merit, we will take appropriate measures, including, if necessary, taking disciplinary action against our agents and/or amending our policies and practices relating to the collection, use and disclosure of your information.
If we are not able to address your concerns, or if you require further information regarding privacy in your Province, you may contact the Information and Privacy Commissioner for your respective Provice. For example: Ontario —
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8 1-800-387-0073 firstname.lastname@example.org
Changes To This Policy
At Canabo Medical Clinic, we review our privacy policies and procedures on an ongoing basis and may revise these from time to time. If these revisions significantly change how we collect, use or disclose previously collected PHI, we will inform our patients and obtain consents where required.