COLLECTING PERSONAL INFORMATION: Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes secondary to the primary purposes. The most common examples of my related and secondary purposes are as follows:
To invoice patients for goods or services, to process credit card payments or to collect unpaid accounts.
In addition, external consultants (e.g. auditors from the provider’s professional College, Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commissioner, etc.) May audit collected information to ensure continuing quality improvement as it relates to the public interest, other individuals or to support concern or mandate.
The cost of goods/services provided by the organization to clients is often paid for by third parties (e.g., motor vehicle accident insurance, private insurance). These third-party payers often have the client’s consent or legislative authority to request that we collect and disclose information to demonstrate client entitlement to this funding.
PROTECTING PERSONAL INFORMATION
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a restricted area.
- Electronic hardware is always either under supervision or secure in a restricted area.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
- Electronic information is transmitted either through a direct line or has identifiers removed or is encrypted.
- External consultants and agencies with access to personal information must enter into privacy agreements with me.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We retain personal information for some time to ensure we can answer any question the patient may have about the services provided and for our own accountability to external regulatory bodies. We keep patient files for 10 years according to professional regulations. We destroy paper files containing personal information by shredding them. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed.
YOU CAN LOOK AT YOUR INFORMATION
With only a few exceptions, you have the right to see what personal information is held about you.
If this is necessary, we will help you understand any information you do not understand (e.g., short forms, technical language, etc.). We reserve the right to charge a nominal fee for such requests.
If there is a concern we ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional assessments your provider has formed. We may ask you to provide documentation that our files are wrong. We will correct the information.
DO YOU HAVE A QUESTION?