PIPEDA Policy (corporate and staff review)
The Personal Information Protection and Electronic Documents Act (PIPEDA) provides safeguards to protect your privacy. Many of the policies have been our practice for years. This is an abbreviated version, however the complete text is available on the Office of the Privacy Commissioner of Canada web site: www.priv.gc.ca.
PIPEDA states that there are rules and restrictions on who may see or be notified of your Protected Health Information (PHI). These restrictions do not include the normal interchange of information necessary to provide you with office medical services.
Your information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately. This specifically includes the sharing of information with other healthcare providers if desired, laboratories and health insurance payers as is necessary and appropriate for your care.
Our Electronic Medical Record (EMR) is secure and personal information is encrypted to insure confidentiality. General information which does not include any client identifiers may be used in retrospective studies. However, studies requiring any personal identifiers will require your approval and consent.
It is the policy of this office to remind clients of their appointment. We may do this by telephone, e-mail, mail, or by any means convenient for the practice and/or as requested by you. We may send you other communications informing you of changes to office policy and new technology that you might find valuable or informative.
We agree to provide clients with access to their records in accordance with state and federal laws. You understand and agree to inspections of the office and review of documents which may include PHI by government agencies or insurance payers in normal performance of their duties.
We may change, add, delete or modify any of these provisions to better serve the needs of the practice and the client. You have the right to request restrictions in the use of your protected health information as the law permits. Your confidential information will not be sold for any reason.
We Have A Legal Duty To Safeguard Your Protected Health Information (PHI)
We are legally required to protect the privacy of health information that may reveal your identity. This information is commonly referred to as “protected health information,” or “PHI” for short. It includes information that can be used to identify you that we have created or received about your past, present or future health or condition, the provision of health care to you, or the payment of this health care. We must provide you with this notice about our privacy practices that explains how, when and why we use and disclose your PHI.
With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this notice.
What Rights You Have Regarding Your PHI
You have the following rights with respect to your PHI:
1.The Right to Request Limits on Uses and Disclosures of Your PHI.
You have the right to ask that we limit how we use and disclose your PHI. We will consider your request, but are not legally required to accept it. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
2.The Right to Choose How We Send PHI to You.
You have the right to ask that we send information to you to an alternate address or by alternate means. We must agree to your request so long as we can easily provide it to the location and in the format you request.
3.The Right to See and Get Copies of Your PHI.
In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing. If we don’t have your PHI but we know who does, we will tell you how to get it. We will respond to you within 10 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed.
If you request copies of your PHI, we may charge you a fee for each page. We will respond to your request within 30 days after receiving your written request. Instead of providing the PHI you requested, we may provide you with a summary or explanation of the PHI as long as you agree to that and to the associated cost in advance.
4.The Right to Get a List of the Disclosures We Have Made.
You have the right to get a list of instances in which we have disclosed your PHI. The list will not include uses or disclosures that you have already been informed of, such as those made for treatment, payment or health care operations, directly to you, to your family, or in our facility directory. The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel.
Your request must state a time period for the disclosures you want us to include. We will respond within 60 days of receiving your request. The list we will give you will include disclosures made in the last six years (with the oldest date being September 1, 2009) unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same calendar year, we will charge you for each additional request.
5.The Right to Correct or Update Your PHI.
If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will respond within 60 days of receiving your request. We may deny your request in writing if the PHI is (I) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and our denial be attached to all future disclosures of you PHI. If we approve your request, we will make the change to your PHI, tell you that we have done it and tell others that need to know about the change to your PHI.
6.The Right to Get This Notice by E-Mail.
You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive notice via e-mail, you also have the right to request a paper copy of this notice.
How To Complain About Our Privacy Practices
If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with the person listed in Section V below. You also may send a written complaint to the Privacy Commissioner of Canada at:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Telephone number: 1-800-282-1376 (toll-free)
We will take no retaliatory action against you if you file a complaint about our privacy practices.