PIPEDA POLICY AND CONSENT FORM
The Personal Information Protection and Electronic Documents Act (PIPEDA) provides safeguards to protect your privacy. Many of the policies have been our practice for years. This is an abbreviated version, however the complete text is available in our offices or on the Office of the Privacy Commissioner of Canada web site: www.priv.gc.ca.
PIPEDA states that there are rules and restrictions on who may see or be notified of your Protected Health Information (PHI). These restrictions do not include the normal interchange of information necessary to provide you with office medical services.
Your information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately. This specifically includes the sharing of information with other healthcare providers if desired, laboratories and health insurance payers as is necessary and appropriate for your care.
Our Electronic Medical Record (EMR) is secure and personal information is encrypted to insure confidentiality. General information which does not include any client identifiers may be used in retrospective studies. However, studies requiring any personal identifiers will require your approval and consent.
It is the policy of this office to remind clients of their appointment. We may do this by telephone, e-mail, mail, or by any means convenient for the practice and/or as requested by you. We may send you other communications informing you of changes to office policy and new technology that you might find valuable or informative.
We agree to provide clients with access to their records in accordance with state and federal laws. You understand and agree to inspections of the office and review of documents which may include PHI by government agencies or insurance payers in normal performance of their duties.
We may change, add, delete or modify any of these provisions to better serve the needs of the practice and the client. You have the right to request restrictions in the use of your protected health information as the law permits. Your confidential information will not be sold for any reason.
Passport Health offers online appointment scheduling portal as a courtesy to our clients and others, such as parents, involved in their medical care. We have implemented, in our opinion, reasonable and appropriate security measures as required by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to protect our clients’ data. These measures include a secure connection that uses an SSL certificate as well as data encryption. The best technical security measures can be defeated, however, and we cannot guarantee that the information entered into this website will not be compromised. Continued use of this portal manifests your acknowledgement of the forgoing and your informed consent of the risks inherent in the use of electronic means to exchange information. If you prefer, you may call to book your appointment over the phone.
Your electronic signature will indicate that you have read the PIPEDA information and consent to the guidelines set forth in the Act.
NOTICE OF HEALTHCARE PRIVACY PRACTICES AT PASSPORT HEALTH
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
We Have A Legal Duty To Safeguard Your Protected Health Information (PHI)
We are legally required to protect the privacy of health information that may reveal your identity. This information is commonly referred to as “protected health information,” or “PHI” for short. It includes information that can be used to identify you that we have created or received about your past, present or future health or condition, the provision of health care to you, or the payment of this health care. We must provide you with this notice about our privacy practices that explains how, when and why we use and disclose your PHI.
With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this notice.
We reserve the right to change the terms of this notice and our privacy policies at any time. Any changes will apply to the PHI we already have. Before we make an important change to our policies, we will promptly change this notice and post a new notice. You can also request a copy of this notice at any time from the contact person listed in Section VI below, by calling our office.
How We May Use And Disclose Your Protected Health Information
We use and disclose health information for many different reasons. For some of these uses or disclosures, we need your prior consent or specific authorization. Below we describe the different categories of our uses and disclosures and give you some examples of each category.
During your intake, prior to receiving any health care services, you will be asked to sign a statement permitting PASSPORT HEALTH and its medical staff to release your health information for purposes of Treatment, Payment and Health Care Operations. A description of each of these uses is described as follows.
Uses and Disclosures Relating to Treatment, Payment or Health Care Operations.
We may use and disclose your PHI for the following reasons:
- For treatment. We may disclose your PHI to physicians, nurses, medical students, and other health care personnel who provide you with health care services or are involved in your care.
- To obtain payment for treatment. We may use and disclose your PHI in order to bill and collect payment for the treatment and services provided to you. For example, we may provide portions of your PHI to our billing department and your health plan to get paid for the health care services we provided to you. We may also provide your PHI to our business associates, such as billing companies, claims processing companies and others that process our health care claims or provide services on our behalf, or provide services directly to you.
For health care operations. We may disclose your PHI in order to operate our health care delivery system. For example, we may use your PHI in order to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided health care services to you. We may also provide your PHI to our accountants, attorneys, consultants and other in order to make sure we’re complying with the laws that affect us.
To the extent we are required to disclose your PHI to contractors, agents and other business associates who need the information in order to assist us with obtaining payment or carrying our out business operations, we will have a written contract to ensure that our business associate also protects the privacy of your PHI.
Other Uses And Disclosures That Do Not Require Your Consent.
We may use and disclose your PHI without your consent or authorization for the following reasons:
- When a disclosure is required by federal, state or local law, judicial or administrative proceedings or law enforcement. For example, we make disclosures when a law requires that we report information to government agencies and law enforcement personnel about victims of abuse, neglect or domestic violence; when dealing with gunshot and other wounds; or when ordered in a judicial or administrative proceeding.
- For public health activities. For example, we report information about births, deaths and various diseases to governmental official in charge of collecting that information.
- Victims of Abuse, Neglect or Domestic Violence. We may release your PHI to a public health authority that is authorized to receive reports of abuse, neglect or domestic violence. For example, we may report your information to government officials if we reasonably believe that you have been a victim of abuse, neglect or domestic violence. We will may every effort to obtain your permission before releasing this information, but in some cases we may be required or authorized to act without your permission.
- For health oversight activities. For example, we will provide information to assist the government when it conducts an investigation or inspection of a health care provider or organization.
- Emergency Situations. We may use or disclose your PHI if you need emergency treatment, but we are unable to obtain your consent. If this happens, we will try to obtain your consent as soon as we reasonably can after we treat you.
- Communication Barriers. We may use or disclose your PHI if we are unable to obtain your consent because of substantial communication barriers, and we believe you would want us to treat you if we could communicate with you.
- Product Monitoring, Repair and Recall. We may disclose your information to a person or company that is required by the Food and Drug Administration to: (1) report or track product defects or problems; (2) repair, replace or recall defective or dangerous products; or (3) monitor the performance of a product after it has been approved for use by the general public.
- Lawsuits and Disputes. We may disclose your PHI if we are ordered to do so by a court or administrative tribunal that is handling a lawsuit or other dispute.
Law Enforcement. We may disclose your PHI to law enforcement officials for any of the following reasons:
- To comply with court orders or laws that we are required to follow;
- To assist law enforcement officers with identifying or locating a suspect, fugitive, witness or missing person;
- If you have been the victim of a crime and we determine that: (1) we have been unable to obtain your consent because of any emergency or your incapacity; (2) law enforcement officials need the information immediately to carry out their law enforcement duties; and (3) in our professional judgment disclosure to these officers is in your best interests;
- If we suspect a patient’s death resulted from criminal conduct;
- If necessary to report a crime that occurred on our property; or
- If necessary to report a crime discovered during an offsite medical emergency (for example, by emergency medical technicians at the scene of a crime).
- Military and Veterans. If you are in the Armed Forces, we may disclose your PHI to appropriate military command authorities for activities they deem necessary to carry out their military mission. We may also release health information about foreign military personnel to the appropriate foreign military authority.
- Inmates and Correctional Institutions. If you are an inmate or you are detained by a law enforcement officer, we may disclose your PHI to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety, security and good order at the place where you are confined. This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.
- Coroners, Medical Examiners and Funeral Directors. In the unfortunate event of your death, we may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release this information to funeral directors as necessary to carry out their duties.
- For purposes of organ donation. We may notify organ procurement organizations to assist them in organ, eye or tissue donation and transplants.
- For research purposes. In most cases, we will ask for your written authorization before using your PHI for research purposes. However, in certain, limited, circumstances, we may use and disclose your PHI without consent or authorization if we obtain approval through a special process to ensure that such research poses little risk to your privacy. In any case, we would never allow researchers to use your name or identity publicly. We may also release your health information without your written authorization to people who are preparing for a future research project, so long as no personally identifiable information leaves our facility.
- To avoid harm. In order to avoid a serious threat to the health or safety of a person or the public, we may provide PHI to law enforcement personnel or persons able to prevent or lessen such harm.
- For specific government functions. We may disclose PHI of military personnel and veterans in certain situations. And we may disclose PHI for national security purposes, such as protecting the Canadian Prime Minister or conducting intelligence operations.
- For workers’ compensation purposes. We may provide PHI in order to comply with workers’ compensation laws.
- Appointment reminders and health-related benefits or services. We may use PHI to provide appointment reminders or give you information about treatment alternatives or other health care services or benefits we offer and/or provide.
- De-identified Information. We may also disclosure your PHI if it has been de-identified or unable for anyone to connect back to you. This might occur if you are participating in a research project.
- Incidental Disclosures. While we will take reasonable steps to safeguard the privacy of your PHI, certain disclosures of your PHI may occur during, or as an unavoidable result of our otherwise permissible uses or disclosures of your health information. For example, during the course of a treatment session, other patients in the treatment area may see, or overhear discussion of, your PHI.
Other Uses and Disclosures Require Your Prior Written Authorization.
In any other situation, we will ask for your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we have not taken any actions relying on the authorization).
What Rights You Have Regarding Your PHI
You have the following rights with respect to your PHI:
The Right to Request Limits on Uses and Disclosures of Your PHI.
You have the right to ask that we limit how we use and disclose your PHI. We will consider your request, but are not legally required to accept it. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
The Right to Choose How We Send PHI to You.
You have the right to ask that we send information to you to an alternate address or by alternate means. We must agree to your request so long as we can easily provide it to the location and in the format you request.
The Right to See and Get Copies of Your PHI.
In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing. If we don’t have your PHI but we know who does, we will tell you how to get it. We will respond to you within 10 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed.
If you request copies of your PHI, we may charge you a fee for each page. We will respond to your request within 30 days after receiving your written request. Instead of providing the PHI you requested, we may provide you with a summary or explanation of the PHI as long as you agree to that and to the associated cost in advance.
The Right to Get a List of the Disclosures We Have Made.
You have the right to get a list of instances in which we have disclosed your PHI. The list will not include uses or disclosures that you have already been informed of, such as those made for treatment, payment or health care operations, directly to you, to your family, or in our facility directory. The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel.
Your request must state a time period for the disclosures you want us to include. We will respond within 60 days of receiving your request. The list we will give you will include disclosures made in the last six years (with the oldest date being September 1, 2009) unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same calendar year, we will charge you for each additional request.
The Right to Correct or Update Your PHI.
If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will respond within 60 days of receiving your request. We may deny your request in writing if the PHI is (I) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and our denial be attached to all future disclosures of you PHI. If we approve your request, we will make the change to your PHI, tell you that we have done it and tell others that need to know about the change to your PHI.
The Right to Get This Notice by E-Mail.
You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive notice via e-mail, you also have the right to request a paper copy of this notice.
How To Complain About Our Privacy Practices
If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with the person listed in Section V below. You also may send a written complaint to the Privacy Commissioner of Canada at:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Telephone number: 1-800-282-1376 (toll-free)
We will take no retaliatory action against you if you file a complaint about our privacy practices.
Person To Contact For Information About This Notice Or To Complain About Our Privacy Practices
If you have any questions about this notice or any complaints about our privacy practices, or would like to know how to file a complaint with the Privacy Commissioner of Canada, please contact us:
260 Adelaide Street East, Box 15
Toronto, Ontario, Canada
Effective Date Of This Notice
This notice is effective as of May 31, 2012
Version 2.0 – May 31, 2012
If you have any questions about PIPEDA or our privacy practices, please contact:
PIPEDA Compliance Office
260 Adelaide Street East, Box 15
Toronto, Ontario, Canada