Privacy Policy
What is Personal Information?
The term “personal health information” has the same meaning as set out in the federal Personal
Information Protection and Electronic Documents Act, 2011 (“PIPEDA”) and means any
information about an identifiable individual, including, but not limited to, contact information,
name, address, phone number or email address, gender, and date of birth.
The term “personal health information” has the same meaning as set out in Ontario’s Personal
Health Information Protection Act, 2004 (“PHIPA”) and includes information relating to your
physical or mental health, as well as your health history, medical records, prescriptions, and your
health number.
In this Privacy Policy, the term personal information also encompasses personal health
information. Any information that has been collected in which all personal identifiers have been
removed, such that the information could not reasonably be used to identify the individual, is not
considered personal information or personal health information.
Who are we?
Our organization, Northview Psychology, includes at the time of writing a number of
professional staff. These may include administrative staff and volunteers; these individuals are
trained in adhering to our privacy policy and have signed a confidentiality agreement.
Consent:
Northview Psychology will obtain your consent prior to collecting any Personal Health
Information (see the Consent to Service document). However, we may need to collect, use, and
disclose your personal information without your consent only in limited circumstances as
permitted by law. Situations under which information may be released without your consent,
include:
1. Harm to self: If we have reason to believe that you are in danger of physically harming
yourself in ways that may be life-threatening, we will have to make a referral to a hospital and/or
contact a family member, close other, or another person such as a police officer or emergency
services who may be able to help protect you.
2. Harm to other: If we have reason to believe that you are seriously threatening physical
violence against another person, or if you have a history of physically violent behaviour, and if
we believe that you are an actual threat to the safety of another person, we are required to take
some action (such as contacting the police, notifying the other person, seeking hospitalization, or
some combination of these actions) to insure that the other person is protected.
3. Abuse/Neglect: 1) If we have reason to believe that a child under the age of 16 is being
abused or neglected, we are legally obligated to report this situation to the appropriate
authorities. 2) If we suspect or are informed of unlawful conduct that resulted in harm or risk of
harm to a resident of a Long Term Care Facility or Retirement Home, or that a resident is being
harmed or is at risk of being harmed in any way (e.g., sexual or physical abuse, neglect,
misappropriation of resident’s funds), we are required to contact Ontario Ministry of Health and
Long-Term Care or Retirement Homes Regulatory Authority and report all relevant information.
4. Quality Control: As part of the College of Psychologists of Ontario’s Quality Assurance
Program, on occasion we may be selected to participate in a Peer Assisted Review. As part of
this process your file may be potentially reviewed by another member of the College. The
College has confidentiality policies in place to protect your information.
5. Sexual Assault: If you have been sexually abused by a member of a regulated health
profession, this information must be reported to the appropriate regulatory body. We will not
give your name without your permission.
6. Court Order: Your records can be subpoenaed by a court order, now or in the future, and we
may be required to testify and give information obtained during sessions. If your file is
subpoenaed by a court of law, we are required to release the file to the court.
The exceptions to your confidentiality are rare. However, should they occur, whenever possible,
we will discuss with you any action that is being considered. There are times, however, where
we may have to disclose information without speaking to you prior, especially if such a
discussion would prevent us from securing your safety or the safety of others. We would always
take appropriate measures to ensure that the requester understands the sensitive nature of the
personal information that they may receive.
We will obtain your consent before collecting, using or disclosing your personal information for
new purposes unrelated to the purposes described in this Privacy Policy.
In certain cases, you may choose not to provide us with some or all of your personal information.
However, should you choose not to provide necessary personal information to us, that may
impact your ability to interact with us or for us to provide you with certain services.
You may withdraw your consent at any time in writing. Please contact our Privacy and
Information Officer listed below to find out how.
Types of personal information that we collect:
We collect the following types of personal information about you for the purposes of delivering psychological services, billing and administration:
- Your name
- Your contact information, emergency contact information, date of birth
- A description of your concerns/symptoms
- Your health history, including family history, social history, relationship history,
physical health condition in order to help us assess mental health needs. - Insurance coverage and payment information.
- The services your received (number of sessions, dates, etc.)
- Communication between you and your therapist.
- Clinical notes and records of assessment information and data relating to your treatment.
- Data from self-report measures and other psychological testing.
- Other related or similar information.
Purpose of Collecting Personal Information:
We collect, use and disclose personal information in order to serve our clients. For our clients,
the primary purpose for collecting personal health information is to provide psychotherapy or
psychological assessment. For example, we collect information about a client’s health history,
including their family history, physical condition and function and social situation in order to
help us assess what their health needs are, to advise them of their options and then to provide the
health care they choose to have. A second primary purpose is to obtain a baseline of health and
social information so that in providing ongoing health services we can identify changes that are
occurring over time.
We also collect, use and disclose personal health information for purposes related to or
secondary to our primary purposes. The most common examples of our related and secondary
purposes are as follows:
Related Purpose #1: To obtain payment for services or goods provided. Payment may be
obtained from the individual, WSIB, private insurers or others.
Related Purpose #2: To conduct quality improvement and risk management activities. We
review client files to ensure that we provide high quality services, including assessing the
performance of our staff. External consultants (e.g. auditors, lawyers, practice consultants,
voluntary accreditation programs) may conduct audits and quality improvement reviews on our
behalf.
Related Purpose #3: To comply with external regulators. Our professionals are regulated by the
College of Psychologists of Ontario (CPO), who may inspect our records and interview our staff
as a part of its regulatory activities in the public interest. The CPO has its own strict
confidentiality and privacy obligations. In addition, as professionals, we will report serious
misconduct, incompetence or incapacity of other practitioners, whether they belong to other
organizations or our own. Also, our organization believes that it should report information
suggesting illegal behaviour to the authorities. In addition, we may be required by law to disclose
personal health information to various government agencies (e.g. Ministry of Health, Children’s
Aid Societies, Canada Customs and Revenue Agency, Information and Privacy Commissioner,
etc.).
Related Purpose #4: To educate our staff and students. We value the education and
development of future and current professionals. We will review client records in order to
educate our staff and students about the provision of health care.
Protecting Personal Information:
We understand the importance of protecting personal information, and are committed to protect
the security of your personal information. We have put in place commercially reasonable
physical, electronic, and managerial procedures to safeguard and help prevent unauthorized
access, maintain data security, and correctly use your personal information.
Your personal information may be stored on our database servers or hosted by third parties who
have entered into agreements with us that require them to observe our Privacy Policy. Data
centers are designed to be physically secure and protected from unauthorized access by
unauthorized persons. Although we will make reasonable efforts to protect personal information
from loss, misuse, or alteration by third parties, you should be aware that there is always some
risk that an unauthorized third party could find a way to thwart our security systems.
We have taken many steps to protect your personal information, including:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secured in a locked or restricted area at
all times. In addition, strong passwords are used on all computers and mobile devices. - Paper information is transmitted through sealed, addressed envelopes or boxes by
reputable couriers or Canada Post. - Electronic information is transmitted either through a direct line or has identifiers
removed or is encrypted. - Staff are trained to collect, use and disclose personal information only as necessary to
fulfill their duties and in accordance with this privacy policy. - External consultants and agencies with access to personal information must enter into
privacy agreements with us. - If your associate were to become incapacitated or die, your records would be placed in
the care of another psychologist/psychological associate for protection, not examination.
If you were to see another associate, your records could be sent to her or him at your
request.
Retention and Destruction of Personal Information:
We retain your personal information only for as long as is necessary, for the purpose for which it
was collected, in accordance with the ethics and standards of the College of Psychologists of
Ontario. We are required to retain personal information for some time to ensure that we can
answer any questions you might have about the services provided and for our accountability to
the College of Psychologists of Ontario.
Clients or other individuals we deal with may have questions about our services after they have
been received. We also provide ongoing services for many of our clients over a period of months
or years for which our previous records are helpful. We retain our client information for a
minimum of ten years after the last contact to enable us to respond to those questions and
provide our services. The College of Psychologists of Ontario and other regulatory bodies also
requires us to retain our client records. For clients who are seen before the age of 18, records are
retained for ten years following their 18th birthday.
We destroy electronic information by deleting it and, when the hardware is replaced or
discarded, we ensure that the hard drive is physically destroyed. Personal information that is not
part of the permanent clinical file is shredded or otherwise destroyed or de-identified.
We retain any personal information relating to our general correspondence (e.g., with people
who are not clients) for about six months after the contact is over.
Reviewing the Information in Your File:
With only a few exceptions, you have the right to see what personal information we hold about
you. Often all you have to do is ask. We can help you identify what records we might have about
you. We will also try to help you understand any information you do not understand (e.g., short
forms, technical language, etc.). We will need to confirm your identity, if we do not know you,
before providing you with this access. We reserve the right to charge a nominal fee for such
requests.
We may ask you to put your request in writing. If we cannot give you access, we will tell you
within 30 days, and tell you the reason why we cannot give you access. If you believe that there
is a mistake in the information, you have the right to ask for it to be corrected. This applies to
factual information and not to any professional opinions that we have formed. We may ask you
to provide documentation that our records are wrong. Where we agree that we made a mistake,
we will make the correction and notify anyone to whom we sent this information. If we do not
agree that we have made a mistake, we will still agree to include in our file a brief statement
from you, and we will forward that statement to anyone else who received the earlier
information.
If There is a Privacy Breach:
While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or
unauthorized access of your personal health information we will notify you.
Upon learning of a possible or known breach, we will take the following steps:
-
We will contain the breach to the best of our ability, including by taking the following
steps if applicable:
– Retrieving hard copies of personal health information that have been disclosed
– Ensuring no copies have been made
– Taking steps to prevent unauthorized access to electronic information (e.g.,
change passwords, restrict access, temporarily shut down system)
-
We will notify affected individuals:
– We will provide our contact information in case the individual has further
questions
– We will provide the Commissioner’s contact information and advise the affected
individual of their right to complain to the Commissioner
-
We will investigate and remediate the problem, by:
– Conducting an internal investigation
– Determining what steps should be taken to prevent future breaches (e.g., changes
to policies, additional safeguards)
– Ensuring staff is appropriately trained and conduct further training if required.
Depending on the circumstances of the breach, we may notify and work with the Information and
Privacy Commissioner of Ontario. If we take disciplinary action against one of our practitioners
[or revoke or restrict the privileges or affiliation of one of our practitioners] for a privacy breach,
we are required to report that to the practitioner’s regulatory College. We may also report the
breach to the relevant regulatory College if we believe that it was the result of professional
misconduct, incompetence or incapacity
Raising a Concern:
You may contact one of our Privacy Officers, Dr. Christina Iorio or Dina Tsirgielis at:
450 Holland Street West, Suite 5-308
Bradford, ON
L3Z 0J4
Tel: (226) 250-1420
Email us
We will attempt to answer any questions or concerns you might have.
If you wish to make a formal complaint about our privacy practices, please make it in writing to
one of our Privacy and Information Officer. She will acknowledge receipt of your complaint, and
ensure that it is investigated promptly and that you are provided with a formal written decision.
We will assist you if you inform us that you need assistance in preparing a request concerning
Personal Information. Administrative charges may apply.
For general inquiries about personal information, the Office of the Privacy Commissioner of
Canada oversees the administration of personal information privacy legislation. The
Commissioner also acts as a kind of ombudsman for privacy disputes. The Privacy
Commissioner of Canada can be reached at:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec
K1A 1H3
Phone: (819) 994-5444 or 1-800-282-1376
https://www.priv.gc.ca/en