Privacy and Confidentiality Policy
Anderson Therapy Services is responsible for maintaining the accuracy, confidentiality and security of personally identifiable information (“Personal Information”). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use, disclosure and protection of Personal Information using various media. Our privacy policy is based upon the values set by the Canadian Standards Association’ Model Code for the Protection of Personal Information. Given that we are custodians and agents of Personal Information in the Province of Ontario, our policy is also informed by the Personal Health Information Protection Act (PHIPA). Many of our healthcare practitioners belong to professional colleges, which also stipulate measures that their members must follow to protect personal information and privacy, in order to maintain licensure. When creating policy, Anderson Therapy Services will consult these various colleges and ensure that the organization’s policy is compliant with the most rigorous of the professional colleges’ guidelines. We will establish and maintain programs and procedures to enact this policy, which will be mandatory for all staff. New staff will undergo privacy training during the intake process. We will update our privacy policy, procedures and programs annually, and/or in keeping with legislation changes.
For the purposes of this document, and its associated program and procedures, “personal information” will include, but may not be limited to, the following:
- Identity
- Nationality
- Age
- Gender
- Address
- Telephone Number
- E-mail Address
- Date of Birth
- Marital Status
- Education
- Employment information including: work history, performance assessment, role changes, reasons for termination
- Health
- Social Status
- Religion
- Political Affiliation
- Financial records and/or activities
- Criminal Record
- Beliefs
- Opinions
- Health information including: Health number, family history, diagnosis, assessment information, therapy plans, clinical notes, disabilities
In accordance with the Canadian Standards Association’s “Model Code’s the Protection of Personal Information”, we commit to the following 10 principles:
1. Be accountable
Anderson Therapy Services will appoint an individual who will be accountable for ATS`s compliance to existing Privacy legislation, as well as to our privacy policy, procedures and programs. We protect all of the information that we gather, or forward to a third party. We will also develop, implement and maintain Procedures and Programs to put our policy into practice. We will make our privacy policy accessible on all media with which we interface with those we serve.
2. Identify the Purpose
We collect, use and disclose Personal Information to provide our clients and their families with high quality therapeutic services. Those we work with, as well as our employees know and understand the reasons for collecting their personal information, and how it is used.
3. Obtain VALID, Informed Consent
Knowledge and informed consent are required for the collection, use or disclosure of Personal Information. Providing Personal Information is always the choice of the client, and we do not withhold services if informed consent is not provided. It is up to the clinician to decide if a client in their care has the capacity to consent. We ensure that those to whom we deliver service can understand the nature, purpose and consequences of the collection, use or disclosure, to which they are consenting. We gather valid and informed consent from those receiving services (or their legal representatives) from Anderson Therapy Services. This process will occur at the earliest possible opportunity in the course of the individual’s care, preferably during intake. We will then ask them to signal their permission by signing an Informed Consent. If we cannot obtain a signed consent, we will document verbal consent. We will clearly articulate situations where we must waive their right to privacy.
4. Limit Collection
We do not collect information indiscriminately. We limit the information that we collect to that which is necessary for the purposes of providing services. When in doubt, we will err on the side of less information.
5. Limit Use, Disclosure and Retention
We use personal information only for the purpose for which it has been collected unless it is required or permitted by law. If we need the information for another purpose, we will get the client’s permission to use it. We use and retain the information only for as long as we need it, or as long as we are legally required to keep it. At that time, we will arrange for the information to be destroyed securely.
6. Be accurate
We will minimize the chance of making errors when taking information or passing it along to others. We will keep Personal Information accurate, complete and up-to-date as is necessary to fulfill the purposes for which it is to be used.
7. Use appropriate safeguards
We protect all the personal information we have from loss, theft or accidental disclosure. We will safeguard the information from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held. All employees will be required to sign a confidentiality agreement that will safeguard Personal Information. Encryption and password protection will be used wherever appropriate if possible.
8. Be open
We inform customers, clients, employees and the public that we have policies and practices for the management of personal information. We will do this in every media in which we operate. These policies will be easy to read, access and understand.
9. Give individuals access
We ensure that individuals have access to any information we have about them, and upon request, will disclose its existence, use and disclosure. We will let them know the procedure to change that information if they wish to do so and will correct or amend any information promptly and accurately, and notify third parties about these changes when appropriate. If so requested, we will provide them with a copy of their information promptly.
10. Provide recourse
Our complaint procedures are simple and easily accessible, making clear any avenues of recourse that exist. These will include professional colleges, industry associations, regulatory bodies, and the Office of the Privacy Commissioner. If you have comments or suggestions about our privacy policy or procedures, please call our Privacy Officer at (289) 238-8598 or contact privacy@andersontherapy.ca.
Once a complaint has been made, we agree to investigate and act on all complaints promptly and with respect for the privacy of those involved. Also, we will take measures to correct information handling practices and policies: when issues are brought to our attention, we will take appropriate measures to change our policies and programs, and share these changes with our staff and contractors. Our privacy program will include procedures to be followed in the event of a breach of privacy. All staff will be trained using our privacy program, and new staff will be trained during the intake process.