Privacy Policy

PROTECTION OF PATIENT INFORMATION – PHIPA

Symetrics is committed to adhering to all applicable legislation regarding the collection, use, storage, and disclosure of patient information in accordance with the Personal Health Information Protection Act (PHIPA). Personal health information is sensitive and private information and Symetrics will ensure that this information is protected and only used for its stated and intended purpose.

DEFINITIONS

Personal Health Information means identifying information about an individual in oral or recorded form, if the information:

a) Relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,

b) Relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,

c) Is a plan that sets out the home and community care services for the individual to be provided by a health service provider or Ontario Health Team pursuant to funding under section 21 of the Connecting Care Act, 2019,

d) Relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,

e) Relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,

f) Is the individual’s health number, or

g) Identifies an individual’s substitute decision-maker.

POLICY

Our organization, SYMETRICS, includes Physiotherapy, Chiropractic, Naturopathy, Athletic Therapy and Massage Therapy. At Symetrics, we use a number of consultants, agencies and staff that may, in the course of their duties, have limited access to personal information we hold. These include Danielle Cousineau RPT, Ashley Gube RPT, Cheryl Alderdice RPT, Chris Sheremeta RPT, Alison Prevost RPT, Yashna Lakhani RPT, Nicole Conlin RPT, Victoria Grierson RPT, Tessah MacDowall PT, Jody Luesby RPT, Mona Shaikh RPT, Kara Charron-Wood CAT(C), BSc (Kin), Dr. David Chambers DC, Dr. Jessica Petrusma, N.D., Lisa Jespersen RMT, Nick Walters RMT, physiotherapy support personnel, clerical staff, volunteers and students. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles. At Symetrics, we collect personal information for the following primary purposes: to assess and provide necessary health services to our clients and to ensure accurate billing processes for our clients.

Following the guidelines outlined by PHIPA, Symetrics will only collect, use, or disclose the personal health information of patients who have provided their consent. Symetrics will not collect, use, or disclose any personal health information if there is another way that would serve the same purpose. Symetrics will also not collect any more personal health information than what is absolutely

required. This includes limiting the collection of additional personal health information, including health care numbers (unless the patient is receiving treatment under the MOH program).

Symetrics will ensure that:

1. It retains up-to-date health records;

a. This includes making corrections to personal health information upon request from a patient within a reasonable timeframe of 30 days;

2. All records are secure;

a. Records must be stored in locked file cabinets, or in areas where access is only granted with a key or pin pad access. Symetrics will also not store personal health information on unsecured computers or hard drives;

3. Records are stored for appropriate lengths of time;

a. This includes retaining them for the duration of an investigation into any breaches of personal health information access;

4. Breach procedures are in place;

a. This includes informing a patient if their information is accessed without their consent;

5. It appoints a contact person for ensuring the privacy of personal health information;

a. This contact person is responsible for compliance with PHIPA, as well as training other employees regarding PHIPA, and responding to requests for access of personal health information records;

6. It establishes and publishes its privacy practices;

7. Consent is obtained;

8. It provides patients with access to personal health information under the appropriate circumstances (e.g., within 30 days of a request being made either orally or in writing).

Patient Rights under PHIPA

PHIPA has established the following rights for patients providing their personal health information. Symetrics will ensure that these rights are always considered when there is a challenge brought forward concerning patient information. They include a patient’s right to:

● Be informed of the reason why Symetrics is collecting, using, or disclosing their information;

● Be notified in the event that any of their personal health information is lost, stolen, accessed without their consent;

● Refuse to provide consent for the collection, use, or disclosure of their health information;

● Provide notice about a change in their consent;

● Instruct Symetrics that their personal health information may not be used or disclosed without their consent for any other purposes;

● Access their own personal health information records, possibly in an electronic format (if that format meets requirements set out in the regulations);

● Correct their health records (this must be requested by the person); and

● Pursue a complaint if they are refused access, refused a correction, if their privacy is breached, or start a court proceeding for damages relating to harm suffered under PHIPA.

Health Information Custodian Duties

Under PHIPA, Symetrics is considered to be a “health information custodian” because it has custody or control of patients’ personal health information. As a health information custodian, Symetrics is required to:

● Establish information practices that comply with PHIPA and adhere to those information practices;

● Designate a contact person who will:

o Ensure that Symetrics is complying with its obligations under PHIPA;

▪ The contact person is the owner of Symetrics

o Ensure that all employees are informed of their duties under PHIPA;

o Reply to any questions concerning their information practices from the public, or from any patients;

o Reply to any requests for access or correction under PHIPA; and

o Receive and investigate any complaints about breaches involving personal health information.

● Symetrics will also develop a written public statement that outlines:

o The information practices of Symetrics;

o How to contact the owner of Symetrics;

o How an individual may obtain access to or request any corrections to their personal health information; and

o The process for a person to make a complaint to the owner of Symetrics and to the Health Commissioner under PHIPA.

● Symetrics will ensure that consent is obtained when collecting, using, and/or disclosing a patient’s personal health information, except in any circumstances outlined by PHIPA;

● It will also ensure that only the personal health information that is necessary under PHIPA is collected, used, or disclosed;

● Symetrics will ensure that all reasonable precautions are taken in order to safeguard against any theft, loss, or any unauthorized collection, use, disclosure, copying, modification, and/or disposal of patients’ personal health information.

● Paper information will either be kept under supervision or secured in a locked or restricted area. Paper information will only be transmitted through sealed, addressed envelopes or boxes by reputable agencies.

● Electronic information will be kept under password protection and hardware will be kept under supervision. Electronic information will only be transmitted either through a direct line or it will be anonymized or encrypted.

● External consultants and agencies with access to personal information will be required to enter into privacy agreements with Symetrics.

● Staff will be trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy.

● Symetrics will inform the patient as soon as possible in the event that their personal health information is used in any way without their consent or outside of the company’s information practices;

● The Commissioner will be notified of any privacy breaches under PHIPA;

● Symetrics will ensure that all health records are accurate, up-to-date, and as complete as necessary for their purposes;

● All personal health records will be retained, transferred, or disposed of in a secure manner; and

● Symetrics will ensure that all employees are knowledgeable about the contents of this policy and their obligations under PHIPA.

Implied Consent

Symetrics will only assume that it has a patient’s implied consent to collect, use, or disclose personal health information for the provision of health care if the following conditions are met:

● The information was received from the patient, the patients substitute decision-maker or another health information custodian;

● The information was received for the purpose of providing healthcare to the patient;

● The information is collected, used or disclosed for the purpose of providing health care to the patient;

● If information is being disclosed, it must only be disclosed to another health information custodian; and

● The patient has not withheld or withdrawn consent.

Symetrics will not disclose any personal health information to a person who is not a health information custodian (such as an insurance company) or if it is not for the purpose of providing health care unless express consent was provided by the patient.

Retention

At Symetrics, we understand the importance of retaining personal information for a reasonable period to address any inquiries you may have regarding the services provided, as well as to ensure continued accountability to external regulatory bodies. Medical client files are maintained for a period of 10 years after the last treatment date. Children’s files are retained for 10 years after the child reaches 18 years of age. Accounting client files are kept for 7 years following the last documented correspondence or billing. Client and contact directories are maintained until they are no longer necessary. Individuals may request the deletion of such information at any time.

Questions and Concerns

If there are any inquiries or concerns regarding this policy or other privacy-related matters at Symetrics, please contact our Information Officer, Danielle Cousineau, who can be reached at (705-497-1975), or visited in person at 510 Main St. E. In the event that an individual would like to lodge a formal complaint about our privacy practices, we kindly request that the complaint is made in writing to our Information Officer. Upon receipt of the complaint, our Information Officer will ensure that the complaint is investigated promptly and that the individual is provided with a written formal decision and the reasons behind it in writing.

For more general inquiries, the Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Privacy Commissioner can be reached at:

112 KENT STREET | OTTAWA, ONTARIO | K1A 1H3

PHONE (613) 995-8210 | TOLL-FREE 1-800-282-1376 | FAX (613) 947-6850 |

TTY (613) 992-9190 www.privcom.gc.ca

Reviewed: July 21, 2024