When you request health care from us, we assume that we have your permission to collect, use and share that information with your other health care providers, or your ‘Circle of Care’. This is limited only to those providers who you have actually seen for health care; other providers are not entitled to your information, except in the cases we have listed below. If you do not want us to use, share or give out some or all of your personal health information to other practitioners in your Circle of Care, please inform us as soon as possible. Other agencies or companies may need to see part of your health care information, such as your employer or your insurance company. However, we cannot share information with these companies without your written permission. You may also have family or friends to whom you would like us to give more detailed information about your health, like how your treatment is working or what kind of care you will need at home. You can let us know if we can discuss your health with family and friends. We must have your consent in order to do so.
We are allowed or may be required to use and/or give out some of your personal health information without consent in the following situations:
• To obtain payment for services or goods provided. Payment may be obtained from the individual, WSIB, private insurers or others
• To report certain information, such as to report certain diseases to public health authorities
• When we suspect certain types of abuse
• To reduce a significant risk of serious bodily harm to a person or the public
• For risk management and legal purposes
• To assess a person’s ability to make health care and other important decisions
• For administration or enforcement of laws related to the practices of health care providers by a Regulatory Body (ie. CMTO, CCO)
• For the purpose of a legal proceeding or complying with a court order, or other legal requirement
Your personal information will never be provided to anyone for marketing purposes. Encompass Health & Wellness does send out a quarterly newsletter which you can opt out of at any time.
We understand the importance of protecting your personal information. For that reason, we have taken the following steps:
• Paper information is either under supervision or secured in a locked cabinet.
• Computers and backups are under supervision or secure in a locked or restricted area at all times. In addition, 2 factor authentication is required for all users and screens are locked when they are not in use.
• Electronic information is transmitted either through a direct line, or has identifiers removed, or is strongly encrypted.
We are required to retain personal information for some time to ensure that we can answer any question you may have about the services provided and for our own accountability to our regulatory bodies. We retain client files for 10 years after last contact, as required by the CMTO or 7 years as required by the CCO. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, physically destroying the hard drive.
With only a few exceptions, you have the right to see what personal information we hold about you. We will try to help you understand any information that may be unclear (e.g., short forms, technical language, etc.). If you would like a copy of your personal information, please make your request in writing. Encompass Health & Wellness reserves the right to charge a nominal fee for such requests. Some exceptions may apply. For example, when the information relates to law enforcement, legal proceedings or another individual, you may not get to see the record.
We must respond to your request as soon as possible and within 30 days. There may be a delay if we have to ask others about your records or if it will take time to find the record. You have the right to be notified of such delays. If you require the record urgently, please let us know and we will do our best to get it to you. If you believe there is a mistake in your information, you have the right to ask for it to be corrected. You must make this request in writing, stating specifically what in your record is incorrect or incomplete.
Do note that we cannot correct a record that was created by someone else as we do not know enough about the record to change it. Also, we cannot correct details where, for example, the opinions or observations in the record were made in good faith. You are entitled to be told the reasons for not making a correction and of your right to have a statement of disagreement attached to your records. You can also ask to have this statement made available to those who see the record.
If we correct a record, it must be done carefully so that the full corrected record remains visible or by ensuring that the corrected version is readily available.
If there is a privacy breach
While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized access of your personal health information we will notify you. Upon learning of a possible or known breach, we will take the following steps:
We will contain the breach to the best of our ability, including by taking the following steps if applicable .
• Retrieving hard copies of personal health information that have been disclosed
• Ensuring no copies have been made
• Taking steps to prevent unauthorized access to electronic information (e.g., change passwords, restrict access, temporarily shut down system)· We will notify affected individuals
• We will provide our contact information in case the individual has further questions
• We will provide the Commissioner’s contact information and advise the affected individual of their right to complain to the Commissioner
We will investigate and remediate the problem, by:
• Conducting an internal investigation
• Determining what steps should be taken to prevent future breaches (e.g. changes to policies, additional safeguards)
• Ensuring staff is appropriately trained and conduct further training if required. Depending on the circumstances of the breach, we may notify and work with the Information and Privacy Commissioner of Ontario. If we take disciplinary action against one of our practitioners [or revoke or restrict the privileges or affiliation of one of our practitioners] for a privacy breach, we are required to report that to the practitioner’s regulatory College. We may also report the breach to the relevant regulatory College if we believe that it was the result of professional misconduct, incompetence or incapacity.
If you would like further information, you can contact the clinic. We would be happy to discuss any questions or concerns you may have. Our Privacy Officer is Tara Hosie, if you have a formal complaint to make concerning our privacy practices, you should contact her in writing. The address of the clinic is:
Encompass Health & Wellness
130 Weber St W. Suite 202
Kitchener, ON N2H 4A2
We will respond to your concerns promptly. If, after discussing the issue with Melissa, we are still not able to resolve your complaint or concern, you have the right to make a formal complaint to the Privacy Commissioner of Ontario. This must be done within one year of the matter you are complaining about. Their office can be reached at:
Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Telephone: 416 326 3333
or 1 800 387 0073
Facsimile: 416 325 9195
TTY: 416 325 7539
Email address: firstname.lastname@example.org