1. Who We Are
2. Accountability: Our Responsibilities and Commitment to
Protecting your Privacy
3. What Personal Information We Collect & Why
4.1. Placing Conditions on or Restricting Consent
4.2. Withholding or Withdrawing Consent
4.3. When an Individual is Unable or Incapable of Providing Consent
5. Limiting the Collection, Use, Disclosure and Retention of Personal Information
5.1. Limiting the Collection of Personal Information
5.2. Limiting the Use and Disclosure of Personal Information
6. Accuracy of Your Personal Information
7. Safeguards- How We Protect Your Personal Information
9. Individual Access to Personal Information about Themselves
9.1. Correcting Personal Information
The privacy of personal information is a valued and important principle to CMA Imagng, o/a Canadian Diagnostic Network. We collect, use and disclose personal information according to the regulations and guidelines established by the Personal Health Information Protection Act (PHIPA). The standards of PHIPA are included as an integral component of our organization’s policies and procedures, ensuring the individuals’ rights to privacy in regards to the obtainment and use of personal information. In many ways PHIPA simply builds on our existing professional regulations, policies, guidelines and practices.
1. WHO WE ARE
CMA Imaging, o/a Canadian Diagnostic Network is a privately owned, independent health service facility providing a variety of medical services, examinations and procedures in order to assist in the diagnosis and treatment of the patients of referring medical physicians. Because we provide a wide range of health care services, we often deal with a number of other health care and health service providers and third parties. These include hospitals, family physician practices, walk-in medical facilities, specialists, laboratories, the Ministry of Health for Ontario, Cancer Care Ontario, and other independent health facilities. In order to provide care and treatment for the patient, these affiliates and third parties may require limited access to personal information. We restrict their access to only the personal information that is required to provide the patient with an adequate level of health care, service, diagnosis and/or treatment, with the patient’s authorization. Any affiliates or third parties we work with have assured us that they follow privacy procedures according to their own established policies under the Personal Health Information Protection Act and/or the Personal Information Protection and Electronic Documents Act.
2. ACCOUNTABILITY- Our Responsibilities and Commitment to Protecting Your Privacy
3. WHAT PERSONAL INFORMATION we COLLECT and WHY
Personal health information refers to identifiable personal information, which may be factual or subjective. It is information about an individual’s health or healthcare history regarding an individual’s physical or mental condition, including family medical history; the provision of healthcare to an individual; long-term healthcare services; payment or eligibility for healthcare; and the identity of a healthcare provider or substitute decision-maker for an individual. In accordance with Regulations made under the Independent Health Facilities Act, our organization is required to create and/or keep a health record relating to the health services provided in our facility for each individual who is or was a patient. Upon arrival at the clinic, the patient will be asked to complete the information on the requisition, or if they have had a previous visit, they will be asked to confirm their personal information. If an individual is not comfortable disclosing this information, they should inform the front desk and we will do our best to make other arrangements; however, if the patient does not provide certain personal information, the provision of health services may be interrupted or denied. We only collect personal information that is important to the creation of a health file and in the function and operation of our facility. The personal information that is collected is meant enhance the efficiency and quality of care we provide. Personal health information includes the following:
Generally, the personal health information is collected, used and disclosed in order to provide the individual with an adequate level of health service and to ensure accurate medical diagnosis.
Our organization believes that consent is extremely important when collecting, handling and disclosing personal information of an individual. According to the guidelines established by PHIPA, we must obtain an individual’s “knowledgeable consent” to collect, use and disclose personal information. Knowledgeable consent means that an effort must be made to make an individual aware of what personal information is being collected by our organization, how we plan to use it, and how it will be disclosed. An individual must be informed of their rights to withhold and withdraw consent. Under PHIPA, consent is considered valid if it is knowledgeable, voluntary, related to the information in question, and is given by the individual or an authorized decision-maker. Consent can be implied for the collection, use or disclosure of personal health information in order to provide healthcare or assisting in providing care A patient’s circle of care refers to individuals, activities and services provided, which are related to the care and treatment of a particular patient. Subsequently, it includes health care providers such as doctors, as well as other related activities, such as diagnostic imaging. More simply, it refers to all health-related people, procedures and services provided to adequately diagnose and treat a particular patient. This means personal health information might need to be shared with other healthcare providers for the purpose of providing care. Other healthcare providers may include, but are not limited to hospitals, specialists, surgeons, and other diagnostic imaging facilities. Consent can be implied through a patient’s conduct and behavior with our facility. For example, consent is implied for the collection, use and disclosure of personal health information for purposes related to an individual’s healthcare (as mentioned above), if you attend our facility for any health-related services. PHIPA also outlines various circumstances where express consent of an individual is required. Express consent is explicit and direct and may be given verbally, in writing or electronically. Circumstances where express consent is required:
4.1 PLACING CONDITIONS ON or RESTRICTING CONSENT
4.2 WITHHOLDING or WITHDRAWING CONSENT
An individual can withdraw his/her consent at any time for the collection, use or disclosure of his/her personal health information by providing notice to our organization. Withdrawal of consent applies to both implied and express consent. It should be noted that withdrawing consent is not retroactive. More simply, if information has been disclosed based on implied or express consent, we are not required to recover the information that has already been disclosed. In the case of an individual refusing or withholding or withdrawing consent, our organization’s protocol is determined by professional standards of practices. Our policy is to refuse health services if a patient withholds and refuses to disclose personal health information that we require in the function and operation of our facility. This means, in some situation, depending on the information the patient withholds or withdraws, the provision of the health service may be denied. If a patient withdraws consent, the patient will be informed of the consequences. In some situations, this could result in the interruption or denial of certain health services. The existing records of the patient in question will be retained as required by the regulations and standards of practice established under the Independent Health Facilities Act. This maintains patient safety and ensures that audit and regulatory requirements have been met. We will record the withdrawal of consent as part of the patient’s existing file and will inform those to whom the personal information had been disclosed.
4.3 WHEN an INDIVIDUAL IS UNABLE or INCAPABLE of PROVIDING CONSENT
In general, PHIPA assumes that individuals are capable of making decisions pertaining to the collection, use and disclosure of their own personal health information, if they are able to comprehend the consequences of providing, withholding or withdrawing their consent. If we believe an individual is incapable of providing consent, PHIPA allows a substitute decision-maker like a relative, spouse, child’s parent, or Public Guardian and Trustee.
5. LIMITING the COLLECTION, USE, DISCLOSURE and RETENTION of PERSONAL INFORMATION
5.1 LIMITING the COLLECTION of PERSONAL INFORMATION
5.2 LIMITING the USE and DISCLOSURE of PERSONAL INFORMATION
Our retention policies for patient records coincide with the guidelines established under the Independent Health Facilities Act. Maximum and minimum retention periods have been established based on these guidelines. When a patient’s health record is purged, imaging media is destroyed, paper records or documents are shredded and electronic computer files containing information are erased from the computer’s hard drive. Information that does not have a specific purpose or no longer fulfills its intended purpose will be destroyed or disposed accordingly. Instructions for the retention of personal information in the patient’s health record, as well as the proper way to dispose or discard the personal information is included in our policy and procedures manual for employees. Following these guidelines and regulations ensure that an individual’s personal information is not stored or kept unnecessarily, and protects the patient’s privacy rights.
6. ACCURACY of YOUR PERSONAL INFORMATION
We will do our best to ensure that personal information is as accurate, complete and up-to-date as possible. This will reduce the chances of incorrect personal information being used or disclosed to third parties. However, personal information will only be up-dated based on necessity and only to fulfill the required purposes. Certain personal information such as the patient’s name, address, phone number and OHIP or other billing information (commonly referred to as “factual information”) will be up-dated directly on our secured patient database when the patient comes in for an examination. Because our patient database is separate and for our facility’s use only, certain personal information is not automatically up-dated when an individual up-dates their information with OHIP. Also, when we receive personal information from third parties, we will make sure that the information is complete. The patient cannot demand that their record be changed instantly; instead, they can seek correction and change, which will then be taken into consideration and reviewed by the Privacy Officer who will determine whether or not the change should be made.
7. SAFEGUARDS- How We Protect Your Personal Information
Given the sensitive nature of the personal information we collect and use, confidentiality has always been a strong pillar of our organization’s set of values. Privacy and confidentiality have always been an important value in the provision of health services and our organization is no exception. We believe in protecting and securing an individual’s personal information from unauthorized and inappropriate access. Information will be safeguarded from unauthorized access, use, disclosure, copying or modification. Personal information, regardless of the format will be protected. We have implemented a variety of security safeguards to protect personal information. These security measures seek to ensure no unauthorized parties dispose, obtain access to, modify or destroy an individual’s personal information. This is a brief summary of the security measures we have taken:
Personal information is retained only for the time period required by the regulations made under the Independent Health Facilities Act; this ensures that personal information is not kept unnecessarily. When discarding personal information, we are guaranteed that it is done responsibly. For example, personal information recorded on paper is shredded so personal information of a patient is no longer comprehensible. Our security measures have been developed and implemented based on the nature and sensitivity of the personal information we collect, use and disclose, the amount of information we collect and retain, to whom we disclose the information to, the form of the information (electronic, imaging media, paper, files, etc.) and how we store the information. Our Privacy Officer and senior levels of management will periodically review our security measures and up-date and modify them if necessary.
Our policies regarding how we collect use and disclose personal information are understandable, consistent and readily available to the public. We strongly believe that our patient should know about their privacy rights. Therefore, we try to be as open and as transparent in regards to Privacy practices.
9. Individual Access to their Personal Information
Under PHIPA, patients have the general right to access their personal health information. Laws explicitly state that the original documents are to be retained by us; however, having copies is your right. A patient can request access to their personal health information by putting their request in writing. A patient’s right to personal information is not unconditional (see below). According to PHIPA, we as health information custodians have 30 days to respond to the written request. Extensions beyond 30 days are allowed if fulfilling the request in 30 days obstructs the operation of our facility or when consultations with outside sources are required in order to meet the terms of the patient’s request. If this is the case, it is our policy to inform the patient, in writing, that we have received their request, but there will be a delay and outline the reasons for the delay. Our policy also requires that the patient requesting access fill out two access forms within our facility. These forms are needed for administrative purposes and so requests for access to and release of personal health information are properly recorded and documented as part of the patient’s health record. It should also be noted that requesting access to personal health information and the release of such information is not covered under the Ontario Health Insurance Program (OHIP). A patient’s rights to access their personal information are not unconditional. We can refuse access in limited situation, such as:
If we deny your request for access to personal information, we will explain why.
9.1 Corrections to Personal Health Information
If a patient believes that their personal health information is incomplete or erroneous, the individual has the right to request that we correct their file. A patient who wants to correct his/her personal health information must submit a written request to us. We will look into the request and respond within 30 days of receiving any such request. If replying within 30 days interferes with our daily operation, or if we need time to investigate the request and consult with third parties regarding the request we will inform the patient that we need more time and why we need more time. We will change and correct personal information after the individual has demonstrated to our satisfaction that the record is inaccurate or incomplete and provides us with the relevant information needed to correct the record. We will correct information responsibly and based on our existing standards of professional practice. Requests to correct personal information are limited to factual personal information and do not apply to professional opinions developed by our healthcare professionals. If correction is refused on such a basis, we will inform the patient of the refusal and the reasons for the refusal.
Attention: Mrs. Lisa SimpsonEmail: [email protected]
1 Centrepointe Dr
Nepean, ON K2G 6E2
We take your privacy inquiries, concerns and requests very seriously. We will respond to you in a timely manner and to the best of our ability. If you are not satisfied with our response, the Information and Privacy Commissioner of Ontario can be reached at:
2 Bloor Street East, Suite 1400
Toronto, Ontario, M4W1A8(416) 326-3333 1-800-387-0073 Website: www.ipc.on.ca
Make your Appointment
Your examination or doctor’s visit is 4 easy steps away
Request an Appointment
We value your privacy