THE PACIFIC WELLNESS INSTITUTE
“Personal Information” includes personal information and personal health information as such terms are defined in and governed by the Personal Health Information Protection Act (Ontario) (“PHIPA”) and the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”) (PHIPA and PIPEDA are referred to as “Privacy Laws”). Personal information, therefore, includes any information that contributes to the identity of an individual, such as name, gender, age, ethnicity, religion, education, marital and financial status, employment and health history and information.
“Client” means patients and any person who has provided Personal Information to the Institute, including via email or the Website.
“Staff” includes the Institute reception staff, practitioners, volunteers and individuals who currently provide services to Clients at the Institute. Excluded from this are clients, patients, sales representatives, Institute employees whose employment period or contract has expired or been terminated, family and friends of current Staff or anyone who has not entered into a work contract with the Institute.
“Website” means www.pacificwellness.ca.
B. How and the Purposes for which the Institute Collects, Uses and Discloses Personal Information.
1. To provide services. The Institute collects, uses and discloses Personal Information in person, over the phone or via email, website, or practice management software to deliver healthcare and health services:
- Practitioners and clinical assistants collect and record Personal Information as part of their health assessment to deliver safe and effective Client care, advise Clients of treatment options, for follow-up treatment and for maintenance of Client files
- To communicate with other health-care providers, if or when required for the care of the Client.
- To notify or assist in notifying a family member or emergency contact person as specified by the Client, in the event of an emergency or death.
- For teaching, demonstration and research purposes. Certain information may, from time to time, be extracted from Client files and presented in an anonymous format. Steps will be taken to preserve the privacy of Client identity.
- For the purpose of follow up treatments, prescription product pick-up or booking and confirming appointments, and to distribute healthcare information and patient education via the Institute’s newsletter.
2. Via the Website, Email or Online Practice Management Software.
- Personal Information may be collected via the Website or online practice management software. The Institute will use reasonable efforts following industry standards so that Personal Information submitted through the Website, email, or the online software is confidential. The Institute may send information regarding the Institute’s services and offerings. Clients may opt-out of receiving such communications at any time.
- Communications between Clients and the Institute may be made via email or SMS. Such communications may be available to Staff other than a client’s practitioner and therefore may not be confidential to a particular person at the Institute.
- The Institute reviews and updates its services and policies from time as it strives to deliver a high standard of service to its Clients. When transmitting information over the internet, it is possible for the information to be intercepted by a third party. While this circumstance may be remote, Clients need to be aware of this possibility, and if a Client prefers to submit Personal Information to the Institute by another means, this is available upon request at 416-929-6958
3. To process invoices and for other financial transactions:
- If applicable, the Institute may disclose Personal Information to your insurance provider in the process of completing and submitting insurance claims, payments, claim verifications and audits. This information may include itemized billing statements, medical information, and diagnosis, date of condition and appointment, a description of health care services received and the practitioner(s) who administered the services.
- The Institute produces invoices and receipts for goods and services, processes credit card payments, and collects unpaid accounts.
4. To comply with applicable laws and regulatory standards.
- The personal information or personal health information of Clients may be accessed when necessary by the legal and regulatory requirements of the College that governs each practitioner. The purpose of such disclosure or audit is to ensure that the practitioner is in compliance with his or her professional regulatory requirements in collecting, keeping, and maintaining client information, appointment records, and files.
- Client information may also be accessed to assist the Institute in complying with all other legal and regulatory requirements, including but not limited to reporting child abuse or neglect, problems with products and reactions to medications, reporting communicable disease or infection exposure, identifying or locating a suspect, material witness or missing person, complying with a court order or subpoena, and other law enforcement purposes.
C. Procedures for ensuring confidentiality of Personal Information.
- Only Staff who have signed a Privacy Agreement are entitled to collect, use, and disclose the Personal Information of Clients.
- Paper files are kept in a separate storage space that is inaccessible to the public. Space is accessible only by designated Staff and is locked after clinic business hours. Electronic records are protected by a password. Paper records containing personal information (such as files, invoices and schedule books) remain within the Institute at all times. No Staff is authorized to remove any records, including Client files, from the Institute. Staff is required to prevent files and records from being accessed or inadvertently read by other Clients.
- Personal Information may be released, without obtaining consent from the Client in an emergency or to the contact person specified by the Client in the case of emergency or death of that Client. “Emergency” means an event that requires immediate ambulance, hospitalization or legal action.
- Staff may access, record and change appointment times. Information regarding any scheduled appointments will not be provided or released to anyone other than the Client.
- If the Institute contacts a Client, the phone number provided by the Client is used. Messages left, whether via voicemail or with another person, will provide minimal information regarding scheduled appointments and the name of the Institute practitioner. No other Personal Information will be provided.
- The Institute establishes and maintains correspondence via regular mail or currier services, e-mail and by fax to certain medical facilities. Mail, e-mail and faxes of a personal nature (such as assessment forms and treatment information) will be sent only after consent from the Client is obtained.
- The Institute periodically sends e-mail newsletters and updates to the e-mail address provided by the Client. The Client may, at any time, request that his or her e-mail address be removed from the newsletter mailing list.
D. Online Booking and Practice Management System
The Institute uses Jane Online Booking and Practice Management System. The Institute may use Jane software for booking appointments, issuing invoices, and collecting payments. The Institute may send appointment reminders and other notifications by emails or texts using Jane software. Your personal information including financial records and clinical notes are stored in Jane’s secured servers located in Canada, in accordance with Canadian and Ontario data security and privacy regulations.
Jane Software Inc.
Unit 302 – 111 Forester St.
North Vancouver, BC
V7H 0A6 Canada
E. Exceptions to Requirement for Client Consent.
1.The Institute may collect, use, and disclose personal information without the individual’s knowledge or consent in the following situations:
- It is in the individual’s interest, as determined by the Institute in good faith, and consent is not available in a timely way.
- Knowledge and consent might compromise the availability or accuracy of the information and collection is required to investigate a breach of an agreement or contravention of law, and/or the Institute has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is to be used for that investigation.
- The information is publicly available.
- The information is requested by a lawyer representing the Institute.
- To collect a debt, the Client owes Institute.
- To comply with any law, subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction.
- To a government institution that has requested the information, identified its lawful authority, and indicates that i) disclosure is for enforcing, carrying out an investigation, or gathering intelligence relating to any law; or ii) suspects that the information relates to national security or the conduct of international affairs; or iii) is for administering any federal or provincial law.
- To an investigative body named in the Regulations of for either of the Privacy Laws, or a regulatory authority, college, government institution on the organization’s initiative when the Institute believes the information concerns a breach of an agreement, or a contravention of a federal, provincial, or foreign law, or suspects the information relates to national security or the conduct of international affairs.
- In the event there is a change in the ownership of the Institute or the Institute merges with another corporation, all health information, records, and files will continue to be owned by the Institute, or the new owner/corporation, as the case may be, and the Institute or the new owner/corporation will continue to be responsible to maintain the privacy of Personal Information in accordance with applicable law. Qualified potential purchasers may be granted access to client information as part of the due diligence process. If this occurs, the Institute will take steps to ensure that the prospective purchaser safeguards all personal information.
F. Information Rights of Clients
1. All Clients and Staff have the right to:
- Correct or amend current information held in the records of the Institute.
- Request restrictions on certain uses and disclosures of Personal Information subject to the exceptions specified herein.
- Access copies of such Client’s Personal Information. In such event the Client is required to sign a release authorizing the copies and release of the Personal Information/records. Unless agreed in writing by the Institute, an emergency situation or required by applicable law, the Client shall be required to pay any outstanding amounts owing to the Institute prior to the Institute releasing copies of such records.
- The Institute is not required to agree to requests to amend or restrict the use of Personal Information if it might or would conflict with i) any legal and/or professional college regulation requirements of a practitioner, or ii) the practitioner’s ability to deliver safe healthcare.
G. Procedures for Retaining and Destroying Information.
- The Institute is required to keep Client records for a period as required by applicable law or regulation.
- Any paper files or records that are no longer required to be maintained are shredded and electronic records are deleted or made so that they are no longer accessible or identifiable.
H.. Duty to Report. Like all organizations that are subject to Privacy Laws, the Institute is
- required to and shall report to:
- the Ontario Information and Privacy Commissioner (IPC) of the theft, loss or unauthorized use or disclosure of personal health information, as required by PHIPA and its regulations, and as and when applicable, submit a report each year to the IPC stating the number of times in the previous year that personal health information in the Institute’s custody or control was stolen, lost, or used or disclosed without authority. Records of any data breaches will be kept as required under applicable law.
- the Privacy Commissioner of Canada (PCO) along with any affected Clients any breaches to security involving a Client’s personal information under the Institute’s control, if it is reasonable in the circumstances to believe that the breach has created a real risk of significant harm to the Client(s). A breach of security is defined under PIPEDA as “the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of the Institute’s security safeguards”. Records of any data breaches will be kept as required under applicable law.
J. Do You Have Any Questions?
If you have any questions or requests, please contact us at email@example.com