Mind Forward Brain Injury Services recognizes the sensitivity of your personal health information. This privacy brochure outlines how we manage your information and safeguard your privacy.
PHIPA IS THE LAW
Beginning November 1, 2004, any health care institution or practitioner in Ontario who collects, uses or discloses personal health information must comply with the Personal Health Information Protection Act (PHIPA), 2004.
Mind Forward has prepared this brochure to provide you with a brief description of our privacy policies. Our Privacy Officer would be pleased to answer any questions you may have.
DEFINITIONS
Throughout this document, we refer to the law as “PHIPA”, and your Personal Health Information as defined by PHIPA as “PHI” or “information”. This is identifying information that refers to your physical or mental health, including your and your family’s health history.
PHIPA refers to health professionals, institutions and agencies that hold PHI as “Health Information Custodians”. In this document, we refer to this as “HIC” or “custodian”. Mind Forward is defined as a HIC, and is responsible for the PHI that we collect, use, maintain and disclose, as set out in this brochure.
“Express consent” means permission that we have specifically obtained from you. “Implied consent” means that we have concluded from surrounding circumstances that you would agree to the collection, use or disclosure of your PHI.
WHAT INFORMATION DO WE COLLECT FROM YOU?
We will ask you or your Substitute Decision Maker (SDM) to give us any information about yourself and your family that we require to provide you with health care.
- We will collect information from you or your SDM for our main activities, which include: consultation, assessment, intervention, teaching, limited research, statistics and complying with legal requirements.
- We will only collect information from you indirectly (e.g., from family or other professionals) if necessary to provide you with health care, with your consent, either implied or express, or if the law permits us to do so.
HOW DO WE USE YOUR INFORMATION?
Your information is provided to Mind Forward staff to provide services to you.
- Our staff are trained and understand that your information is private and can only be used or accessed to care for you or carry out our main activities.
- Should we need to use your information for any purpose other than our main activities, we will always request your permission to do so.
- Unless we have your express consent to use your information for research purposes, your information will only be used for research if the strict process in PHIPA is followed by both the Agency and the researcher.
- At times, the law may require Mind Forward to disclose your information, such as to a Children’s Aid Society when they are investigating. Mind Forward will only disclose your information if the law requires us to do so.
WHEN WILL WE DISCLOSE YOUR INFORMATION?
Unless you direct us not to, Mind Forward will:
- Disclose your information to other health care providers in your “Circle of Care” who need to know this information to provide you with care or to assist in providing you with care. The “Circle of Care” may include health care professionals outside of Mind Forward, such as a Psychologist, Psychiatrist, Nurse Practitioners, Ontario Health at Home and home service providers who provide you with health care services.
- Disclose client information for administration and enforcement of various acts by the professional colleges and other regulatory bodies.
GETTING YOUR CONSENT
Your consent to our collection, use or disclosure of your information may be implied or expressed.
We will always ask for your express consent when:
- We are disclosing your information to someone who is not an HIC (e.g., school, employer, lawyer, etc.)
- We are disclosing your information to a HIC, but for purposes other than providing you with health care (e.g., a doctor working for an insurance company). Express consent means specific verbal or written authorization for the collection, use or disclosure.
- Where we are collecting, using or disclosing personal health information for health care purposes, the law normally permits us to rely on implied consent, where the surrounding circumstances allow us to make a reasonable determination that you would agree to the collection, use or disclosure.
- You may withhold or withdraw your consent at any time. If we believe that the withdrawal or limiting of consent may compromise your care, we will tell you, and we may also have to advise other members of your Circle of Care who request your records that we are unable to provide your complete record.
- You can provide express (written) instruction that specific information not be used or disclosed. The Privacy Officer or any of our Mental Health professionals who work with you will be able to assist you with this process.
- In limited situations, we may collect, use or disclose your personal information without your consent that are required or permitted by law. For example, some laws require disclosure of your information such as the Coroners Act and the Vital Statistics Act.
Consent is only valid if it is obtained from a capable person. To be capable of consenting, you must be able to understand the information relevant to the decision and the consequences of giving, withholding or withdrawing consent. If you are found to be incapable of making decisions about your PHI, we will obtain consent from your Substitute Decision Maker, as determined by law.
RETAINING AND DISPOSING OF YOUR INFORMATION
Mind Forward retains your information at the Agency or its premises in a secure manner and will keep it for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Mind Forward has a policy in place to address the retention and destruction of records in the organization. This policy outlines the minimum and maximum retention periods and complies with applicable laws governing the retention of information (i.e. 10 years).
ACCURACY OF YOUR INFORMATION
Mind Forward takes reasonable steps to ensure that your information is as accurate, complete and up-to-date as necessary on collection. We take reasonable steps to ensure that any information that is routinely disclosed to others under this policy is accurate, complete or up-to-date, this fact will be indicated at the time of use or disclosure.
SECURITY OF YOUR INFORMATION
Your information in our custody is protected by security safeguards designed to protect your information against loss, theft and unauthorized access, disclosure, copying, use, collection, modification or disposal.
Some of the steps that we take to protect your information include:
- Physical Measures:
- Protecting the premises by a lock and alarm
- Locking offices that contain PHI
- Storing PHI in locked filing cabinets that are fire retardant
- Administrative Measures:
- Creating and implementing internal operations and procedures regarding security
- Training staff regarding privacy responsibilities
- Monitoring printers and fax machines, ensuring they are kept in secured areas
- Auditing information and security practices to ensure that policies comply with PHIPA
- Establishing contracts with outside parties to ensure the confidentiality of PHI
- Technical Measures:
- Requiring complex individualized passwords to access computers
- Utilization of Multi-Factor authentication for access to electronic data storage locations
- Printers/Faxes – Printouts and faxes are secured by saving the document to a secure mailbox on shared printers until the user inputs a passcode to print the document
- Encrypting PHI stored in electronic formats
- Ensuring that anti-virus, firewall and security measures are current and implemented on all computers that maintain PHI
Our staff (employees, directors, students and professional staff members) are aware of the importance of keeping your information confidential. As a condition of employment or association with Mind Forward, all staff are required to sign a Confidentiality Agreement.
RESPONDING TO A PRIVACY BREACH
Should a privacy breach occur, Mind Forward will make every reasonable effort to contain the breach, which includes locating and retrieving all PHI outside of our control, as well as ascertaining whether other PHI is at risk of exposure.
We will then take any steps necessary to minimize the chances of a similar future breach.
We will notify you at the first reasonable opportunity should your information be lost, stolen, or subject to unauthorized access, disclosure, copying, use or modification.
HOW TO ACCESS YOUR INFORMATION
You can request access to any records in Mind Forward’s custody or control that contain your information by calling or writing to our Privacy Officer. The guidelines for processing these requests are available on request. You will receive a preliminary response from the Privacy Officer within 30-days of receipt of your request, and a full response within 60-days of receipt of the request.
Your right to access your information is not absolute. We may deny access when:
- Denial of access is required or authorized by law
- The request is frivolous, vexatious or in bad faith
If the Privacy Officer refuses you access to your records, a reason will be provided upon the time of refusal; you will also be notified of your right to complain to the Information and Privacy Commissioner of Ontario (IPC).
Mind Forward may charge you a reasonable fee (based on cost recovery) for copies of your information. You will be advised of any fees prior to making copies of your information.
CORRECTION OF PERSONAL HEALTH INFORMATION
Depending on the circumstances, you have the right to request correction to a record of PHI in our custody or control. Such a request may be made by providing a written request to the Privacy Officer. We will provide a response to all correction requests within 30-days of receipt, although in certain circumstances, we may require additional time to provide a response. Should we agree with the correction request, we will make every effort to record the correct information in the record and to cross out the incorrect information, without obliterating it. A correction request may be denied where:
- We are not satisfied that the record is incomplete or inaccurate for the purposes for which the information was recorded
- The request consists of a record that was not originally created by Mind Forward, and we do not have enough knowledge, expertise or authority to correct the record
- The request consists of a professional opinion or observation that a professional or staff has made in good faith
- The request is frivolous, vexatious or made in bad faith
If we refuse to make the correction requested, written reasons will be provided.
COMPLIANCE WITH PRIVACY POLICIES
All Mind Forward staff are required to know and comply with our privacy policies, with any breach in policy being subject to significant action.
Staff may only use your information as permitted by Mind Forward, and within legal limitations. Staff must notify the Privacy Officer at the first reasonable opportunity should your information be lost, stolen or accessed without authorization.
HOW TO CONTACT US
Please direct any questions or concerns in respect to Mind Forward’s information or practices to the Privacy Officer. We will answer all questions and will promptly investigate any concerns that you raise. If an issue is raised that is found to have merit, we will take all appropriate measures, including disciplinary action or amending our practices.
MIND FORWARD’S PRIVACY OFFICER
Ashley Budd
Senior Manager, Clinical Services
Privacy Officer
Officer: 905 949 4411 ext. 240
Direct: 905 302 3423
Fax: 905 949 4019
[email protected]
INFORMATION & PRIVACY COMMISIONER ONTARIO
Although we make every effort to provide an amicable resolution to all privacy concerns, PHIPA provides individuals with the right to complain to the Information & Privacy Commissioner of Ontario.
The Information and Privacy Commissioner Ontario
2 Bloor St. East
Suite 1400
Toronto, ON. M4W 1A8
Phone: 416 326 3333
Toll Free: 1 800 387 0073
TTY: 416 325 7539
Mind Forward is in compliance with the Personal Health Information Protection Act (PHIPA). For more information on Mind Forward’s standard Privacy Practice,