Emerging Minds Privacy Policy

This policy applies to all psychologists and associates operating under Emerging Minds.

The following privacy policy is made under the Personal Information Protection and Electronic Documents Act, 2004 (PIPEDA) and the Personal Health Information Protection Act, 2004 (PHIPA). PIPEDA is a federal act which came into effect on January 1, 2004 ; PHIPA is a provincial act which came into effect on November 1, 2004.

These acts set out obligations which must be followed when collecting, retaining, releasing, and destroying personal information. All for-profit agencies (e.g., medical clinics, private rehabilitation facilities) are now mandated to follow these Acts. This means that, among other details, they must provide their clients with a copy of their privacy policy and designate a person who is accountable for ensuring the organization’s compliance with PIPEDA and PHIPA.

Ensuring privacy and confidentiality of personal information is a key priority for me at this private practice. I am committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services that I provide. My objective is to be open and candid as to how I handle personal information. This document describes my privacy policies so that those who use my services, are affiliated with me, or do business with me, can understand my ongoing commitment to service provision with respect to privacy.

WHAT IS PERSONAL INFORMATION ?

Personal information is that which refers to a specific individual. This includes information that relates to personal characteristics (e.g., gender, age, income, home address, phone number, family status), their health (e.g., health history, previous treatment) or other activities and views (e.g., political affiliation, opinions expressed by the individual, and opinion or evaluation of an individual by a second party). Personal information is different than business information (e.g., an individual’s business address or phone number) which is not protected by PIPEDA or PHIPA.

WHO AM I: Dr. Yolanda Korneluk, chief psychologist at Emerging Minds

I am a registered psychologist in the province of Ontario. I work completely independently in my own established private practice. No personal information that you disclose will be shared with any other individual unless you give me express written consent to share this information or unless issues of safety, abuse, legal subpoena or unpaid fees arise which compel me to disclose your information to the appropriate agency.

WHY IS PERSONAL INFORMATION COLLECTED?

1) PRIMARY PURPOSES

Information About Clients

Like all psychologists, I collect, use and disclose personal information in order to serve clients. Failure to collect, review or consider personal background information about clients would be negligent on my part. For my clients, the primary purpose for collecting personal information is to provide psychological assessment, treatment, and consultation services. For example, I collect information about a client’s health history, including family history, physical and psychological functioning and social situation in order to help me assess their mental health needs, to advise them of their options, and to provide the psychological services that they choose.

A secondary primary purpose is to obtain a baseline of current psychological, cognitive or vocational status, so that in providing ongoing services, I can identify changes that are occurring over time. It would be rare for me to collect such information without the client’s expressed consent, but this may occur in an emergency situation (e.g., if the client is suicidal). Another primary purpose is to collect personal, health and social information in order to provide diagnostic information, current status, and recommendations to the client’s family physician and/or referral source.

Contract Staff and Students

For those persons who are contracted to do work for my private practice (e.g. temporary staff or students) my primary purpose for collecting personal information is to ensure that I can contact them in the future (e.g. for new assignments) and for necessary work-related communications (e.g. sending out paycheques, year-end tax receipts). Examples of the types of personal information I would collect for those purposes include home addresses and telephone numbers. It is rare for me to collect such information without prior consent, but it may occur in the case of health emergency (e.g. a SARS outbreak) or to investigate a possible breach of the law (if a theft were to occur in my office building). If contract staff or students wish a letter of reference or an evaluation, I will collect information about their work-related performance and provide a report as authorized by them.

2) RELATED AND SECONDARY PURPOSES

Like most organizations, I also collect, use, and disclose information for purposes related to, or secondary to, my primary purposes. The most common examples of related and secondary purposes are as follows:

  • to invoice clients for goods/services that were not paid for at the time
  • to advise clients of my need to obtain their approval for treatment or for information about their treatment plans
  • to advise clients and others of opportunities relevant to them (e.g., development of new service, seminar, service)

It is possible that external consultants (auditors, lawyers, accreditation programs) may, on my behalf, do audits and continuing quality improvement reviews of my work. At times, this may involve interviewing me. Only under rare circumstance would this involve review of any client files.

The cost of some goods/services provided by myself to clients is paid for by third parties (e.g., auto insurance companies, long-term disability insurance companies). In these cases, I will ask for your express written consent to disclose to them certain information to demonstrate your entitlement to this funding.

I retain client information for a minimum of 10 years after the last contact to permit me to respond to questions arising after services have been received. If the client is a child at the time he or she receives services, his or her record will be retained for 10 years after she or he reaches the age of 18 years.

If my practice or my assets were to be sold, the purchaser would want to conduct a “due diligence” review of the clinic’s records to ensure it is a viable business that has been honestly portrayed to the purchaser. This due diligence may involve some review of my accounting and service files. The purchaser would NOT be able to remove my records or record any personal information. Before being provided access to the files, the purchaser would be required to provide a written promise to keep all personal information confidential. Only reputable purchasers who can maintain the standards required by the College of Psychologists of Ontario, who have already agreed to buy the organization’s business or its assets would be provided access to personal information, and only for the purpose of completing the due diligence search prior to closing the purchase.

Psychologists are regulated by the College of Psychologists of Ontario. This organization may inspect my records as part of regulatory activities in the public interest. Also, various government agencies (e.g. Canada Customs and Revenue Agency, Information and Privacy Commissioner, the Human Rights Commission, etc.) have as part of their mandate the legal authority to review my files without patient consent.

You can choose not to be part of some of these related or secondary purposes (e.g. by paying for your services at the time they are rendered). However, you do not have much choice about the disclosure of your personal information with respect to many of these related and secondary purposes (e.g. external regulations and audits).

PROTECTING PERSONAL INFORMATION

I take the importance of protecting personal information very seriously. For that reason, I have taken the following steps:

  • Paper information is either under supervision or secured in a locked area
  • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, security access systems are used on computers and PDAs.
  • My cell phone is digital, meaning that its signals are more difficult to intercept
  • Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies
  • I discourage clients from sending me personal information by e-mail because communications carried over the Internet are neither secure nor verifiable. If exceptions are made, electronic information is transmitted through either a direct line or is anonymized or encrypted.

If your information was stolen, lost or accessed by an unauthorized person, I would be responsible for notifying you of this security breach at the first reasonable opportunity.

RELEASING YOUR PERSONAL INFORMATION

Release of information requests are filled only with your written authorization or, in unusual circumstances, with your verbal consent witnessed by 2 people.

I do not release any type of raw data from psychological testing to any other party, other than to registered psychologists, even with your consent.

I will only release information that has been collected in my office, with your consent, to other individuals. I will not release any other reports provided to me by allied health providers (e.g., a physician’s report that was sent to me).

In some instances I may be compelled to release information without your consent. These instances may include the following:

  • for debt collection purposes to a collection agency
  • to share information with my lawyer
  • to comply with a subpoena, warrant or court order at the request of a government institution for national security, law enforcement or administration
  • where there is an emergency that threatens the life, health or security of an individual (e.g., suicide threats, suspected child abuse, reports that you have been abused by another health care provider)

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

I need to retain personal information for some time to ensure that I can answer any questions you might have about services provided, and for my own accountability to external regulatory bodies.

I destroy paper files containing personal information by shredding. I destroy electronic information by deleting it and, when the hardware is discarded, I ensure that the hard drive is physically destroyed.

If I die or become unable to practice for any reason, your file will be forwarded to and become the responsibility of an alternate designated clinician.

LOOKING AT YOUR PERSONAL INFORMATION

With a few rare exceptions, you have the right to see what personal information I hold about you. Often, all you have to do is ask. I can help you identify what records I might have about you. I will also try to help you understand any information that you do not understand (e.g. short forms, technical language, etc.). I reserve the right to charge a nominal fee for such requests. Should you wish to have copies of information contained in your file, I will review your file with you before I release any information to you.

If there is a problem, I may ask that you put your request in writing. If I cannot provide you with access, I will tell you within 30 days, if possible, and tell you the reason as to why I cannot give you access (e.g., because the requested information reveals a third party and/or may jeopardize the health or safety of a third party; because the information relates to a legal proceeding/subpoena/warrant).

If you believe that there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formed. If necessary, I will ask you to provide documentation that information in my file is wrong. Where we agree that a mistake was made, the correction will be made and I will notify anyone to whom the original information was sent. If we do not agree that a mistake was made, I will still agree to include in my file a brief statement from you on the point(s) and I will forward that statement to anyone else who received the earlier information.

DO YOU HAVE ANY QUESTIONS?

If you have any questions about my privacy policy, please feel free to ask me in person or telephone me at (613) 851-6292. If you wish to make a formal complaint about my privacy practices, please do so in writing to me. I will acknowledge receipt of your complaint, ensure that it is investigated promptly, and that you are provided with a formal decision and reasons in writing.

If you have a concern about the professionalism or competence of my work as a psychologist, I would ask you to discuss those concerns with me. However, if I cannot satisfy your concerns, you are entitled to make a complaint to my regulatory body, the College of Psychologists of Ontario:

The College of Psychologists of Ontario

110 Eglinton Avenue West, Suite 500

Toronto ON, M4R 1A3

tel: 1-800-489-8388   fax: 1-416-961-2635

www.cpo.on.ca

My Privacy Policy is made in compliance with both PIPEDA and PHIPA. These acts are complex and are too detailed to be set out in full here.  For more information, the Information and Privacy Commissioner of Canada oversees the administration of the PIPEDA legislation in the private sector. The Information and Privacy Commissioner of Ontario oversees the administration of the PHIPA act. These Commissioners also act as mediators for privacy disputes. Their contact information appears below.

The Privacy Commissioner of Canada

112 Kent Street

Ottawa ON, K1A 1H3

tel: (613) 995-8210/1-800-282-1376

fax: (613) 947-6850, TTY: (613) 992-9190

The Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Tel: (416) 326-3333 or 1-800-387-0073

Fax: (416) 325-9195, TTY: TDD/TTY: (416) 325-7539