About Your Privacy
Privacy of personal information (PI) and Personal Health Information (PHI) is an important principle at AHC. We conduct our business to the highest standards of privacy and protection of personal data. We follow the Principles of Fair Information Practices and strive to meet and exceed all legal requirements respecting privacy and the protection of personal data. We are committed to collecting, using and disclosing personally identifying information responsibly and only to the extent necessary for the goods and services we provide. We are also open and transparent as to how we handle personal information. This document describes our privacy policies.
Personally Identifying Information
"Personally identifying information" is information that can be explicitly used to identify and/or contact you as an individual. This includes information like your real name, e-mail address, mailing address, phone number, etc. "Personally Identifying Information" is defined in Canada's Personal Information Protection and Electronic Documents Act ('PIPEDA') as information about an identifiable individual. Personal information is to be contrasted with business information (e.g., in individual's business address and telephone number), which may not be protected by privacy legislations. "Personal Health Information" is a term defined at Ontario's Personal Health Information Protection Act (PHIPA)
Ten Privacy Principles
Advanced Healthcare is dedicated to preserving and enhancing the privacy of its customers and visitors to its facilities and this web site. We believe that privacy and the protection of personal information and personal health information are fundamental tenets of a free society and that individuals should have "information self-determination" and organizations collecting personally information should be accountable: We are committed to maintaining the accuracy, confidentiality and protection of your personal information.
As part of this commitment, we have adopted the following ten principles, based on the values set by the Canadian Standards Association's Model Code for the Protection of Personal Information, Canada's PIPEDA and Ontario's PHIPA.
Advanced Healthcare takes responsibility for maintaining and protecting the personal information and personal health information under its control and may designate one or more individuals to be accountable for AHC's compliance with these principles.
At Advanced Healthcare's facility we collect PI/PHI:
• About Clients - We collect, use and disclose personal information in order to serve our clients. For our clients, the primary purpose for collecting personal information is to provide chiropractic, massage therapy, physiotherapy, primary care and occupational therapy treatment. For example, we collect information about a client's health history, including family history, physical condition and function and social situation, in order to help us assess what the client's health needs are, to advise the client of his/her options and then to provide the health care the client chooses to have. A secondary primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services we can identify changes that are occurring over time. It would be rare for us to collect such information without the clients express consent, but this might occur in an emergency (e.g., the client is unconscious) or where we believe the client would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message on from our client we have no reason to believe the message is not genuine).
• About Members of the General Public - For members of the general public, our primary purposes for collecting personal information are to provide notice to special events (e.g., a seminar or conference) or to make them aware of AHC's services in general, or our clinic in particular. For example, while we try to use work contact information where possible, we might collect home addresses, fax numbers and e-mail addresses. We try to obtain consent before using any such personal information, but where this is not, for any reason, possible, we will upon request immediately remove any personal information from our distribution list. On our website we only collect, with the exception of cookies, the personal information you provide and only use that information for the purpose you gave it to us (e.g., to respond to your e-mail message, to register for a course, to subscribe to our newsletter). Cookies are only used to help you navigate our website and are not used to monitor you.
• About Contact Staff, Volunteers and Students - For people who are contracted to do work for us (e.g., temporary workers), our primary purpose for collecting personal information is to ensure we can contact them in the future (e.g., for new assignments) and for necessary work-related communication (e.g., sending out pay-cheques, year-end tax receipts). Examples of the type of personal information we collect for those purposes include home addresses and telephone numbers. It is rare for us to collect such information without prior consent, but it might happen in case of an emergency (e.g., a pandemic outbreak) or to investigate a possible breach of the law (e.g., if a theft were to occur in the clinic). If contact staff, volunteers or students wish a letter of reference or an evaluation, we will collect information about their work related performance and provide a report as authorized by them.
Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
- To invoice clients for those goods and services that were not paid for at the time, to process credit card payments, or to collect unpaid accounts.
- To advise clients that their product or service should be reviewed (e.g., to ensure a product is still functioning properly and appropriate for their current needs and to consider modifications or replacement).
- To advise clients and others of special events or opportunities (e.g., a seminar, development of a new service, arrival of a new product) that we have available.
At Advanced Healthcare's website we collect PI:
The purpose, for which personal information is collected at AHC's website, shall be identified before or at the time the personal information is collected. Collecting personal information about you is essential to our being able to provide the products and services that best meet your needs. Your personal information may be used:
- To determine eligibility for products and services
- To provide requested information, products or services
- To understand and assess Clients' ongoing needs and offer products and services to meet those needs
- For billing and accounting services relating to our products and services
- For Client communication, service and administration
- For internal, external and regulatory audit purposes
- To comply with legal and regulatory requirements
- To register for seminars, workshops and/or services that requires registration or subscription.
- Personal information may also be used for other purposes, subject to obtaining your prior consent for such use.
Individual's consent will be obtained for the collection, use or disclosure of personal information and personal health information. Providing us with your PI/PHI is always your choice. When you request services from us, we ask that you provide information that enables us to respond to your request. In doing so, you consent to our collection, use and disclosure to appropriate third parties of such personal information for these purposes. You also authorize us to use and retain this personal information for as long as it may be required for the purposes described above.
The personal information and personal health information we collect shall be limited only to that which is necessary for the purposes identified. We only collect the personally identifying information required to provide you with a necessary product or service. We collect personally identifying information about you only when you specifically and knowingly provide it to us.
Information Collection and Use at Advanced Healthcare's Facility:
Collection of Personal Health Information
We collect your personal health information at our clinic facility, directly from you, or from the person acting on your behalf. Examples of the type of personal health information that we collect may include but not limited to, your health card details, your name, date of birth, address, health history, records of your visits to Advanced Healthcare and details of the treatment that you received during your visits. We may sometimes collect personal health information about you from other sources, if we have obtained your consent to do so, or if the law permits.
We collect personally identifying information about you only when you specifically and knowingly provide it to us. Information that personally identifies you will be kept strictly confidential. We believe that you should know exactly what personally identifying information we collect and how we're going to use it before you share it with us. We may ask you for personal information such as your name, phone number and address. We do this when you request information, register for seminars, workshops and/or services that require registration or subscription. Personally identifying information that you provide to us will not be made available to third parties without your explicit permission.
Our Facility reviews client and other files for the purpose of ensuring that we provide high quality services, including assessing the performance of our staff. In addition, external consultants (e.g., lawyers, auditors, practice consultants, voluntary accreditation programs) may on our behalf do audits and continuing quality improvement reviews of our Facility, including reviewing client files and interviewing our staff.
Certain regulatory bodies of practitioners may inspect our records and interview staff as a part of their regulatory activities in the public interest. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, our organization believes that it should report information suggesting illegal behavior to the authorities. External regulators have their own strict privacy obligations. Sometimes these reports include personal information about our clients, or other individuals, to support our concern (e.g., improper services). Also, like all organizations, various government agencies (e.g., Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commission, etc.) have the authority to review our files and interview our staff as a part of their mandates. In these circumstances, we may consult with professionals (e.g., accountants, lawyers) who will investigate the matter and report back to us.
The cost of some goods/services provided by the organization to clients is paid for by third parties (e.g., OHIP, Extended Private Insurance, Assistive Devices Program). These third party payers often have your consent or legislative authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to this funding.
Clients or other individuals we deal with may have questions about our goods and services after they have been received. We also provide ongoing services for many of our clients over a period of months or years for which our previous records are helpful. We retain our client information for a minimum of ten years after the last contact to enable us to respond to those questions and provide these services.
If Advanced Healthcare or its assets were to be sold, the purchaser would want to conduct a "due diligence" review of the Clinic's records to ensure that it is a viable business that has been honestly portrayed to the purchaser. This due diligence may involve some review of our accounting and service files. The purchaser would not be able to remove or record personal information. Before being provided access to the files, the purchaser must provide a written promise to keep all personal information confidential. Only reputable purchasers who have already agreed to buy the organization's business or its assets would be provided access to personal information, and only for the purpose of completing their due diligence search prior to closing the purchase.
You can choose not to be part of some of these related or secondary purposes (e.g., by declining to receive notice of special events or opportunities, by paying for your services in advance). We do not, however, have much choice about some of these related or secondary purposes (e.g., external regulation).
Limiting Use, Disclosure and Retention
We do not sell client lists or personally identifying information to others. Personal information and personal health information shall only be used or disclosed for the purposes for which it was collected, unless an individual has otherwise consented or when it is required or permitted by law. Personal information and personal health information shall be retained only as long as necessary for the fulfillment of those purposes.
Protecting Personal Information at Advanced Healthcare:
We understand the importance of protecting personally identifying information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used on computers. All of our cell phones are digital, which signals are more difficult to intercept.
- Paper information is transmitted either through direct line or is anonymized or encrypted.
- Electronic information is transmitted either through direct line or is anonymized or encrypted.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
Retention and Destruction of Personal Information at Advanced Healthcare:
We need to retain personal information for some time to ensure that we can answer any questions you might have about our services provided and for our own accountability to external regulatory bodies. However, we do not want to keep personal information too long in order to protect your privacy.
We keep our client files for about 7 (seven) plus years. Our client and contact directories are much more difficult to systematically destroy, so we remove such information when we can if it does not appear that we will be contacting you again. However, if you ask, we will remove such contact information right away. We keep any personal information relating to our general correspondence (i.e., with people who are not clients) newsletters, seminars and marketing activities for about six months after the newsletter ceases publication or a seminar or marketing activity is over.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it using industry standard data sanitization process and tools and, when the hardware is discarded, we ensure that the hard drive is physically destroyed. Alternatively, we may send some or the entire client file to our client.
Information Collection and Use at Advanced Healthcare's Website
We limit our collection of personally identifiable information our website to what we believe is minimally necessary to provide you with the products and services offered on this website or through our clinic. We primarily use this information for three purposes: to fulfill your requests for certain services, to contact you when you request it, and to alert you to special offers, updated offers and other new services. Our website uses current industry standards for security and data protection to ensure the protection of your privacy.
We will not sell or rent your personally identifiable information to anyone. We may send personally identifiable information about you to other companies or people only when:
- We have your consent to share the information
- We need to share your information to provide the product or service you have requested
- We respond to subpoenas, court orders or legal process, or
- We find that your actions on our websites violate any local rules or applicable laws regarding online conduct, acceptable content and the transmission of technical data exported from Canada or the country in which you reside.
It is important that your personal information and personal health information is accurate and complete. Having accurate information about you enables us to give you the best possible service. We strive to keep personal information and personal health information as accurate, complete and up-to-date as may be necessary to fulfill the purposes for which it is to be used. You have the right to access, verify and amend the information we have about you. We rely on you to keep us informed of any changes, such as a change of address, telephone number or any other circumstances - simply contact your local office representative.
Despite our best efforts, errors sometimes do occur. If you identify any personal information or personal health information that is out-of-date, incorrect or incomplete, let us know and we will make the corrections promptly.
We shall protect personal information and personal health information using security safeguards that are appropriate to the sensitivity level of the information received. We use physical, administrative and technical safeguards to protect our systems and all personal information and personal health information under our control against unauthorized access and use. All protection and security measures are appropriate to the sensitivity level of the information collected. Employees are governed by strict standards and policies to ensure that personal information is secure and treated with the utmost care and respect.
We will make available information about our policies and procedures relating to the management of your personal information and personal health information that is under our control.
On written or email request to our Privacy Officer, Dr. Pisarek, the individual will be informed of the existence, use and disclosure of their personal information or personal health information that is under our control, and may be given access to that personal information as required and permitted by law. Individuals are entitled to challenge the accuracy and completeness of that personal information or and personal health information and request that it be amended, if appropriate.
Any questions or inquiries concerning compliance with our privacy policies and procedures may be addressed to our Privacy Officer, Dr. Pisarek, as set out below.
A cookie is a small file containing certain pieces of information that a website creates when you visit a website. It can track how and when you use a site, which site you visited immediately before, and it can store that information about you. There are two common types of cookies, "session cookies" and "persistent cookies". Session cookies store information only for the length of time that you are connected to a website - they are not written onto your hard drive. Once you leave the website, the originator of the cookie no longer has the information that was contained on it.
In order to enhance your online experience our website uses "session cookies". Most browsers now recognize when a "cookie" is offered, and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer or your Internet service provider.
This website uses Google Analytics to help analyze how users use the site. Google Analytics uses "cookies" (text files placed on your computer) to collect standard Internet log information and visitor behavior information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for www.advancedhealth.ca.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Information (PI) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Information from any source, unless you explicitly submit that information via a fill-in form on our website.
Links to other web-sites
Advanced Healthcare understands the importance of protecting children's privacy, especially within an online environment. Advanced Healthcare's website site is not intentionally designed for or directed at children 13 years of age or younger. It is our policy never to knowingly collect or maintain information in AHC's website about anyone under the age of 13.
When you send us e-mail, we will use your name and e-mail address only to respond to the concerns you write to us with. Your e-mail may be shared with appropriate people within our organization to help us respond to your concerns.
Opting-Out or Unsubscribing
Our clients are given the opportunity to 'opt-out' of having their information used for purposes not directly related to our site at the point where we ask for the information. For example, our registration form has an 'opt-out' option so users who request information from our website, but don't wish to receive any marketing material, can keep their email off of our internal marketing lists.
Users who no longer wish to receive information, material or newsletters from us may 'opt-out' by sending an email to www.advancedhealth.ca with the subject line of "UNSUBSCRIBE".
We reserve the right to amend this policy from time to time. If we make any substantial changes in the way we use your personal information, we will notify you by making amendments this policy.
Updated - April 30, 2018 - AHC