< Back to Home
  1. Confidentiality
    1. We take the confidentiality of our patients’ health information extremely seriously. Unless required by law, we will not release any details regarding your/your child’s health without your prior consent.
    2. This office is fully compliant with The Ontario Government’s Personal Health Information Protection Act, and our computerized records system is protected against loss of data and unauthorized access.
    3. For more details about this office’s privacy policy, please review the document entitled Information Sheet – Privacy Policy.
  2. Seeing the Doctor
    1. Patients are seen in priority order, as decided by the staff member performing the triage role.
  3. Email correspondence
    1. We offer a number of services via email.
    2. If/when you use email, especially when sending sensitive information, please be aware that email is not considered secure.
    3. This office cannot be held responsible if there is any security breech, or lost information during correspondence with this office via email.
    4. If you are not comfortable with the non-secure nature of email, please use the telephone.
    5. For further information about the risks associated with email correspondence, please review our email information sheet.
  4. Prescriptions
    1. Medications should be administered as prescribed for best results.
    2. If you suspect a mix up in your/your child’s prescription or a reaction to a drug, please notify us immediately.
    3. Patients are encouraged to keep all prescriptions with one pharmacy.
  5. Insured Services (OHIP Covered services)
    1. Please bring your/your child’s valid OHIP card. If the card is invalid, you will be billed directly for the visit.
    2. If your child does not have OHIP coverage but has private insurance, we will bill you for the services and provide you with an official receipt. Use this receipt to claim reimbursement with your third-party insurer.
    3. If your baby is a newborn, the OHIP number from the hospital is only temporary. You must register with OHIP as soon as possible to obtain a valid permanent OHIP card.
  6. Non-Insured Services (Services Not Covered by OHIP)
    1. OHIP does not pay for all services provided to a patient by the doctor. Services for which OHIP does not pay are called “non-insured” or “uninsured services”.
    2. It is the patient’s (or guardian’s) responsibility to provide payment for these services when rendered.
    3. For further information about uninsured services provided at this practice, please review the document entitled Information sheet – uninsured services.
  7. Medical Residents, Medical Students, Dieticians, and Dietetics Interns in the Office
    1. Occasionally, there will be trainees accompanying the doctor(s) in the office.
    2. We appreciate the opportunity to contribute to the training and development of future doctors and allied health care professionals.
    3. Although it is within your rights to request that trainees not take part in the provision of care to you and/or your child, we strongly encourage our patients to support this arrangement by considering the trainees as part of the treatment team. Please allowing them the privilege of contributing to your/your child’s care.


Protecting Personal Information

Openness and transparency
  • We value patient privacy and act to ensure that it is protected.
  • This policy was written to capture our current practices and to respond to federal and provincial requirements for the protection of personal information.
  • This policy describes how this office collects, protects and discloses the personal information of patients and the rights of patients with respect to their personal information.
  • We are available to answer any patient questions regarding our privacy practices.
  • Accountability
  • The physician is ultimately accountable for the protection of the health records in his/her possession.
  • Patient information is sensitive by nature. Employees and all others in this office who assist with or provide care (including students and locums) are required to be aware of and adhere to the protections described in this policy for the appropriate use and disclosure of personal information.

All persons in this office who have access to personal information must adhere to the following information management practices

Office information management practices
  • Access is on a need to know basis
  • Access is restricted to authorized users
  • staff are aware of and understand requirements to protect personal information
  • appropriate sanctions for failure to fulfill requirements, third party obligations, contractual privacy clauses/agreements with third parties (including cleaning and security personnel, landlords, data processors, etc)
This office employs strict privacy protections to ensure that
  • We protect the confidentiality of any personal information we access in the course of providing patient care.
  • We collect, use and disclose personal information only for the purposes of providing care and treatment or the administration of that care, or for other purposes expressly consented to by the patient.
  • We adhere to the privacy and security policies and procedures of this office.
  • We educate and train staff on the importance of protecting personal information.

Collection, Use and Disclosure of Personal Information

Collection of personal information

We collect the following personal information
Identification and Contact information including:
  • name
  • date of birth
  • address
  • phone and/or fax and/or email
  • emergency contact information
  • record of patient appointment times
Billing information including:
  • Provincial/territorial health insurance plan (health card) number
Health information, including:
  • medical history
  • presenting symptoms
  • physical examination findings
  • relevant medical history of family members
  • test requisitions and results (laboratory tests and x-rays)
  • reports from specialists or other health providers
  • diagnosis and treatment notes (including prescriptions)
  • allergies
  • information to be provided to third parties at the patient’s request (e.g., workers
  • compensation, reports for legal proceedings, insurance claims, government claims)
Limits on collection

We will only collect the information that is required to provide care, administrate the care that is provided, and communicate with patients. We will not collect any other information, or allow information to be used for other purposes, without the patient’s express consent – except where authorized to do so by law. These limits on collection ensure that we do not collect unnecessary information.

Use of personal information

Personal information collected from patients is used by this office for the purposes of
  • Identification and contact
  • emergency contact
  • Provision and continuity of care
  • Historical record
  • Health promotion and prevention
  • Referral to specialists or other treating physicians
  • Requesting laboratory investigations
  • Requesting diagnostic tests
  • Generating prescriptions
  • Referral to other health care providers
  • Referral to Home Care agencies
  • Home care supervision
  • Administrate the care that is provided
  • Prioritization of appointment scheduling
  • Billing provincial health plan
  • Billing third parties
  • Facilitate reimbursement of patient claims (at patient’s request)
  • Professional requirements
  • Risk or error management, i.e., medical-legal advice (CMPA)
  • Quality assurance (peer review)
  • Maintenance of competence
  • Research studies and trials

Disclosure of personal information

Implied consent (Disclosures to other providers)

Unless otherwise indicated, you can assume that patients have consented to the use of their information for the purposes of providing them with care, including sharing the information with other health providers involved in their care. By virtue of seeking care from us, the patient’s consent is implied for the provision of that care. Relevant health information is shared with other providers involved in the patient’s care, including (but not limited to)

  • other physicians in this practice
  • locums
  • medical students and residents
  • nursing or other health care students
  • other physicians and specialists
  • Pharmacists
  • lab technicians
  • nutritionists
  • physiotherapists
  • occupational therapists
Without consent (Disclosures mandated or authorized by law)

There are limited situations where the physician is legally required to disclose personal information without the patient’s consent. Examples of these situations include (but are not limited to)

  • billing provincial health plans
  • reporting specific diseases
  • reporting abuse (child, elder, spouse, etc)
  • reporting fitness (to drive, fly, etc)
  • by court order (when subpoenaed in a court case)
  • in regulatory investigations
  • for quality assessment (peer review)
  • for risk and error management, e.g., medical-legal advice
  • Express Consent (Disclosures to all other third parties)

The patient’s express consent (oral or written) is required before we will disclose personal information to third parties for any purpose other than to provide care or unless authorized to do so by law.

Examples of situations that involve disclosures to third parties include (but are not limited to)

  • third party medical examinations
  • provision of charts or chart summaries to insurance companies
  • enrollment in research studies and trials
Disclosure Log
  • Before a disclosure is made to a third party, a notation shall be made in the file that the patient has provided express consent, or a signed patient consent form is appended to the file.
  • Withdrawal of consent
  • Patients have the option to withdraw consent to have their information shared with other health providers at any time.
  • Patients also have the option to withdraw consent to have their information shared with third parties.
  • If a patient chooses to withdraw their consent, the physician will discuss any significant consequences that might result with respect to their care and treatment (e.g., possible negative impact on the care provided).

Office Safeguards

Security measures

Safeguards are in place to protect the security of patient information. These safeguards include a combination of physical, technological (for offices where computers are in use) and administrative security measures.

We use the following physical safeguards
  • limited access to office
  • monitored alarm system
  • authorized access only
  • supervised access for non-staff
  • limited access to records
  • need to know basis
  • locked file cabinets
  • separate, locked chart room
  • office layout/features
  • front desk privacy screens
  • soundproofing and/or white noise to ensure confidentiality
We use the following technological safeguards
  • protected computer access for patient health information
  • passwords
  • user authentication
  • audit trails
  • system protections
  • firewall software
  • virus scanning software
  • redundancy systems (backups)
  • regular backups, encrypted, offsite
  • Protected external electronic communications – Internet
  • secure electronic record disposal
  • safely dispose of computer hard drives
  • destroy all other removable media (diskettes, CD-R, DVD)
  • Where electronic records are retained rather than destroyed, we follow College requirements for secure retention and disposal of medical records
  • Wireless and mobile communication devices (e.g., laptops, PDAs, etc) are especially vulnerable to loss, theft and unauthorized access. We take extra precautions when using these devices for patient health information.

We use the following administrative safeguards

Office information management practices
  • Access is on a need to know basis
  • Access is restricted to authorized users
  • staff signed confidentiality agreements (as part of employment contract)
  • staff are aware of and understand requirements to protect personal information
  • appropriate sanctions for failure to fulfill requirements
  • third party obligations
  • contractual privacy clauses/agreements with third parties (including cleaning
  • and security personnel, landlords, data processors, etc)
Limits on third party access
  • Any other persons having access to patient information or to these premises (e.g., cleaners, security staff, landlords) shall, through contractual or other means, provide a comparable level of protection.
  • Staff signed confidentiality agreements
  • We also ensure that all staff have signed confidentiality agreements or clause as part of (or appended to) their employment contract.
  • This confidentiality agreement or clause extends beyond the term of employment.

Communications policy

  • We are sensitive to the privacy of personal information and this is reflected in how we
  • communicate with our patients, others involved in their care and all third parties.
  • We protect personal information regardless of the format.
  • We use specific procedures to communicate personal information by
  • Patient preference with regards to phone messages will be taken into consideration secure office voicemail system
  • no audible playback of voice messages in office
  • our fax machine is located in a secure or supervised area (restricted public access)
  • a cover sheet indicates the information is confidential
  • reasonable steps are taken to ensure personal information is received only by
  • secure fax machine (e.g., regular verification of numbers – or call first)
  • firewall and virus scanning software is in place to mitigate against unauthorized modification, loss, access or disclosure
  • sealed envelope
  • marked confidential
  • addressed to the authorized recipient

Record retention

  • We retain patient records as required by law and professional regulations
  • The Canadian Medical Protective Association (CMPA) advises members to retain their medical records for at least 10 years from the date of last entry or, in the case of minors, 10 years from the time the patient would have reached the age of majority (age 18 or 19 in all jurisdictions).
  • Procedures for secure disposal/destruction of personal information

    When information is no longer required, it is destroyed or retained according to set procedures that govern the storage and destruction of personal information. We use the following methods to destroy/dispose of paper records

    We use the following methods to destroy/dispose of electronic records

    • We seek expert advice on how to dispose of electronic records and hardware. At a minimum, we ensure that all information is wiped clean where possible prior to disposal of electronic data storage devices (e.g., surplus computers, internal and external hard drives, diskettes, tapes, CD-ROMs, etc.)
    • properly disposed of computer hard drive
    • destroy all other electronic media storage (diskettes, CD-R, DVD)
    • Electronic records are retained rather than destroyed, and we follow College requirements for the secure retention of medical records
    • Disposal log – Before the secure disposal of a health record, we maintain a log with the patient’s name, the time period covered by the destroyed record, the method of destruction and the person responsible for supervising the destruction (if applicable).

    Patient Rights

    Access to information

    • Patients have the right to access their record in a timely manner.
    • If a patient requests a copy of their records, one will be provided at a reasonable cost.
    • Access shall only be provided upon approval of the physician.
    • If the patient wishes to view the original record, one of our staff must be present to maintain the integrity of the record, and a reasonable fee may be charged for this access.
    • Patients can submit access requests in writing directed to the physician
    • This office follows specific procedures to respond to patient access requests – we respond within a timely fashion, we ensure that one of our staff is present to maintain the integrity of the record should the patient wish to view the original record

    Limitations on access

    • In extremely limited circumstances the patient may be denied access to their records, but only if providing access would create a risk to that patient or to another person. For example, when the information could reasonably be expected to seriously endanger the mental or physical health or safety of the individual making the request or another person.
    • Or if the disclosure would reveal personal information about another person who has not consented to the disclosure. In this case, we will do our best to separate out this information and disclose only what is appropriate.

    Accuracy of information

    • We make every effort to ensure that all patient information is recorded accurately.
    • If an inaccuracy is noted, the patient can request changes in their own record, and this request is documented by an annotation in the record.
    • No notation shall be made without the approval or authorization of the physician.

    Privacy and Access Complaints

    • It is important to us that our privacy policies and practices address patient concerns and respond to patient needs.
    • A patient who believes that this office has not responded to their access request or handled their personal information in a reasonable manner is encouraged to address their concerns first with their doctor.
    • Patient complaints can be made verbally, in writing, directed to the physician, directed to any office staff.
    • This office follows specific procedures for responding to patient complaints
    • Our complaints process is readily accessible, transparent and simple to use
    • We acknowledge and respond to patients in a timely fashion
    • All complaints shall be investigated
    • If justified, remedial measures will be taken, such as amending policies, procedures and practices
    • Patients who wish to pursue the matter further are advised to direct their complaints to provincial/territorial privacy commissioner