Created Date: October 2, 2012
We have adopted this Privacy Charter to guide how our clinic collects, uses and discloses health and financial information.
Our clinic respects the privacy rights of our patients and is committed to protecting the health information that we collect from you. We have developed our privacy practices based on the HIA requirements. This legislation applies to health information we collected, used and disclosed to provide our patients with health services, before and after the HIA came into effect. While patient consent can be granted in an informal way, such as providing us with an individual insurance card to document your insurance provider, in some situations we must have formal consent to collect, use, and disclose your personal information.
Principle 1 - Accountability / Management
We are accountable for the health information that you give to us.
Our clinic is accountable for all health information in our possession or control, including any health information that we disclose to other custodians or that we are required to share with third parties in order to provide you with health services.
Principle 2 - Notice
We will explain why we collect individually identifying health information before we collect it.
We have posted a notice explaining why we collect your individually identifying health information, and the legal authority that authorizes us to collect it.
We will collect individually identifying health information only for the following purposes, or as otherwise permitted by law:
Provision of health services
Verify eligibility or obtain and process payment for health services
Health-Related Educational Communications (e.g. appointment reminders, providing information about treatment alternatives, or other health-related benefits and services that may be of interest to you).
Other Internal Management Purposes: Our clinic does use health information for planning, quality improvement, reporting, etc. within the clinic and disclose health information as per HIA.
Research: Our clinic does conduct research, perform data matching or other services to facilitate others’ research. All research projects must be approved by a research ethics board (HIA s49 – 54).
Principle 3 - Collection
We limit the amount and type of health information we collect.
Our clinic will only collect health information for the purposes that we have identified or as otherwise permitted by law. In addition, we will only collect as much health information as is essential to carry out the purpose for which we are collecting it. Your health information will be collected directly from you, except in the limited circumstances where we are authorized by the HIA to indirectly collect such information.
Principle 4 - Use and Disclosure
We will use and disclose your health information only for the reasons for which it was provided to us, unless otherwise permitted by law.
In providing health services to you, we may use your health information within the clinic or may disclose it to other custodians to provide you with health services on a need to know basis for the purpose it was collected. Any third party disclosure of information requires your written consent, unless otherwise permitted by law. The HIA also identifies situations in which the disclosure is mandatory or discretionary. In all cases, we will only disclose as much information as is essential for the purpose it is being disclosed or per HIA requirements. In the future, some of your health information will be deemed “prescribed health information” and we will be required to make it accessible to authorized custodians via the Alberta Electronic Health Record (EHR) [commonly called Alberta Netcare]. Consideration of expressed wishes of the patient will be considered when making your information accessible, and patients can ask for some of their health information to be “masked”. When authorized health service providers access health information in Alberta Netcare it is considered a use of health information, not disclosure.
Principle 5 - Consent
We may disclose your health information to a third party with your written consent to that disclosure.
If you consent to disclosure of your health information, you may revoke that consent at any time per the requirements set out in HIA (s34). The consequences of withdrawal of consent will be discussed with you and documented.
Principle 6 - Access
You have a right to access your health information that is in our clinic’s custody or control within the provisions of HIA.
Patients own the health information in their medical record; the clinic owns the medical record. During the provision of health services, we will share your health information with you or your authorized representative verbally, and allow access to or provide copies of your health information records when practical (including information in Alberta Netcare).
As a patient you are entitled to a copy of your medical record but our clinic also has the right to refuse to disclose health information under some circumstances [HIA s11 (1) & (2)] and to make access subject to payment of fees as allowed per HIA regulations.
Principle 7 - Safeguards
We will protect your health information from unauthorized access, use, disclosure or destruction.
We have assessed the risks to your health information and implemented administrative, technical and physical safeguards to eliminate or minimize the risk. Examples of these safeguards include: office policies and procedures that ensure that health information cannot be seen by unauthorized persons, having employees sign oaths of confidentiality to ensure they understand the importance of confidentiality, electronic security mechanisms like firewalls and password protection, and securing the clinic when we are closed.
Principle 8 - Quality
We take efforts to ensure the health information in our custody or control is accurate and complete before using or disclosing that health information.
We update our registration and billing data as required. We ensure our clinic records are complete and accurate, and track additions and amendments. We correct inaccurate or incomplete factual information.
Subject to limited and specific exceptions in the HIA, individuals have a right of request corrections or amendments to this information whether in the clinic EMR or Alberta Netcare.
Principle 9 - Retention and Destruction of Records
We will retain your health information per the College of Physicians and Surgeons of Alberta (CPSA) guidelines, and securely destroy of your health information when it is no longer needed.
We will keep your health information per CPSA record retention guidelines or as long as
necessary to accomplish the purpose for which it was collected (whichever is longer).
We also follow the ten year retention period per the HIA with regard to use and disclosure logs.
We destroy paper health information by shredding, and destroy or use professional disk wiping software to remove health information from computer hard drives and other media.
In the event our clinic changes in its provision of health care, patients will be contacted with information about the change and, when applicable, where information has been transferred. You will be free to continue to use that clinic or to have your information transferred to the clinic of your choice.
Principle 10 – Monitoring & Enforcement
We monitor compliance with our privacy policies and procedures, and have a process for handling complaints about handling of health information.
We regularly assess our health information safeguards, and ensure our physicians and staff know what they are and that they follow them. We have put in place sanctions for anyone who breaches or attempts to breach our safeguards to demonstrate the important we place on preserving privacy and confidentiality. We investigate all privacy complaints or suspected privacy breaches, and take appropriate remedial measures including amending our policies, disciplining staff, etc.
We have a process for handling requests for correction or amendments to health information. In the event that a complaint cannot be resolved, the Clinic Privacy Officer will advise the individual of the mechanism for referral of the complaint to the College of Physicians and Surgeons of Alberta, or the Office of the Information and Privacy Commissioner of Alberta.
Principle 11 - Financial Information
We will protect your financial information from unauthorized access, use or disclosure.
The secured patient portal contains an online payment service. This allows you to pay the required $100 deposit prior to your first appointment. This deposit is non-refundable and will be applied towards the initial consultation fee of $350. You may also prepay for any of your follow up appointments ($175) through the patient portal. Any financial information you share (including your name, address and credit card number) is kept secure via the use of encryption technology, such as Secure Sockets Layer ("SSL"), to protect your personal information during data transport.
Last Update - May 11, 2015
If you have any concerns regarding our privacy policies - please email us at firstname.lastname@example.org.