Privacy Policy Statement
This statement explains your privacy rights and the steps our organization takes to protect your personal health information (PHI) as required under the Personal Health Information Protection Act, 2004 (PHIPA). Our organization is committed to ensuring the privacy protection and confidentiality of your PHI. More information can be found in our organization’s Privacy Policy upon request.
Purpose of Collection, Use and Disclosure of Your Personal Health Information:
We collect information directly from you or the person acting on your behalf, such as your designated Substitute Decision Maker. Occasionally, we may collect information about you from other sources if permitted or if required by law. Such other sources could include information from other providers working with us to provide you with care or services you require.
While this is not an exhaustive list, Carefor may collect, use and disclose your PHI to:
- Treat and care for you alongside the other health care providers that are involved in your care.
- Enable you to participate in our programs and services;
- Receive payment for your treatment and care;
- Inform funding agencies such as the Ontario Ministry of Health or Ministry of Long-Term Care and Local Health Integration Networks for health system management purposes;
- Guide the planning and administration of our services and operations;
- Conduct quality improvement activities;
- Ensure we comply with legal and regulatory requirements;
- Conduct research; and
- Fulfill other purposes permitted or required by law (e.g. infectious disease reporting to public health agencies).
Consent to Collect, Use and Disclose:
We assume that when you come to have health care from us, you have given us your permission (your consent) to use your information, unless you tell us otherwise. We may also collect, use and share your health information in order to talk with other health care providers about your care unless you tell us you do not want us to do so.
- You have the right to ask that we not share some or all of your health record with one or more of our team members or ask us not to share with one or more of your external health care providers. This is known as asking for a “consent directive/lockbox”. If you request restrictions on the use of and disclosure of your health record, a member of our team will explain your choices and potential repercussions for those options.
- There are other cases where we are not allowed to assume we have your permission to share information and we will obtain your express consent to make sure that we have your permission.
- When we require and ask for your permission to give us consent, you may choose to say no. If you say yes, you may change your mind at any time. Once you say no, we will no longer share your information unless you say so. Your choice to say no may be subject to some limits.
- NOTE – there are cases where we may collect, use or share your health information without your permission, as permitted or required by law. For example, we do not require your permission to use your information for billing, risk management or error management, quality improvement purposes. We also do not need your permission to share your health information to keep you or someone else safe (it’s called to eliminate or reduce a significant risk of serious bodily harm); or
to meet reporting obligations under other laws such as for health protection of communicable diseases, child safety, or safe driving.
Our Responsibilities
- We take steps to protect your PHI from theft, loss, and unauthorized access, copying, modification, use, disclosure, and disposal.
- We conduct audits and complete investigations to monitor and manage our privacy compliance and ensure your PHI is secure.
- We take steps to ensure that those who perform services for us protect your privacy and only use your information for the purposes you have consented to or are otherwise permitted or required by law.
- We try to keep your record accurate and up-to-date.
- Everyone here is bound by confidentiality. We have to protect your information from loss or theft and make sure no one looks at it or does something with your information if they are not involved with your care or allowed as part of their job. If there is a privacy breach, we will tell you (and we are required by law to tell you).
Your Rights:
- You may request to access to your original health record, obtain a copy of your health record, correct your PHI and/or withdraw/modify your consent for the above collection, uses, and disclosures by contacting our Privacy Officer in writing. Requests are subject to reasonable notice and may be subject to legal exceptions.
- You have a right to make choices and control how your health information is collected, used, and disclosed, subject to some limits. You may make your own decisions if you are “capable”. Your primary health care provider will decide if you are capable based on a test the law sets out. If you are not capable, you will have a substitute decision-maker to make informed decision for you.
For more information or to raise a concern, please contact our Privacy Officer at:
Privacy Officer, Carefor Health & Community Services
760 Belfast Road,
Ottawa, ON, K1G 6M8
(613) 903-6565 x5017
privacyofficer@carefor.ca
If you believe your rights have been violated, you can contact the Information and Privacy Commissioner (IPC) of Ontario at:
2 Bloor Street East, Suite 1400
Toronto, Ontario, M4W 1A8 Canada
Phone: 1 (800) 387-0073 (or 416-326-3333 in Toronto), Fax: 416-325-9195, www.ipc.on.ca