This policy outlines how we protect the personal information we collect about you. Personal information is any identifying information about you, including your physical and mental health. We value patient privacy and are committed to being accountable for how we treat your personal information. Everyone working for this office is required to adhere to the protections described in this policy. This policy was developed in compliance with the British Columbia Personal Information Protection Act (PIPA). PIPA sets out rules for how organizations such as our office can collect, use, disclose, store and retain your personal information. If you have any questions regarding our privacy practices, please contact your physician or one of our staff.
Collection, Use and Disclosure of Personal Information
What personal information do we collect?
- Identification and contact information (name, address, date of birth, telephone number, emergency contact, etc.)
- Billing information (provincial plan and/or private insurer)
- Health information (symptoms, diagnosis, medical history, test results, reports and treatment, record of allergies, prescriptions, etc.)
Why do we collect your personal information?
We collect your personal information for the purposes of identifying you, providing you with care, administering the services that we provide and communicating with you. We collect only the information that is required to fulfill those purposes. We do not collect any other information, or allow information to be used for other purposes, without your express (i.e., verbal, written or electronic) consent – except where
authorized to do so by law.
When and to whom do we disclose personal information?
Implied consent for provision of care:
By virtue of seeking care from us, your consent is implied (i.e., assumed) for your information to be used by this office to provide you with care, and to share with other health care providers involved in your care.
Disclosure to other health care providers:
Your implied consent extends to us sharing your personal information with other providers involved in your care, including (but not limited to) other physicians and specialists, pharmacists, lab technicians, nutritionists, physiotherapists and occupational therapists.
Disclosures authorized by law:
There are limited situations where we are legally required to disclose your personal information without your consent. These situations include (but are not limited to) billing MSP, provincial health plans, reporting infectious diseases and fitness to drive, or by court order.
Disclosures to all other parties:
Your express consent is required before we will disclose your information to third parties for any purpose other than to provide you with care or unless we are authorized to do so by law. Examples of disclosures to other parties requiring your express consent include (but are not limited to) third parties who are conducting medical examinations for purposes not related to the provision of care, enrolment in clinical (research) trials and provision of charts or chart summaries to insurance companies.
Withdrawal of consent:
You can withdraw your consent to us collecting your personal information or having your information shared with other health care providers or other parties at any time by giving us reasonable notice, except where the collection or disclosure is authorized by law. However, please discuss this with your physician first so we can explain the possible consequences of withdrawing consent.
How can records be accessed?
You have the right to access your record in a timely manner. You may request a copy of your record, for a minimal fee. If you wish to view the original record, one of our staff must be present to maintain the
integrity of the record, and a minimal fee may be charged for this access. Patient requests for access to your medical record can be made verbally or in writing to your physician or the staff (see office address at top of Policy).
Are there limitations on access?
In extremely rare circumstances you may be denied access to your records, for example if providing access would create a significant risk to you or to another person.
What if the records are not accurate?
We make every effort to ensure that all of your information is recorded accurately. If an inaccuracy is identified, you can request that the information be corrected, and a note will be made to reflect this on
How secure is your personal information?
Safeguards are in place to protect the security of your information. These safeguards include a combination of physical, technological and administrative security measures that are appropriate to the sensitivity of the information. These safeguards are aimed at protecting personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
What is our communications policy?
We protect personal information regardless of the format. Specific procedures are in place for communicating by phone, email, fax, and post/courier.
How long do we keep personal information?
We retain patient records for a minimum period of 16 years, or as otherwise required by law and professional regulations.
How do we dispose of information when it is no longer required?
When information is no longer required, it is destroyed in an irreversible and secure manner, in accordance with set procedures of the College of Physicians and Surgeons of BC that govern the storage and destruction of personal information.
If you believe that this office has not replied to your access request or has not handled your personal information in a reasonable manner or in accordance with PIPA, please first contact our office at the number above to discuss your concerns. You may also choose to make a complaint to the College of Physicians and Surgeons of BC or the Information & Privacy Commissioner for BC.
Risks of using electronic communication
The Physician will use reasonable means to protect the security and confidentiality of information sent and received using the Services (“Services” is defined in the attached Consent to use electronic communications). However, because of the risks outlined below, the Physician cannot guarantee the security and confidentiality of electronic communications:
- The use of electronic communications to discuss sensitive information can increase the risk of such information being disclosed to third parties.
- Despite reasonable efforts to protect the privacy and security of electronic communication, it is not possible to completely secure the information.
- Employers and online services may have a legal right to inspect and keep electronic communications that pass through their system.
- Electronic communications can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.
- Electronic communications can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the Physician or the patient.
- Even after the sender and recipient have deleted copies of electronic communications, back-up copies may exist on a computer system.
- Electronic communications may be disclosed in accordance with a duty to report or a court order.
- Videoconferencing using services such as Skype or FaceTime may be more open to interception than other forms of videoconferencing; therefore only HealthVue approved services will be utilized.
If the email or text is used as an e-communication tool, the following are additional risks:
- Email, text messages, and instant messages can more easily be misdirected, resulting in an increased risk of being received by unintended and unknown recipients.
- Email, text messages and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender or to ensure that only the recipient can read the message once it has been sent.
Conditions of using the Services
- If your electronic communication requires or invites a response from the Physician and you have not received a response within a reasonable time period, it is your responsibility to follow up to determine whether the intended recipient received the electronic communication and when the recipient will respond.
- Electronic communications concerning diagnosis or treatment may be printed or transcribed in full and made part of your medical record. Other individuals authorized to access the medical record, such as staff and billing personnel, may have access to those communications.
- The Physician may forward electronic communications to staff and those involved in the delivery and administration of your care. The Physician might use one or more of the Services to communicate with those involved in your care. The Physician will not forward electronic communications to third parties, including family members, without your prior written consent, except as authorized or required by law.
- You and the Physician will not use the Services to communicate sensitive medical information about matters specified below:
- Sexually transmitted disease AIDS/HIV
- Mental health
- Developmental disability
- Substance abuse
- You agree to inform the Physician of any types of information you do not want to be sent via the Services, in addition to those set out above. You can add to or modify the above list at anytime by notifying the Physician in writing.
- Some Services might not be used for therapeutic purposes or to communicate clinical information. Where applicable, the use of these Services will be limited to education, information, and administrative purposes.
- The Physician is not responsible for information loss due to technical failures associated with your software or internet service provider.
Instructions for communication using the Services
To communicate using the Services,you must:
- Reasonably limit or avoid using an employer’s or other third party’s computer.
- Inform the Physician of any changes in the patient’s email address, mobile phone number, or other account information necessary to communicate via the Services.
- You will not use the services while in the operation of a motor vehicle. If the Services include email, instant messaging and/or text messaging, the following applies:
- Include in the message’s subject line an appropriate description of the nature of the communication (e.g. “prescription renewal”), and your full name in the body of the message.
- Review all electronic communications to ensure they are clear and that all relevant information is provided before sending them to the physician.
- Ensure the Physician is aware when you receive electronic communication from the Physician, such as by a reply message or allowing “read receipts” to be sent.
- Take precautions to preserve the confidentiality of electronic communications, such as using screen savers and safeguarding computer passwords.
- Withdraw consent only by email or written communication to the Physician.