Privacy Policy

Introduction

TIA Rehabilitation Group collects, stores, and discloses information about our clients and employees/consultants during the process of providing professional rehabilitation services and throughout the duration of their association with our organization.

We are committed to ensure the security of this information and to meet our obligations under the Personal Information & Electronic Documents Act (PIPEDA) and the Personal Health Information Protection Act (PHIPA).

Definitions

Personal Information
Includes identifiers such as:

  1. Personal address, telephone number, or e-mail address
  2. Any identifying number assigned to an individual (i.e. OHIP Card, SIN)
  3. Payment history
  4. Information relating to age, sex, disability, race, citizenship status, marital status, religion, etc.
  5. Information relating to education, employment, or criminal history.
  6. Individual’s name as appeared with other confidential information.
  7. Employee & consultant’s resume, pay, benefits, disciplinary actions, bank account information, date of birth, and history of complaints.

Personal Health Information

  1. Physical or mental health of the individual
  2. Payment or eligibility of health care for the individual
  3. Individual’s health card number
  4. Individual’s substitute decision maker
  5. Clinical information of the individual

Employees
As defined by Canada Revenue Agency’s status of salaried employee including source deductions, vacation pay, public holiday pay, CPP Contribution, and EI Contribution.

Consultants
As defined by Canada Revenue Agency’s status of self-employment including the criteria of control, tools & equipment, subcontracting or hiring, financial risk, & opportunity for profit.

Breach of Privacy
A situation where personal or personal health information of an individual has been disclosed in the absence of consent.

Principle 1:    Accountability

  1. Our President, who acts as our Privacy Information Officer,  is accountable for compliance with this Privacy Policy.        Any questions or complaints regarding the manner in which personal information is being handled by our clinic should be directed to our president at:

TIA Rehabilitation Group
37 Sandiford Drive, Suite 109
Stouffville, ON
L4A 7X5

Tel:       (905) 642-0873 x1
Fax:     (905) 642-0878

Website:          www.tiarehab.ca

  See information sheet on “How to access our Privacy Information Officer”.

  1. Duties of the Privacy Officer
  1. To review and analyse TIA Rehabilitation Group’s policies and procedures regarding personal and personal health information.
  2. To implement any changes as necessary for policies and procedures in order to guarantee the collection, usage, and disclosure of personal and personal health information is consistent and compliant with current legislation.
  3. To inform clients,  employees/consultants, and the public about TIA Rehabilitation Group’s privacy policy and procedure on the collection, usage, and disclosure of personal and personal health information.
  4. To answer and address any complaints associated with privacy of information.
  1. All employees, consultants, managers, and directors at TIA Rehabilitation Group are required to receive orientation and training regarding their respective obligations in accordance with this privacy policy.     

Evidence of ongoing compliance is required by each employee, consultant, manager, and director through the signing of an annual form indicating the understanding of confidentiality obligations.   

  1. Any employee, consultant, manager, or director who are found to be in violation of Privacy will be subjected to disciplinary actions up to and including termination.


Principle 2:    Purpose of Collection

TIA Rehabilitation Group,  in the process of providing physiotherapy and other related rehabilitation services, needs to collect, use, and disclose personal and personal health information with various stakeholders.     The following outlines why such information is collected.    Individuals will be informed either verbally or in writing, depending on the way in which information is collected its sensitivity.

  1. Information about Employees & Consultants

Our clinic collects and uses personal information about our employees and consultants for the following purposes:

  1. to make available academic and professional qualifications for our clients or third party insurers.   
  2. to ensure that all registered staff members are in good standing with their respective regulatory colleges in the province of Ontario.  (i.e. College of Physiotherapists, College of Occupational Therapists, & College of Massage Therapists)
  3. to ensure that every registered staff carries appropriate amount and type of professional malpractice insurance.
  4. to assist our registered staff in preparation of invoices for services rendered to third party insurances such as Motor Vehicle, Extended Healthcare, WSIB, Veteran Affairs, and Assistive Device Program (ADP).
  5. to prepare payroll, income tax, and other documentations (i.e. T4, T2200) in accordance with regulation setforth by Canada Revenue Agency.
  6. to compile and provide list of all registered physiotherapists who are either employed or serve in the capacity of consultant for our corporation in accordance with regulation setforth by the College of Physiotherapists of Ontario for annual physiotherapy professional corporation renewal.
  7. to provide evidence that each employee or consultant may work and may lawfully be employed in Canada.
  1.  Information about Clients

Our clinic collects and uses personal and personal health information about our clients for the following purposes:

  1. to establish a client’s personal information record with identifiers such as name, address, contact information, date of birth, emergency contacts, power of attorney, public trustee, etc.
  2. to establish a client’s billing record with identifiers including OHIP card number, attending physician, diagnosis, date of birth,  and facility number where applicable.
  3. to establish a client’s medical record such as the person’s diagnosis, medical history, past treatment, laboratory findings,  inter-disciplinary progress notes, consultation reports,  diagnostic imaging results,  physician’s referrals, and any other clinical information that may assist in the provision of physiotherapy care for such client.          
  4. during continuance of physiotherapy and other related services,   client’s subjective, objective findings, clinical impression, progress, and treatment plan form part of the person’s health record.
  5. Client’s entire record including personal information, billing, and health shall remain strictly confidential and shall not be shared either verbally or in writing, with other parties without written consent.
  6. Client’s entire record including personal information, billing, and health may be used to discuss his/her condition and progress in relation to physiotherapy with the client and his/her authorized representative (i.e. Power of Attorney).
  7. Client’s entire record including personal information, billing, and health may be used to discuss his/her condition and progress regarding physiotherapy with the multi-disciplinary medical team at the long-term care or retirement facility where the said client is a resident of.    Members of  the multi-disciplinary medical team include physicians, nursing (DOC/ADOC/RN/RPN/PSW),  recreation, dietary staff,  pharmacy, restorative care, and administrator, etc.
  8. Client’s personal information, billing, and health record may become part of client’s history when such person is to be transferred from one to another long-term care or retirement facility.      
  9. Client`s entire record including personal information, billing, and health may be used as basis for College of Physiotherapist of Ontario`s Quality Management Program.
  1. Information as required by Payers & Insurers

Our clinic collects and uses personal and personal health information about our clients for the following purposes:

  1. to establish and submit invoices based on services provided.
  2. to verify status of submitted invoices and dates of attendance with payers and insurers based on services provided.
  3. to reconcile payment of invoices with payers and insurers based on services provided.
  4. to disclose clinical information regarding a client’s condition as required and upon written consent of the client or his/her authorized representative for the designated payer or insurer.

Principle 3:    Consent

Personal information will only be collected, used, or disclosed with the consent of the individual, except where required or permitted by law.

If the information will be used for a new purpose, additional consent will be sought from the individual.

In some circumstances, it may be impossible or impractical to obtain consent and in these cases, the legislation provides for exceptions.

Consent will not be a condition of service or employment unless the information is required for a legitimate function of service or employment.

Consent will not be obtained by deceptive means.

Consent may be withdrawn at any time with no negative consequences.   If consent has been withdrawn, information collected will not be used or circulated.

Principle 4:    Limiting Collection

We will limit the amount and type of personal information collected to those which is necessary for purposes identified in Section II.   All information will be collected by fair and lawful means.

No employee should deceive or mislead individuals about the reasons for collecting personal information.

Principle 5:  Limiting Use, Retention, Disclosure

  1. Limiting Use

Our clinic uses personal information only for purposes identified in Section II and in accordance with the College of Physiotherapist of Ontario.   Personal information is only disclosed in accordance with the Regulated Health Professionals Act or as required by law.


  1. Record Retention Policy
  1. The client’s personal and medical record shall remain on site at the facility (either long-term care or retirement) where the client resides for period of 8 years so as to ensure that such person has full and immediate access to his or her medical history.
  2. The client’s billing record shall remain at the head office of TIA Rehabilitation

Group for period of 8 years in order to comply with inquiries and random audits by
payers and insurers.

  1.  Retention of records outlined in (i) and (ii) applies for all records in written and electronic format.
  2. All personal information no longer required is to be destroyed or erased.
  1. Disclosure
  1. The client and it’s authorized representative shall have full access to the client’s entire record (personal, billing, & clinical) upon request.
  2. Personal information may be disclosed to the  facility’s multi-disciplinary team (physician, RN, Restorative Care, dietitian, etc.) for co-ordination  and planning of client’s focused care during stay at facility.
  3. All other parties such as legal representatives must provide written consent by client or it’s representative prior to release of specific information requested.

Principle 6:    Accuracy

We thrive to ensure that all personal and personal health information used on ongoing basis and for decision making is as accurate, complete, and updated as possible.      Every client has the right to request correction of information where it is found to be inaccurate or incomplete provided that the original information was collected by our clinic and not by another party.
To be accountable, our clinic makes corrections to information without obliterating the original entry.

If a client’s request to correct information is refused,    he or she may make complaint to the Privacy Information Officer of TIA Rehabilitation Group, the Privacy Commissioner of Canada (personal information), or Information & Privacy Commissioner (personal health information).

Principle 7:  Safeguards

Our clinic is committed to ensure that all information collected is secure.

  1.  Information on Employees & Consultants

All personal information outlined in Section II (a) are stored and locked at the head office of TIA Rehabilitation Group.   

All electronic payroll systems such as Ceridian are password protected and may only be accessed by the President, his designated staff, and accountant for purpose of preparing payroll, income tax, and other tax related documents.

            We will notify individuals if we become aware there is a breach of their privacy.

  1. Information about Clients

All clinical information that form part of the client`s medical record are kept either manually as part of the client`s chart at facility`s nursing station (restricted access) or as part of the client`s electronic file at facility`s Point Click Care, Goldcare, or Med E-Care system (password secured).

All personal and billing information related to client`s invoices are to be kept on site at each facility in a filing cabinet with lock.   Only designated staff within the physiotherapy team at each facility should have access to such information.

Each physiotherapy department or each staff member should have its` own secured screen lock-in password in order to safeguard documents saved in facility`s computer system.

Under no circumstances should a client`s personal, billing, and clinical information be removed from its` facility without written consent.

All billing information submitted to head office of TIA Rehabilitation Group are kept both manually and electronically (password secured) with back-up in a separate locked office.     Access to such office is limited to the President, his designated staff, and accountant for purpose of preparing invoices and reconciliation of payments.

We will notify individuals if we become aware that there is a breach of their privacy.

Principle 8:  Openness

All communications pertaining to the reason and the methodology on collection of personal and personal health information shall be delivered in a transparent manner and be easily understood by clients.

Clients requesting access of personal and personal health information shall be informed and assisted where indicated by members of the TIA Rehabilitation Group.

Please also see Appendix A for information sheet on “How to access our Privacy Officer”.

Principle 9:  Individual Access

Where our clinic collects and holds personal and personal health information about an individual, TIA Rehabilitation Group, upon written request, shall allow access of information to that individual or its’ authorized representative.       Situations where access may be denied include:

  1. Information contains references of another individual which cannot be severed.
  2. Information is subjected to solicitor-client or other privilege.
  3. The request is frivolous, vexatious, made in bad faith, otherwise an abuse of process.
  4. Information cannot be disclosed for legal, security, or commercial proprietary reasons.

If access is denied, the person who requested access of information will be notified of the reason(s) for denial and will be informed of their rights to complain.

Retrieval cost of personal or personal health information is $25 per request plus $1 per page of duplication cost.      Person requesting retrieval of information shall be informed of such cost and our clinic will proceed upon payment.   

TIA Rehabilitation Group shall make best efforts to retrieve requested information within 30 days.
Principle 10:  Challenging Compliance

Employees and consultants of TIA Rehabilitation Group, whom upon receipt of a complaint pertaining to breach of privacy, must notify the clinic’s Privacy Information Officer.

If TIA Rehabilitation Group is made aware of a breach of privacy, affected individuals shall be notified without delay.

Upon receipt of a complaint of this nature,   our Privacy Information Officer will initiate a review of the complaint the includes:

  1. Acknowledgement of the complaint.
  2. Review of the expressed concerns in light of the Privacy Policy, relevant statutes, and any extenuating circumstances that may apply.
  3. Taking appropriate measure when the complaint is found to be justified.

Our Privacy Information Officer shall make best efforts to complete investigation within 30 days.  If the investigation cannot be completed within 30 days,   the individual who has filed the complaint will be notified of the reason for delay and a new estimated date of completion.

The individual who has filed the complaint will be advised of the outcome and where indicated include steps to be taken in to correct such breach of privacy.

PATIENT INFORMATION SHEET - HOW TO ACCESS THE PRIVACY PROCESS (PDF)