Privacy Policy

Updated November 2024

INTRODUCTION and SCOPE

Northern Pelvic Connection (NPC) is owned and operated by Kelly Fleming, Registered Physiotherapist. This policy applies to all staff of NPC (noting that Kelly Fleming is the only therapist practicing as part of the business at this time). She has access to your personal information, is sensitive to the nature and confidentiality of the information disclosed to NPC, and is also acting as Primary Information Officer.

PURPOSE  

Protecting the privacy and confidentiality of personal information is an important aspect of the way Northern Pelvic Connection (NPC) conducts its business. Collecting, using, and disclosing personal information in an appropriate, responsible, and ethical manner is fundamental to NPC operations.  

POLICY STATEMENT  

As a physiotherapy business, personal information is collected, used and disclosed in order to serve clients/patients. The primary purpose for information collection is to provide the best possible physiotherapy assessment and treatment. For example, we may collect your past health history, your family’s health history and your current physical condition to help us assess your personal health needs. Consent may also be needed so diagnostic tests may be obtained from entities other than NPC to provide more information on your health. Northern Pelvic Connection is the sole owner of your information. It is not shared or sold to other organizations. 

DEFINITIONS

• Personal Information – defined as any identifying information about an individual or group of individuals, including name, date of birth, address,  phone number, e-mail address, social insurance/security number, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records, loan records, opinions, and personal views.
• Consent – occurs and is obtained when an individual signs the intake form (electronically on the online booking site) after reviewing this policy located on the NPC website (each patient will be directed to review this policy on the website when completing the intake form on the online booking site), authorizing NPC to collect, use, and disclose the individual’s personal information for the purposes stated in this policy.

RESPONSIBILITIES

All workplace parties are expected to comply with the outlined policy and the procedures herein. NPC takes steps to protect your personal information from theft, loss, unauthorized access, copying, modification, use, disclosure, and disposal. NPC conducts audits to monitor and manage our privacy compliance. NPC protects your privacy and only uses your personal information for the purposes you have consented to.

Owner – Kelly Fleming

• Immediately advise clients of any breach of the Privacy Policy.
• Annually review, date, and sign the policy. 
• Understand and follow the Privacy Policy responsibilities, procedures and guidelines at all times.

Northern Pelvic Connection Information Privacy Officer (IPO) – Kelly Fleming

• The roles and responsibilities of the privacy officer include:
• Reviewing the organization’s collection, use, and disclosure of personal information.
• Implementing procedures to protect personal information.
• Being the contact person for patient or public inquiries about information handling.
• Establishing and, in a small organization, operating a complaints procedure.
• Training and continually updating potential future staff on information Privacy Policy.
• Monitoring compliance.
• Publishing the organization’s information handling policies to the public.
• Educate the agents of the HIC.
• Respond to public inquiries about the HIC’s information practices.
• Oversee access and correction requests.
• Handle privacy complaints.

Responsibilities of the Health Information Custodian (HIC) – Kelly Fleming

• The HIC must notify the affected person at the first reasonable opportunity, mentioning a complaint may be made to the Information and Privacy Commissioner of  Ontario.
• The Physiotherapist (and the HIC in this case) ensures that the breach is contained.
• The HIC reports to the College of Physiotherapists of Ontario when they take any disciplinary action against a staff member of a health regulatory College due to the member’s unauthorized collection, use, disclosure or disposal of personal health information. 
• The HIC ensures that staff are acting in accordance with NPC’s privacy policy.
• The HIC provides access to a patient’s health records if requested or if a patient believes their record is inaccurate or incomplete, and requires correction.
• The HIC writes and files a written report regarding any breaches that occur, as soon as possible (and typically would notify the IPO). In this case, the owner is both the HIC and IPO. 

PROCEDURES

COLLECTION OF PERSONAL INFORMATION

Northern Pelvic Connection collects and uses personal information solely for the purpose of conducting business and developing an understanding of its customers. With your consent, NPC collects your personal information directly from you, or from the person acting on your behalf. Examples of the type of information that may be collected include your name, date of birth, address, health history, social history and work history. Information may be collected by telephone (verbally or text), by filling out electronic forms, by virtual or personal interview or as information sent in the form of fax or written letters by other members of your healthcare team. We may sometimes collect personal information about you from other sources (e.g. direct messaging via social media, email) primarily for booking if your consent is obtained.

USES AND DISCLOSURES OF PERSONAL INFORMATION

• Your personal information will be used and disclosed only for the following purposes:
• To deliver safe and efficient care, including treatment plans and follow-up care.
• To document changes that occur over time or with treatment.
• To comply with the regulatory requirements of the physiotherapy profession and to comply generally with the law under the Regulated Health Professionals Act (RHPA), and for the defense of a legal issue.
• To contact you, your family members or health care providers if needed.
• To invoice for services and collect for unpaid accounts.
• To effectively communicate with other healthcare professionals involved in your care.
• To remind clients of appointments, which is typically done electronically and/or through telephone/texts.
• We retain our client information for 10 years as required by the Regulated Health Professional Act; Some clients may return for further treatment at a later date, and their past records may be of benefit. 

YOUR RIGHTS

At any time you may access, correct your personal records, or withdraw your consent for some of the above uses and disclosures (subject to legal exceptions) by contacting NPC.

With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with access. We reserve the right to charge a nominal fee for such requests. We reserve the right to  charge $30.00 for the first twenty pages of the record and 25 cents for each additional page. If there is a problem we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.

If you believe there is a mistake in the information, you have the right to ask for it to be corrected and it is advised to do so as soon as possible. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we made a mistake, we will still agree to include our file in a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.

Northern Pelvic Connection may use personal information without the individual’s consent under particular circumstances. These situations include, but are not limited to: 

• NPC is under obligation by law to disclose personal information in order to adhere to the requirements of an investigation of the contravention of a regional or federal, under the purview of the appropriate authorities; 

• An emergency exists that threatens an individual’s life, health, or personal  security; 

• The personal information is for in-house statistical study or research;

• The personal information is already publicly available; 

• Disclosure is required to investigate a breach of contract. 

PROTECTING PERSONAL INFORMATION

We understand the importance of protecting personal information. For that reason, we have taken the following steps:

• Paper information is always under direct supervision of Kelly Fleming, is transferred manually to an electronic form and is shredded as soon as possible (but latest by the end of the day), so it cannot be seen or duplicated.
• Electronic hardware is either under supervision or secured in a double-locked area at all times. In addition, computer and network systems are secured by complex passwords. Only authorized individuals may access secure systems and databases.
• Paper information is transmitted either through direct line or is anonymized or encrypted.
• Electronic information is transmitted either through direct line or is anonymized or encrypted.
• Access to personal information will be authorized only for NPC staff who require the information to perform their job duties, and to those otherwise authorized by law. Staff members are trained to collect, use and disclose personal information only as necessary to fulfil their duties and in accordance with our privacy policy. 
• NPC has chosen Jane Software to collect, use and store personal information, as it is PHIPA compliant.
• All data between Jane servers and web browsers are encrypted, and recordings and data storage is not allowed for calls on Jane software between the client and practitioner. 
• External consultants and agencies with access to personal information must enter into privacy agreements with us.
• Personal information is not transferred to volunteers, summer students, interns, or other non-paid staff by e-mail or any other electronic format.

Northern Pelvic Connection’s website will include this privacy policy. Individuals will have the option to click “book online”, which will direct them to the Jane Software booking link/site (noting that NPC is not responsible for the privacy practices of other organizations’ site. There will not be an opportunity to input personal information directly through NPC’s website. 

Northern Pelvic Connection will investigate and respond to concerns about any aspect of the handling of personal information. If you wish to make a formal complaint about NPC’s privacy practices, you may make it in writing to the Information Officer (see contact information below). The Information Officer will acknowledge receipt of, investigate and address your complaint promptly, and will provide a summary in writing. You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about our privacy practices or how your personal information has been handled (also see contact information below).

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

We need to retain personal information for some time to ensure that we can answer any questions you might have about our services provided and for our own accountability to external regulatory bodies. However, we do not want to keep personal information too long in order to protect your privacy. We keep our client files for a period of ten years electronically through Jane Software. We destroy paper files containing personal information by shredding them the same day of service. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed. Alternatively, we may send some or all of the client’s file to our client, if requested and consent is given.

PRIVACY BREACH

While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized access of your personal information we will notify you. Upon learning of a possible or known breach, we will:

1.  Contain the breach to the best of our ability by retrieving hard copies of personal information that have been disclosed, by ensuring no copies have been made by preventing future unauthorized access to electronic information.
2. Notify affected individuals, provide our contact information in case the individual has further questions, and provide the Commissioner’s contact information and communicate that the affected individual has the right to make a complaint.
3. Investigate and remediate the problem by conducting an internal investigation and determining what steps should be taken to prevent future breaches.

Depending on the circumstances of the breach, we may involve the Information and Privacy Commissioner of Ontario.

CONTACT

NPC’s Contact Person and Information Officer is Kelly Fleming, RPT

To find out more about NPC’s privacy protection practices, or raise any concerns, contact Kelly Fleming at:

Telephone number: 647-296-4873

E-mail: northernpelvicconnection@gmail.com 

You have the right to file a complaint to the Information and Privacy Commissioner of Ontario if you think your rights have been violated. The Information and Privacy Commissioner of Ontario can be reached at:

2 Bloor Street East, Suite 1400, Toronto Ontario, M4W 1A8

Toronto Area: 416-326-3333   

Long Distance: 1-800-387-0073 (within Ontario)

TDD/TTY: (416) 325-7539    

Email: info@ipc.on.ca 

www.ipc.on.ca 

Canadian federal legislation, the PIPEDA, requires us to confirm that we have your consent to the collection, use and disclosure of your personal information. We are also governed by the Personal Health Information Protection Act of Ontario (2004). Please review the Privacy Policy and sign the consent for our records via the intake form on the online booking platform.

This document will be reviewed on an annual basis. The next review will be conducted November 2025.