Privacy of personal information is an important principle to me, Dr. Stacy Thomas, Psychologist. I am committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services I provide.
My policy is made under the Personal Information Protection and Electronic Documents Act. It is also determined by and complies with The Ontario Personal Information Act. My policy to protect your privacy is more stringent than the legislation requires because of our Psychologists’ Ethical Code.
I strive to be open and transparent regarding how I handle personal information. This document describes my privacy policies.
What is Personal Information?
Personal information is information about an identifiable individual. It includes information that relates to:
- personal characteristics (e.g., gender, age, income, home address or phone number, ethnic background, family status)
- health (e.g., health history, health conditions, health services received by them)
- activities and views (e.g., occupation/profession, ideas, concerns)
Personal information is different from business information (e.g., an individual’s business address and telephone number). This is not protected by privacy legislation.
PURPOSES FOR COLLECTING PERSONAL INFORMATION
I collect, use and disclose personal information only to provide psychological services to my clients. For example, I collect information about a client’s health history, including their family history, physical condition and function and social situation in order to help assess what their health needs are, to advise them of their options and then to provide the psychological services they choose to receive.
Another important reason for collecting personal information is to obtain a baseline of health and social information so that I can monitor treatment progress and identify changes that occur over time.
In some situations, I collect personal information to conduct an assessment to provide a professional opinion about an individual’s psychological functioning. With the client’s informed and written consent, that opinion would be reported to the appropriate person or agency (e.g., to a referring fertility clinic, or an insurance company).
It would be rare for me to collect such information without the client’s expressed consent. However, this might occur in an emergency (e.g., the client is unconscious) or where I believe the client would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message on from our client and I have no reason to believe that the message is not genuine).
For Members of the General Public
For members of the general public, my primary purpose for collecting personal information (e.g., contact phone numbers, email addresses) is to make them aware of the range of psychological services I provide.
Like other health care practices, I must also collect, use, and disclose information for several other reasons. The most common examples include the following:
- To invoice clients for unpaid services, to process credit card payments, or to collect unpaid accounts.
- Psychologists in autonomous practice are regulated by the College of Psychologists of Ontario (CPO), which by law may inspect my records and interview me as part of its regulatory activities in the public interest (the CPO has its own strict privacy obligations).
- The cost of some services I provide to clients is sometimes paid for by third parties (e.g., insurance companies). These third-party payers often have your consent or legislative authority to direct us to collect and disclose to them information that demonstrates client entitlement to funding.
PROTECTING PERSONAL INFORMATION
I understand the importance of protecting personal information. I have, therefore, taken the following steps:
- Paper information is either under supervision or secured in a locked and restricted area.
- Electronic hardware is either under supervision or secured in a locked and restricted area at all times. Encryption and passwords are used on computers.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable couriers or Canada Post.
- If I were to become incapacitated or die, your records would be placed in the care of another psychologist for protection, not examination. If you were to see another psychologist, your records could be sent to her or him at your written request.
CONFIDENTIALITY & LIMITS TO THE PROTECTION OF PERSONAL INFORMATION
Everything that you share with me during our sessions is confidential. No information I obtain about you can be released to anyone without your expressed written consent. However, there are some limits to confidentiality that are true for all health care providers in Ontario. These few exceptions are designed to ensure your safety and the safety of the general public. They are as follows:
- If you give me reason to believe that you are at risk of harming yourself or someone else, I have a duty to share whatever information is necessary to ensure that you and/or others are safe
- If you give me reason to believe that a child is being abused, I have a duty to report that information to the Children’s Aid Society
- If you tell me that you have been sexually abused by a health professional, I have a duty to report that information to the relevant regulating organization for that professional.
- If my records are subpoenaed by the court.
- As part of my ongoing professional development, I may consult with other health and mental health professionals about a case. During a consultation, no identifying information about patients is revealed. The other health professionals are also legally bound to keep the information confidential. All consultations will be documented in the clinical file.
Me and my associates will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined below, we cannot guarantee the security and confidentiality of email communication.
Transmitting information via email poses several risks of which clients should be aware. Clients should not agree to communicate with me or my associates via email without understanding and accepting these risks. These risks include, but are not limited to the following:
The privacy and security of email communication cannot be guaranteed
- Employers and online services may have a legal right to inspect emails that pass through their system
- Email is easier to falsify than hand written or signed hard copies. In addition, it is impossible to verify the true identity of the sender or to ensure that only the recipient can read the email once it is sent.
- Emails can introduce viruses into a computer system and could potentially damage or disrupt the computer
- Email can be forwarded, intercepted, circulated, stored or even changed without the knowledge or permission of the sender or recipients
- Email senders ca easily misaddress an email resulting in it being sent to many unintended and unknown recipients
- Email is indelible. Even when deleted by both sender and recipient, back up copies may exist on a computer or I cyberspace
- Use of email to discuss sensitive information can increase the risk of such information being disclosed to third parties
- Email can be used as evidence in court
Consent to the use of email includes agreement with the following conditions:
- Any emails concerning your treatment are part of your clinical record
- If an email you send to me or one of my associates requires a response and you have not received a response in a reasonable time frame, it is your responsibility to follow up to determine whether the intended recipient received the email and when you can expect a response
- Neither I nor my associates are responsible for information loss due to technical failures associated with a client’s email software or internet service provider.
Instructions for communication by email:
- Avoid using an employer’s or other third party’s computer
- Take reasonable precautions to preserve confidentiality
- Withdraw consent only by email or written communication to Stacy Thomas, Ph.D., C.Psych.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
I retain personal information for some time to ensure I can answer any questions clients might have about the services provided and for my own accountability to external regulatory bodies. I retain client information for a minimum of 10 years after the last contact so I can reference the records from previous assessment or treatment services provided for clients who seek services on an ongoing basis. The College of Psychologists of Ontario also requires me to retain client records for ten years.
I destroy electronic information by deleting it and, when the hardware is replaced or discarded, I ensure that the hard drive is physically destroyed. All paper information is destroyed through shredding.
You Can Look at Your Information
With only a few exceptions, you have the right to see what personal information I hold about you. Often all you have to do is ask. I will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). I will ask you to confirm your identity before providing you with this access. I reserve the right to charge a nominal fee for such requests and I may ask you to put your request in writing. If I cannot give you access, I will tell you the reason within 30 days of receiving your request.
If you believe there is a mistake in your information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formed. I may ask you to provide documentation proving that my files are wrong. Where I agree that I made a mistake, I will make the correction and, where appropriate, notify anyone to whom I sent this information. If I do not agree that I have made a mistake, I will agree to include in your file a brief statement from you on the point and, as appropriate, I will forward that statement to anyone else who received the earlier information.
Do You Have a Concern?
If you wish to make a formal complaint about my privacy practices, you may make it in writing to me and I will acknowledge receipt of your complaint, investigate it promptly and ensure that you are provided with a formal written decision with reasons.
If you have a concern about the professionalism or competence of my practice, I would ask you to discuss those concerns with me directly. If I cannot satisfy your concerns, you are entitled to complain to my regulatory body:
The College of Psychologists of Ontario
110 Eglinton Avenue West, Suite 500
Toronto, Ontario M4R 1A3
Phone: (416) 961-8817 | (800) 489-8388 | Fax (416) 961-2635
For more general inquiries, the Information and Privacy Commissioner of Ontario oversees the administration of the privacy legislation and acts as a kind of ombudsman for privacy disputes. They can be reached at:
Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Phone (416) 326-3333 | 800-387-0073 | Fax (416) 325-9195 | TTY (416) 325-7539