Personal Information Protection Policy
At PhysioWorks, we are committed to providing our clients with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about our clients, protecting their personal information is one of our highest priorities.
We will inform our clients of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with Alberta’s Personal Information Protection Act (PIPA) and other applicable laws, outlines the principles and practices we will follow in protecting clients’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing our clients to request access to, and correction of, their personal information.
This policy also applies to any person providing services on our behalf.
A copy of this policy is provided to any client on request.
Personal Information –means information about an identifiable individual [E.g., including name, age, home address and phone number, medical information, etc]. Personal information does not include contact information (described below).
Contact information – means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number. Contact information is not covered by this policy or PIPA.
Privacy Officer– means the individual designated responsibility for ensuring that PhysioWorks complies with this policy and PIPA.
Policy 1 – Collecting Personal Information
1.1 Unless the purposes for collecting personal information are obvious and the client voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection. However, we don’t provide this notification when a client volunteers information for an obvious purpose (for example, producing a credit card for an in-store purchase when the information will be used only to process the payment or providing medical information for the purposes of providing rehabilitation services).
1.2 We will only collect client information that is necessary to fulfill the following purposes:
- To verify identity;
- To provide requested products and services;
- To contact clients about appointments;
- To follow up with clients to determine well being and satisfaction with services;
- To communicate information about special events (if requested);
- To subscribe clients to our newsletter (if requested)
- To communicate with client insurance providers on behalf of the client;
- To communicate with other health care service providers on behalf of the client;
- To ensure a high standard of service to our clients;
- To meet regulatory requirements
1.3 We normally collect client information directly from our clients. We may collect your information from other persons with your consent or as authorized by law.
Policy 2 – Consent
2.1 We will obtain client consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent).
2.2 Consent can be provided orally, in writing, electronically, through an authorized representative, or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the client voluntarily provides personal information for that purpose.
2.3 Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), clients can withhold or withdraw their consent for PhysioWorks to use their personal information in certain ways. A client’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product. If so, we will explain the situation to assist the client in making the decision.
2.4 We may collect, use or disclose personal information without the client’s knowledge or consent in the following limited circumstances:
- When the collection, use or disclosure of personal information is permitted or required by law (such as in cases involving WCB Alberta) ;
- When the personal information is available from a public source (e.g., a telephone directory);
- When we require legal advice from a lawyer;
- For the purposes of collecting a debt;
- To protect ourselves from fraud;
Policy 3 – Using and Disclosing Personal Information
3.1 We will only use or disclose client personal information where necessary to fulfill the purposes identified at the time of collection.
3.2 We will not use or disclose client personal information for any additional purpose unless we obtain consent to do so.
3.3 We will not sell client lists or personal information to other parties.
Policy 4 – Retaining Personal Information
4.1 If we use client personal information to make a decision that directly affects the client, we will retain that personal information for at least 10 years so that the client has a reasonable opportunity to request access to it.
4.2 Subject to policy 4.1, we will retain client, personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose.
Policy 5 – Ensuring Accuracy of Personal Information
5.1 We make every reasonable effort to ensure that client information is accurate and complete. We rely on our clients to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible.
5.2 In some cases we may ask for a written request for correction.
Policy 6 – Securing Personal Information
6.1 We protect client personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information.
6.2 We will notify the Office of the Information and Privacy Commissioner of Alberta, without delay, of a security breach affecting personal information if it creates a real risk of significant harm to individuals.
6.3 We render client personal information non-identifying, or destroy records containing personal information once the information is no longer needed. We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
6.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
Policy 7 – Providing Client Access to Personal Information
7.1 Clients of PhysioWorks have a right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations are required under the Personal Information Protection Act to refuse to provide access to information that would reveal personal information about another individual. Organizations are authorized under the Act to refuse access to personal information if disclosure would reveal confidential business information.
7.2 If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.
7.3 You may make a request for access to your personal information by writing to Jo-Ann Scott-Noye. You must provide sufficient information in your request to allow us to identify the information you are seeking. You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. You may also request a correction of an error or omission in your personal information.
7.4 We will make the requested information available within 45 days, or provide written notice of an extension where additional time is required to fulfill the request.
7.5 We may charge a reasonable fee to provide information but not to make a correction. Where a fee may apply, we will inform the client of the cost and request further direction on whether or not we should proceed with the request.
Policy 8 – Questions and Complaints: The Role of the Privacy Officer or designated individual
If you have a question or concern about any collection, use or disclosure of personal information by PhysioWorks, or about a request for access to your own personal information, please contact:
Jo-Ann Scott-Noye, Owner at PhysioWorks
109, Market St SE
Airdrie, Alberta T4A 0K9
If you are not satisfied with the response you receive, you should contact the Information and Privacy Commissioner of Alberta:
Office of the Information and Privacy Commissioner of Alberta
Suite 2460, 801 – 6 Avenue, SW
Calgary, Alberta T2P 3W2
Phone: 403-297-2728 Toll Free: 1-888-878-4044
E-mail: firstname.lastname@example.org Website: www.oipc.ab.c