PERSONAL HEALTH PRIVACY POLICY

Personal Health Information Privacy Policy

Azure Medispa Ltd (collective referred to herein as the “Practice”) is committed to protecting the privacy and confidentiality of your personal health information.

What is Personal Health Information?
Personal health information means identify information about an individual in oral or recorded form relating to their physical or mental health (including family health history), the providing of health care, payments or eligibility of health care, donation of any body part or bodily substance, and the individual’s health number.

The 10 Principles of Privacy
The appropriate collection, use and disclosure of patients’ personal health information is fundamental to the Practice’s daily operations and your care. With this in mind, the Practice have adopted the 10 principles set out in the Personal Health Information Protection Act, 2004 (the “PHIPA”). All staff must abide by the Practice’s commitment to privacy in handling your personal information.

Principle 1- Accountability for Personal Health Information
The Practice is complying with the PHIPA by implementing policies and procedures to: protect your personal health information, including information relating to patients, staff, and agents; adhering to our policy and procedures when receiving and responding to complaints and inquiries; training and communicating to staff and agents information about our privacy policy and procedures; developing plans and communicating to our patients, families, members of the public and other stakeholders.

Principle 2 – Identifying Purposes for the Collection of Personal Health Information
The Practice will identify the purposes for which personal health information is collected at or before the time of collection. These purposes will be conveyed through direct contact with members of the staff. Primarily, personal health information is used to deliver patient care, for administrative purposes, and to meet legal and regulatory requirements.

Principle 3 – Consent for the Collection, Use, and Disclosure of Personal Information
An individual’s knowledge and consent is required to collect, use, or disclose personal health information.
For most health care purposes, your consent is implied when you present for treatment. However, the form of consent – express or implied – and the way it is sought – in writing or orally – may vary depending upon the circumstances and sensitivity of the information.

Your consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. Personal health information can be collected, used, or disclosed without the knowledge and consent of the individual; for example, in circumstances where legal, medical, or security reasons may make it impossible or impractical to seek consent.

Principle 4 – Limiting Collection of Personal Health Information
Only information necessary for the purposes identified may be collected, by fair and lawful means.
The Practice does not sell patient lists or other personal information to third parties. There may be some types of disclosure of your personal health information that may occur as part of the Practice fulfilling their routine obligations and/or practice management. This includes consultants and suppliers to the Practice, on the understanding that they abide by this Privacy Policy (or their own policy if it is substantially similar), and only to the extent necessary to allow them to provide business services to support the Practice.

Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
Personal health information may be used only for the purposes for which it was collected, except with consent or as required by law. The Practice will document any new purpose and may require consent from the individual. The information is retained only as long as necessary, and destroyed in accordance with legislation, the Practice’ policies, guidelines and procedures.

Principle 6 – Ensuring Accuracy of Personal Health Information
The Practice will make every effort to ensure the information they hold is accurate, complete and up-to-date. Patients have the right to challenge the accuracy of the information.

Principle 7 – Ensuring Safeguards for Personal Information
The Practice protect your information with appropriate safeguards and security measures. Information protection may include physical measures (i.e., locked filing cabinets and restricted access), organizational measures (limiting access on a “need-t o-know” basis), and technological measures (use of passwords, encryption and audits).
Your information may be provided to health care providers acting on behalf of the Practice, on the understanding that they are bound by law and ethics to safeguard your privacy. The Practice supply these providers with only the information necessary for them to perform the services for which they are engaged.
Before communicating with you by email the Practice require you to read and sign an email consent form. Please bear in mind that email is not a secure means of communication. The Practice cautions against sending information you consider sensitive via email unless the email is encrypted or your browser indicates that access is secure.

Principle 8 – Openness about Personal Information Policies and Practice
The Practice have prepared this plain-language Privacy Policy to keep you informed. You may ask for a copy of it from any member of the staff.
If you have additional questions or concerns about your privacy please directly contact the Practice’s Privacy Officer Dr. Kent Floreani, and your concerns will be addressed to the best of his ability.

Principle 9 – Individual Access to Own Personal Information
Upon request, within a reasonable time and at a reasonable cost, an individual will be informed of the existence of his or her personal information and will be given access to it. They can challenge its accuracy and completeness and have it amended as appropriate.

Exceptions to access will be limited and specific. This may include information that is prohibitively costly to provide, refers to other individuals, cannot be disclosed for legal, security or proprietary reasons, and/ or is subject to solicitor-client or litigation privilege.

An individual must provide sufficient information to permit the Practice to identify the existence of personal health information, including details of third-party recipients.

Principle 10 – Challenging Compliance with the Practice’s Privacy Policy and Procedures
As noted above, should you have any questions or concerns about your privacy and/or this Privacy Policy please directly contact the Practice’s Privacy Officer Dr. Kent Floreani and your questions and concerns will be investigated and responded to the best of his ability.

In the event you feel your concerns have not been adequately addressed, you will be provided with information on other procedures that may be available to you.

Conclusion
Changes to the Practice’s Privacy Policy will be acknowledged in this Privacy Policy in a timely manner. You may see when this Privacy Policy was most recently updated by referring to the date below.

Last updated: 04/11/2015 12:10 PM