Appendix A: Privacy Notice
Last update: February 26, 2023
Version No.: 1.0
INTRODUCTION
Riverwood Physiotherapy is committed to maintaining the principles of integrity and trust with respect to the protection of personal information collected from employees, clients, customers, and other individuals whose personal information we collect, use, and disclose. Our information management practices are based on British Columbia’s Personal Information Protection Act (PIPA), Canada’s Anti-Spam Legislation (CASL), and the ten internationally recognized privacy principles.
Our privacy commitment includes ensuring accuracy, confidentiality, and security of personal information, as well as granting individuals the right to request access to, and correction of, their personal information.
DEFINITIONS:
This privacy notice (“Notice”) applies to all websites we own and operate, currently and in the future, and to all services that we provide.
When we say “we”, “us”, and “our”, we mean Riverwood Physiotherapy. When we say “you”, “user”, or “individual(s)”, we mean the person who is accessing our website our services.
“Personal information” means identifiable information about you, like your name, e-mail address, home address, telephone number, banking or payment information, support queries, and so on. If you cannot be identified (e.g. when personal information data has been aggregated or anonymized), then this Notice does not apply to you. Personal information does not include business contact information or work product information.
“Business contact information” is defined as information that enables an individual to be contacted at work, including their name, title, business address, business phone number, fax number and e-mail address.
“Work product information” means information prepared or collected by an individual or group of individuals as part of their employment or business responsibilities or activities related to their employment or business.
SCOPE
Riverwood Physiotherapy is responsible for all personal information under our control and in our custody – even if it is not in our possession. We have developed policies and procedures to manage the collection, use, and disclosure of personal information.
OUR PRINCIPLES OF DATA PROTECTION
1. ACCOUNTABILITY
BC’s PIPA sets out rules for how organizations, collect, use, and disclose personal information.
Riverwood Physiotherapy is committed to being accountable for protecting the personal information we collect under appropriate and reasonable business purposes. We have policies and procedures in place to respond to inquiries and complaints related to your personal information. Question and complaints can be directed to [email protected].
If we are unable to resolve your concerns, you may contact the Office of the Information and Privacy Commissioner for British Columbia (OIPC) here:
PO Box 9038 Stn. Prov. Govt.
Victoria, BC V8W 9A4
www.oipc.bc.ca
2. COLLECTION
PIPA authorizes organizations to collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances and if the organization has received consent or is authorized to collect without consent.
Riverwood Physiotherapy will only collect, use, or disclose personal information that is necessary to fulfill the purpose of the collection, such as information used:
- To identify you,
- To provide you with care,
- To administer services,
- To establish relationships,
- To facilitate financial transactions,
- To meet our legal obligations,
- To notify clients of changes to their legal obligations,
- To respond to inquiries and/or complaints, or
- To better understand the needs and preferences of clients.
HOW WE COLLECT YOUR INFORMATION
- Information we collect directly from you.
Through the various interactions with you, we may be required to collect your personal information. For example, we collect information about your health history, including family history, physical condition and function, and social situation to help us assess your health needs. When you contact us, we collect your name, e-mail address, and phone number.
We collect personal information of our staff, volunteers, and contractors in order to communicate with them for work-related purposes, such as processing payroll and year-end tax receipts. - Information we collect automatically.
We may collect some information about you automatically when you visit our website, like your IP address. We may also collect information when you navigate through our website. This information is useful for us to get a better understanding of how our website and services are being used so that we can continue to provide the best experience possible.
Some of this information is collected using cookies and similar tracking technologies. These can be implemented by us and also by third-party organizations that are service providers or business partners. - Information we get from third parties.
Whenever possible, we will collect information directly from you. We may collect personal information about you from other sources such as publicly available materials or trusted third parties. This information is used to supplement the personal information we already have, in order to better inform, personalize and improve our services, and to validate the personal information you provide.
We use the Jane application (“Jane”) for online bookings. Their Privacy Policy details the personal information that is collected, which includes contact, billing, log and device, cookies and tracking information, and social media.
We may receive personal information from other health care professionals or various government agencies for the continuity of care.
3. CONSENT & DISCLOSURE
The core principle of PIPA is that personal information should not be collected, used, or disclosed without the voluntary and informed consent of individuals. This principle is subject to limited exceptions, which are outlined in section 12 of PIPA.
We do not sell, rent, trade, or otherwise share any of your personal information to any third parties. Links to other websites and references to third-party products or services are provided for convenience only and do not constitute an endorsement by Riverwood Physiotherapy. We are not responsible for the privacy practices or content of third-party websites, and we strongly encourage you to review their privacy policies.
IMPLIED CONSENT FOR THE PROVISION OF CARE
By virtue of seeking care from us, your consent is implied (i.e., assumed) for your information to be collected, used, or disclosed by this office to provide you with care, and to share with other health care providers or government service providers involved in your care.
DISCLOSURE TO OTHER HEALTH CARE PROVIDERS AND GOVERNMENT SERVICE PROVIDERS
Your implied consent extends to us sharing your personal information with other providers involved in your care, including (but not limited to) other physiotherapists, physicians, pharmacists, lab technicians, occupational therapists, WorkSafeBC, ICBC, etc.
DISCLOSURES AUTHORIZED BY LAW
There are limited situations where we are legally required to disclose your personal information without your consent. These situations include (but are not limited to) provincial health plans, in accordance with court orders, reporting infectious diseases, to lawyers or other persons or bodies with jurisdiction to compel the production of personal information.
DISCLOSURES TO ALL OTHER PARTIES
Your express consent is required before we will disclose your information to third parties for any purpose other than to provide you with care or unless we are authorized to do so by law. Examples of disclosures to other parties requiring your express consent include (but are not limited to) third parties who are conducting medical examinations for purposes not related to the provision of care, enrolment in clinical/research trials, and provision of charts or chart summaries to insurance companies.
WITHDRAWAL OF CONSENT
You can withdraw your consent to us collecting your personal information or having your information shared with other health care providers or other parties at any time by giving us reasonable notice, except where the collection or disclosure is authorized by law. However, please discuss this with your physiotherapist first so we can explain the possible consequences of withdrawing consent. If you no longer wish to receive communications from us, you may withdraw your consent at any time by sending us an email to [email protected].
4. USE
PIPA limits the use and disclosure of personal information to purposes that a reasonable person would consider appropriate in the circumstances and where our organization has either received consent or is authorized to collect without consent. Riverwood Physiotherapy will not collect, use, or disclose personal information except for the identified purposes for collection, unless you have provided additional consent, or the processing is authorized without consent.
5. RETENTION
We retain patient records for a minimum period of 16 years, or as otherwise required by law and professional regulations.
6. ACCURACY
We are required to make reasonable efforts to ensure that personal information collected is accurate and complete if that information is used in decisions that affect individuals or to be disclosed to another organization.
Riverwood Physiotherapy will update your personal information as and when necessary to fulfill the identified purposes, or upon your request. If you believe that your personal information is not accurate, you can send us a request to correct your personal information by writing to [email protected]. We will ensure that third parties who have access to your personal information will be updated to reflect the amendments.
7. SAFEGUARDS
PIPA requires Riverwood Physiotherapy to protect personal information under our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. Safeguards are in place to protect the security of your information. These safeguards include a combination of physical, technological and administrative security measures that are appropriate to the sensitivity of the information. These safeguards are aimed at protecting personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
8. ACCESS
PIPA allows individuals to request access to their own personal information that is under our control. You have the right to access the following:
- Your personal information,
- Information about the ways in which your personal information is or has been used, and
- The names of the individuals and organizations to which their personal information has been disclosed.
You may request a copy of your record, for a minimal fee. If you wish to view the original record, one of our staff must be present to maintain the integrity of the record, and a minimal fee may be charged for this access. Patient requests for access to your medical record can be made verbally or in writing to your physiotherapist or the staff at:
Riverwood Physiotherapy
#115-855 Village Dr.
Port Coquitlam, BC
V3B 0L4
In extremely rare circumstances you may be denied access to your records, for example if providing access would create a significant risk to you or to another person.
9. CHALLENGING COMPLIANCE
PIPA requires Riverwood Physiotherapy to have a process for responding to complaints that may arise. We have procedures in place for responding to all inquiries and complaints you may have regarding our handling of your personal information. All complaints must be made in writing, and you may be required to prove your identity before discussing any complaint or request that involves personal information. All inquiries and complaints can be directed to [email protected].
We will investigate all complaints concerning compliance with this Notice in a timely manner, and if a complaint is found to be justified, Riverwood Physiotherapy will take appropriate measures to resolve the complaint.
If we are unable to resolve your concern, you may write to the Office of the Information and Privacy Commissioner for British Columbia (OIPC) here:
PO Box 9038 Stn. Prov. Govt.
Victoria, BC V8W 9A4
www.oipc.bc.ca
This Notice may be updated from time to time, and where there is a significant change, we’ll be sure to let you know in writing.