Our Privacy Policy

  1. Introduction
    1. We value patient privacy and act to ensure it is protected.
    2. This policy was written to capture our current practices and protections, and to comply with legislative and professional requirements.
    3. This document describes the type of information collected, the uses, disclosure, and protection of this information, and the rights and recourses of patients with respect to their personal information.
    4. This document is reviewed on no less than an annual basis to ensure that we remain compliant with all legislation and that our practices remain above industry standard.
    5. The information in this ¡®Policies and Processes¡¯ document will be made available through posting on the clinic¡¯s website, and by having hardcopies at the clinic to provide patients.
  2. Governing Legislation
    1. The collection, storage, usage, and disclosure of personal information at Oaklands Health and at other private medical facilities is governed by the Personal Information Protection Act [SBC 2003].
    2. Access to the full legislation is available on the internet, including the website www.bclaws.ca
    3. Under this legislation, ¡°personal information means information about an identifiable individual¡±; i.e. information that can identify an individual person.
  3. Collection of Personal Information
    1. This office collects personal information for the purposes of:
      1. Accurate identification of individuals
      2. Communication with patients and/or their designated alternate(s)
      3. Provision of medical services
      4. Accessing medical services elsewhere on behalf of patients
      5. Maintenance of an accurate medical record
      6. Health promotion and prevention
      7. Submitting and administering claims for medical and other services
      8. Preparation of reports to third parties as requested by the patient or as required by law (see ¡®Disclosure of Information¡® below)
      9. Professional requirements
      10. Quality assurance
    2. The following personal information is collected:
      1. Name
      2. Date of Birth
      3. Personal Health Number (PHN)
      4. Address
      5. Phone number(s) of patient and designated emergency/alternate contacts
      6. Fax numbers of patient and designated emergency/alternate contacts
      7. Email addresses of patient and designated emergency/alternate contacts
      8. Medical insurance details;
        1. Provincial Personal Health Number (PHN)
        2. Private medical benefit insurance details
        3. Local Health Authority user identification
        4. Other insurance identifications as required
    3. Health Information as required, which may include any or all of:
      1. Personal and Family Medical History
      2. Past and current diagnoses
      3. Presenting symptoms and physical examination findings
      4. Tests ordered and the results of those tests
      5. Referrals made and the results of those consults
      6. Prescriptions made and prescription history:
        1. The Province of B.C. has established the provincial computerized pharmacy network and database known as ¡°PharmaNet¡± pursuant to section 37 of the Pharmacists, Pharmacy Operations and Drug Scheduling Act R.S.B.C. 1996c 363;
        2. The College of Physicians and Surgeons of British Columbia has indicated that the use of this resource is an expectation of physicians to inform their prescribing. It is a professional standard.
        3. As a result, the physicians and their designates at Moss Rock Medical Centre will be accessing PharmaNet on behalf of patients as part of the prescribing process.
        4. Patients can decline to consent to access to PharmaNet, but this could then constrain or prevent a prescription being given.
      7. Allergies
      8. Immunizations
      9. Other information relevant to a patient¡¯s medical/health status and/or risks
      10. Other information to be provided to third parties ant the patient¡¯s request (WorkSafe BC, legal proceedings, insurance claims, government claims or documentation), or as legally required (See ¡®Disclosure¡¯ below)
  4. Accuracy of Information This office makes every effort to ensure the accuracy of all recorded information
    1. In the event of an inaccuracy being noted by a physician, that physician will amend the record
    2. In the event of an inaccuracy in administrative information, with satisfaction on reasonable grounds that the new information is correct, it will be corrected by our office staff.
    3. In the event of an inaccuracy in medical or health information being noted by a staff member of this office, the staff member will bring it to the attention of the patient¡¯s physician of record, who will amend the record;
    4. In the event of the physician being notified of an inaccuracy in medical or health information, and after being satisfied on reasonable grounds, the physician will amend that information within the patient¡¯s file.
    5. In the event of an inaccuracy being noted by a patient, that patient can request a change be made in their own record through a verbal or written notification to his/her physician of record.
    6. In the event of a disagreement between a patient and his/her physician of record about the accuracy of the medical information collected:
      1. the physician of record has the right to decline to change the medical record. In that case, there will be an entry in the patient¡¯s file noting the disagreement and the information relevant to the disagreement, and that the patient requested and was refused an amendment
      2. the patient has the right to contact the clinic¡¯s Privacy Officer (name appended to this document) noting the nature of the complaint and the nature of the amendment requested. The Privacy Officer will then discuss with the physician of record and either an amendment will be made or an entry will be made identifying the patient¡¯s request, and the reason for not amending.
      3. The patient also has a right to register a complaint (See ¡®Questions, Concerns, and Complaints¡¯ below)
  5. Protection of Personal Information There are professional, physical, technological, and administrative security measures that protect your information
    1. Professional Safeguards
      1. Licensed healthcare professionals are governed and monitored by their provincial Colleges
      2. A requirement of these Colleges is the maintenance of adequate safeguards for the confidentiality and security of personal information
      3. A breach of the confidentiality and security of this information by a licensed healthcare professional can result in investigation and discipline by their College
      4. See ¡®Questions, Concerns and Complaints¡¯ below
    2. Physical Safeguards
      1. Limited access to office
      2. Computerized records
      3. Insulated rooms with solid wood doors for soundproofing
      4. Waiting room sound system to override background conversation
      5. Limited personal information in paper format vi. Shredding of all paper containing personal information, including usage of a licensed, bonded shredding company
    3. Technological Safeguards
      1. Local Computers
        1. Password-protected screensavers on each computer
        2. Timed logout on each computer
        3. Firewall security ed and encrypted backup server
        4. Minimal and only temporary information kept on computers outside the Electronic Medical Record (EMR)
      2. Computerized Electronic Medical Record (EMR)
        1. Password-protected entry to the EMR at workstations
        2. Timed logout at each workstation
        3. Provincially approved Electronic Medical Record with safeguards:
          1. Role-based access to personal information on a need-toknow basis
          2. Information within our Electronic Medical Record is located offsite; no information is located on our local computers
          3. Transmission of information between our office and the offsite servers occurs within a provincially approved Private Physician Network, an encrypted intranet maintained at provincially-mandated security levels
          4. Off-site servers are required to adhere to provincially approved security, encryption, and duplication standards
          5. All information transmission and storage remains within British Columbia
    4. Administrative Safeguards
      1. Each staff member is trained in privacy and confidentiality policies and processes, and is required to sign a confidentiality agreement at the beginning of their employment. This confidentiality agreement extends beyond the term of employment.
      2. Staff meetings reinforce privacy policy and processes
      3. Any other person having unsupervised access to the office (Cleaners, Security) is required to sign a confidentiality agreement. This agreement extends beyond the term of employment
    5. Communications Policy
      1. Telephone
        1. Limited conversation in non-private areas
        2. No personal information left on voicemail
      2. Fax
        1. Fax machine located in private area of the office
        2. Cover sheet indicating confidentiality of the information
        3. Reasonable steps to ensure fax numbers are accurate and entered properly
      3. Post/Courier
        1. Sealed envelopes f. Breaches in information protection
          1. Any identified breach will be immediately brought to the attention of both the Privacy Officer and the Clinic Manager.
          2. ii. The Privacy Officer and Clinic Manager will take immediate steps to contain the breach, evaluate the range and severity of the breach, notify the patient(s) involved, and take steps to prevent further such breaches
  6. Disclosure of Personal Information Personal Information is disclosed under the following circumstances:
    1. With Express Consent
      1. When requested by a patient (See ¡®Limitation to Access¡¯ below);
      2. Express consent is required for the disclosure of personal information to outside agencies on behalf of the patient for the purpose of accessing medical benefits on behalf of a patient (e.g. reimbursement of medical costs by an insurance plan, access to benefits for illness or disability, information to a lawyer or accountant);
      3. Before disclosure of information, this office will require a signed permission in the patient¡¯s record, or a record of the patient¡¯s verbal permission with a physician or staff member entered in the patient¡¯s chart by that physician or staff member.
    2. With Implied Consent
      1. Implied consent can be assumed for the disclosure of personal information to the physicians and other healthcare practitioners within this office and the staff of this office when a patient accesses medical services at this office;
      2. Implied consent can be assumed for the disclosure of personal information to outside healthcare practitioners and agencies for the purpose of accessing of medical services on behalf of a patient for the purpose of provision of medical or health care (e.g. referrals, tests, admissions, etc.);
    3. Without Consent
      1. There are limited situations in which the physician and this office are legally required to disclose personal information without the patient¡¯s permission. These situations include, but are not limited to:
      2. Reporting specific diseases iii. Reporting abuse (child, elder, spouse, etc.)
      3. Reporting fitness (e.g. driving license, pilot¡¯s license)
      4. By court order (when subpoenaed)
      5. In regulatory investigations
      6. For quality assessment evaluation (peer review) viii. For risk and error management (e.g. medico-legal advice)
    4. Withdrawal of consent
      1. Patients have the ability to withdraw consent for the disclosure of their information at any time, with the exception of those situations in which the physicians and or this office are legally compelled to do so (see above)
      2. If a patient chooses to withdraw their consent for the sharing of their personal information, a physician, staff member, or the Privacy Officer of this office will discuss any significant consequences that may result with respect to their care, treatment, and safety
  7. Patient Access to Information Patients have a right to access their record in a timely manner.
    1. Patients can submit requests for access to their records:
      1. In writing
      2. By verbal request to any member of staff
    2. If a patient wishes to view their record, it must be done within this office with either a physician or a staff member present to ensure maintenance of the integrity of the record.
    3. If a patient requests a copy of their records, one will be provided within a reasonable time.
    4. Prior to the patient being given access to their information, their physician will be given opportunity to review the file to redact information as per ¡®Limitations to Access¡¯ in this document.
    5. Reasonable fees may be charged for the above accesses
  8. Limitations to access In limited circumstances a patient may be denied access to their records:
    1. When the information could reasonably be expected to seriously endanger the mental or physical health or safety of the individual making the request
    2. If the disclosure would reveal personal information of another person or persons that could reasonably be expected to seriously endanger the mental or physician health or safety of that individual;
      1. In this case, this office will either decline to provide the information, or if it is possible, redact the information provided.
    3. If the disclosure would reveal personal information of another person or person(s) who has not consented to the disclosure
      1. In this case, this office will either endeavour to either obtain the permission of the third person(s) affected or redact the information provided. If these options are not possible, this office will decline to provide the information.
  9. Retention of Records
    1. Information is kept for the duration mandated by legislation and/or the College of Physicians and Surgeons of B.C.; this is currently 16 years after last contact or 16 years after a person reaches age of majority, whichever is longer
    2. Information retained in the Electronic Medical Record (EMR) enjoys the same security as active records
    3. Inactive paper charts and files are stored with a bonded third party
  10. Destruction of Records
    1. Paper records with personal information that are to be destroyed within the office are placed in designated containers for shredding;
    2. If shredded within the office they are placed through a cross-shredder (cuts paper into strips and also cuts strips into pieces) before disposal
    3. Larger amounts are placed in a locked receptacle which is collected by a bonded third-party company for cross shredding and destruction.
    4. Computer records containing personal information are doubly deleted from any computer holding them
    5. Computers used within the office are wiped clean by a professional company before being disposed of. In the event of a computer failure that prevents computer wiping, the hard drive is removed and physically destroyed
    6. Computer records within our Electronic Medical Record are not located or stored within our office, but on off-site servers. The software company is required through legislation to adhere to provincial government standards of security during storage and destruction.
    7. Inactive paper records are professionally shredded by a bonded company at the end of the required retention period.
  11. Questions, Concerns, and Complaints
    1. It is important to us that our privacy policies and processes address patient concerns and needs b. If any patient has questions, concerns, or complaints:
      1. We welcome input verbally or in writing.
      2. We encourage a patient to first discuss these with his/her physician in this office;
      3. These can also be addressed to our Privacy Officer or our Clinic Manager, whose names and contact information are at the end of this document.
        1. In the event that a concern or complaint is focused on the Privacy Officer, the Clinic Manager will designate another physician in this office to handle the complaint;
        2. In the event that a concern or complaint is focused on the Clinic Manager, the Privacy Officer will handle the complaint
      4. If a concern or complaint is not satisfactorily addressed, the following recourses also apply:
        1. Written concerns or complaints may be sent to: Office of the Information and Privacy Commissioner PO Box 9038 Stn. Prov. Govt. Victoria, B.C., V8W 9A4 info@oipc.bc.ca
        2. Written concerns or complaints about physicians may also be sent to: Complaints Department College of Physicians and Surgeons of British Columbia 300-669 Howe Street Vancouver, B.C., V6C 0B4 Fax : 604-733-3503
Dr. Aaron Childs Privacy Officer
Ms. Crystal Gibson Office Manager Oaklands Health
Phone : 778-265-7799
Fax: 778-265-7841
Email: info@oaklandshealth.ca