Effective January 1, 2004, the Personal Information Protection and Electronic Documents Act and Regulations (PIPEDA) began to apply to all organizations that collect, use or disclose personal information in the course of commercial activities. Also, the Personal Health Information Protection Act (PHIPA), a new provincial law governing the collection, use and disclosure of personal health information within the health care system was introduced. Advanced Orthotic Designs Inc. (AOD) is subject to both legislations.
The general principles that AOD adheres to are as follows:
Accountability - AOD is responsible for all personal information under its custody or control and shall take all reasonable required steps to protect your personal information from unauthorized access or disclosure.
All staff of AOD has been trained with regard to the safeguarding of personal information.
Identifying Purposes - AOD shall identify the purposes for which personal information is required prior to or at the time that personal information is collected. Personal information that AOD collects from clients includes: the client's name and address and other contact information; client medical information such as but not limited to, date of birth, height, weight, prescription from doctor, history of injury/complaint, findings of examination, family physician, referring physician; third party payment information such as insurance company, policy number, coverage, third party claim number; Ontario Health Card number if accessing a government funded payment program.
AOD will collect personal information for the following purposes:
- Treatment and care of client
- Report findings to family or referring physician
- Billing and collection of payments from client and/or third party providers
Consent - AOD shall obtain the knowledge and consent of individuals for the collection or disclosure of personal information except where required or permitted by law. An individual can provide consent to the collection, use and disclosure of personal information about them expressly or implicitly. AOD will obtain verbal and/or written consent before it collects personal information from all new clients.
Limiting Collection - AOD shall only collect personal information that is required for the specified legitimate business purposes.
Limiting Use, Disclosure and Retention - AOD shall not use or disclose personal information except with the consent of the individual or where required or permitted by law. AOD will only use the personal information for the purpose for which it was collected as identified in principle #2, unless consent is given by the individual to use or disclose it for another purpose.
Accuracy - AOD has an obligation to ensure that personal information is accurate, complete and up-to-date for the purpose for which it was collected. Individuals may challenge the accuracy and completeness of personal information about them and have it amended, as appropriate.
Safeguards - AOD shall take reasonable steps to protect personal information against unauthorized use, access or disclosure in accordance with its obligations at law. Such safeguards will include physical measures, organizational measures and technological measures, for example locked filing cabinets, limiting access on a 'need to know' basis and use of passwords. Procedures for implementing these measures will be communicated to all employees.
Individual Access - Upon request, an individual can have access to the personal information about them that AOD has in its possession or control. Any client may request that their personal information be amended for purposes of accuracy and completeness