Last updated: April 5, 2020
What is Personal and Personal Health Information?
Personal Information: is any information factual or subjective, recorded or not that is identifiable to an individual. This information includes name, address, date of birth, credit card information, telephone numbers, email, etc.
Personal Health Information: is any information written or spoken relating to an individual’s health history, family history, identifying the health provider of an individual, eligibility for health care coverage, donation by the individual relating to testing or examination of the body, health number, identifying a substitute decision maker, etc.
Only necessary information is collected for your treatment needs. We only collect, share, and disclose your information with your consent except in rare circumstances (i.e., subpoena, medical emergency and insurer investigation). Collection, storage, retention and destruction of your personal information complies with federal and provincial privacy legislation and applicable college regulations. The protection of your personal and personal health information is important to us.
Why does Mosaic Physiotherapy need to collect use and disclose your personal or personal health information?
We may collect, use and disclose your personal information to:
- To provide assessment, treatment or other services, and establish rehab needs related to your injury or illness, function, disability or impairment and/or your claim for compensation or benefits.
- Address specific questions related to your entitlement to benefits under a third-party insurance plan,
- Process payments, submit claims on your behalf to third-party payers and collect unpaid accounts,
- To identify treatment outcomes and/or the extent of services provided, and share this information with Mosaic Physiotherapy, payers (for example your insurance company, and WSIB) and referral sources (for example your doctor).
- Send notices or contact you to advise of upcoming appointments,
- Plan, administer, and manage our internal operations.
- Compile statistics for quality improvement, improving performance, and clinical outcomes.
- Regulated health professional governing bodies
Mosaic Physiotherapy may also collect, use or disclose your personal or personal health information if required by law to do so (e.g., subpoena, medical emergency, and insurer investigation) and/or by regulated health professional governing bodies.
No personal information and personal health information is collected without first obtaining ‘meaningful consent’ of the individual involved in collection, use and disclosure of that information.
To make consent meaningful, people must:
- Understand the nature, purpose and consequences of the collection, use or disclosure of their personal information,
- Take into account the sensitivity of the information and provide consent depending on the circumstances and type of information,
- Understand consent is only required for collection, use or disclosure that are appropriate and necessary to your rehabilitation needs and will be provided a choice for non-integral collection, use and disclosure.
Mosaic Physiotherapy will make all reasonable efforts to ensure that the purpose the personal information and personal health information will be used are identified and so that you can provide meaningful consent. In the clinics you will be asked to read and sign a consent form. If you are unable to read the consent, a verbal explanation will be provided by your health care provider and/or family member or substitute decision maker so that you can reasonably understand how your personal or personal health information will be collected, used or disclosed. After an opportunity to ask questions, there is an option to provide verbal consent and we will note your consent in your chart.
You have the right to withdraw consent
You have the right to withdraw your consent to the collection, use or disclosure of personal or personal health information in whole or in part, at any time upon providing reasonable verbal or written notice to the to the care provider. The health care provider is responsible for informing you of any potential consequences that may result from the withdrawal of your consent, prior to you making such a decision (for example it may limit the ability to provide you with assessment, treatment or other services).
If you withdraw your consent it is not retroactive, and does not apply to personal or personal health information already collected, used or disclosed by Mosaic Physiotherapy.
Accuracy and Retention of Personal and Personal Health Information
Mosaic Physiotherapy will take reasonable steps to ensure that the information is as accurate, complete and up-to-date as is necessary for the purposes for which it uses the information. If you return for a further course of treatment or service, the personal or personal health information in your file will be updated at that time.
Mosaic physiotherapy will take reasonable measures to safeguard and protect personal and personal health information, including locking filing cabinets, and electronic controls such as passwords and encryption. Staff members who come into contact with your personal information are all trained in the appropriate use and protection of your information and have signed a confidentiality form to help protect your information. These individuals include the clinic records personnel that control access to your patient file, therapists, clinic administration and when necessary authorized individuals who may inspect our records as part of the regulatory activities in the public interest.
Mosaic Physiotherapy shall keep your Personal Information for the time necessary to fulfill the purposes for which it was collected and to comply with its legal obligations and to meet regulatory requirements. When Personal Information is no longer required, Mosaic Physiotherapy shall destroy, delete, erase information in a secure manner or convert it into an anonymous form. Currently, the principal place in which Mosaic Physiotherapy holds Personal Information is the City of Toronto and information is backed-up at a cloud storage facility in Canada.
Access to Personal and Personal Health Information
Mosaic Physiotherapy permits the reasonable right of access and review of Personal and Personal Health Information. You may request access to your personal or personal health information in writing addressed to the manager or supervisor. Mosaic Physiotherapy will endeavor to provide the information in question within a reasonable time and no later than 30 days following the request. Where information will not or cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.
There is no charge to look at a copy of your record however it is suggested that you do so when your therapist or care provider can be present to go over the material with you (and your family if required) to explain any medical or technical terms to avoid any misunderstanding and misinterpretation. You have the right to request the correction or amendment of any personal or personal health information free of charge, if its accuracy and completeness is challenged and found to be deficient.
If you want to receive a copy of your information held by Mosaic Physiotherapy, you will be informed of the fees ahead of time. The charge will depend on the number of pages you have requested, the location (if the record has to be retrieved from a records storage facility), the complexity and time it takes to recreate the record from an electronic records system etc. All fees associated with a request for copies of personal health information are calculated on a reasonable cost recovery basis only.
Visiting Mosaic Physiotherapy’s Website
A visitor to Mosaic Physiotherapy’s website (http://www.mosaicphysiotherapy.com) is not required to reveal any individually identifiable information, such as name, address, or telephone number. Nor is such information collected passively by electronic means.
Usage Data is collected automatically when using Mosaic Physiotherapy’s website. Usage Data may include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our website or when you access the website by or through a mobile device.
Mosaic Physiotherapy may collect this type of information and data through Google Analytics, HubSpot Analytics, and HubSpot CRM to inform, optimize and serve ads based on your past visits to our website. This means that vendors including Google will display promotional material on other sites you visit across the internet.
You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager.
How Mosaic Physiotherapy collects and uses the information on its website
Information is collected when an individual voluntarily provides it when using the ‘Contact Us’ web page. This information may include Personal Information such as your name, email address, telephone number and address. Mosaic Physiotherapy may use your personal information for the following purposes:
- To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
- To manage your requests: To attend and manage your requests to Mosaic Physiotherapy.
Risks of using electronic communication
While the Health Care Provider will use reasonable means to protect the security and confidentiality of information sent and received using electronic communications, because of the risks outlined below, the Health Care Provider cannot guarantee the security and confidentiality of electronic communications:
- Use of electronic communications to discuss sensitive information can increase the risk of such information being disclosed to third parties.
- Despite reasonable efforts to protect the privacy and security of electronic communication, it is not possible to completely secure the information.
- Employers and online services may have a legal right to inspect and keep electronic communications that pass through their system.
- Electronic communications can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.
- Electronic communications are subject to disruptions beyond the control of the Health Care Provider that may prevent the Health Care Provider from being able to provide services
- Electronic communications can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the Health Care Provider or the patient.
- Even after the sender and recipient have deleted copies of electronic communications, back-up copies may exist on a computer system.
- Electronic communications may be disclosed in accordance with a duty to report or a court order.
- Videoconferencing using no cost, publicly available services may be more open to interception than other forms of videoconferencing
- There may be limitations in the services that can be provided through electronic communications, dependent on the means of electronic communications being utilized
- Email, text messages, and instant messages can more easily be misdirected, resulting in increased risk of being received by unintended and unknown recipients.
- Email, text messages, and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender, or to ensure that only the recipient can read the message once it has been sent.
Conditions of Using Electronic Communications
- While the Health Care Provider will endeavour to review electronic communications in a timely manner, the Health Care Provider cannot provide a timeline as to when communications will be reviewed and responded to. Electronic communications will not and should not be used for medical emergencies or other time-sensitive matters.
- Electronic communication may not be an appropriate substitute for some services that the Health Care Provider offers.
- Electronic communications may be copied or recorded in full or in part and made part of your clinical chart. Other individuals authorized to access your clinical chart, such as staff and billing personnel, may have access to those communications.
- The Health Care Provider may forward electronic communications to staff and those involved in the delivery and administration of your care. The Health Care Provider will not forward electronic communications to third parties, including family members, without your prior written consent, except as authorized or required by law.
- Prior to the commencement of the provision of services by the Health Care Provider through electronic communications, the Health Care Provider and the patient will establish an emergency protocol to address the following:
- Steps to be followed in the event of a technical issue that causes a disruption in the services that are being provided by the Health Care Provider; and
- Steps to be followed in the event of a medical emergency that occurs during the provision of services.
- The Health Care Provider is not responsible for information loss due to technical failures associated with your software or virtual Health Care Provider.
- The Patient will inform the Health Care Provider of any changes in the patient’s email address, mobile phone number, or other account information necessary to communicate electronically.
- The Patient will ensure the Health Care Provider is aware when they receive an electronic communication from the Health Care Provider, such as by a reply message or allowing “read receipts” to be sent.
- The Patient will take precautions to preserve the confidentiality of electronic communications, such as using screen savers and safeguarding computer passwords.
- If the Patient no longer consents to the use of electronic communications by the Health Care Provider, then the Patient will provide notice of the withdrawal of consent by email or other written communication.
Other sites you can link to from our website are not covered by this privacy statement. If you link to another site it is recommended that you review their commitment to privacy.
- Email: email@example.com
- Telephone: 416-901-1278
- Address: 4th floor, 50 St. Clair Ave E., Toronto, Ontario, M4T 1M9