The appropriate collection, use and disclosure of clients’ personal health information is of fundamental importance to Carol Bierbrier & Associates (CBA). CBA is committed to complying with the Personal Health Information Protection Act, 2004, which governs the collection, use and disclosure of personal health information in Ontario.

CBA will only collect, use and disclose personal health information with a client’s expressed or implied consent. A client has the right to withhold and/or withdraw his/her consent at any time. In cases where CBA collects, uses or discloses personal health information without a client’s consent, CBA will do so only where it is required or permitted to do so by law.

Before any personal health information is collected, CBA will identify the reasons for collecting personal information, why it is needed and how it will be used. CBA will not collect, use or disclose personal health information without the written consent of the client. CBA will only use personal health information for the purposes defined. CBA will retain a client’s information only for the time it is required for the purposes described and once a client’s personal information is no longer required, it will be destroyed. 

CBA may collect personal health information from other sources, including other health care providers, insurers or legal representatives, where consent to do so has been obtained by the client, or as otherwise permitted by law. CBA will not collect more personal health information than is reasonably necessary to meet the purpose.

Personal health information may be shared among members of the CBA team or to: 

• facilitate and provide requested clinical services;
• obtain payment for services, including payment from insurance providers;
• plan, administer and manage its internal operations;
• conduct risk management and quality improvement activities;
• comply with legal and regulatory requirements; and
• fulfill other purposes permitted or required by law.

CBA recognizes the importance of safeguarding personal health information and takes all reasonable steps to ensure that physical and electronic personal health information records are protected against loss, theft or unauthorized access, use or disclosure. 

CBA ensures that records of personal health information are retained, transferred and disposed of securely. We have adopted physical measures of locked filing cabinets and locked office premises with alarm security; technological measures such as password protection and appropriate security. Current files (hard copy) will be maintained until such time as either the legal retention period expires or we have authorization for file destruction. All archival files are maintained in secure premises at all time. Upon authorization to destroy files or by virtue of law, old files will be destroyed in a safe manner. CBA office uses a cross cut shredder for destruction of documents / files that are either no longer required or have been authorized for destruction.

In the unlikely event that a client’s personal health information is stolen, lost or improperly accessed, the client will be notified at the first reasonable opportunity, as well as their right to file a complaint with the Commissioner.  Under certain circumstances, CBA will also be required by law to report the privacy breach directly to the Commissioner and or the appropriate regulatory college. 

Specific inquiries about CBA company privacy policy or its privacy practices are welcome. Individuals wishing access to his/her personal information may do so by making such a request at any time. There will be a 30-day response time limit applied to all requests.

The designated Privacy Information Officer is accountable for compliance, that is the safe collection, use and disclosure of personal information. CBA has available a written procedures document that describes CBA’s information practices, how to contact the custodian, access or correct records and how to file a complaint. This is available through the Privacy Officer.

Questions or concerns about the collection, use, disclosure or protection of personal health information can be directed to CBA’s Privacy Officer, Alyssa Bierbrier who can be reached at arbierbrier@cbafuturecare.com.