Privacy Policy

Commitment to Privacy

Protecting your privacy and the confidentiality of your personal information has always been an important aspect of Brain Injury Community Re-entry’s operations. The appropriate collection, use and disclosure of participants’ personal health information is fundamental to our day to day operations and to your care.

We strive to provide you with excellent medical care and service, which includes developing appropriate services and treating your personal health information with respect. Each member and employee of our organization must abide by our commitment to privacy in handling of personal information.

Applicability of Privacy Policy

Our privacy policy informs you of our commitment to privacy and tells you the ways we ensure that your privacy is protected. Our privacy policy applies to protect the personal health information of all our participants that is in our possession and control.

What is Personal Health Information?

Personal health information means identifying information about an individual relating to their physical or mental health (including medical history), the providing of health care to the individual, payments or eligibility for health care, organ and tissue donation and health number.

Your health record includes information about your health including your date of birth, contact information, health number, health history, family health history, details of your physical and mental health, record of your visits, notes from care, assessments, counseling and treatment, any other care and support you received, results from assessments, information from other health care providers and the name of your substitute decision-maker if you are not able to make your own decisions.

The information in your health record belongs to you, but the health record itself is the property of Brain Injury Community Re-entry (Niagara) Inc.

The 10 Principles of Privacy

Our privacy policy reflects our compliance with fair information practices, applicable laws and standards of practice.

  1. Accountability
    We take our commitment to securing your privacy very seriously. Each employee and member of our organization is responsible for the personal information under his/her control. Our employees are informed about the importance of privacy and receive information periodically to update them about our Privacy Policy and related issues.

    In addition to establishing this Privacy Policy we have appointed Heather Olszewski, Privacy Officer, for privacy matters.

  2. Identifying Purposes: Why We Collect Information
    We ask you for information to establish a relationship and serve your medical needs. We obtain most of our information about you directly from you, or from other health practitioners whom you have seen and authorized to disclose to us. You are entitled to know how we use your information and this is described in the Privacy Statement posted. We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes. We will obtain your consent if we wish to use your information for any other purpose.

    We collect, use and disclose (meaning share) your health information to:

    • Treat and care for you (including for example assessments, support and counselling)
    • Provide appointment reminders to you
    • Update you of upcoming events, activities and programs
    • Deliver and evaluate our programs
    • Plan, administer and manage our internal operations
    • Be paid or process, monitor, verify or reimburse claims for payment
    • Conduct risk management, error management and quality improvement activities
    • Educate our staff and students
    • Dispose of your information
    • Seek your consent (or consent of a substitute decision maker) where appropriate
    • Do fundraising
    • Respond to or initiate legal proceedings
    • Conduct research (subject to certain rules)
    • Compile statistics
    • Allow for the analysis, administration and management of the health system
    • Comply with legal and regulatory requirements
    • Fulfill other purposes permitted or required by law

    Our collection, use and disclosure (sharing) of your personal health information must follow the law.

  3. Consent
    You have a right to make choices and control how your health information is collected, used, and disclosed, subject to some limits.

    There is no magic age when you become able to make your own decisions about your health information. You may be capable of making some decisions and not others. If you are not capable - you will have a substitute decision-maker (often a family member) who will make your information decisions for you. Who can act as a substitute decision-maker and what they have to do is also set out in law.

    We assume that when you come to have health care from us, you have given us your permission (your consent) to use your information, unless you tell us otherwise. We may also collect, use and share your health information in order to talk with other health care providers about your care unless you tell us you do not want us to do so.

    You have the right to ask that we not share some or all of your health record with one or more of the our staff members or ask us not to share your health record with one or more of your external health care providers (such as a specialist). This is known as asking for a “lockbox". If you would like to know more, please ask us for a copy of our “Lockbox Information Brochure: How to Restrict Access to your Health Record”.

    There are other cases where we are not allowed to assume we have your permission to share information. We may need permission to communicate with any family members or friends with whom you would like us to share information about your health (unless someone is your substitute decision-maker). For example, we will need your permission to give your health information to an insurance company. We will explain this to you.

    When we require and ask for your permission, you may choose to say no. If you say yes, you may change your mind at any time. Once you say no, we will no longer share your information unless you say so. Your choice to say no may be subject to some limits.

    BUT there are cases where we may collect, use or share your health information without your permission, as permitted or required by law. For example, we do not require your permission to use your information for billing, risk management or error management, quality improvement purposes; or to share personal health information in a number of permitted or required circumstances, including to keep you or someone else safe (it’s called to eliminate or reduce a significant risk of serious bodily harm); or to meet reporting obligations under other laws such as for child protection.

  4. Limiting Collection
    We collect information by fair and lawful means and collect only that information which may be necessary for purposes related to the provision of services related to your medical needs.

  5. Limiting Use, Disclosure and Retention
    The information we request from you is used and disclosed for the purposes defined. We will seek your consent before using the information for purposes beyond the scope of the posted Privacy Statement.

    Under no circumstances do we sell participant lists or other personal information to third parties. There are some types of disclosure of your personal health information that may occur as part of our services and our routine obligations and/or administration management. This includes consultants and suppliers to the organization, on the understanding that they abide by our Privacy Policy and only to the extent necessary to allow them to provide services that support our organization.

    We will retain your information only for the time it is required for the purposes we describe and once your personal information is no longer required, it will be securely destroyed. However in order to meet legal requirements and for our business purposes, including if there is exposure to potential claims, some information is kept for a longer period.

  6. Accuracy
    We endeavour to ensure that all decisions involving your personal information are based upon accurate and timely information. While we will do our best to base our decisions on accurate information, we rely on you to disclose all material information and to inform us of any relevant changes.

  7. Safeguards: Protecting Your Information
    We protect your information with appropriate safeguards and security measures. BICR maintains personal information in a combination of paper and electronic files. Recent paper records concerning individuals’ personal information are stored in files kept onsite at our office. Older files/records may be stored offsite.

    Everyone on our team is bound by confidentiality. We have to protect your information from loss or theft and make sure no one looks at it or does something with your information if they are not involved with your care or allowed as part of their job. Access to personal information will be authorized only for the physicians and employees associated with BICR, and other agents who require access in the performance of their duties and to those otherwise authorized by law.

    We provide information to health care providers acting on your behalf, on the understanding that they are also bound by law and ethics to safeguard your privacy. Other organizations and agents must agree to abide by our Privacy Policy and may be asked to sign contracts to that effect. We will give them only the information necessary to perform the services for which they are engaged, and will required that they not store, use or disclose the information for purposes other than to carry out those services.

    Our computer systems are password-secured and constructed in such a way that only authorized individuals can access secure systems and databases.

    If you send us an e-mail messages that includes personal information, such as your name included in the “address”, we will use that information to respond to your inquiry. Please remember that e-mail is not necessarily secure against interception. If your communication is very sensitive, you should not send it electronically unless the e-mail is encrypted or your browser indicates that the access is secure.

  8. Openness: Keeping You Informed
    BICR has utilized this plain language Privacy Policy to keep you informed. You may ask to receive a copy of it from Heather Olszewski, Privacy Officer.

    If you have any additional questions or concerns about privacy, we invite you to contact us and we will address your concerns to the best of our ability.

  9. Access and Correction
    With limited exceptions, we will give you access to the information we retain about you within a reasonable time, upon presentation of a written request and satisfactory identification.

    We may charge you a fee for this service and if so, we will give you notice in advance of processing your request.

    If you find errors of fact in your personal health information, please notify us as soon as possible and we will make the appropriate corrections. We are not required to correct information relating to clinical observations or opinions made in good faith. You have a right to append a short statement of disagreement to your record if we refuse to make a requested change.

    If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and you may then challenge our decision.

  10. Challenging Compliance
    We encourage you to contact us with any questions or concerns you might have about your privacy or our Privacy Policy. We will investigate and respond to your concerns about any aspect of our handling of your information.

    In most cases, an issue is resolved simply by telling us about it and discussing it. You can reach us at:

    Brain Injury Community Re-Entry (Niagara) Inc.
    3340 Schmon Parkway, Unit 2
    Thorold, Ontario, L2V 4Y6
    Tel: 905-687-6788 or 1-800-996-8796
    Fax: 905-641-2785
    E-mail: holszewski@bicr.org

    Contact person: Heather Olszewski, Privacy Officer
    Extension 663

If after contacting us, you feel that your concerns have not been addressed to your satisfaction, we will provide information on other complaint procedures that may be available to you.

Conclusion

Any changes to our Privacy Policy shall be acknowledged in this Privacy Policy in a timely manner. You may see when this Code was last updated by referring to the modification date found at the bottom of the page.

Dated: December 2017