This policy outlines how HarmonyCare Family Practice Inc. (hereinafter referred to as “we”, “us”, “our”, or “HarmonyCare”) protects the personal information we collect about you. Personal information is any identifying information about you, including your physical and mental health. We value patient privacy and are committed to being accountable for how we treat your personal information. Everyone working for this office is required to adhere to the protections described in this policy.
This policy was developed in compliance with the British Columbia Personal Information Protection Act (PIPA). PIPA sets out rules for how organizations such as our office can collect, use, disclose, store and retain your personal information. If you have any questions regarding our privacy practices, please contact your physician or one of our staff.
Collection, Use and Disclosure of Personal Information
What personal information do we collect?
We may collect the following personal information to access the services offered by HarmonyCare:
- Identification and contact information (name, address, date of birth, telephone number, emergency contact, etc.)
- Registration information to access the patient portal provided by HarmonyCare (including, email address, username, password, IP address, etc.)
- Billing information (provincial plan and/or private insurer)
- Health information (symptoms, diagnosis, medical history, test results, reports and treatment, record of allergies, prescriptions, etc.)
Why do we collect your personal information?
We collect your personal information for the purposes of identifying you, providing you with care, administering the services that we provide, providing you access to our patient portal and communicating with you. We collect only the information that is required to fulfill those purposes. We do not collect any other information, or allow information to be used for other purposes, without your express (i.e., verbal, written or electronic) consent – except where authorized to do so by law.
When and to whom do we disclose personal information?
Implied consent for provision of care:
By virtue of seeking care from us, your consent is implied (i.e., assumed) for your information to be used by this office to provide you with care, and to share with other health care providers involved in your care.
Disclosure to other health care providers:
Your implied consent extends to us sharing your personal information with other providers involved in your care, including (but not limited to) other physicians and specialists, pharmacists, lab technicians, nutritionists, physiotherapists and occupational therapists.
Disclosures authorized by law:
There are limited situations where we are legally required to disclose your personal information without your consent. These situations include (but are not limited to) billing MSP, provincial health plans, reporting infectious diseases and fitness to drive, or by court order.
Disclosures to all other parties:
Your express consent is required before we will disclose your information to third parties for any purpose other than to provide you with care or unless we are authorized to do so by law. Examples of disclosures to other parties requiring your express consent include (but are not limited to) third parties who are conducting medical examinations for purposes not related to the provision of care, enrolment in clinical (research) trials and provision of charts or chart summaries to insurance companies.
Withdrawal of consent:
You can withdraw your consent to us collecting your personal information or having your information shared with other health care providers or other parties at any time by giving us reasonable notice, except where the collection or disclosure is authorized by law. However, please discuss this with your physician first so we can explain the possible consequences of withdrawing consent.
What about third-party websites?
Our site may include third-party advertising and links to other websites. We do not provide any personally identifiable customer information to these advertisers or third-party websites.
How can records be accessed?
You have the right to access your record in a timely manner. You may request a copy of your record, for a minimal fee. If you wish to view the original record, one of our staff must be present to maintain the integrity of the record, and a minimal fee may be charged for this access. Patient requests for access to your medical record can be made verbally or in writing to your physician or to HarmonyCare.
Are there limitations on access?
In extremely rare circumstances you may be denied access to your records, for example if providing access would create a significant risk to you or to another person.
What if the records are not accurate?
We make every effort to ensure that all of your information is recorded accurately. If an inaccuracy is identified, you can request that the information be corrected, and a note will be made to reflect this on your file.
How secure is your personal information?
Safeguards are in place to protect the security of your information. These safeguards include a combination of physical, technological and administrative security measures that are appropriate to the sensitivity of the information. These safeguards are aimed at protecting personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
Your healthcare information may be stored in one or more cloud-based services administered by a third-party company or provider engaged by HarmonyCare for the purpose of administering and storing our electronic medical records, including providing access to our patient portal. These records are kept in secure servers located in one or more jurisdictions located within Canada as permitted under PIPA with respect to the storage of electronic medical records. Our third-party provider may occasionally have access to your personal information for the sole purpose of addressing any vulnerabilities, errors, migrations, corrections or technical issues at the request of HarmonyCare, or to improve functionality of our patient portal or to process software updates.
What is our communications policy?
We protect personal information regardless of the format. Please refer to HarmonyCare’s patient portal terms and conditions at the time of registration for all information related to how we use and communicate with you through HarmonyCare’s patient portal.
How long do we keep personal information?
We retain patient records for a minimum period of 16 years, or as otherwise required by law and professional regulations.
How do we dispose of information when it is no longer required?
When information is no longer required, it is destroyed in an irreversible and secure manner, in accordance with set procedures of the College of Physicians and Surgeons of BC that govern the storage and destruction of personal information.
If you believe that we have not replied to your access request or has not handled your personal information in a reasonable manner or in accordance with PIPA, please first contact HarmonyCare’s Clinic Medical Director to discuss your concerns. You may also choose to make a complaint to the College of Physicians and Surgeons of BC or the Information & Privacy Commissioner for BC.