Annex RMT Physical Health Clinic
Rev. July 2016
Annex RMT Physical Health Clinic is a Health Services Provider under the Personal Health Information Protection Act, 2004 S.O. 2004, c.3 (hereinafter PHIPA) and as such has certain obligations under PHIPA respecting the protection of Personal Health Information.
"Personal Information" has the meaning ascribed thereto in the Personal Information Protection and Electronic Documents Act (Canada), S.C. 2000, c.5 and the regulations made thereunder and all amendments to that Act and its regulations.
"Personal Health Information" has the meaning ascribed thereto in PHIPA.
"Services" Means services provided to custodians.
Annex RMT Physical Health Clinic Privacy Obligations
LIMITING COLLECTION OF INFORMATION
Collection of Personal Health Information shall be limited to that which is necessary for the fulfillment of services.
LIMITING DISCLOSURE AND RETENTION OF INFORMATION
Personal Health Information will not be disclosed except in accordance with Annex RMT Physical Health Clinic obligations under its client agreements.
Annex RMT Physical Health Clinic is committed to the proper classification, secure retention, and timely disposal of any record containing Personal Health Information that is deposited to or generated in client projects or collected by Annex RMT Physical Health Clinic on behalf of client organizations, regardless of the media or format, including electronic and paper records, records in Annex RMT Physical Health Clinic possession or control, and records in the possession or control of contractors, outsourced service providers, consultants, or external parties performing tasks on behalf of Annex RMT Physical Health
Annex RMT Physical Health Clinic will ensure that appropriate reviews are executed for client data integrity, will report any data integrity issues to appropriate management, and will correct all data integrity issues in a timely manner.
A process for the correction of any Personal Health Information will be designed as deemed necessary, to handle issues that cannot be corrected through normal system use or update mechanisms.
Annex RMT Physical Health Clinic will implement security safeguards appropriate to the sensitivity of the information to protect Personal Health Information against loss or theft, as well as unauthorized use, access, disclosure, copying, modification, or disposal.
Annex RMT Physical Health Clinic has a documented process and procedure, with clear lines of accountability, to comply with applicable sections of PHIPA referring to individual access.
Annex RMT Physical Health Clinic has in place systems and processes to produce audit trails, which if necessary can be used to trace privacy and security violations and breaches.
Policy Concerning our Clients' Roles as Service Providers or Health Information Network Providers
In order to meet its governance obligations under PHIPA and its agreements with its clients, Annex RMT Physical Health Clinic will:
Assign a privacy and security officer (PSO) to ensure compliance with obligations related to privacy and security.
Develop a RACI (responsible, accountable, consulted, and informed) chart to clearly define all privacy and security roles and responsibilities as they relate to Annex RMT Physical Health Clinic obligations in client systems.
Develop key performance indicators to assess and report on privacy or security metrics reports for the particular engagement.
Review the Annex RMT Physical Health Clinic privacy and security policy, and privacy and security practices, processes, and procedures annually to ensure that they comply with applicable legal, contractual, industry and regulatory standards and requirements, and to determine whether changes are necessary or appropriate based on changes in laws and regulations or significant legal or other developments.
BREACH RESPONSE PROTOCOL
Annex RMT Physical Health Clinic promises the ability to promptly and appropriately respond to, contain, and mitigate the impact of any privacy or security breach or incident. Accordingly, Annex RMT Physical Health Clinic will have a documented breach response protocol to identify, manage, and resolve privacy and security breaches and incidents which occur as the result of loss, theft, unauthorized use, access, disclosure, copying, modification, or disposal of Personal Health Information.
Annex RMT Physical Health Clinic has practices, processes, and procedures in place to ensure that it meets all requirements of PHIPA and of its client agreements.
Policy Concerning Business Operations, Including Web and Social Media
INFORMATION WE COLLECT
USE OF PERSONAL INFORMATION
Annex RMT Physical Health Clinic may use or collect Personal Information about you to help us provide services to you, such as to respond to your requests, verify your identity, provide services to you, process payments, process changes or updates to your account, send you notifications, conduct customer satisfactory surveys, provide information regarding our products or services, develop or enhance our products and services, manage and develop our business and operations, or generally maintain our relationship with you.
DISCLOSING YOUR PERSONAL INFORMATION
Annex RMT Physical Health Clinic will never sell your Personal Information to anyone.
Any disclosure is made on a confidential basis, with the information to be used only for the purposes for which it was disclosed. Your Personal Information may also be shared if Annex RMT Physical Health Clinic becomes part of a merger, amalgamation, joint venture, joint project delivery, or otherwise sells its business or part of its business.
PROTECTING YOUR PERSONAL INFORMATION
We follow industry standards to safeguard the confidentiality of your Personal Information. We use a variety of physical, electronic, and procedural safeguards to protect personal information. We do not warrant that the safeguards we implement are sufficient to protect Personal Information you transmit over the Internet. Most of your Personal Information is stored in Canada, Iceland, or the USA. Some companies providing services to Annex RMT Physical Health Clinic may be located outside of Canada (including the USA) and your Personal Information may be stored in those jurisdictions. As such, your Personal Information may be made available to the government or its agencies under a lawful order made in that country (including the USA).
Google Analytics employs cookies to define user sessions, which allows for the collection of data about how visitors are using the websites. Google Analytics uses only first-party cookies for data analysis. This means that the cookies are linked to a specific website domain, and Google Analytics will only use that cookie data for statistical analysis related to your browsing behavior on that specific website. According to Google, the data collected cannot be altered or retrieved by services from other domains.
If you choose, you can opt out by turning off cookies in the preferences settings in your web browser. For more information on Google Analytics, please visit Google Analytics
Google Analytics Terms of Service http://www.google.com/analytics/tos.html
Google Analytics Cookie Usage on Websiteshttps://developers.google.com/analytics/devguides/collection/gajs/cookie-usage
By way of any communication received from you, you are consenting to the collection, use, and disclosure of your Personal Information by providing us, our agents or partners, or such other third parties with your Personal Information. We may contact you by phone, email, or text to provide you with notifications, updates, or other information regarding our services and products.
You may withdraw your consent by mailing us at 303-1415 Bathurst Street, Toronto, ON, M5R 3H8, Canada or emailing us at firstname.lastname@example.org. Please understand that your withdrawal of consent may affect or limit our ability to provide services or products to you.
Please contact us by mail if you have any questions or concerns about our handling of your Personal Information.
How You Can Access or Correct Information
Access to personally identifiable information that is collected from our sites and that we maintain may be available to you. For example, if you created a password-protected account within our site, you can access that account to review the information you provided.
You may also send an e-mail or letter to the following e-mail or street address requesting access to or correction of your personally identifiable information. For verification purposes please include your first name, last name, e-mail address and the password you use for such service.
How to Contact Us
Annex RMT Physical Health Clinic
Attention: Privacy Officer
303 - 1415 Bathurst Street, Toronto, ON, M5R 3H8, Canada