The
Summit
Centre for Preschool Children with Autism
Privacy Policy
Sept. 20, 2007
Privacy of personal information is an
important principle to Summit Centre. We are committed to
collecting, using and disclosing personal information responsibly and
only to the extent necessary for the services we provide. We
strive to be open and transparent regarding how we handle personal
information. Our practices related to how we handle personal
information are governed, in addition to our concern for your privacy,
by two pieces of legislation – the federal Personal
Information
Protection and Electronic Documents Act (PIPEDA),
and provincially by the Personal Health
Information Protection Act (PHIPA), 2004.
This
document describes our privacy policies.
What is Personal
Information?
Personal information is information about
an identifiable individual. Personal information includes
information that relates to: an individual’s personal
characteristics (e.g., gender, age, income, home address or
phone number, ethnic background, family status); health
(e.g., health history, health conditions, health services received by
them); or, activities and views (e.g.,
religion, politics, opinions expressed by an individual, an opinion or
evaluation of an individual). Personal information is different
from business information (e.g., an individual’s business address and
telephone number). This is not protected by privacy legislation.
Who We Are
Our organization, Summit Centre, includes
at the time of this writing a Board of Directors, a Clinical Director,
an Executive Director, Senior Therapists, a Program Secretary, and
Behaviour Therapists. We use a number of consultants and agencies
that may, in the course of their duties, have limited access to
personal information we hold. These include maintenance staff,
bookkeeping staff, psychological consultants, speech language
pathologists, and computer consultants. We restrict their access
to any personal information we hold as much as is reasonably
possible. We also have their assurance that they follow
appropriate privacy and confidentiality principles.
We Collect Personal
Information: Primary Purposes
About clients
Our “clients” are
both the children we serve and their families or legal guardians.
As all of the enrolled children in our centre are under 6 years
of age, a substitute decision-maker, such as the custodial parent or
legal guardian may give or refuse consent.
Like all intensive
behavioural treatment centres, we collect, use and disclose personal
information in order to serve our clients. For our clients, the primary purpose for collecting
personal information is to provide intensive behavioural
services. Examples of the type of personal information we
collect for those purposes include the following:
health history, health conditions, assessment results,
diagnoses, information collected in the course of providing treatment,
data collected during assessment and treatment, communication history
with the centre, opinions expressed by the client, letters written to
the centre by clients, and views, evaluations, or opinions by the
centre about the client.
About Members of the
General Public
For members of the general public, our
primary purpose for collecting personal information is to put
prospective clients on our contact list and to notify them of events at
the centre. Examples of the type of personal information we
collect for those purposes include the following:
name, contact information, gender and age of child. We ask
for verbal consent to collect this information when someone calls in,
this consent can be altered by calling and requesting that we remove
any personal information from our contact list.
About Contract Staff,
Volunteers, and Students
For people who are contracted to do work
for us (e.g., temporary workers) our primary purposes for collecting
personal information is to contact them for necessary work-related
communication and for the safety of our clients. Examples of the
type of personal information we collect for those purposes include the
following: name, home contact information, and police clearance.
If contract staff, volunteers or students wish a letter of reference or
an evaluation, we will collect information about their work related
performance and provide a report as authorized by them.
We Collect Personal
Information: Related and Secondary
Purposes
Like most organizations, we also collect,
use and disclose information for purposes related to or secondary to
our primary purposes. The most common examples of our related and
secondary purposes are as follows:
θTo invoice clients for services,
additional information that is collected for this purpose are the
notices of assessment for parents
θTo advise clients and others of special
events and opportunities that we have available. We collect home
contact information for this purpose.
θThe cost of some services provided by the
Summit Centre to clients is paid for by third parties (e.g., Autism
Program- South West Region, Thames Valley Children’s Centre).
These third party payers often have your consent to direct us to
collect and disclose to them certain information in order to
demonstrate client entitlement to this funding. Examples of
information shared with Autism Program, TVCC are: children’s Summit
Centre programs are evaluated at regular review meetings, and their
monthly hours are reported to Autism Program, TVCC.
θOur organization, or its professional
staff, is regulated by the College of Psychologists of Ontario (COPO)
who may inspect our records and interview our staff as a part of their
regulatory activities in the public interest. In addition, as
professionals, we are obligated to report any incident of concern about
a child’s physical or emotional well being (e.g. to the Children’s Aid
Society or other appropriate legal authorities e.g. local or provincial
police). Also, like all organizations, various government
agencies (e.g. Information and Privacy Commissioner, Human Rights
Commission, etc.) have the authority to review our files and interview
our staff as a part of their mandates. In these circumstances, we
may consult with professionals (e.g. lawyers) who will investigate the
matter and report back to us regarding our reporting rights and
obligations.
θClients or other individuals we deal with
may have questions about our services after they have been
received. We also provide periodic consultations for many of our
clients over a period of months or years for which previous records are
helpful. We retain our client information for at least ten years
following the date at which a client turns 18, to enable us to respond
to those questions. We destroy our information ten years after
the individual turns 18, at the first opportunity in order to reduce
the risk of accidental or inadvertent disclosure (our regulatory
College requires us to retain our clients’ records for that period of
time).
You can choose not to be part of some of
these related or secondary purposes (e.g., by declining additional
services or by paying a full user fee). We do not, however, have much
choice about some of these related or secondary purposes (e.g.,
external regulation) regardless of your choice.
Protecting Personal
Information
We understand the
importance of protecting personal information. For that reason,
we have taken the following measures:
θPaper information is either under
supervision or secured in a locked or restricted area.
θWhen parents ask us to disclose
information about their enrolled child to a third party such as a
school or doctor, written consent will always be the first method used
instead of implied consent.
θIf there is a disclosure of personal
health information outside The Summit Centre without consent, we will
inform you of the uses and disclosure that were done. We will
make a note of the uses and disclosure and will keep a note with those
files/records.
θPaper information is marked private and confidential
and transmitted through sealed, addressed envelopes (or boxes) by
reputable companies, or hand delivered by staff, or in a sealed
envelope to be picked up by the person who asks for it.
θElectronic hardware is either under
supervision or secured in a locked or restricted area at all times. In
addition, passwords are used on computers. All of our cell phones
are digital as these signals are more difficult to intercept.
θElectronic information is transmitted
either through a direct line or has identifiers removed. This
transfer may be through email communication if we are given a request
and consent of the person to whom the personal information relates
(e.g., the client requests email communication). Faxes are
sent with a cover sheet identifying the recipient with a privacy clause
on it and at least one of the following safeguards: the fax number has
been approved by the recipient, the recipient has advised that the fax
machine is securely located and there is no basis to doubt the
assurance, the incoming fax machine is securely located.
θStaff are trained to collect, use and
disclose personal information only as necessary to fulfill their duties
and in accordance with our privacy policy. Specific direction is
given about the need to be sensitive in collecting or using personal
information verbally where others might overhear, as well as removing
unnecessary personal information from internal information when it is
not needed. Staff are also trained to dispose of personal
information properly (e.g., shredding this information rather than
discarding it in the regular garbage or recycle box). Regularly
(at least annually) we review and update our privacy and
confidentiality policies with all staff.
θAll employees, volunteers, professional
staff members, and students are required to comply with our Privacy
Policy. Disciplinary action for breach of the privacy policy must be
taken by the Clinical Director.
θExternal consultants and agencies with
access to personal information must enter into privacy and
confidentiality agreements with us.
θWe will notify you if any personal
information in our custody is stolen,
lost, or accessed by unauthorized persons. One exception is if we had
received the information from another health
care provider (custodian), we are
required to obtain consent from that
original custodian before advising you of the breach.
θAny employee, volunteer, professional
staff member or student who becomes aware
that
personal health information has been lost, stolen, or accessed by
an unauthorized person is also required to report that information to
the Summit Centre Privacy Officer.
Retention and Destruction of Personal Information
We need to
retain personal information for some time to ensure that we can answer
any questions you might have about the services provided and for our
own accountability to external regulatory bodies. We do not want to
keep personal information too long, in order to protect your privacy.
As required by the College of
Psychologists, we keep our client files for at least 10 years past the
date at which the client would turn 18 years of age. Our client and
contact directories are much more difficult to systematically destroy,
so we remove such information when we can if it does not appear that we
will be contacting you again. However, if you ask, we will remove such
contact information immediately. We keep any personal information
relating to our general correspondence with people who are not our
clients but are on our contact list. These are individuals to whom we
send correspondence about seminars or other related activities until
the client would no longer be on our contact list.
We destroy paper files containing personal
information by shredding. We destroy electronic information by
deleting it and, when the hardware is discarded, we ensure that the
hard drive is physically destroyed.
You Can Look at Your
Information
With only a few exceptions, you have the
right to see what personal information we hold about you. Often
all you have to do is ask. We can help you identify what
records we might have about you. We will also try to help you
understand any information you do not understand (e.g., short forms,
technical language, etc.). We will need to confirm your identity,
if we do not know you, before providing you with this access.
If there is a problem, we may ask you to
put your request in writing. If we cannot give you access, we
will tell you within 30 days if at all possible
and tell you the reason, as best we can, as to why we cannot give you
access.
If you believe there is a mistake in the
information, you have the right to ask for it to be corrected.
This applies to factual information and not to any professional
opinions we may have documented or raw data from standardized
psychological tests or assessments. We may ask you to provide
documentation that our files are wrong. A custodian, if put in
writing, may have an extension of 30 days to reply to a correction.
Where we agree that we made a mistake, we will make the correction and,
where appropriate, notify anyone to whom we sent this
information. If we do not agree that we have made a mistake, we
will agree to include in our file a brief statement from you on the
point and, as appropriate, we will forward that statement to anyone
else who received the earlier information.
Do You Have a
Concern?
Our Privacy Officer, Margaret (Peggy)
Forbes could be
reached at
940 Prince Road | Windsor, Ontario
| N9C 2Z5
PHONE (519)
255-1195
She will attempt to address any questions
or concerns you might have.
If you wish to make a formal complaint
about our privacy practices, you may make it in writing to our Privacy
Officer. She will acknowledge receipt of your complaint, ensure that it
is investigated promptly and that you are provided with a formal
written decision after it has been reviewed with the Program Committee
and if necessary the legal advisors of The Summit Centre Board of
Directors.
If you have a concern about the
professionalism or competence of our services or the mental or physical
capacity of any of our professional staff we would ask you to discuss
those concerns with us. If we cannot satisfy your concerns, you
are entitled to complain to our regulatory body:
The College of Psychologists of Ontario
110 Eglinton Avenue West, Suite 500
Toronto, Ontario M4R 1A3
Phone: (416)
961-8817 | (800) 489-8388 | Fax (416) 961-2635
For more general inquiries, the
Information and Privacy Commissioner of Canada oversees the
administration of the privacy legislation in the private sector.
The Commissioner also acts as a kind of ombudsman for privacy disputes.
Information and Privacy Commissioner of
Canada
112 Kent Street
Ottawa, Ontario K1A 1H3
Phone: (613)
995-8210 | (800) 282-1376 | TTY (613) 922-9190 |
Fax (613) 947-6850
The Ontario Personal
Health
Information Protection Act is enforced by the provincial
Information and Privacy Commissioner. Contact information is
below.
Information and Privacy
Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Telephone: (416) 326-3333 or 1-800-387-0073
Facsimile: (416) 325-9195
TTY: (416) 325-7539
Website: www.ipc.on.ca
Email address: info@ipc.on.ca
Revision History
revised version approved by the Summit
Centre Board of Directors, Sept. 20, 2007
revised March 8, 2006
revised version approved by the Summit
Centre Board of Directors, March 17, 2005
passed by the Summit Centre Board of
Directors, Sept. 16, 2004
Privacy Policy approved 07 09 20.doc
