Principle 1: Accountability
We are responsible for the personal health information in our custody or under our control. We have identified a Privacy Contact, [ Dr C.J.Gallant ] who is responsible for the practice’s compliance with PHIA. The key functions of the Privacy Contact include developing and implementing policies and procedures to protect personal health information, training employees and agents about privacy practices, and responding to inquiries, complaints and breaches related to personal health information and privacy.
Principle 2: Identifying Purposes
Before we collect personal health information, we advise patients and clients why we are collecting it and the purposes for which it will be used. This information is available to patients through postings in our office and a privacy statement on our web site.
Our staff is knowledgeable about the purposes for collecting, using and disclosing personal health information and can provide this information to patients or clients who have difficulties reading or accessing the information. We use personal health information for the following purposes:
- providing our patients with health care and supporting their treatments
- billing for health care services
- improving the quality of our programs and services
- training staff
- for communicating with patients and clients regarding appointments and follow up
- to notify patients and clients of new developments in the world of Skin Care and Aesthetics
- we do not share your information with others without your consent unless essential for your medical care or as required by law
Principle 3: Consent
PHIA provides that personal health information should not be collected, used or disclosed without the knowledgeable implied consent of the individual whose information it is, subject to limited exceptions (e.g., disease reporting required by law, imminent and significant danger to others). Consent may be implied or expressed by the patient verbally or in writing.
Implied consent is knowledgeable if it is reasonable to believe that patients know the purpose for the collection, use and disclosure and that they may give or withhold consent.
Patients have the right to limit or revoke consent for the collection, use and disclosure of their personal health information, subject to limited exceptions. To limit or revoke consent, patients must make this request to their physician. Atlantic Skin Care will take reasonable steps to comply with a patient’s request to limit or revoke the collection, use, and disclosure of their personal health information. Where PHIA provides the authority for patients to limit or revoke the collection, use and disclosure of their personal health information, Atlantic Skin Care will respond to a patient’s request to the best of our ability.
Your physician will discuss any significant consequences that may result as a result of the request. This may include staff being unable to check whether your test results or specialist reports are available, essential information not being available in a timely manner or having to wait until your primary physician is available if another health care provider refuses to provide you with care because of a lack of information. If your physician does not have consent to disclose all your personal health information that is reasonably necessary for the purpose to another health care provider, he or she is required to notify the other healthcare provider of that fact.
Principle 4: Limiting Collection
We limit the collection of personal health information to the information necessary to achieve the purposes we identified to our patients. We only collect personal health information through fair and lawful means.
Principle 5: Limiting Use, Disclosure and Retention
We use and disclose personal health information only for the purposes we have identified to our patients. If there is a need to use or disclose personal health information for a new purpose, we will ask for a new consent from our patients.
We document any disclosures of personal health information that occur without consent, including a description or copy of the information, the name of the person or organization to which it was disclosed, and the date and authority for the disclosure.
We retain personal health information in accordance with our retention and destruction schedule and the Guidelines of the College of Physicians and Surgeons of Nova Scotia. We securely dispose of personal health information, in keeping with our retention and destruction schedule.
Principle 6: Accuracy
We keep patients’ personal health information as accurate, up-to-date and complete as is necessary to meet the purposes we have identified to our patients.
Principle 7: Safeguards
We have put reasonable safeguards in place to protect the personal health information of our patients against theft or loss of the information, and unauthorized access to or use, disclosure, copying or modification of the information. The safeguards include a combination of policies, practices, and technologies to protect personal health information, regardless of the form in which it is stored (e.g., paper or electronic
Principle 8: Openness
We inform our patients about the personal health information we collect, the purposes for which it is used or disclosed, and to whom, and the process for a patient to access their own information. We do this through postings in our office and on our web site.
Principle 9: Individual Access
Patients have the right to access their own personal health information held by our practice, subject to certain exceptions in PHIA. Patients can access their records to make sure the information is accurate or complete and can request a correction. PHIA provides a fee schedule that we use to charge for this access.
Principle 10: Challenging Compliance
Patients have the right to challenge whether we have met the requirements of our information policies and PHIA. We have a complaints policy that sets out the steps to do this. If patients are not satisfied with the response from our practice, they can also make a complaint to the Review Officer or the College of Physicians and Surgeons of Nova Scotia. For more details, please see our complaint policy
Personal Health Information Act
Protecting Your Personal Health Information under the Personal Health Information Act
WHAT IS THE PERSONAL HEALTH INFORMATION ACT?
The Personal Health Information Act or PHIA is a provincial law. It aims to balance your right to have your personal health information protected with the need of health professionals to use your information to provide you with proper care and treatment.
WHAT IS PERSONAL HEALTH INFORMATION?
Personal health information is information about you that is related to your health or health care. It may include:
- your name;
- date of birth;
- health history;
- provincial health card number;
- other information about tests, procedures and care you received
As your doctor, I collect personal health information directly from you or the person acting on your behalf. Sometimes, I ask other health professionals or health care organizations involved in your health care for your personal health information to help me provide you care. I may collect personal health information from other sources, if I have your permission to do so, or if the law allows me to do so even without your permission. Personal health information may be collected and stored in different ways, including electronic files, on paper charts, and images like x-rays. I collect personal health information as needed to treat you and assist with your care.
WHO CAN SEE OR USE YOUR PERSONAL HEALTH INFORMATION?
- individuals involved in your care and treatment, including students, on a need to know basis
- individuals who need the information to get payment for your health care
- anyone who can legally act on your behalf
- specified organizations who have a legal right to see the information in certain situations
HOW DOES PHIA PROTECT YOUR PERSONAL HEALTH INFORMATION?
As your doctor, I have policies and practices to protect your personal health information. I will:
- properly collect, use, share, keep and destroy your personal health information following the rules in PHIA
- have a privacy contact person who can answer your questions about our handling of your personal health information
- have policies to protect the privacy and security of your personal health information on paper, in electronic form, or unrecorded
- have a complaints policy for you to use if you believe that we are not following the rules in PHIA
- properly respond if the privacy of your personal health information has been breached. This may include telling you or the Privacy Review Officer
WHAT ARE YOUR RIGHTS UNDER PHIA?
- to ask for copies of your personal health information (fees may apply)
- to ask for changes to your personal health information if the facts were not recorded correctly
- to ask for information on who has looked at your personal health information held in electronic form
- to ask that some or all of your personal health information not be collected by, used by, or shared with specific people or organizations involved in your care
- to ask for a review by the Privacy Review Officer responsible for PHIA if you do not think the result of your complaint, access request, or correction request properly followed the rules in PHIA.
WHO DO I CONTACT FOR MORE INFORMATION?
Suite 306 46 Portland St
Dartmouth NS B2Y 1H4