ÌÇÐÄvlog¾«Æ·

ÌÇÐÄvlog¾«Æ· is committed to and accountable for protecting individual privacy and ensuring the confidentiality of personal health information (PHI) it holds in accordance with the Personal Health Information Protection Act, 2004 (PHIPA). Conestoga’s commitment is demonstrated in the implementation of policies and procedures to ensure the protection of personal health information and by educating Conestoga staff regarding their responsibilities when collecting, using, disclosing, retaining and disposing of an individual’s personal health information. 

Conestoga maintains a separate policy addressing the protection of student privacy, the Protection of Student Privacy Policy, which addresses student personal information under Conestoga’s custody and control.

This policy applies to personal health information in Conestoga’s control, as it relates to Medical Care Clinic and Counselling Services.

ÌÇÐÄvlog¾«Æ· maintains a glossary of terms specific to the institution. The ones in use for this document are defined below.

1. Identifying Purposes for Collecting PHI
1. ÌÇÐÄvlog¾«Æ· collects personal health information (PHI) of clients seeking the services of the Medical Care Clinic and Counselling Services in order to provide the best care and service possible. 
2. PHI is collected, used and disclosed for the following purposes: 
1. To obtain payment for health services provided to clients from their provincial health care plan, private insurer, or others. 
2. To teach students and to provide education to our staff. 
3. To conduct quality improvement and risk management activities. 
4. To plan, administer and manage our internal operations. 
   
5. To comply with our regulatory obligations as regulated health professionals under the applicable legislation. 
6. To fulfill other purposes permitted or required by law. 
2. Consent for the Collection, Use and Disclosure of PHI 
1. When clients seek health and wellness services from the college, it is assumed that the college has the client’s permission to collect, use and share the client’s PHI among interdisciplinary health service providers inside and outside of Conestoga for the purpose of providing and assisting in providing health services to the client. 
2. Clients may elect to withhold their consent to the collection, use or disclosure of their PHI. Withdrawal of consent cannot reverse any action already taken under consent. 
3. Limiting Collection of PHI 
1. Conestoga will collect, use and disclose only as much PHI as is needed to achieve the above purposes. Information will be collected directly from the individual, unless the law permits or requires collection from third parties (e.g. friends and family). 
4. Limiting Use, Disclosure and Retention of PHI 
1. Conestoga staff may need to disclose personal health information without consent in certain situations, including the following: 
1. There are reasonable grounds to believe the client is at risk to harm themself or others
2. Where there is known or suspicion that a child under the age of 17 has been abused or in a position to witness domestic violence; 
3. If the client is in crisis or a risk/concern to the Conestoga community, staff may consult with other professionals (i.e., Campus Security) in order to best support the client and protect the community. 
4. When the court orders Conestoga to release client information due to a warrant and/or subpoena; 
5. If sexual contact by a regulated health care professional is reported. 
2. Conestoga provides both health and non-health services to the public and has a duty to manage risks appropriately. Conestoga may use health information for risk management purposes. 
3. Conestoga retains health records in a secure, confidential electronic system for a minimum of 10 years from the last appointment the client attended, or from the client’s 18th birthday (whichever is later). Only qualified professionals providing health and wellness services through Conestoga have access to health records. Paper copies and forms are shredded using a confidential shredding system after being scanned into the confidential electronic system. 
5. Accuracy of PHI 
1. Conestoga will take reasonable steps to ensure that information held by the college is as accurate, complete, and up to date as is necessary for the purposes for which it is to be used. 
2. Individuals have a right to request corrections to their PHI, subject to specific criteria as set out in PHIPA. 
6.  Safeguards for PHI 
1. Conestoga takes all necessary steps to safeguard PHI from theft, loss and unauthorized access, copying, modification, use, disclosure and disposal. This includes ensuring that those providing services protect PHI and only use PHI for the purposes for which clients have consented. 
2. Conestoga also ensures the confidentiality of PHI through confidentiality agreements, privacy training and contractual means. 
3. Care is used in the disposal or destruction of PHI, to prevent unauthorized parties from gaining access to the information. 
4. Conestoga maintains a procedure for responding to breaches of security safeguards. All employees and others who work for Conestoga are required to immediately report potential breaches to the Access and Privacy Coordinator. Human resources, information technology, executive staff and legal counsel will be consulted as required. 
5. Periodic audits and investigations are conducted to monitor and manage privacy compliance. 
7. Openness about PHI 
1. Individuals may make written requests for access their PHI and Conestoga will respond to such requests within reasonable timelines and costs to the patient in accordance with PHIPA. 
2. In certain circumstances, exceptions to the right of access may apply pursuant to PHIPA, including where the information could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege. 
3. Further information about Conestoga’s policies and practices regarding the management of an individual’s PHI is available by contacting the Operations Officer, Student Success Services. The Operations Officer responds to inquiries, requests for access and correction, and privacy complaints. Inquiries may also be directed to Conestoga’s Access and Privacy Coordinator (privacy@conestogac.on.ca). 
8. Challenging Compliance with Conestoga’s Privacy Policies and Practices 
1. Any person may ask questions or challenge Conestoga’s compliance with this policy or with PHIPA by contacting the Operations Officer, Student Success Services. 
2. Conestoga will receive and respond to complaints or inquiries about its privacy policies and practices relating to the handling of PHI. 
3. Conestoga will investigate all privacy complaints. If a complaint is found to be justified, Conestoga will take appropriate measures to respond. 
4. The Information and Privacy Commissioner of Ontario oversees our compliance with privacy rules and PHIPA. Any individual can make an inquiry or complaint directly to the Information and Privacy Commissioner of Ontario by writing to or calling: 

2 Bloor Street East, Suite 1400 

Toronto, ON M4W 1A8 

Phone: 1 (800) 387-0073 

www.ipc.on.ca