Privacy Policy

Effective date: Sept 13, 2024

INTRODUCTION

Guardian Healthcare Corp. ("GHC", "We", “Our”) recognizes and respects your right to privacy and is committed to protecting it. The purpose of this policy is to set out our duty to protect your personal information (“PI”) and personal health information (“PHI”) from unauthorized collection, access, use, disclosure, theft, and loss. 

This policy applies to all GHC employees, medical staff, volunteers, officers, directors, agents, vendors, contractors, consultants and related entities (each of which may individually be a “health information custodian”) who, on behalf of or for the purposes or benefit of GHC, collects, uses, discloses or has access to PHI that is in the custody or control of GHC. We will only use your PI and PHI in accordance with this policy unless otherwise required by applicable law. We take steps to ensure that the information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.

Please read this policy carefully to understand our practices for collecting, processing, and storing your information. We will notify you in advance of any material changes to this policy and obtain your consent to any new ways that we collect, use, and disclose your personal information.

WHAT INFORMATION WE COLLECT AND WHY

Privacy laws in Canada generally define "personal information" as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate the individual. For example, a person’s name, address, and telephone number would be considered personal information.

“Personal health information” is identifying medical and health information about an individual, including information found in their medical record, which relates to: 

  • their physical or mental health, including the individual’s medical history and the individual’s family history;
  • their healthcare history, including the identification of persons who provide healthcare to the individual; 
  • their payment or eligibility for healthcare; 
  • their health number; 
  • their choices regarding donations of body parts and substances, including information derived from testing or examination of such parts or substances. 

The Ontario Personal Health Information Protection Act, 2004 (“PHIPA”) governs patient privacy and rights to access to records. 

In order to provide healthcare services, GHC will need to collect PI and PHI from patients from time to time. GHC will identify the purposes for which PI and PHI is collected at or before the time the information is collected. PI and PHI will not be used for purposes other than those for which it was collected, except with the express consent of the individual or as permitted or authorized by law.

In general, GHC collects, uses, and discloses PI and PHI for the following purposes:

  • Providing healthcare or assisting in providing healthcare;
  • Planning or delivering patient care programs and services;
  • Risk management or activities to improve quality of care or quality;
  • Processing, monitoring, verifying or reimbursing claims for payment; and
  • As otherwise consented to by the individual.

This policy does not apply to PI or PHI that you provide to or is collected by any third party. These third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

HOW WE COLLECT INFORMATION

Consent 

GHC collects, uses, and discloses PHI with the consent of the patient or their substitute decision maker, or as is otherwise permitted or required by PHIPA.  Where consent of an individual is required, the consent must: 

  • Be of the individual;
  • Be related to the information to the collected, used, or disclosed; and
  • Not be obtained through deception or coercion.

In order to provide consent, patients must be informed:  

  • Of the purpose of the collection, use or disclosure of the information; and  
  • That consent may be provided or withheld.

GHC may rely on express or implied consent when collecting, using, or disclosing PHI for the purpose of providing patient care. PHI may be used and disclosed with assumed implied consent to other healthcare professionals within a patient’s circle of care, which includes, but is not limited to, doctors, nurses, pharmacists, allied health professionals, administrative staff supporting the provision of care, other employees assigned to care for a patient.  

A patient’s express consent is required for a patient’s PHI to be disclosed: 

  • To a person that is not a health information custodian; or
  • For a purpose other than providing healthcare or assisting in healthcare. 

When consent is required for the collection, use, or disclosure of an individual’s PHI, the consent must be obtained from the patient when the patient is capable of consenting to the collection, use, or disclosure. An individual is capable of consenting to the collection, use, or disclosure of PHI if the individual is able to: 

  • Understand the information relevant to deciding whether to consent to the collection, use, or disclosure of PHI; and 
  • Appreciate the reasonably foreseeable consequences of giving, not giving, withholding or withdrawing the consent.  

Where the individual is not capable of consenting to the collection, use, or disclosure of PHI, consent must be obtained from the patient’s substitute decision maker. The following persons may act as a patient’s substitute decision maker:

  • The patient’s guardian of the person, if given authority to give or refuse consent on behalf of the patient;
  • The patient’s attorney for personal care, if the power of attorney grants authority to give or refuse consent on behalf of the patient;
  • The patient’s spouse or partner;
  • A child or parent of the patient, or a children’s aid society or other person who is lawfully entitled to give or refuse consent in the place of the patient. This does not include a parent who has only a right of access to the patient;
  • The patient’s parent who only has right of access;
  • The patient’s brother or sister; and 
  • Any other relative of the patient. 

Where you have provided your consent to the collection, use, and transfer of your PHI, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at info@guardianhc.ca. Please note that: (1) withdrawal of consent may not be retroactive, and (2) if you withdraw your consent, we may not be able to provide you with healthcare services. 

We may disclose PI or PHI that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates;
  • To third-party healthcare providers if you have consented to these disclosures. We contractually require these third parties to keep PI and PHI confidential and use it only for the purposes for which we disclose it to them;
  • To fulfill the purpose for which you provide it;
  • For any other purpose we disclose when you provide the information; and
  • With your consent.

YOUR RIGHTS

Lockbox

Patients have the right to limit or restrict how their PHI may be used or disclosed for healthcare purposes. This is referred to as a “consent directive” or “lockbox”. GHC staff who do not have access must request consent from the patient or the patient’s substitute decision maker to override the lockbox for the purposes of providing healthcare. GHC staff may, however, override the lockbox in emergency circumstances and only when it is not possible to obtain consent and the inability to access the restricted information may lead to serious harm to the patient. The lockbox may also be overridden to comply with legal obligations such as reporting to a children’s aid society, reporting that a person is being treated for a gunshot wound, or to report certain diseases to public health authorities.

Patients may request a lockbox by contacting info@guardianhc.ca. In limited circumstances, GHC may deny a patient’s request, such as where it conflicts with the law.

Access to Records 

Patients may request access to or receive copies of their PI and PHI collected by GHC. Patients requesting copies of their records for themselves or for third parties (such as lawyers or insurance companies) should provide a written request by email to info@guardianhc.ca. 

We will provide you access to your PI and PHI, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

  • Information protected by solicitor-client privilege;
  • Information about quality of care;
  • Raw data from lab work, psychological tests, or other assessments;
  • Information that is part of a formal dispute resolution process;
  • Information that is about another individual that would reveal their personal information or confidential commercial information; or
  • Information that is prohibitively expensive to provide.

Accuracy of Records 

If a patient has reason to believe the PI or PHI contained in their record is inaccurate or incomplete, the patient may contact GHC to request a correction of their information as contained within their record. If a correction request is not resolved to the satisfaction of the patient, they have the right to appeal to the Information and Privacy Commissioner of Ontario (“IPC”), and/or to submit a statement of disagreement, which GHC will store in the patient’s medical record.

Information and Privacy Commissioner of Ontario

In situations where GHC is unable to resolve a concern, patients may contact IPC by email at info@ipc.on.ca or by phone at 416-326-3333. 

All GHC agents are required to cooperate with IPC during an investigation or remediation of a privacy issue, a privacy impact assessment, or an audit. Failure to cooperate with IPC in its attempts to ensure or support compliance with GHC policy or provincial privacy laws may result in disciplinary measures.

HOW WE PROTECT YOUR INFORMATION

Data Security 

The security of your personal information is very important to us. GHC protects PI and PHI through appropriate physical, electronic, and administrative measures consistent with industry standards, including security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, threat-risk assessments, staff training, and confidentiality agreements. All vendors, contractors, or other third parties who require access to GHC’s systems must enter into a signed written agreement with GHC.

Except as otherwise permitted or required by applicable law or regulation, we will only retain PI for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize or aggregate PI so that it can no longer be associated with an individual. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice or consent.

GHC has established information retention guidelines that define consistent minimum standards and requirements for the length of time records of PHI are to be maintained and has established appropriate practices and timelines for the secure disposal of PHI, consistent with confidentiality, legal, and regulatory requirements. 

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect our data, we cannot guarantee the security of information transmitted through the Internet. Any transmission of PI or PHI through an unsecured method is at your own risk. We are not responsible for circumvention of any email settings or security measures.

Privacy Incidents 

GHC staff, contractors, and agents must report privacy incidents, including instances when such person knows, or has reason to believe, that PI or PHI was collected, used, or disclosed without proper authorization and when PI or PHI is lost or stolen. Situations that present a risk to patient privacy must also be reported. 

GHC staff, contractors, and agents must participate in the review of privacy incidents in order to determine the extent of a breach, to mitigate its impact, and to prevent or reduce the recurrence of similar incidents. When privacy incidents occur, GHC will:

  • Identify the scope of the breach and take steps for containment; 
  • Notify the individuals affected by the breach, as soon as reasonably possible; 
  • Notify any staff (and other custodians, as appropriate) who need to be advised of the breach; and
  • Where required by PHIPA, GHC will notify IPC and/or the regulatory colleges as appropriate. 

Accessing PI and PHI

GHC staff, contractors, and agents may only access PI and PHI as needed for the purposes of their role and duties. Any other access is considered a privacy breach and may be reportable to IPC. 

Whenever an agent of GHC is provided with records of PHI from an outside organization for the purpose of the provision of care (such as a hospital, researcher, or government agency), GHC policies and procedures governing the handling and retention of PHI must be followed with respect to these external records. 

POLICY ADMINISTRATION

This policy will be reviewed by GHC periodically and as issues arise, including amendments to legislation or new guidance from IPC. We include the date the privacy policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting this privacy policy to check for any changes.

We welcome your questions, comments, and requests regarding this privacy policy and our privacy practices. Please contact us at:

Jodi Walker RN, BScN

info@guardianhc.ca

1-888-233-8842

Contact Guardian Healthcare

We are dedicated to providing the assistance necessary to address all of your healthcare needs and to ensure that you receive the highest standard of care possible.

Contact us today to learn more about how we can help you.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.