PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE

Please refer to Appendix A for a glossary of defined terms.

INTRODUCTION

The Personal Health Information Protection Act, 2004 (PHIPA) came into effect on November 1, 2004, and governs the collection, use, and disclosure of Personal Health Information within Ontario’s health care system, and the Personal Information Protection and Electronic Documents Act, which came into effect in 2001, governs Personal Information other than Personal Health Information.

In addition, Canada’s anti-spam legislation came into effect on July 1, 2014. Canada’s anti-spam legislation regulates how businesses and individuals communicate electronically.

We collect Personal Information about our patients directly from the patient or from the person acting on their behalf. Occasionally, we collect Personal Information about a patient from other sources if we have obtained the patient’s consent to do so or if the law permits.

Privacy of Personal Information is an important principle in the provision of quality care to our patients. We understand the importance of protecting your Personal Information. We are committed to collecting, using and disclosing your Personal Information responsibly and in accordance with the law. We also try to be as open and transparent as possible about the way we handle your Personal Information.

This Office has developed this Privacy and Anti-Spam Code (this “Code”) to provide a general description of our information and communication practices, how to obtain access to your Personal Information, how to amend incorrect information, and how to make a complaint to our Office or the Information and Privacy Commissioner. As the rules governing the collection, use, and disclosure of Personal Information may change, our practices will evolve and adapt in response to such changes and this Code may be amended from time to time as a result thereof.

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

ANTI-SPAM POLICY OVERVIEW

When we communicate with you, we may communicate via electronic means, such as e-mail. We strive to ensure that our communications do not contain any spam. “Spam” refers to any unsolicited Commercial Electronic Messages (or CEMs) that have been sent without consent. In that light, we require all CEMs from our Office to be in compliance with Privacy Laws. If and when we communicate with you using CEMs, you can opt out of receiving such messages by following the “Unsubscribe” link indicated at the bottom of such messages or by contacting our Office. Any questions or concerns with respect to CEMs from our Office may be addressed to our Office. In the event that our Office inadvertently sends out a CEM without consent, we commit to investigating every such instance and assisting the employee(s) or managers involved with renewing their understanding and awareness of our compliance responsibilities.

PERSONAL INFORMATION HANDLING PRINCIPLES

Accountability

Accountability for this Office’s compliance with Privacy Laws rests with our Privacy Officer even though others in the Office may be responsible for the day-to-day collection and processing of Personal Information.

Our staff are briefed on the importance of your privacy and receive training on the handling of your Personal Information.

Our Office is comprised of many persons working together to ensure that our patients and clients receive proper care. Some of our team members are Health Information Custodians and some are not. We take this opportunity to describe the structure of our Office so that you understand who may be handling your Personal Information and in what manner.

At our Office, professional dental or orthodontic services are performed by Service Providers. All professionals performing these services at the Office are Members of the College and are considered Health Information Custodians. All institutional health care services performed at the Office are provided by our Affiliate. The individuals providing the institutional health care services for our Affiliate may be Health Information Custodians whereas our Affiliate may not. We have appointed our Affiliate as our “contact person” pursuant to the Privacy Laws.

To facilitate the ability of our Affiliate to carry out its responsibilities to us, your Personal Information may be disclosed to, used by, and collected by our Affiliate.

All actions by our Affiliate in respect of your Personal Information shall be in compliance with this Code and Privacy Laws. By providing your Personal Information to this Office, you are consenting to its use by us, the Service Providers and our Affiliate. We have permitted our Affiliate to collect, use, disclose, retain, or dispose of our patients’ Personal Information which we ourselves may collect, use, disclose, retain, or dispose of, provided that its actions are not contrary to the limits imposed by Privacy Laws or such other applicable law. We have informed our Affiliate of its duties under Privacy Laws and other applicable law.

This Office is responsible for Personal Information in our possession or custody, including Personal Information that has been transferred to a third party for processing.

Identifying Purposes for Collecting Information

The purposes for which Personal Information is collected in this Office will be identified before or at the time it is collected.

This Office collects Personal Information that is reasonably appropriate in the circumstance in order to fulfill the purposes disclosed by our Office, as well as otherwise permitted under applicable laws including for the following purposes:

  • to deliver safe and efficient patient care;
  • to identify and to ensure continuous high quality service;
  • to assess your health needs;
  • to advise you of treatment options;
  • to enable us to contact you;
  • to provide health care;
  • to establish and maintain communication with you, including to distribute health care information and to book and confirm appointments;
  • to offer and provide treatment, care and services in relationship to the oral and maxillofacial complex and dental care generally;
  • to communicate with other treating health-care providers;
  • for teaching and demonstrating purposes on an anonymous basis;
  • to allow us to efficiently follow-up for treatment, care and billing;
  • to complete and submit dental and health services claims;
  • to comply with legal and regulatory requirements;
  • for internal management purposes;
  • to comply generally with Privacy Laws and all other applicable regulatory requirements.

Consent

Our Health Information Custodians require either express consent or implied consent from our patients before we may collect, use, or disclose Personal Information. When we collect, use, and disclose your Personal Information for health care purposes, Privacy Laws generally permit us to rely upon your implied consent. However, if the purpose is something other than health care, we may be required to obtain your express consent.

Implied consent enables us to conclude from surrounding circumstances that a patient would reasonably agree to the collection, use, or disclosure of Personal Information.

Express consent is required when we are disclosing your Personal Information to someone other than a Health Information Custodian.

Your consent for the collection, use and disclosure of Personal Information may be given in a number of ways.