Our Privacy Policy

What Information is collected and why/how it will be used?

We limit the amount and type of health information we collect.

We will collect individually identifying health information only for the following purposes, or as otherwise permitted by law:

  • Provision of health services

  • Verifying eligibility or obtain and process payment for health services

  • Health-Related Educational Communications: (e.g. appointment reminders, providing information about treatment alternatives, or other health-related benefits and services that may be of interest to you)

  • Other Internal Management Purposes: Our clinic does use health information for planning, quality improvement, reporting, etc within the clinic.

  • Health Service Provider Education: Our clinic trains custodians, practitioner/therapists etc who will use your health information in providing service to you.  

Our clinic will only collect health information for the purposes that we have identified or as otherwise permitted by law. In addition, we will only collect as much health information as is essential to carry out the purpose for which we are collecting it.

Your health information will be collected directly from you, except in the limited circumstances where we are authorized by the applicable legislation (HIA or PIPA) to indirectly collect such information.

Where the information is stored?

Our patient/client Health Information is stored with the JANE EMR’s secure server on proper data centres. All servers are SOC2 certified at a minimum, which means that only authorized individuals have access to the facilities.

How Information is protected/what safeguards are in use?

All data is encrypted using 256-bit encryption when sent between our device and their (JANE EMR) servers (in the same way as your banking information would be).

Administrators and practitioners/therapists each access JANE using their own account secured by a username and password. The account owner (owner of the clinic) can control access permissions for each user, which includes control of accessing patient/client charts, billing records and schedule records

Patient/clients also have access to their online booking accounts by username and password. The account owner or an administrator with permission can disable access to patients/clients online booking abilities (when needed).

 

Who the information can be shared with?

At 360BRAINBODY we are a multidisciplinary clinic with Practitioners/therapist who are under the legislations HIA (Health Information Act) & PIPA (Personal Information Protection Act). Health Information will only be shared/disclosed to third parties with written consent by the patient/client. The written consent, once obtained, will be stored and kept recorded in the patient/client chart.

How can you (the patient/client) can obtain access to view, correct or receive a copy of your health information

You have the right to access your health information that is in our clinic’s custody or control.

Patients/clients own their health information in their medical records; the clinic owns the medical record. During the provision of health services, we will share your health information verbally with you or an authorized representative and allow access to or provide copies of your health information records when practical (including information in Alberta Netcare).

As a patient/client you are entitled to a copy of your medical record, but our clinic also has the right to refuse to disclose health information under some circumstances and to make access subject to payment of fees as allowed per HIA regulations.

How long is your health information retained and how is the information destroyed when applicable?

The clinic will retain your health information per applicable health care profession guidelines and securely destroy your health information once the 10-year retention period has been reached. The 10-year retention period starts from the last entry date in the record.

We destroy any paper health information (once it has been added into your digital chart) by shredding the document(s). We will also use a disc wiping software to remove any health information from computer hard-drives and other media (if/when needed).

If you have any questions or concerns, please contact our office.