Easy Bill MD Incorporated
Privacy Policy
We have developed the following principles in correlation with the Canadian Standards Association’s Model Code to provision an understanding of our core values and considerate approach to protecting your privacy.
Principle 1 - Accountability
We are accountable for the personal information that you give to us.
Our office is accountable for all personal information in our possession or control. This includes any personal information that we must share with third parties to provide services to you. We have established policies and procedures aimed at maintaining privacy. We have appointed a Privacy Officer to oversee privacy issues for our office. We have also educated our employees about our Privacy Policy and their role in protecting your privacy. If you have questions about our privacy practices, you are free to contact our Privacy Officer.
Principle 2 - Identifying Purposes
Notice We will tell you why we collect information, before the information is collected.
A notice has been posted in your practitioners office explaining why they collect individually identifying health information and the legal authority that authorizes them to collect it.
Principle 3 - Consent
Consent for the interaction with our services will be obtained before health information is collected, used, or disclosed, except where authorized by law.
The personal health information provided to us is collected, used, and disclosed in accordance with the provisions of the relevant legislation, and is primarily used to bill the Provincial Insurance Plan for services provided. The privacy provisions of the legislation require that we protect your health information from unauthorized access, use, disclosure, or destruction.
Principle 4 - Limiting Collection
The amount and type of information collected will be limited
We will collect personal information only for the purposes that we have identified or as otherwise permitted by law. In addition, we will only collect as much health information as is essential to carry out the purpose for which we are collecting it.
Principle 5 - Use, Disclosure, Retention, and Destruction
Information will be used and disclosed only for the reasons for which it was provided unless otherwise permitted by law. It will be retained as per the retention guidelines of the appropriate regulatory body or as required by law and will be securely destroyed at the end of retention period.
We will keep your personal information only, if necessary, to accomplish these purposes.
Legislation may identify situations in which the disclosure is mandatory or discretionary. In all cases, we will only disclose as much information as is essential for the purpose it is being disclosed or per legislative requirements.
Retention and Destruction of Records
We will keep your health information per regulatory record retention guidelines or as long as necessary to accomplish the purpose for which it was collected (whichever is longer).
We destroy paper health information by shredding, and we destroy or use professional disk wiping software to remove health information from computer hard drives and other media.
In the event our office changes ownership or is closed, you will be contacted with information about the change and, where applicable, where your information has been transferred.
Principle 6 - Accuracy
We take efforts to ensure the information in our custody and control is accurate and complete before using or disclosing that information.
Health information will be kept as accurate, complete, and up to date as possible on and on-going basis or notification by the individual. We update our registration and billing data as required. We ensure our records are complete and accurate, and track additions and amendments. We correct inaccurate or incomplete information when known.
Principle 7 - Safeguards
Your information will be protected from unauthorized access, use, disclosure, or destruction.
We have assessed the risks to your health information and implemented administrative, technical, and physical safeguards to eliminate or minimize the risk. Examples of these safeguards include office policies and procedures that ensure health information cannot be seen by unauthorized persons, having employees sign oaths of confidentiality, electronic security mechanisms like firewalls and password protection and securing the office when we are closed.
Principle 8 - Openness
We have established policies and procedures aimed at maintaining privacy.
We will make readily available to individuals specific information about our policies and procedures relating to the management of health information. We will be open about our policies and procedures with respect to the management of health information. Individuals will be able to acquire information about our policies and procedures at minimal or no cost and without unreasonable effort. This information will be made available in a form that is generally understandable.
Principle 9 - Access
Individuals have a right to access their information that is in our custody and control within the provisions of relevant legislation. Requests for access to health information should be directed to the clinic.
Individuals have a legal right to access their health information in a medical record subject to limited and specific expectations as stipulated by law. Easy Bill MD directs all requests for access to the clinic.
Principle 10 – Monitoring and Enforcement
We monitor compliance with our privacy policies and procedures and have processes for handling information and complaints.
We regularly assess our information safeguards and ensure our staff know what they are and that they follow them, we have put in place sanctions for anyone who breaches or attempts to breach our safeguards to demonstrate the importance we place on preserving privacy and confidentiality. We investigate all privacy complaints or suspected privacy breaches, and take appropriate remedial measures including amending policies, disciplining staff etc.