Privacy of personal information is
an important principle to TSR Clinics™. We are committed
to collecting, using and disclosing personal information
responsibility and only to the extent necessary for
the goods and services we provide. We also try to be
open and transparent as to how we handle personal information.
This document describes our privacy policies.
is personal Information?
Who we are
We collect personal information:
We collect personal information:
Related and secondary purposes
Protecting personal information
Retention and destruction of
You can look at your information
Do you have a question?
is personal information?
Personal information is information
about an identifiable individual. Personal information
includes information that relates to their personal
characteristics (e.g., gender, age, income, home address,
phone number, family status), their health (e.g.,
health history, health conditions, health services
received by them) or their activities and views (e.g.,
opinions expressed by an individual, an opinion or
evaluation of an individual). Personal information
is to be contrasted with business information (e.g.,
an individual’s business and telephone number) which
is not protected by privacy legislation.
Our organization, TSR Clinics™, includes
at the time of writing three occupational therapists,
two industrial ergonomists, one client service co-ordinator
and a variety of associate chiropractors, physiotherapists
and medical doctors. We use a number of consultants
and agencies that may, in the course of their duties,
have limited access to personal information we hold.
These include computer consultants, office security
and maintenance, bookkeepers, and accountants, cleaners
and lawyers. We restrict their access to any personal
information we hold as much as is reasonably possible.
We also have their assurance that they follow appropriate
collect personal information: Primary purposes
Like all therapists, we collect, use and disclose
personal information in order to serve our clients.
For our clients, the primary purpose for collecting
personal information is to provide medical / functional
assessment and possibly (when it is requested / required)
treatment. For example, we collect information about
a client’s health history, including their family
history, physical condition and function and social
situation in order to help us assess what their health
needs are, assess their functional status, to advise
them of their options (when requested) and to provide
the treatment (when indicated).
A second primary purpose is to
obtain a baseline of health and social information
so that if we are providing ongoing health services
we can identify changes that are occurring over time.
It would be rare for us to collect such information
without the client’s express consent, but this might
occur in an emergency (e.g., the client is unconscious)
or where we believe the client would consent if asked
and it is impractical to obtain consent (e.g., a family
member passing a message on from our client and we
have no reason to believe that the message is not
About members of the general public
For member of the general public, our primary purposes
for collecting personal information are to provide
notice of special events (e.g., a seminar or conference
or to make them aware of occupational therapy services
in general or our clinic in particular). For example,
while we try to use work contact information where
possible, we might collect home addresses, fax numbers
and email addresses. We try to obtain consent before
using any such personal information, but where this
is not, for any reason, possible, we will upon request
immediately remove any personal information from our
On our website we only collect,
with the exception of cookies, the personal information
you provide and only use that information for the
purpose you gave it to use (e.g., to respond to your
email message, to register for a course, etc.). Cookies
are only used to help you navigate our website and
are not used to monitor you.
About staff, contract staff, volunteers
For staff and contract staff (i.e., people who are
contracted to do work for us such as temporary workers)
our primary purpose for collecting personal information
is to ensure we can contact them in the future (e.g.,
for new assignments) and for necessary work-related
communication (e.g., sending our paycheques, year-end
tax receipts). Examples of the type of personal information
we collect for those purposes include home addresses
and telephone numbers, It is rare for us to collect
such information without prior consent, but it might
happen in the case of a health emergency (e.g., a
SARS outbreak) or to investigate a possible breach
of law (e.g., if a theft were to occur in the clinic).
If contact staff volunteers or students wish a letter
of reference or an evaluation, we will collect information
about their work-related performance and provide a
report as authorized by them.
collect personal information: Related and secondary
Like most organizations, we also collect, use and disclose
information for purpose related to or secondary to our
primary purposes. The most common examples of our related
and secondary purposes are as follows:
To invoice clients for goods or
services that were not paid for at the time, to process
credit card payments or to collect unpaid accounts
that are not being paid for by their insurer.
To advise clients that their product
or service should be reviewed (e.g., to ensure a product
is still functioning properly and appropriate for
their then current needs and to consider modifications
To advise clients and others of
special events or opportunities (e.g., seminar, development
of a new service, arrival of a new product) that we
Our clinic reviews client and other
files for the purpose of ensuring that we provide
high quality services, including assessing the performance
of our staff. On addition, external consultants (e.g.,
auditors, lawyers, practice consultants, voluntary
accreditation programs) may on our behalf do audits
and continuing quality improvement review of our Clinic,
including reviewing client files and interviewing
Chiropractors, medical doctors,
physiotherapists and occupational therapists are regulated
by their respective Colleges who may inspect our records
and interview our staff as a part of their regulatory
activities in the public interest. In addition, as
professionals, we will report serious misconduct,
incompetence or incapacity of other practitioners,
whether they belong to other organizations or our
own. Also, our organization believes that it should
report information suggesting serious illegal behaviour
to the authorities. External regulators have their
own strict privacy obligations. Sometimes these reports
include personal information about our clients, or
other individuals, to support the concern (e.g., improper
services). Also, like all organizations, various government
agencies (e.g., Canada Customs and Revenue Agency,
Information and Privacy Commissioner, Human Rights
Commissioner, etc.) have the authority to review our
files and interview our staff as a part of their mandates.
In these circumstances, we may consult with professionals
(e.g., lawyers, accountants) who will investigate
the matter and report back to us.
The cost of the goods and services
provided by the organization to clients is paid for
by third parties (e.g., OHIP, WSIB, private insurance).
These third-party payers often have your consent or
legislative authority to direct us to collect and
disclose to them certain information in order to demonstrate
client entitlement to this funding.
Clients or other individuals we
deal with may have questions about our goods and services
after they have been received. We also provide ongoing
services for many of our clients over a period of
months or years for which our previous records are
helpful. We retain our client information for a minimum
of ten years after the last contact to enable us to
respond to those questions and provide these services
(our regulatory College also requires us to retain
If TSR Clinics™ or its assets were
to be sold, the purchaser would want to conduct a
“due diligence” review of the Clinic’s records to
ensure that it is a viable business that has been
honestly portrayed to the purchaser. This due diligence
may involve some review of our accounting and service
files. The purchaser would not be able to remove or
record personal information. Before being provided
access to the files, the purchaser must provide a
written promise to keep all personal information confidential.
Only reputable purchasers who have already agreed
to buy the organization’s business or its assets would
be provided access to personal information, and only
for the purpose of completing their due diligence
search prior to closing the purchase.
You can choose not to be part of some
of these related or secondary purposes (e.g., by declining
to receive notice or special events or opportunities).
We do not however, have much choice about some of these
related or secondary purposes (e.g., external regulation).
We understand the importance of protecting personal
information. For that reason, we have taken the following
Paper information is either under
supervision or secured in a locked or restricted area.
Electronic hardware is either under
supervision or secured in a locked or restricted area
at all times. In addition, passwords are used on computers.
All of our cell phones are digital, which signals
are more difficult to intercept.
Paper information is transmitted
through sealed, addressed envelopes or boxes by reputable
Electronic information is transmitted
either through a direct line or is encrypted or anonymized.
Staff are trained to collect, use
and disclose personal information only as necessary
to fulfil their duties and in accordance with our
External consultants and agencies
with access to personal information must enter into
privacy agreements with us.
and destruction of personal information
We need to retain personal information
for some time to ensure that we can answer any questions
you or your insurer, your doctor, or your place of
employment might have about the services provided
and for our own accountability to external regulatory
bodies. However, we do not want to keep personal information
too long in order to protect your privacy.
We keep our client files for about
ten years. Our client and contact directories are
much more difficult to systematically destroy, so
we remove such information when we can if it does
not appear that we will be contacting you again. However,
if you ask, we will remove such contact information
right away. We keep any personal information relating
to our general correspondence (i.e., with people who
are not clients) newsletters, seminars and marketing
activities for about one year after the newsletter
ceases publication or a seminar or marketing activity
We destroy paper files containing
personal information by shredding. We destroy electronic
information by deleting it and, when the hardware
is discarded, we ensure that the hard drive is physically
destroyed. Alternatively, we may send some or all
of the client file to our client.
can look at your information
With only a few exceptions, you
have the right to see what personal information we
hold about you. Often all you have to do is ask. We
can help you identify what records we might have about
you. We will also try to help you understand any information
you do not understand (e.g., short forms, technical
language, etc.). We will need to confirm your identify,
if we do not know you, before providing you with this
access. We reserve the right to charge a nominal fee
for such requests.
If there is a problem we may ask
you to put your request in writing. If we cannot give
you access, we will tell you within 30 days if at
all possible and tell you the reason, as best we can,
as to why we cannot give you access.
If you believe there is a mistake
in the information, you have the right to ask for
it to be corrected. This applies to factual information
and not to any professional opinions we may have formed.
We may ask you to provide documentation that our files
are wrong. Where we agreed that we made a mistake,
we will make the correction and notify anyone to whom
we sent this information. If we do not agreed that
we have made a mistake, we will still agreed to include
in our file a brief statement from you on the point
and we will forward that statement to anyone else
who received the earlier information.
you have a question?
Our information officer, Joanne Jaundoo, can be reached
212 King Street West
Oshawa, ON, L1J 2J2
She will attempt to answer any questions or concerns
that you might have.
If you wish to make a formal complaint about our privacy
practices, you may make it in writing to our Information
Officer. She will acknowledge receipt of your complaint,
ensure that it is investigated promptly and that you
are provided with a formal decision and reasons in writing.
If you have a concern about the professionalism
or competence of our services or the mental or physical
capacity of any of our professional staff we would ask
you to discuss those concerns with us. However, if we
cannot satisfy your concerns, you are entitled to complain
to the appropriate regulatory body:
College of Ontario
|130 Bloor Street,
Toronto, ON, M5S 1N5
Physiotherapists of Ontario
|230 Richmond Street
Toronto, ON, M5V 3E5
Physicians and Surgeons
|80 College Street
Toronto, ON, M5G 2E2
Occupational Therapists of Ontario
|20 Bay Street, Suite
Toronto, ON, M5J 2N8
This policy is made under the Personal
Information Protection and Electronic Documents Act.
That is a complex Act and provides some additional exceptions
to the privacy principles that are too detailed to se
our here. There are some rare exceptions to the commitments
set out above.
For more general inquires, the Information
and Privacy Commissioner of Canada oversees the administration
of the privacy legislation in the private sector. The
Commissioner also acts as a kind of ombudsman for privacy
disputes. The information and Privacy Commissioner can
be reached at:
|112 Kent Street
Ottawa, ON, K1A 1H3