Our Privacy Policy

Privacy Policy for Caroline I Bieze, RMT

Privacy of personal information is an important principle to me. I am committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the massage therapy services I provide. I try to be open and transparent about how I handle personal information. This document describes my privacy policy.


What is Personal Health Information?

Personal health information is information about an identifiable individual. Personal health information includes information that relates to:

  • Personal characteristics (including name, home address, phone number, email address, date of birth);
  • Information for a receipt (including name, home address, phone number, email address, type of payment, service provided, amount of fee, HST, date);
  • The physical or mental health of the individual (including family health history);
  • The provision of health care to the individual (including identifying the individual’s health care provider);
  • Identification of the individual’s substitute decision maker.


Who I am

My practice, Caroline I Bieze, RMT, is, at the time of writing, a sole proprietorship with no other staff.


Why I collect personal health information

I collect, use and disclose personal health information in order to serve my clients.


Primary purpose #1: To provide clients with health care services

Brief description of the purpose: I collect, use and disclose information about your health history, including your family history, your physical condition and function in order to help me assess what your health needs are, to advise you of your treatment options and then provide you the health care you choose to have.

Primary purpose #2: To obtain a baseline of health information

Brief description of purpose: A second primary purpose is to obtain a baseline of health information so that in providing ongoing health services, I can identify changes that are occurring over time.


I also collect, use and disclose personal health information for purposes related to or secondary to my primary purposes. The most common example of my related and secondary purposes are as follows:


Secondary purpose #1: To obtain payment for my services and to provide receipts for insurance claims.

Brief description of purpose: To obtain payment for health-related services provided. Payment is obtained directly from the client.


Secondary purpose #2: To respond to audit inquiries from insurance companies about services provided by me to a specific client.

Brief description of purpose: Upon request by an insurance company representative, I confirm a client’s name, amount of payment, date of treatment and type of treatment. This is a normal audit process performed by insurance companies from time to time.


Secondary purpose #3: To comply with external regulators

Brief description of purpose: A representative of the College of Massage Therapists of Ontario (CMTO) may inspect my records and interview me as part of its mandated regulatory activities to protect the public interest. The CMTO has its own strict confidentiality and privacy policies. In addition, I may be required by law to disclose personal health information to various government agencies (e.g. Ministry of Health/local public health agency i.e. current Covid-19 pandemic, children’s aid societies, Information and Privacy Commissioner of Ontario).


Secondary Purpose #4: To facilitate the sale of my practice
Brief description of purpose: If my practice or its assets were to be sold, the potential purchaser (another RMT) would want to conduct a “due diligence” review of my records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser would first enter into an agreement with me to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale had been finalized, I would transfer records to the purchaser, but would notify my clients before doing so.


Secondary Purpose #5: To facilitate transfer of my responsibilities as a Health Information Custodian (HIC) upon my death

Brief description of purpose: Under PHIPA, I am required to keep client files for 10 years from the date of their last appointment. If I die before these 10 years have elapsed, my executor would be required to contact another RMT pre-appointed by me to take over my current full responsibilities as a HIC under PHIPA. This includes but is not limited to:

  • Notify my current clients of my death
  • Secure management and storage of client files
  • Transfer of a client’s files directly to the client or to another RMT, upon specific client request. The client would need to sign a release form to authorize the transfer.


Protecting personal information

I understand the importance of protecting personal information. For that reason, I’ve taken the following steps:

  • I store personal information (first and last name, home address, telephone number, e-mail address, method of payment, treatment types and dates, and treatment fees) in my office laptop. This laptop is secured with a strong password and I am the only person with access. A client’s specific health information is kept in the client’s file that is stored in a locked filing cabinet to which I have exclusive access.
  • I do not post any personal information about my clients on social media websites or my own website.


Retention and destruction of personal information

I keep all client files for 10 years from the date of the last client visit or from the date that the client turns 18. I destroy all paper files containing personal health information by personally shredding the contents using my office shredder. I destroy electronic information by deleting it in a manner that it cannot be restored. When hardware is discarded, I ensure that the hardware is physically destroyed or the data is erased or overwritten in a manner that the information cannot be recovered.


You can look at your records

With only a few exceptions, you have the right to see what personal information I hold about you. You can contact me at any time. I can help you identify what records I might have about you. I will also try to help you understand any information you do not understand (e.g. short forms, technical language, etc.). I reserve the right to charge $30 for the first 20 pages of records and $0.25 for each additional page. I may ask that you put your request in writing. I will respond to your request as soon as possible and generally within 30 days if at all possible. If I cannot give you access, I will tell you the reason as best as I can, as to why. If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formed. I may ask you to provide documentation that my files are wrong. Where I agree that I made a mistake, I will make the correction. At your request, and where it’s reasonable possible, I will notify anyone to whom I may have sent this information (but I may deny your request if it would not reasonably have an effect on the ongoing provision of health care). If I do not agree that I’ve made a mistake, I will still agree to include in the file a brief statement from you on the point.


If there’s a privacy breach

While I will take precautions to avoid any breach of your privacy, if there is loss, theft or unauthorized access of your personal health information, I will notify you. Upon learning of a possible or known breach, I will take the following steps:

  • I will contain the breach to the best of my ability, including by taking the following steps if applicable:
    • Retrieving hard copies of personal health information that have been disclosed
    • Ensuring no copies have been made
    • Taking steps to prevent unauthorized access to electronic information (e.g. change passwords, restrict access, temporarily shut down system).
  • I will notify the affected client
    • I will provide my contact information in case the client has further questions.
    • I will provide the Privacy Commissioner’s contact information and advise the affected client of their right to complain to the Commissioner.
  • I will investigate and remediate the problem, by:
    • Conducting an internal investigation
    • Determining what steps should be taken to prevent future breaches (e.g. changes to policies, additional safeguards)

Depending on the circumstances of the breach, I may notify and work with the Information and Privacy Commissioner of Ontario. I may also report the breach to the College of Massage Therapists of Ontario.


Do you have questions or concerns?

Our information, Caroline Bieze, can be reached at:

Caroline Bieze
Waterdown, Ont.

(905) 339-3950

I will attempt to answer any questions or concerns you might have. If you wish to make a formal complaint about my privacy practices, you may take it in writing to the privacy officer, Caroline Bieze. I will acknowledge receipt of your complaint and ensure it is investigated promptly and that you are provided with a formal decision and reasons, in writing. You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about my privacy practices or how your personal health information has been handled by contacting:

Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario  M4W 1A8

Tel: Toronto Area (416/local 905): (416) 326-3333

Long Distance: 1(800)387-0073 (within Ontario)

TDD/TTY: (416)325-7539

FAX: (416)325-9195




We are always happy to hear from you and would love to answer any questions you may have.
Copyright © 2010-2024 Caroline Bieze