What is Personal Health Information?
Personal health information is information about an identifiable individual. Personal health information includes information that relates to:
Who I am
My practice, Caroline I Bieze, RMT, is, at the time of writing, a sole proprietorship with no other staff.
Why I collect personal health information
I collect, use and disclose personal health information in order to serve my clients.
Primary purpose #1: To provide clients with health care services
Brief description of the purpose: I collect, use and disclose information about your health history, including your family history, your physical condition and function in order to help me assess what your health needs are, to advise you of your treatment options and then provide you the health care you choose to have.
Primary purpose #2: To obtain a baseline of health information
Brief description of purpose: A second primary purpose is to obtain a baseline of health information so that in providing ongoing health services, I can identify changes that are occurring over time.
I also collect, use and disclose personal health information for purposes related to or secondary to my primary purposes. The most common example of my related and secondary purposes are as follows:
Secondary purpose #1: To obtain payment for my services and to provide receipts for insurance claims.
Brief description of purpose: To obtain payment for health-related services provided. Payment is obtained directly from the client.
Secondary purpose #2: To respond to audit inquiries from insurance companies about services provided by me to a specific client.
Brief description of purpose: Upon request by an insurance company representative, I confirm a client’s name, amount of payment, date of treatment and type of treatment. This is a normal audit process performed by insurance companies from time to time.
Secondary purpose #3: To comply with external regulators
Brief description of purpose: A representative of the College of Massage Therapists of Ontario (CMTO) may inspect my records and interview me as part of its mandated regulatory activities to protect the public interest. The CMTO has its own strict confidentiality and privacy policies. In addition, I may be required by law to disclose personal health information to various government agencies (e.g. Ministry of Health/local public health agency i.e. current Covid-19 pandemic, children’s aid societies, Information and Privacy Commissioner of Ontario).
Secondary Purpose #4: To facilitate the sale of my practice
Brief description of purpose: If my practice or its assets were to be sold, the potential purchaser (another RMT) would want to conduct a “due diligence” review of my records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser would first enter into an agreement with me to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale had been finalized, I would transfer records to the purchaser, but would notify my clients before doing so.
Secondary Purpose #5: To facilitate transfer of my responsibilities as a Health Information Custodian (HIC) upon my death
Brief description of purpose: Under PHIPA, I am required to keep client files for 10 years from the date of their last appointment. If I die before these 10 years have elapsed, my executor would be required to contact another RMT pre-appointed by me to take over my current full responsibilities as a HIC under PHIPA. This includes but is not limited to:
Protecting personal information
I understand the importance of protecting personal information. For that reason, I’ve taken the following steps:
Retention and destruction of personal information
I keep all client files for 10 years from the date of the last client visit or from the date that the client turns 18. I destroy all paper files containing personal health information by personally shredding the contents using my office shredder. I destroy electronic information by deleting it in a manner that it cannot be restored. When hardware is discarded, I ensure that the hardware is physically destroyed or the data is erased or overwritten in a manner that the information cannot be recovered.
You can look at your records
With only a few exceptions, you have the right to see what personal information I hold about you. You can contact me at any time. I can help you identify what records I might have about you. I will also try to help you understand any information you do not understand (e.g. short forms, technical language, etc.). I reserve the right to charge $30 for the first 20 pages of records and $0.25 for each additional page. I may ask that you put your request in writing. I will respond to your request as soon as possible and generally within 30 days if at all possible. If I cannot give you access, I will tell you the reason as best as I can, as to why. If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formed. I may ask you to provide documentation that my files are wrong. Where I agree that I made a mistake, I will make the correction. At your request, and where it’s reasonable possible, I will notify anyone to whom I may have sent this information (but I may deny your request if it would not reasonably have an effect on the ongoing provision of health care). If I do not agree that I’ve made a mistake, I will still agree to include in the file a brief statement from you on the point.
If there’s a privacy breach
While I will take precautions to avoid any breach of your privacy, if there is loss, theft or unauthorized access of your personal health information, I will notify you. Upon learning of a possible or known breach, I will take the following steps:
Depending on the circumstances of the breach, I may notify and work with the Information and Privacy Commissioner of Ontario. I may also report the breach to the College of Massage Therapists of Ontario.
Do you have questions or concerns?
Our information, Caroline Bieze, can be reached at:
I will attempt to answer any questions or concerns you might have. If you wish to make a formal complaint about my privacy practices, you may take it in writing to the privacy officer, Caroline Bieze. I will acknowledge receipt of your complaint and ensure it is investigated promptly and that you are provided with a formal decision and reasons, in writing. You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about my privacy practices or how your personal health information has been handled by contacting:
Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Tel: Toronto Area (416/local 905): (416) 326-3333
Long Distance: 1(800)387-0073 (within Ontario)