Privacy Policy

 

 
PRIVACY POLICY
  
Privacy of personal information is an important principle to Sunningdale Dental Centre. We understand the importance of safeguarding personal health information to support quality client care.  We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. Our information practices align with regulatory requirements defined by privacy legislation, including the provincial Personal Health Information Protection Act (PHIPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA).  This document describes our privacy policies.

 
WHAT IS PERSONAL INFORMATION?
Personal information is information about an identifiable individual. Personal information includes information that relates to their personal information (e.g. name, gender, age, home address or phone number, insurance info etc.), their financial information (charges, payments, balance on account etc), their health (e.g., medical history, health conditions, health services received by them) or their activities and views (e.g., oral hygiene habits, opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is to be contrasted with business information (e.g., an individual’s business address and telephone number), which is not protected by privacy legislation.

 
WHO WE ARE
Our company, Sunningdale Dental Centre is a company which provides dental care to people who request it. We use a number of consultants and agencies that may, in the course of their duties, have limited access to personal information we hold. These include computer consultants, bookkeepers and accountants, temporary workers to cover holidays, credit card companies, website managers, cleaners and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.

 
WHAT IS CONSENT?
Consent is an active process where an individual provides assent or approval. In a healthcare setting, under PHIPA, consent must be knowledgeable, voluntary, related to the information in question and given by the individual. All persons involved in the care of clients at Sunningdale Dental Centre will ensure that consent is knowledgeable by clearly describing the purposes for the collection, use and disclosure of personal information and/or by providing a copy of the policy in office if requested, and by posting the privacy policy on our website so it is readily accessible. Consent for the collection, use and disclosure of personal health information for clients can be obtained through various kinds of consent, including express, implied, verbal or written. Express consent is consent that has been clearly and unmistakably given by the client to the custodian. It may be given in writing or verbally. Implied consent is when the custodian concludes that consent has been given based on the individual’s action or inaction in specific circumstances or clinical encounters.
 
Express consent for the collection, use and disclosure of personal information is required under the following circumstances:
  • When personal health information is disclosed to a person or organization such as an insurance company that is not a custodian
  • When information is disclosed from one custodian to another for a purpose other than providing healthcare
  • When personal information is collected, used or disclosed for fundraising, marketing or research purposes
 
Implied consent for the collection, use and disclosure of personal information is permitted under most circumstances, including:
  • When communicating with another healthcare provider within the circle of care (ie referring to a specialist, conferring with the client’s physician or specialist)
Implied consent cannot be used when disclosing personal health information for any purpose other than providing healthcare.
 
WITHDRAWL OF CONSENT
Clients are permitted to withdraw consent for the collection, use and disclosure of their personal health information at any time, however, a withdrawal is not retroactive and information that has previously been disclosed does not have to be retrieved. The custodian must stop sharing personal health information as soon as the notice of withdrawal has been received, and a withdrawal only pertains to new collections of personal information and future uses of that information where the consent was originally obtained.
 
 
WE COLLECT PERSONAL INFORMATION: Related and Secondary Purposes
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
 
  • To provide health care, and to advise you of treatment options.
  • To enable us to contact you for various reasons such as: to offer and provide treatment, care and services in relationship to the oral health and dental care generally, to allow us to maintain communication and contact with you to distribute health-care information and to book and confirm appointments, and to allow us to efficiently follow-up for treatment, care and billing.
  • To communicate with other treating health-care providers, including specialists and general dentists who are the referring dentists and/or peripheral dentists.   
  • For teaching and demonstration purposes on an anonymous basis
  • To invoice clients for goods or services that were not paid for at the time, to process credit card payments or to collect unpaid accounts.
  • To advise clients that their product or service should be reviewed (e.g., to ensure a product is still functioning properly and appropriate for their then current needs and to consider modifications or replacement).
  • To advise clients and others of special events or opportunities (e.g., a seminar, development of a new service, arrival of a new product) that we have available.
  • Sunningdale Dental Centre reviews client and other files for the purpose of ensuring that we provide high quality services, including assessing the performance of our staff. In addition, external consultants (e.g., auditors, lawyers, practice consultants) may on our behalf do audits and continuing quality improvement reviews of our clinic, including reviewing client files and interviewing our staff.                                                                               
  • Dentists are regulated by the Royal College of Dental Surgeons of Ontario and Dental Hygienists are regulated by the College of Dental Hygienists of Ontario, who may inspect our records and interview our staff as a part of their regulatory activities in the public interest. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, our organization believes that it should report information suggesting serious illegal behaviour to the authorities. External regulators have their own strict privacy obligations. Sometimes these reports include personal information about our clients, or other individuals, to support the concern (e.g., improper services). Also, like all organizations, various government agencies (e.g., Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commission, etc.) have the authority to review our files and interview our staff as a part of their mandates. In these circumstances, we may consult with professionals (e.g., lawyers, accountants) who will investigate the matter and report back to us.
  • The cost of some goods/services provided by the organization to clients is paid for by third parties (e.g., OHIP, WSIB, private insurance, Assistive Devices Program). These third-party payers often have your consent or legislative authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to this funding.
  • Clients or other individuals we deal with may have questions about our goods or services after they have been received. We also provide ongoing services for many of our clients over a period of months or years for which our previous records are helpful. We retain our client information for a minimum of ten years after the last contact to enable us to respond to those questions and provide these services (our regulatory College also requires us to retain our client records).
  • If Sunningdale Dental Centre or its assets were to be sold, the purchaser would want to conduct a “due diligence” review of the business’ records to ensure that it is a viable business that has been honestly portrayed to the purchaser. This due diligence may involve some review of our accounting and service files. The purchaser would not be able to remove or record personal information. Before being provided access to the files, the purchaser must provide a written promise to keep all personal information confidential. Only reputable purchasers who have already agreed to buy the organization’s business or its assets would be provided access to personal information, and only for the purpose of completing their due diligence search prior to closing the purchase.
 
You can choose not to be part of some of these related or secondary purposes (e.g., by declining to receive notice of special events or opportunities, by paying for your services in advance). We do not, however, have much choice about some of these related or secondary purposes (e.g., external regulation)
 
  
ABOUT MEMBERS OF THE GENERAL PUBLIC
For members of the general public, our primary purposes for collecting personal information are to provide dental information.  On our website we only collect, with the exception of cookies, the personal information you provide and only use that information for the purpose you gave it to us (e.g., to respond to your email message, to register for a course, to subscribe to our newsletter). Cookies are only used to help you navigate our website and are not used to monitor you.
 
 
ABOUT CONTRACT STAFF, VOLUNTEERS and STUDENTS
For people who are contracted to do work for us (e.g., temporary workers), our primary purpose for collecting personal information is to ensure we can contact them in the future (e.g., for new assignments) and for necessary work-related communication (e.g., sending out paycheques, year-end tax receipts). Examples of the type of personal information we collect for those purposes include home addresses and telephone numbers. It is rare for us to collect such information without prior consent, but it might happen in the case of a health emergency (e.g., a SARS outbreak) or to investigate a possible breach of law (e.g., if a theft were to occur in the office). If contract staff, volunteers or students wish a letter of reference or an evaluation, we will collect information about their work-related performance and provide a report as authorized by them.
 
 
PROTECTING PERSONAL INFORMATION
  • We understand the importance of protecting personal information. For that reason, we have taken the following steps:
  • Paper information is either under supervision or secured in a locked or restricted area.
  • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used on computers. All of our cell phones are digital, which signals are more difficult to intercept.
  • Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
  • Electronic information is transmitted either through a direct line or is anonymized or encrypted.
  • Staff are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy.
  • External consultants and agencies with access to personal information must enter into privacy agreements with us.
 
 
PROCESS FOR PRIVACY BREACHES
In the event of a privacy breach, the following process will occur:
  1. Identify the scope of the breach and take steps to contain it. Identify any individuals or organizations who may have been impacted or who are responsible, and the nature of the information that has been affected, retrieve any copies of the information that has been affected and take appropriate steps, including changing passwords or temporarily shutting down the computer system. 
  2. Notify the affected individuals, the Information Privacy Commissioner (IPC) and regulatory colleges as required. Notification to individuals can be through telephone or in writing and must include the following:
    • The name of the agent responsible for the unauthorized access where appropriate
    • The date of the breach
    • A description of the nature and scope of the breach
    • A description of the information that was affected by the breach
    • The measures taken to contain the breach
    • The name and contact information of the person in your organization who can address inquiries – the privacy officer
    • A statement that individuals affected can make a complaint to the IPC
  3. Conduct an internal investigation and address the situation by revising administrative or security controls as appropriate.
All privacy breaches will be investigated by the privacy officer. All privacy breach statistics will be logged and maintained by the privacy officer who will report any privacy statistics to the IPC as required by PHIPA.
 
RETENTION AND STORAGE PROCEDURES:
Client records are retained and stored according to requirements set out in legislation, including the Royal College of Dental Surgeons Guidelines and the Canadian College of Dental Hygienists of Ontario record keeping regulations.  All records are stored securely and retained for a minimum of 10 years after the last client encounter.
 
 
CLIENT ACCESS RIGHTS, CORRECTION and COMPLAINTS PROCEDURES:
All clients accessing services at Sunningdale Dental Centre have the right to see and obtain a copy of the information collected about them. Depending on the amount and extent of information that the client requests, Sunningdale Dental may charge a fee. Sunningdale Dental may waive this fee depending on the circumstances.
A client may contact Sunningdale Dental Centre’s Privacy Officer for the following purposes:
  • To ask to see or obtain a copy of information in their health record
  • To correct information in their health record that they believe is not accurate or complete
  • If a client has an inquiry, concern or complaint regarding the privacy practices of Sunningdale Dental Centre and information gathered as a client of Sunningdale Dental Centre
 
DO YOU HAVE A QUESTION?
Our Information Officer:  Nancy W.
Nancy can be contacted at:
By mail:  Sunningdale Dental Centre 607 Fanshawe Park Rd. W., London, ON  N6G 5B3
By phone:  519-471-7373
or by email:  nancywsunningdale@gmail.com
She will attempt to answer any questions or concerns you might have.
 
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer. She will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
 
This policy is made under the Personal Information Protection and Electronic Documents Act. That is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitments set out above.
 
Reporting to the Office of the Information and Privacy Commissioner of Ontario:
All clients have the right to make a complaint to the Information and Privacy Commissioner of Ontario if they believe their privacy rights have not been properly handled. For information about how to make a complaint, please see the Information and Privacy Commissioner’s website at www.ipc.on.c or you may write to them at:
 
Information and Privacy Commissioner of Ontario
2 Bloor Street East
Suite 1400
Toronto, ON
M4W 1A8