Privacy Policy
The privacy of your health data and your personal information is extremely important to us! Our practice focuses on keeping your data private unless sharing (between team members) is necessary to help with your medical treatment. In addition, any technology we use to improve your healthcare experience is chosen because the balance of data security and health benefit is in your favour. We have personally reviewed the privacy policies of all the service providers we use and they provide the level of security you would expect for medical information and often exceed the level of security that our office can provide.
Privacy Standards
Our guidelines are set out by the Provincial Health Services Authority (PHSA) Office of Virtual Health, Canadian Data Protection regulations, including the Personal Information Protection Act and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA) and the College of Physicians & Surgeons of BC.
Cloud based services
The use of Cloud-based services enable us to provide you with a higher level of service. The ‘cloud-based tools’ we use enable us to collect information on patients, with their consent to do so. The intent is to collect more consistent data before appointments and for ongoing follow up so that more time can be spent in discussing your specific goals of treatment. It is important that you understand how these tools operate in order to provide your consent to their use.
What are cloud-based internet services?
Cloud-based services are tools accessed over the internet to allow collection and presentation of data. Web-based email is one example of such a service. Many of these services use servers (data storage and computing centres) that are housed outside of Canada.
Below is a transparent list of the tools we are currently using for you to review. We would also be happy to provide a list of these tools in printed form should you wish to have it for your reference.
Cloud-based Tools
Jane EMR: We are a paperless office including the use of an Electronic Medical Record (EMR). We have chosen to partner with Jane, a cloud-based EMR with servers in Canada. Jane Data is encrypted using 256 bit encryption when sent between devices and their servers (in the same way as your banking information would be). Jane allows contact with patients using email. Your consent to be contacted this way can be removed at any time.
Google Email Services: Our practice email is supported by G-Suite (https://www.google.com/work/) which is a HIPAA-compliant email service. This means that administrative controls allow higher security settings than a free Gmail account. Any health information you send to this account will be stored in servers in the United States and other countries,
(Google server locations https://www.google.com/about/datacenters/inside/locations/index.html).
Google Forms: In order to collect information on our patients before clinic appointments we have created an intake form which can be filled out online. We also frequently use google forms for ongoing follow up of our private patients. This was created using Google Forms which creates a record within the GSuite secure environment. Entered data is stored in servers outside of Canada. The service is HIPAA-compliant meaning that administrative controls protect privacy of health data.
ZOOM: For our group services, we have been using Zoom. Recently, the Ministry of Health endorses Zoom for Healthcare and has provided support for BC physicians to use this platform. Zoom is compliant with Canadian Data Protection regulations, including the Personal Information Protection Act and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA).
We also adhere to Zoom for Healthcare security best practices that include:
Inquiries
We are of course happy to help with any questions of clarifications you need on the topic of privacy.
Please contact us at [email protected] for any questions, comments, or concerns.
Privacy Standards
Our guidelines are set out by the Provincial Health Services Authority (PHSA) Office of Virtual Health, Canadian Data Protection regulations, including the Personal Information Protection Act and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA) and the College of Physicians & Surgeons of BC.
Cloud based services
The use of Cloud-based services enable us to provide you with a higher level of service. The ‘cloud-based tools’ we use enable us to collect information on patients, with their consent to do so. The intent is to collect more consistent data before appointments and for ongoing follow up so that more time can be spent in discussing your specific goals of treatment. It is important that you understand how these tools operate in order to provide your consent to their use.
What are cloud-based internet services?
Cloud-based services are tools accessed over the internet to allow collection and presentation of data. Web-based email is one example of such a service. Many of these services use servers (data storage and computing centres) that are housed outside of Canada.
Below is a transparent list of the tools we are currently using for you to review. We would also be happy to provide a list of these tools in printed form should you wish to have it for your reference.
Cloud-based Tools
Jane EMR: We are a paperless office including the use of an Electronic Medical Record (EMR). We have chosen to partner with Jane, a cloud-based EMR with servers in Canada. Jane Data is encrypted using 256 bit encryption when sent between devices and their servers (in the same way as your banking information would be). Jane allows contact with patients using email. Your consent to be contacted this way can be removed at any time.
Google Email Services: Our practice email is supported by G-Suite (https://www.google.com/work/) which is a HIPAA-compliant email service. This means that administrative controls allow higher security settings than a free Gmail account. Any health information you send to this account will be stored in servers in the United States and other countries,
(Google server locations https://www.google.com/about/datacenters/inside/locations/index.html).
Google Forms: In order to collect information on our patients before clinic appointments we have created an intake form which can be filled out online. We also frequently use google forms for ongoing follow up of our private patients. This was created using Google Forms which creates a record within the GSuite secure environment. Entered data is stored in servers outside of Canada. The service is HIPAA-compliant meaning that administrative controls protect privacy of health data.
ZOOM: For our group services, we have been using Zoom. Recently, the Ministry of Health endorses Zoom for Healthcare and has provided support for BC physicians to use this platform. Zoom is compliant with Canadian Data Protection regulations, including the Personal Information Protection Act and Electronic Documents Act (PIPEDA) and Personal Health Information Protection Act (PHIPA).
We also adhere to Zoom for Healthcare security best practices that include:
- Each group series has its own generated Meeting IDs and password.
- Waiting rooms are used when necessary.
- Patient identities are confirmed and matched to the registration and are removed if unmatched.
- Group sessions are monitored by our patient care coordinators and appointment facilitators. Meetings are locked after 10 minutes from the start.
- Only trusted links are used and zoom updates are applied regularly.
- Recordings are disabled.
- Password protection as an added level of security
Inquiries
We are of course happy to help with any questions of clarifications you need on the topic of privacy.
Please contact us at [email protected] for any questions, comments, or concerns.