Dr. Constance Heidt Registered Psychologist is committed to providing clients with exceptional psychological services. As providing this service involves the collection, use and disclosure of some personal information about clients, protecting their personal information is one of her highest priorities. The legislation that governs how B.C. businesses and not-for-profit organizations may collect, use and disclose personal information is British Columbia’s Personal Information Protection Act (PIPA), which came into effect on January 1, 2004.
Dr. Heidt will inform clients of why and how she collects, uses, and discloses their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices Dr. Heidt will follow in protecting clients’ personal information. Her privacy commitment includes ensuring the accuracy, confidentiality, and security of her clients’ personal information and allowing her clients to request access to, and correction of, their personal information.
Scope of this Policy
This policy also applies to her off-site administrative assistant who uses personal information on behalf of Dr. Constance Heidt Registered Psychologist for billing duties. This includes but is not limited to preparing billing data, billing clients and third-party payers/insurance companies, overseeing client accounts, communicating with clients and third-party payers/insurance companies and balancing bills.
Definitions
Personal Information – means information about an identifiable individual. Personal information does not include contact information (described below).
Contact information – means information to enable an individual or a place of business to be contacted and includes the name, position name or title, business telephone number, business address, business email or business fax number of the individual. Contact information is not covered by this policy or PIPA.
Privacy Officer – means the individual designated responsibility for ensuring that Dr. Constance Heidt Registered Psychologist complies with this policy and PIPA.
Policy 1 – Collecting Personal Information
1.1. Unless the purposes for collecting personal information are obvious and the client voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
1.2. Dr. Heidt and her administrative assistant will only collect client information that is necessary to fulfill the following purposes:
• To provide counselling services;
• To bill for services rendered either from clients or directly to insurance companies/third-party payers.
Policy 2 – Consent
2.1. Dr. Heidt will obtain client consent to collect, use, or disclose personal information (except where, as noted below, we are authorized to do so without consent).
2.2. Consent can be provided in writing or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the client voluntarily provides personal information for that purpose.
2.3. She may collect, use, or disclose personal information without the client’s consent in the following limited circumstances:
• If the client presents an imminent danger to themselves or others;
• If a child is in need of protection (neglect or emotional, physical, or sexual abuse is suspected or disclosed);
• If a vulnerable or elderly adult is at risk of being harmed or is being harmed;
• When the collection, use or disclosure of personal information is permitted or required by law; the disclosure is for the purpose of complying with a subpoena, warrant or order issued or made by a court, person or body with jurisdiction to compel the production of personal information;
• When legal advice from a lawyer is required;
• For the purposes of collecting a debt; clients are expected to pay for each session at the time it is held, unless agreed otherwise or unless there is insurance coverage that requires another arrangement. If the client’s account has not been paid for more than 60 days and arrangements for payment have not been agreed upon, Dr. Heidt has the option of using legal means to secure the payment. This may involve hiring a collection agency or going through small claims court. In most collection situations, the only information that will be released regarding a client’s treatment is their name, the dates, times, the nature of services provided, and the amount due.
Policy 3 – Using and Disclosing Personal Information
3.1. Dr. Heidt and her administrative assistant will only use or disclose client personal information where necessary to fulfill the purposes identified at the time of collection.
3.2. They will not use or disclose client personal information for any additional purpose unless we obtain consent to do so.
Policy 4 – Retaining Personal Information
4.1. As per the College of Psychologists of British Columbia Code of Conduct – client records will be retained and maintained for not less than seven years after the last date that professional services were rendered to that client. Minors’ records are to be kept for not less than seven years following the date the minor reached the age of majority.
Policy 5 – Ensuring Accuracy of Personal Information
5.1. Dr. Heidt and her administrative assistant will make reasonable efforts to ensure that client personal information is accurate and complete.
5.2. Clients may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
5.3. If the personal information is demonstrated to be inaccurate or incomplete, Dr. Heidt will correct the information as required. If the correction is not made, she will note the client’s correction request in the file.
Policy 6 – Securing Personal Information
6.1. Dr. Heidt and her administrative are committed to ensuring the security of client personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
6.2. The following security measures will be followed to ensure that client personal information is appropriately protected:
The use of locked filing cabinets; physically secured offices; the use of user IDs, passwords, encryption, antivirus software, firewalls; restricting personal information access to only what is required for the role. Please note – the off-site administrative assistant has access to clients’ basic demographic information and billing/third-pay payer information needed to process payment for services rendered. They do not have access to clients’ chart notes.
According to the Jane App website (https://jane.app/guide/security-faq), Jane data is stored on secure SOC 2-audited servers on proper data centres. In Canada data is stored in servers in Montreal, QC. Jane Data is secured by encrypting it using 128-bit encryption when sent between clients’ devices and their servers, and stored with 256-bit encryption (in the same way as banking information would be).
6.3. Dr. Heidt and her administrative will use appropriate security measures when destroying clients’ personal information, such as shredding documents, securely deleting electronically-stored information, and securely disposing of electronic hardware.
6.4. They will continually review and update her security policies and controls as technology changes to ensure ongoing personal information security.
Policy 7 – Providing Clients Access to Personal Information
7.1. Clients have a right to access their personal information, unless there is a significant likelihood that disclosure of the information would cause a substantial adverse effect on the client’s physical, mental, or emotional health or harm to a third party.
7.2. A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
7.4. Dr. Heidt will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
7.5. A minimal fee may be charged for providing access to personal information. Where a fee may apply, Dr. Heidt will inform the client of the cost and request further direction from the client on whether or not she should proceed with the request.
7.6. If a request is refused in full or in part, Dr. Heidt will notify the client in writing, providing the reasons for refusal and the recourse available to the client.
Policy 8 – Questions and Complaints: The Role of the Privacy Officer or designated individual
8.1. Dr. Constance Heidt Registered Psychologist is responsible for ensuring compliance with this policy and the Personal Information Protection Act.
8.2. Clients should direct any complaints, concerns or questions regarding compliance in writing to Dr. Constance Heidt. If she is unable to resolve the concern, the client may also write to the Information and Privacy Commissioner of British Columbia.
Contact information is office@drconstanceheidt.com; fax 778-699-2496