Privacy of personal information is an important principle to Samantha Holmgren Dietetic Services. We are committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for the services we provide. We also try to be open and transparent as to how we handle personal information. This document describes our privacy policies.
What is Personal Information?
Personal information is information about an identifiable individual. Personal information includes information that relates to:
- the physical or mental health of the individual (including family health history)
- the provision of health care to the individual (including identifying the individual’s health care providers)
- payments or eligibility for health care or coverage for health care
- the individual’s health number
- the identification of the individual’s substitute decision-maker
- Personal characteristics (such as gender, age, income, home address or phone number, ethnic background, family status)
Personal information can be compared to business information (e.g. an individual’s business address and telephone number), which is not protected by privacy legislation.
Additionally, information that is de-identified is not personal information. In other words, if the information cannot be tied to an individual, it is not personal information. This would also include aggregate data including statistics, e.g. the number of clients served.
Who we are
Our organization, Samantha Holmgren Dietetic Services, includes at the time of this writing, one professional, Samantha Holmgren, RD. If this changes in the future, this document will be updated. We may, at times, have dietetic interns or nutrition students participate in this organization as part of their learning process.
We interact with a number of consultants and agencies that may, in the course of their duties, have limited access to the personal information we hold. These may include, but are not limited to, computer consultants, office security and maintenance, bookkeepers and accountants, file storage company, temporary workers to cover holidays, credit card companies, and lawyers. Their access to personal health information is restricted to only that which they need to perform their duties. We also have their assurance that they follow appropriate privacy principles.
What Information Do We Collect and Why?
Like all registered dietitians, we collect, use, and disclose personal information in order to serve our clients. The primary purpose for collecting personal information about you is to provide you with dietetic services.
We collect information about your health and diet history, your physical condition and function, and your social environment in order to help us assess what your needs are, to advise you of your options, and to provide the health care you choose to have.
A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services we can identify changes that are occurring over time (we want to know if your health and wellness is improving or not under the health care plan you have chosen so that we can better help you).
A third primary purpose is to collaborate with your healthcare team. We may send reports or discuss your health care with other professionals whom you have previously identified as being part of your healthcare team. If any other professionals contact us, we will get your express consent prior to discussing your health with that professional.
It would be rare for us to collect or use such information without the client’s express consent, but this might occur in an emergency (e.g. the client is unconscious), or where we believe the client would consent if asked and it is impractical to obtain consent (e.g. a family member passing a message on from our client and we have no reason to believe that the message is not genuine).
About Contract Staff, Volunteers, and Students
For people who are contracted to do work for us, our primary purpose for collecting personal information is to ensure that we can contact them in the future (e.g. for new assignments) and for necessary work-related communication (e.g. sending out paycheques or year-end tax receipts).
Examples of the type of personal information we collect for those purposes include home addresses and telephone numbers. It is rare of us to collect such information without prior consent, but it might happen in the case of a health emergency (e.g. outbreak) or to investigate a possible privacy breach (e.g. if a theft were to occur). If contract staff, volunteers, or students wish a letter of reference or an evaluation is due, we will collect information about their work related performance and provide a report to the individual or forward as authorized by them.
Related and Secondary Purposes for Collecting Personal Information
Like most organizations, we also collect, use, and disclose information for reasons related to our primary and secondary purposes. The most common examples are:
- To obtain payment for services or goods provided. Payment may be obtained from the individual, private insurers, or others.
- Reviewing client or other files for the purpose of ensuring that we provide high quality services, including assessing the performance of our staff and program.
- Registered dietitians in Ontario are regulated by the College of Dietitians of Ontario who may inspect our records and interview our staff as part of their regulatory activities in the public interest. In addition, as professionals, we will report serious misconduct, incompetence, or incapacity of other practitioners, whether they belong to other organizations or our own. Our organization also believes that it should report information suggesting serious illegal behaviour to the proper authorities. Sometimes these reports include personal information about our clients, or other individuals, to support the concern (e.g. improper services).
Also, like all organizations, various government agencies (e.g. Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commission, etc.) have the authority to review our files and interview our staff as part of their mandates. In these circumstances, we may consult with professionals (e.g. lawyers, accountants) who will investigate the matter and report back to us.
- To educate staff and students. We value the education and development of future and current professionals. In this process, we may review recent client files and discuss the case for educational purposes. This would only be done with students or staff who are part of the organization.
- Clients or other individuals we deal with may have questions abut our services after they have been received. We also provide ongoing services for many of our clients over a period of months or years for which our previous records are helpful. We retain our client information for a minimum of ten (10) years after the last contact to allow us to respond to these questions and provide these services.
Protecting your Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked and restricted area.
- Most commonly, this would be brief notes taken during an appointment which are shredded immediately after a formal chart note is written (typically immediately after the appointment).
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, strong passwords are used on computers and programs.
- Paper information is transmitted through sealed, addressed envelopes.
- Electronic information is transmitted either anonymized or submitted through secure methods or as a password protected document via email.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
- We do not post any personal information about our clients on social media.
- External consultants and agencies with access to personal information must enter into privacy agreements with us.
Personal health information you share with us will only be shared with other healthcare professionals that you have identified as being a member of your health care team, except in the case of a medical emergency. Given the nature of the services provided by Samantha Holmgren Dietetic Services, such an exception would be exceedingly rare. If any other healthcare provider contacts us requesting personal health information about you, we will contact you to get your consent (or refusal).
You have the right to control what happens to your personal health information and whether said information will be shared with other members of your healthcare team. If you disclose information and do not want it shared, you can withhold or withdraw your consent for the disclosure of that information. This is referred to as a “lock-box provision”.
Your request may include restricting:
- The use or disclosure of a particular piece of information
- The use or disclosure of the content of your entire record
- The disclosure of information to a particular individual, organization, or profession (e.g. nurse, doctor, etc.)
The information will still be stored in your record, however, it will be redacted in any records shared. If we believe that information is relevant to your care, we will include a note in the chart that states that information has been redacted under a lock-box provision. As such, the professional who receives your record may ask you about it.
The only exception to the Lock-Box Provision is when the dietitian is under an obligation to report the information being disclosed. For example, when there is reasonable grounds to suspect there is a significant risk of harm, health professionals (including dietitians) are obligated to report those concerns to the appropriate authorities.
Retention and Destruction of Personal Information
We are required by the College of Dietitians of Ontario to retain your personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies. However, in order to protect your privacy, we do not want to keep your personal information indefinitely.
We keep client files for ten (10) years following the last documented interaction. However, if the client was less than eighteen (18) years of age at the last documented interaction, the files are retained for at least ten (10) years after the date that the client turns, or would have turned, eighteen (18).
After this time, client documents are destroyed. Any paper documentation is destroyed by cross-cut shredding and burning. Electronic information is deleted in such a manner that it cannot be restored. When hardware is discarded, it is either physically destroyed or all data is erased or overwritten in such a manner that information cannot be restored.
If you wish to have a copy of your records, or otherwise access your health information held by us, you will need to do so within ten (10) years of your last appointment.
Viewing Your Information
With only a few exceptions, you have the right to see what personal information we hold about you. It is your information, we are merely caretakers. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g. technical language or abbreviations). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests:
- Digital version (encrypted) $30 or,
- Paper version (printed and mailed) $30 for the first 20 pages and $0.25 per page after.
If there is a problem, we may ask you to put your request into writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe there is a mistake in the information you have the right to ask for it to be corrected. This applies only to factual information, and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong, depending on the situation.
Where we agree that we have made a mistake, we will make the correction and notify anyone to whom we shared this information. If we do not agree that we have made a mistake, we will still include a in our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
If there is a privacy breach
While we take precautions to avoid any breach of your privacy, if there is a loss, theft, or unauthorized access of your personal health information, we will notify you.
Upon learning of a possible or known breach, we will take the following broad steps:
- We will contain the breach to the best of our ability, including by taking the following steps (if applicable):
- Retrieving hard copies of personal health information that have been disclosed.
- Ensuring no copies have been made.
- Taking steps to prevent unauthorized access to electronic information (e.g. changing passwords, restricting access, temporarily shutting down the system).
- We will notify affected individuals.
- We will provide our contact information in case the individual has further questions or concerns.
- We will provide the Information and Privacy Commissioner of Ontario’s contact information and advise the affected individual of their right to complain to the Commissioner.
- We will investigate and remediate the problem by:
- Conducting an internal investigation.
- Determining what steps should be taken to prevent future breaches.
- Providing additional training and education to staff, if needed.
Depending on the circumstances of the breach, we may notify and work with the Information and Privacy Commissioner of Ontario. If we believe the breach was a result of professional misconduct, incompetence, or incapacity by a healthcare professional, we will be obligated to report it to the appropriate regulatory college.
Do you have a question or concern?
You can contact Samantha Holmgren. She will attempt to answer any questions or concerns you might have.
Samantha Holmgren, RD PO Box 2229 Atikokan, ON P0T 1C0
Phone Number: 1-807-598-0645
If you wish to make a formal complaint about our privacy practices, you may make it in writing to Samantha Holmgren. She will acknowledge receipt of your complaint and ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
The College of Dietitians of Ontario
If you have a concern about the professionalism or competence of our services or the mental or physical capacity of any of our professional staff we would ask you to discuss those concerns directly with us. However, if we cannot satisfy your concerns, you are entitled to complain to our regulatory body:
College of Dietitians of Ontario
5775 Yonge Street
Suite 1810, Box 30
Toronto, ON M2M 4J1
Phone: 416-598-1725 / 1-800-668-4990, ext. 228
For more information about the process of making a complaint to the College of Dietitians of Ontario, visit https://www.collegeofdietitians.org/programs/complaints-discipline/complaints.aspx
For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:
About Privacy Legislation
This policy is made under the Personal Information Protection and Electronic Documents Act. This is a complex Act that provides some additional exceptions to the privacy principles that are too detailed to set out here. Please note that there are some rare exceptions to the commitments set out above.
Record of Updates:
|December 6, 2021
|Spelling and grammar fixed. Added record of updates.
|October 27, 2021