CONFIDENTIALITY (CLIENT) Policy
Pine River Institute (PRI) is committed to the protection of the personal information of its clients. Accordingly, we adhere to the ten privacy principles that have been developed in accordance with the Personal Information Protection and Electronic Documents Act (Canada) (see Privacy Principles below).
Note: Ontario’s Personal Health Information Protection Act (2004) was deemed substantially similar to Part 1 of the Personal Information Protection and Electronic Documents Act in 2005. Thus, it is the provincial law that will apply instead of PIPEDA, although PIPEDA continues to apply to federal works, undertakings or businesses, and to interprovincial or international
- At the time of admission, the student and parent/guardian sign a Confidentiality Agreement.
- With the signing of this document the client agrees to the following:
- In order to protect the confidentiality of all Pine River participants, he/she will not divulge any identifying information such as names, physical descriptions, addresses, work/school positions, or other data that would allow one to identify another Pine River participant.
- Additionally, he/she will keep all information pertaining to treatment issues in the strictest of confidence.
- He/she understands that what is said in treatment will remain confidential among the Pine River Institute team.
- There are 3 instances, however, when what is shared with staff will not remain confidential; if a staff member has reason to believe that the client is going to harm him/herself, harm someone else, or someone is harming him/her.
- The client will be notified before this breach of confidentiality is made unless waiting poses a serious danger of death or serious injury.
- At the time of admission clients sign Consent to the Release of Information, allowing an individual or organization to release personal information to PRI. This written consent will be signed by the student (if 16 years of age or older), or the parent/guardian (if student is under 16 years of age), or a substitute decision maker (“SDM”), as per Ontario’s Personal Health Information Protection Act (2004).
- With the signing of this document the client agrees to the following:
- This consent and authorization allows PRI to speak with individuals who provide health care, or professional services, or educational services to the client, or have done so in the past;
- The client may cancel or modify his/her consent at any time (except where the institute has already taken action on the basis of my consent), as long as he/she does so in writing; and
- This consent to release of information remains valid for the duration of their admission in the residential phase of the program. If the client enters the Aftercare program the client will sign a new agreement that will be valid during their participation in Aftercare.
- PRI will not release personal information concerning a client, to an individual or organization, without written consent from the student (if 16 years of age or older), or the parent/guardian (if student is under 16 years of age), or substitute decision maker (“SDM”), as per Ontario’s Personal Health Information Protection Act (2004). The Release Form for Confidential Information is used for this purpose.
- The date the release expires is not to exceed 90 days from the effective date on the form for a one-time release of information, and not to exceed one year, or as the law or court order requires, when a contracted or cooperating service provider requires the release of information for ongoing service provision.
- Personal information could include, but is not limited to, health information, results of assessments and psychological tests, educational information, including academic records, transcripts.
[From the Personal Information Protection and Electronic Documents Act (Federal, 2001), and Ontario’s Personal Health Information Protection Act (2004)]
Principle 1 – Accountability
The School is responsible for all Personal Information under its control.
We acknowledge our responsibility for Personal Information in our possession or custody, including information that has been transferred to a third party for processing.
We will use contractual or other means to provide a comparable level of protection when your personal information is processed by a third party.
Principle 2 - Identifying Purposes
We will identify and document the purposes for which we collect, use, or disclose Personal Information at or before the time of collection.
The purposes will be limited to those which are related to our business and which a reasonable person would consider are appropriate in the circumstances.
We collect, use, and disclose Personal Information concerning our students, their parents, and alumni for the following reasons:
- to assist in communicating with the students and parents (this would include, without limitation, administering tests, evaluation and accreditation, contacting students and parents about upcoming events and activities, and collecting information to assist us in carrying on our activities);
- to assist in communicating with and maintaining contact with our alumni (this would include, without limitation, providing information about upcoming events and activities, and collecting information to assist us in carrying on our activities);
- for maintaining student file;
- to process student billing and fees; and
- for medical emergency reasons.
Principle 3 – Consent
Personal Information will only be collected, used, or disclosed with the knowledge and consent of the individual, except where inappropriate.
The way in which we seek consent, including whether it is express or implied, may vary depending upon the sensitivity of the information and the reasonable expectations of the individual (and in the case of students, their parents).
An individual can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. We will inform individuals of any implications of withdrawing consent.
Typically, we will seek consent for the use or disclosure of information at the time of collection. In certain circumstances, consent may be sought after the information has been collected but before use (such as where we want to use information for a purpose not previously identified).
We will not, as a condition of the supply of services, require an individual to consent to the collection, use, or disclosure of Personal Information beyond what is required to fulfill the explicitly specified and legitimate purposes.
Principle 4 - Limiting Collection
We will limit the amount and type of Personal Information collected to that which is necessary for our identified purposes and we will only collect Personal Information by fair and lawful means.
Principle 5 - Limiting Use, Disclosure, and Retention
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal Information will be retained only as long as necessary to fulfill the identified purposes.
Principle 6 – Accuracy
We will use our reasonable efforts to ensure that Personal Information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 – Safeguards
We will protect Personal Information with safeguards appropriate to the sensitivity of the information.
Our safeguards will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
We will make our employees aware of the importance of maintaining the confidentiality of Personal Information and we will exercise care in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the information.
Our methods of protection include physical measures (for example, locked filing cabinets and restricted access to offices), organizational measures (for example, limiting access to a “needto-know” basis), and technological measures (for example, the use of passwords and encryption).
Principle 8 – Openness
We will make specific information about our policies readily available.
The information we will make available will include: how to gain access to Personal Information; the type of Personal Information held by us, including a general account of its use; general information concerning our Policy and policies; what Personal Information is made available to related companies; and how to contact our Privacy Officer. Our Policy may be amended from time to time.
Principle 9 - Individual Access
Upon written request, we will inform the individual of the existence, use, and disclosure of his or her Personal Information (and, if applicable, his or her child’s Personal Information) and we will give the individual access to that Personal Information.
An individual can challenge the accuracy and completeness of his or her Personal Information and have it amended as appropriate. We will respond to an individual’s written request within a reasonable time (generally within 30 days).
Principle 10 - Challenging Compliance
Any individual can bring any concerns or questions concerning our compliance with any of the Privacy Principles to our Privacy Officer. The Privacy Officer, Michelle Methven, can be reached at 416.955.1453 or by e-mail (firstname.lastname@example.org).