top of page

Policies

Protection of Personal Information

Notice of Purposes

As a private practice, Shoreline must abide by the Nova Scotian Personal Health Information Act (PHIA) and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). The purpose of PIPEDA and PHIA is to, "govern the collection, use, disclosure, retention, disposal and destruction of personal health information in a manner that recognizes both the right of individuals to protect their personal health information and the need of custodians to collect, use and disclose health information to provide, support, and manage health care." Practitioners in provinces with provincial legislation judged to be "substantively similar" to PIPEDA (including Nova Scotia) mostly refer to their provincial legislation (i.e., PHIA). Companies that provide software to health practices across the country (e.g., Zoom) refer to PIPEDA.

Shoreline's staff collect and use clients' personal health information to provide the clinical services that have been agreed to. This includes evaluation, analysis of data, treatment planning and analysis, and referral (with consent). This information is accessible to the responsible clinician(s) that the client is working with, including students in training (with consent). The Clinic Manager (Pamela Coulter) can access limited information for the purposes of billing, intake, and coordinating clinical services. Shoreline's clinicians sometimes discuss client's cases with each other. This may include discussion about differential diagnosis or when planning treatment. This collaborative approach is typical in health care settings and contributes to our ability to provide the best possible care to our clients.

Information is only disclosed to professionals outside of Shoreline with the direct consent of the client, their legal guardian, or substitute decision-maker. This may include a client's family doctor, psychologist, teacher, neurologist, ENT doctor, physiotherapist, or other professional. The purpose of disclosing the client's information would be to inform assessment and treatment and/or to collaborate. It may also include sharing information with the Workers Compensation Board of Nova Scotia (with consent).

Information is also collected and used for the purposes of obtaining payment for clinical services. This includes direct billing through insurers such as Medavie Blue Cross and Green Shield. Insurers periodically conduct routine audits to ensure that insurance benefits are being used appropriately and to guard against insurance fraud. This can include sharing chart notes and assessment reports. You will have agreed to this with your insurer when you became a plan member. For questions about insurers' policies regarding audit procedures, please contact them directly.

 

Consent

 

Before Shoreline's staff may disclose a client's health information (e.g., to the client's doctor), the staff member responsible for the client's care must obtain their consent. Before Shoreline's staff may request information from another professional (e.g., a psycho-educational assessment) the staff member must also obtain the client's consent. For these purposes, Shoreline asks client's to document this consent on a "Consent for Obtaining/Disclosing Health Information" form. The use of an external agency's form is also acceptable (e.g., that used by the Halifax Regional Centre for Education). When it is reasonable, informed written consent may be provided by a client by email.

Protection of Health Information

Shoreline has practices in place to prevent the theft, loss, and unauthorized access of clients' personal health information.

 

Physical safeguards: Files are kept in our locked offices and in a private file cabinet. When files must be transported, they are carried in a locked bag or case. Electronic files are stored on password-protected encrypted external memory drives. Staff's computers must be password protected and have acceptable antivirus software installed. Documents containing identifying information and/or personal health information that must be discarded are shredded on site.

All staff, volunteers, and students are required to read our privacy policies and sign a confidentiality agreement. They are also required to submit a recent criminal record check with vulnerable sector check when they are on-boarded.

Electronic Health Information

Zoom for Healthcare: Shoreline's clinicians use a platform called Zoom for Healthcare for hosting video therapy sessions. It is the level of Zoom for healthcare settings in both the public and private sector in Canada. This software complies with the requirements set out in PIPEDA - the Canadian law governing the protection of private health information. Only clients' names are stored in Zoom for scheduling purposes. Clients are given a special link and must be admitted from a virtual waiting room by their clinician. This prevents unauthorized persons from accessing a client's session. More information: https://explore.zoom.us/en/healthcare/

QuickBooks: Shoreline uses Intuit QuickBooks Canada for bookkeeping. Clients' names and contact information are stored in QuickBooks. This software complies with the requirements set out in PHIA for private practice clinics. The servers are located in Canada. QuickBook's website: https://quickbooks.intuit.com/ca/

Microsoft Outlook: Shoreline uses Microsoft 365 for Business Premium including Outlook for email communication. This has a much higher level of security than personal email services provided by Microsoft. More information: https://www.microsoft.com/en-ca/microsoft-365/outlook/outlook-for-business

Selectcom: Shoreline's fax service is provided by Selectcom. They are a Canadian company and are PIPEDA compliant. Their servers are located in Canada. Selectcom's website: https://www.selectcom.ca/

Jane App: This is a Canadian clinic management system used by Shoreline. It is used for intake, scheduling, record keeping, and billing. It is compliant with PIPEDA. Jane App's website: https://jane.app/

Shoreline maintains cyber security insurance coverage for its activities and employees. This coverage would be used to protect clients in the event of a breach of electronic health information. Shoreline's risk of such a breach is low due to internal safeguards and the nature of our work.

Retention of Records Schedule

Shoreline retains clinical documentation for a minimum of 10 years (or 10 years after a child turns 18 years old) after the termination of clinical services. At this point, information can be securely destroyed, erased, or de-identified. Destruction must render the record completely and irreversibly destroyed. For example, paper records must cross-cut shred and the hard drive of electronic devices must be wiped.

 

If information was required for decision making (e.g., related to legal proceedings or determination of capacity), the documentation must be kept longer than 10 years if it would impact the client. Destruction of such records requires the approval of the Clinical Coordinator.

Clients' Rights and the Personal Health Information Act

Individuals can read and learn more about the Personal Health Information Act here: https://novascotia.ca/dhw/phia/public.asp

Clients have the right to:

  • request a copy or view their records

  • request corrections as appropriate

  • request a record of user activity for electronic health records

  • request that specific information not be shared with other providers

  • be advised of breaches of information

  • make complaints to the custodian (Pamela Coulter)

  • request a review by the Review Officer of the Privacy and Access Office (https://novascotia.ca/dhw/phia/contact.asp)

Contact and Complaints

If you have questions about how we protect clients' personal health information or wish to submit a complaint, contact Shoreline's custodian:

 

Pamela Coulter, M.Sc., SLP-Reg, SLP(C)

Speech-Language Pathologist

Clinic Manager

pcoulter@shoreline-therapy.ca

(902) 219-3065

bottom of page