Privacy Policy

The TRAC Group is committed to protecting the privacy of all personal information that is collected to enable us to provide quality rehabilitation and disability management services. In order to achieve this, it is our policy to collect, use, store and disclose personal information responsibly, to limit the information we collect to only what we reasonably need and to make our policies available to you. This document describes our privacy policies.

What is personal information?

Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics

[example: gender, age, home address, telephone number, family status], health [example: health history, health conditions, health services received], and activities and views [example: opinions expressed by an individual, an opinion or evaluation of an individual]. Personal information is distinct from business information which may include an individual’s business address and telephone number, which is not protected by privacy legislation.

Who are we?

The TRAC Group is a multidisciplinary rehabilitation and disability management facility that offers a range of clinical and allied services. It is a corporation that utilizes internal and external service providers for clinical coordination, case management, speech language pathology, occupational therapy, physiotherapy, massage therapy, social work, behaviour therapy, mental health and vocational rehabilitation services. To assist us in providing services we use consultants who may in the course of their duties have limited access to personal information we hold such as: computer consultants, office security maintenance, accountants, university and/or summer students, and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles. Summer students, university students and volunteers are required to sign a contract of confidentiality so as to protect the privacy of the clients of TRAC Group Inc.

Primary Purposes for Collecting Personal Information

Our primary purpose for collecting personal information is to provide disability management and/or rehabilitation services. For example, we collect information about your health history that will be relevant to your rehabilitation status and that assists us in offering effective intervention options. A primary purpose is also to obtain a baseline of your rehabilitation status and to track changes over time. It would be rare for us to collect such information without your express consent but this may occur in an emergency and when it is impractical to obtain consent [example: a family member sending a message from you and we have no reason to believe that the message is not genuine].

When providing disability management services on behalf of employers we limit our collection of personal health information to that which your employer is entitled (example: nature of illness/injury, anticipated duration of disability, your functional abilities, medical limitations or restrictions, and any accommodations required for you to complete the duties of your employment). In the event we are provided with additional medical information and with your consent, this information will be stored and protected in keeping with governing privacy legislation and will not be released to your Employer without your express written direction.

Protecting Personal Information

We understand the importance of protecting personal information. For that reason, we have taken the following steps:

  • Paper information is either under supervision or secured in a locked or restricted area.
  • Electronic hardware is either under supervision or secured in a locked or restricted area. Our computers are password-protected. Our cell phones are digital as the signal is more difficult to intercept. Paper information is sealed and transmitted by reputable companies. All documents containing personal information are labeled “Confidential” and disseminated to restricted individuals for whom you have provided consent to release or transmit information.
  • Special care is taken to ensure privacy when transmitting electronic information. Transmissions are encrypted and where we are unsure about the security of the electronic transfer of information, identifying information is removed.
  • Staff is trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy.
  • External consultants and agencies with access to personal information must enter into privacy agreements with us. A copy of this agreement is available upon request.

Retention and Destruction of Personal Information

Most Colleges governing regulated health practitioners in Ontario require that we retain our client records for a minimum of 10 years past a client’s last visit or in the case of a child for 10 years past the child’s 18th birthday. We destroy your files within three months of that time; these files include your contact information. Contact directories will be updated [example: information deleted] when practical upon request. Contact information for members of the public is kept for three years unless requests are made to destroy it sooner.

We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and when the hardware is discarded, we ensure that the hard drive is physically destroyed and a certificate of destruction provided.

You Can Look at Your Information

With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.

If we cannot give you access, we will tell you within 30 days if at all possible and the reason as to why we cannot grant access.

If you believe there is a mistake in the information we have about you, you have the right to ask for it to be corrected. This applies to factual information and not to our professional opinions. We may ask you to provide documentation that our files are incorrect. If we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file the statement from you and will forward that statement to anyone else who received the earlier information.

Do You Have a Question or Concern?

Our Information Officer is

Derek Servos
Regional Privacy Officer, CBI health Group

And can be reached at:

900- 3300 Bloor Street West, West Tower 
Ontario, Canada 
M8X 2X2
Telephone:  1(416) 230-6749
Fax:  1(416) 231-0091     Email:

He will attempt to answer any questions or concerns that you may have. If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer. He will acknowledge receipt of your complaint; ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.