The TRAC Group is committed to protecting the privacy of all personal information that is collected to enable us to provide quality rehabilitation and disability management services. In order to achieve this, it is our policy to collect, use, store and disclose personal information responsibly, to limit the information we collect to only what we reasonably need and to make our policies available to you. This document describes our privacy policies.
What is personal information?
Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics
Who are we?
The TRAC Group is a multidisciplinary rehabilitation and disability management facility that offers a range of clinical and allied services. It is a corporation that utilizes internal and external service providers for clinical coordination, case management, speech language pathology, occupational therapy, physiotherapy, massage therapy, social work, behaviour therapy, mental health and vocational rehabilitation services. To assist us in providing services we use consultants who may in the course of their duties have limited access to personal information we hold such as: computer consultants, office security maintenance, accountants, university and/or summer students, and lawyers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles. Summer students, university students and volunteers are required to sign a contract of confidentiality so as to protect the privacy of the clients of TRAC Group Inc.
Primary Purposes for Collecting Personal Information
Our primary purpose for collecting personal information is to provide disability management and/or rehabilitation services. For example, we collect information about your health history that will be relevant to your rehabilitation status and that assists us in offering effective intervention options. A primary purpose is also to obtain a baseline of your rehabilitation status and to track changes over time. It would be rare for us to collect such information without your express consent but this may occur in an emergency and when it is impractical to obtain consent [example: a family member sending a message from you and we have no reason to believe that the message is not genuine].
When providing disability management services on behalf of employers we limit our collection of personal health information to that which your employer is entitled (example: nature of illness/injury, anticipated duration of disability, your functional abilities, medical limitations or restrictions, and any accommodations required for you to complete the duties of your employment). In the event we are provided with additional medical information and with your consent, this information will be stored and protected in keeping with governing privacy legislation and will not be released to your Employer without your express written direction.
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area.
- Electronic hardware is either under supervision or secured in a locked or restricted area. Our computers are password-protected. Our cell phones are digital as the signal is more difficult to intercept. Paper information is sealed and transmitted by reputable companies. All documents containing personal information are labeled “Confidential” and disseminated to restricted individuals for whom you have provided consent to release or transmit information.
- Special care is taken to ensure privacy when transmitting electronic information. Transmissions are encrypted and where we are unsure about the security of the electronic transfer of information, identifying information is removed.
- External consultants and agencies with access to personal information must enter into privacy agreements with us. A copy of this agreement is available upon request.
Retention and Destruction of Personal Information
Most Colleges governing regulated health practitioners in Ontario require that we retain our client records for a minimum of 10 years past a client’s last visit or in the case of a child for 10 years past the child’s 18th birthday. We destroy your files within three months of that time; these files include your contact information. Contact directories will be updated [example: information deleted] when practical upon request. Contact information for members of the public is kept for three years unless requests are made to destroy it sooner.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and when the hardware is discarded, we ensure that the hard drive is physically destroyed and a certificate of destruction provided.
You Can Look at Your Information
With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
If we cannot give you access, we will tell you within 30 days if at all possible and the reason as to why we cannot grant access.
If you believe there is a mistake in the information we have about you, you have the right to ask for it to be corrected. This applies to factual information and not to our professional opinions. We may ask you to provide documentation that our files are incorrect. If we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file the statement from you and will forward that statement to anyone else who received the earlier information.
Do You Have a Question or Concern?
Our Information Officer is:
Regional Privacy Officer, CBI health Group
And can be reached at:
900- 3300 Bloor Street West, West Tower
Telephone: 1(416) 230-6749
Fax: 1(416) 231-0091 Email: email@example.com
He will attempt to answer any questions or concerns that you may have. If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer. He will acknowledge receipt of your complaint; ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.