Privacy Policies
Website Privacy Policy
Introduction
We use a number of safeguards to protect the privacy of our users and the confidentiality of their Personal Information including Personal Health Information (collectively referred to together in this Privacy Policy as “Confidential Information”).
This Privacy Policy summarizes how we collect, use, disclose, retain, dispose of, destroy and protect information as well as other information that does not identify an individual in the course of providing our services. We are committed to complying with this Policy and with applicable Provincial and Federal privacy legislation.
Confidential Information.
To enrol in, purchase, or use our Products or Services, we may seek personal data or information including your name, email address, phone number, street address, billing information, birthday, preferences, interests, assignments, or other personally identifying information (“Confidential Information”), or you may offer or provide a comment, photo, image, video, writing sample, copy, or any other submission to us when using or participating in our Products or Services (“Other Information”).
By providing such Confidential Information or other Information to us, you grant us permission to use and store such information. We, in turn, will use our best efforts to keep your Confidential Information safe, secure and confidential in accordance with these Terms of Use and Privacy Policy which may be found on our website. If you believe that any of your Confidential Information is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any Confidential Information found to be incorrect.
What We Do With Confidential Information.
We request and require various personal data and/or Confidential Information to understand your needs and to provide you with better Services. In addition, we may use such data in Confidential Information for the following reasons: (1) for internal record-keeping; (2) to improve our Products or Services; (3) to periodically send promotions about new Products or Services, or other special offers from which you may unsubscribe at any time; (4) for aggregate, non-identifiable data for research purposes; (5) to customize the respective Programs and Services that you purchase or use according to your interests; and/or (6) for support or communication related to your program, product, service or Programs and Services.
We will not sell or rent this information to anyone. We will not collect personal information indiscriminately. We will limit the amount and the type of information we collect to that necessary to fulfill the purposes we have identified to you, or as otherwise permitted or required by law.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy. If you do not want to receive such messages, you can find an ‘unsubscribe” link at the bottom of each email. You can also contact us directly to request that you be removed from our distribution list. Please note that you cannot unsubscribe or opt-out of non-promotional messages regarding your account, such as account verifications, changes or updates to features or technical or security notices.
Storage.
All data and Confidential Information are stored through a data management system. This data and Confidential Information can only be accessed by those who help manage that information in order to deliver email or otherwise contact those would like to receive our correspondence. You agree and acknowledge that we, including but not limited to our team, staff and affiliates, and those who manage the data management system, may have access to your Confidential Information.
Security.
We have reasonable security measures in place to prevent the loss, misuse, and alteration of the Confidential Information, but we make no assurances about our ability to prevent any such loss, misuse, to you or to any third party arising out of such loss, misuse, or alteration. However, due to the nature of the Internet, we cannot completely ensure or warrant the security of your Confidential Information or any other data or information transmitted to us or through our services; therefore, submitting Confidential Information, data or other information to us is done at your own risk. Submitting contributions or information on or through our Website is done entirely at your own risk. We make no assurances about our ability to prevent any such loss or damage to you or to any other person, company or entity arising out of your use of our Products or Services and you agree that you are assuming such risks.
Disclosure of Confidential Information.
All Confidential Information will be held in confidentiality and will not be disclosed to third parties, except that we may disclose Confidential Information and personally identifiable information: (1) pursuant to these provisions in our Terms of Use; (2) if we are required to do so by law; (3) in the good-faith belief that such action is necessary to conform to the law; (4) to comply with any legal process served on either us or our partners, sponsors or investors; (5) to protect and defend our rights or our property or those of our users or purchasers; and/or (6) to act as immediately necessary in order to protect the personal safety of our users, purchasers, or the public.
We will not sell, distribute, or lease your Confidential Information to third parties unless we have your explicit permission or are required by law to do so.
Viewing by Others.
Note that whenever you make your Confidential Information or other information available for viewing by others such as through our Products or Services, website, or social media, the Confidential Information or other information that you share can also be seen, collected, and used by others. Therefore, we cannot be responsible for any Unauthorized Use by others of such Confidential Information or other information that you voluntarily share online or in any other manner.
How We Use Cookies and Third-Party Links.
We may use the standard “cookies” feature of major web browsers. We do not set any Confidential Information in cookies, nor do we employ any data capture mechanisms on our website other than cookies. You may choose to disable cookies through your own web browsers settings. However, disabling this function may diminish your experience on the website and some features of our Programs, Products and Services or Program Materials may not work as intended.
We may also collect analytics data, or use third-party analytic tools such as Google Analytics, to help us measure traffic and usage trends and to understand more about our user demographics. You can learn more about Google’s practices at https://policies.google.com/technologies/partner-sites and view the currently available opt-out options at https://tools.google.com/dlpage/gaoptout.
We have no access to or control over any information collected by other individuals, companies or entities whose website or materials may be linked to our Programs or and Services as these third-party links are independent and have separate privacy policies. However, we seek to protect the integrity of our site and welcome any feedback about these linked sites.
Privacy Officer.
If you have any concerns about your Confidential Information or wish to obtain a Copy of the Confidential Information you have provided to us, please contact our Privacy Officer in writing. Their email address is info@kuranaturopathic.ca and mailing address is 15 Yarmouth St., Guelph, ON, N1H 4G2.
Kura Clinic Privacy Statement
Our Privacy Commitment to You
We are committed to protecting your privacy and ensuring the confidentiality of your personal health information. The types of personal health information we may collect include your name, date of birth, contact information, health history, health measurements, health conditions, and records of the care provided to you. We collect, use and disclose personal health information for the following purposes:
- To assess health needs and provide naturopathic care or massage therapy to our clients • To establish a baseline of health to identify changes over time
- To obtain payment for goods and services provided
- To enable us to contact clients and maintain communication in regards to such things as scheduling • To allow us to communicate with other treating health-care providers
- To advise clients about our clinic, new services, special events and opportunities (with consent) • To comply with external regulators and various government agencies
- To educate staff and preceptors
- To facilitate the sale of our organization or individual practices
We will collect, use and disclose only as much personal health information as is needed to achieve these purposes. You can withhold or withdraw your consent to the collection, use of disclosure of your personal health information by contacting us (details below).
Access to Health Records
You have the right to seek access to your health records that we keep and to ask us to correct a record if you believe it is inaccurate or incomplete. Please contact us for more information.
Questions or Concerns?
If you have questions or want to make a complaint about our privacy practices, please contact:
Dr. Alexandra Verge, ND
15 Yarmouth St., Guelph
Phone: (519) 766-9759 Fax: (519) 766-9871
You also have the right to complain to the Information and Privacy Commissioner of Ontario at the address below if you have concerns about our privacy practices or how your personal health information has been handled:
Information and Privacy Commissioner of Ontario
2 Bloor Street E. – Suite 1400
Toronto, ON M4W 1A8
Phone: (416) 326-3333 Toll Free: (800) 387-0073 www.ipc.on.ca
Our privacy policies and procedures comply with the provincial legislation called the Personal Health Information Protection Act (PHIPA). Our Privacy Policy sets out this clinic’s commitment to protecting your private health and personal information. It is available on request by asking any of our practitioners or staff.
Kura Clinic Privacy Policy
Privacy of personal information is an important principle to us at Kura Clinic. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. We try to be open and transparent about how we handle personal information. This document describes our privacy policies.
What is Personal Health Information?
Personal health information is information about an identifiable individual. Personal health information includes information that relates to:
- The physical or mental health of the individual (including family health history); • The provision of health care to the individual (including identifying the individual’s health care provider); • Payments or coverage for health care;
- The testing of an individuals’ body part or bodily substance’
- The identification of the individual’s substitute decision-maker.
This information can include:
- Name, address, telephone number, fax number, e-mail address, date of birth, occupation, place of employment, insurance company, insurance coverage
- Education, gender, sexual orientation, ethnicity, health history, health records, family history, hours of work, income
- Activities or views (e.g. religion, politics, opinions, community involvement)
Who We Are
Our organization, Kura Clinic, includes regulated health professionals and support staff. We have a few consultants and agencies that may, in the course of their duties, have limited access to personal health information we hold. These include computer consultants, bookkeepers and accountants, lawyers, temporary workers to cover holidays, credit card companies, website managers, cleaners, volunteers and naturopathic preceptors. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
Why We Collect Personal Information
Primary Purposes: We collect, use and disclose personal information in order to serve our clients. For our clients, the primary purpose of collecting personal health information is to provide naturopathic care (NDs) or massage therapy (RMTs). For example, we collect information about a client’s health history, including their family history, physical condition and function and social situation in order to help us assess what their health needs are, to advise them of their options and then to provide the health care they choose to have. A second primary purpose is to obtain a baseline of health and social information to that in providing ongoing health services we can identify changes that are occurring over time.
We also collect, use and disclose personal health information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:
Related Purpose #1: To invoice and obtain payments for services or goods provided.
Related Purpose #2: To enable us to contact you and maintain communication with you in regard to things such as appointment bookings and confirmations.
Related Purpose #3: To allow us to communicate with other treating health-care providers, including specialists, family practitioners, referring physicians, and any other provider involved in the care.
Related Purpose #4: To promote our clinic, new services, special events and opportunities that we have available. We will obtain express consent from you (in the intake form) prior to collecting or handling personal health information for this purpose.
Related Purpose #5: To comply with external regulators. Our professionals are regulated by CONO (NDs) and CMTO (RMTs) who may inspect our records and interview our staff as a part of their regulatory activities in the public interest. Each College has its own strict confidentiality and privacy obligations. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. In addition, we may be required by law to disclose personal health information to various government agencies.
Related Purpose #6: To educate our staff and preceptors. We value the education and development of future and current professionals. We may review client records in order to educate our staff and students about the provision of health care.
Related Purpose #7: To facilitate the sale of our organization or individuals’ practices. If the organization, its assets or a practice were to be sold, the potential purchaser would want to conduct a “due diligence” review of the organizations records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser must first enter into an agreement with the organization to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale has been finalized, the organization may transfer records to the purchase, but it will make reasonable efforts to provide notice to the individual before doing so.
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area. • Electronic hardware is either under supervision or secured in a locked or restricted area. • Our physical location is protected by an alarm system.
- We try to avoid taking personal health information home to work on there. However, when we do so, we transport, use and store the personal health information securely.
- Our staff members are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance to our privacy policy.
- We do not post any personal information about our clients on social media sites. • External consultants and agencies with access to personal information must enter into privacy agreements with us.
- Special note in regard to e-mail communication: we try to strike a balance between efficient and convenient exchange of information while taking reasonable precautions. Please be aware that e-mail communication carries inherent risks and can be intercepted in transmission, misdirected or be otherwise accessed inappropriately. As a result, consider communicating any sensitive information by telephone, fax, mail, or in person.
Retention and Destruction of Personal Information
We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies. However, in order to protect your privacy, we do not want to keep personal information for too long. We keep our client files for at least ten years from the date of the last client interaction or from the date the client turns 18.
We destroy paper files containing personal health information by shredding. We destroy electronic information by deleting in a manner that it cannot be restored. When hardware is discarded, we ensure that the hardware is physically destroyed, or the data is erased or overwritten in a manner that the information cannot be recovered.
Accuracy and Access of Personal Information
Kura Clinic endeavors to ensure that your personal information is as accurate, complete, and as up-to-date as necessary for the purposes that it is to be used. Information shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information is used to make a decision about you as our patient.
With only a few exceptions, you have the right to see what personal information we hold about you, by contacting Dr. Alexandra Verge, ND. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g. short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge $30.00 for the first twenty pages of records and 25 cents for each additional page. We may ask you to put your request in writing. We will respond to your request as soon as
possible and generally within 30 days, if at all possible. If we cannot give you access, we will tell you the reason, as best we can, as to why.
If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake we will make a correction. At your request and where it is reasonably possible, we will notify anyone to whom we sent this information (but we may deny your request if it would not reasonably have an effect on the ongoing provision of health care). If we do not agree that we have made a mistake, we will still agree to include in our file a brief statement from you on the point.
If there is a Privacy Breach
While we will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized access of your personal health information we will notify you.
Upon learning of a possible or known breach, we will take the following steps:
- We will contain the breach to the best of our ability, including by taking the following steps: o Retrieving hard copies of personal health information that have been disclosed o Ensuring no copies have been made
o Taking steps to prevent unauthorized access to electronic information (e.g., change passwords, restrict access, temporarily shut down system)
- We will notify affected individuals:
o We will provide our contact information in case the individual has further questions o We will provide the Commissioner’s contact information
- We will investigate and remediate the problem, by:
o Conducting an internal investigation
o Determining what steps should be taken to prevent future breaches
o Ensuring staff is appropriately trained and conduct further training if required
Depending on the circumstances of the breach, we may notify and work with the Information and Privacy Commissioner of Ontario. In addition, we may report the breach to the relevant regulatory College if we believe that it was the result of professional misconduct, incompetence or incapacity.
Consent
Generally, we need implied or express consent before collecting, using or disclosing personal health information. Implied consent can be assumed from surrounding circumstances that a client would reasonably agree to the collection, use or disclosure of their personal health information. An example of this would be a client booking an appointment, attending an appointment and answering questions required to open a record. Relying on implied consent is only proper w
- Clients have the information they need to understand why their information is being collected and it may be used or disclosed (as outlined by this Privacy Policy)
- That Privacy Policy Notices are posted in high traffic areas or waiting rooms describing why information is collected, used and disclosed and informing clients that they may withhold or withdraw their consent (and how to do so), and
- Clients have not withheld or withdrawn their consent
Express consent is required in a few situations such as when disclosing personal health information to someone other than a health information custodian such as an employer or insurance company (except where otherwise directed by statute) and when using personal health information for a purpose other than providing health care.
It is our policy at Kura Clinic to preferentially seek express consent for the collection, use and/or disclosure of personal information, except where it might be inappropriate to obtain your consent, and subject to some exceptions set out in law. Once consent is obtained, we do not need to seek consent again, unless the use, purpose or disclosure changes. Consent may be withdrawn at any time. A client’s withdrawal has no effect on information collected, used or disclosed before the patient withdrew consent.
Do You Have Questions or Concerns?
Our Information Officer Dr. Alexandra Verge, ND can be reached at 519-766-9759. She will attempt to address any questions or concerns you may have.
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer. She will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about our privacy practices or how your personal health information has been handled, by contacting:
Information and Privacy Commissioner/Ontario
2 Bloor St. East, Suite 1400
Toronto, Ontario M4W 1A8
Telephone: (416) 326-3333/(800) 387-0073 Fax: (416) 325-9195
www.ipc.on.ca
This policy is made under the Personal Health Information Protection Act, 2004, S.O. 2004, c.3. It is a complex statute and provides some additional exceptions to the privacy principles that are too detailed to set out here.