Counselling & Disability Services ("CDS") at York University is subject to the Personal Health Information Protection Act ("PHIPA"), Freedom of Information and Protection of Privacy Act ("FIPPA") as well as regulations of the College of Psychologists of Ontario and York University’s Policy on Access to Information and Protection of Privacy.
Collection of Personal Health Information
Personal health information is collected for the purpose of providing counselling and disability services to clients, for statistical reporting and related purposes. CDS works as a team and as such members of the team (including personal counselors, learning skills counselors, disability counsellors and supervisors) may have access to relevant information in the file on a need to know basis, in order to provide the best service to the client.
Disclosure of Personal Health Information
- Disclosure with client consent
A client or former client may provide written consent to CDS to disclose information in the client’s file to another health care professional or other third party. CDS shall take reasonable steps to ensure that the consent is informed and voluntary pursuant to the Canadian Code of Ethics for Psychologists (Canadian Psychological Association, 2000).If information is being disclosed to another health care professional with whom the client will be working while the client is still under the care of CDS, or following care by CDS, the client is required to sign a bidirectional release of information form.When granting consent to disclose information, the client may limit what is disclosed. However, if the information the client does not want disclosed is clearly needed by the person receiving the information in order to provide the client with appropriate services, CDS is required by law to inform the person receiving the information that the client has refused consent to disclose certain necessary information.
- Disclosure without client consent
Instances in which information may be disclosed without the client’s consent include cases when:
- there is reason to believe that there is a significant risk of bodily harm to the client or others;
- there is apparent, reported, suspected or potential child abuse or neglect;
- the client is involved in legal proceedings and the court orders or summons records;
- the client reports sexual abuse by a regulated health professional; in which case, the name of the offending member is reported to the member’s governing body, but the client’s name is only revealed with written consent by the client;
- regulatory colleges of the registered health care professional require the information;
- contacting a relative, friend or potential substitute decision-maker if the client is injured, incapacitated or ill and unable to give consent personally;
- for the purposes of a proceeding or a contemplated proceeding in which CDS or CDS practitioner, or former CDS practitioner, is expected to be a party, or witness if the information relates to or is a matter in issue in the proceeding.
Access to Client Information
A client may access the client’s personal health information in the client’s file by providing a written request to the CDS primary practitioner or designate or the CDS Privacy Officer and by providing proof of identity.
Such a request would be granted unless:
- it constitutes quality of care information or information generated for the College of Psychologists quality assurance program;
- it is raw data from standardized psychological tests or assessments or medical tests;
- the record or information in the record is subject to legal privilege that restricts disclosure of the record or the information to the individual; or
- if by granting access:
- There would be risk of serious harm to the treatment or recovery of the client or of serious bodily harm to the client or another person.
- It would lead to the identification of a person who was required by law to provide information in the record to the custodian.
- It would lead to the identification of a person who provided information in the record to CDS explicitly or implicitly in confidence and if CDS considers it appropriate in the circumstances that the name of the person be kept confidential.
- CDS believes on reasonable grounds that a request for access to a record is frivolous or vexatious or made in bad faith.
Correction to Client Information
A client may request a correction to information in the client’s file if the client can demonstrate to the satisfaction of the CDS primary practitioner or CDS that the record is incomplete or inaccurate and provides the information necessary to enable the practitioner to correct the record.
The CDS primary practitioner may refuse the request if:
- the clinical file was not originally created by the practitioner and the practitioner does not have sufficient knowledge or expertise or authority to correct the file; or
- it consists of a professional opinion or observation that the practitioner had made in good faith about the individual.
In such cases the CDS practitioner will provide the client with a copy of the written reasons for the refusal, leaving the original in the client’s file, attached to the document in question. The CDS practitioner will inform the client that the client has the right to include a concise statement of disagreement in the file and to complain to the Information and Privacy Commissioner about the refusal.
Retention of Client Records
We usually retain client records for fifteen years after the date of last contact, unless there are extenuating circumstances which require us to maintain the records for longer (e.g. if required to respond to legal action).
CDS Privacy Officer
If a client has questions about the collection, use or disclosure of personal information by CDS or if a client would like to obtain access, request a correction of a record, or file a complaint, the client may contact:
CDS Privacy Officer at: firstname.lastname@example.org
N110 Bennett Centre for Student Services
4700 Keele Street
Toronto, ON, M3J 1P3
Clients may also file a complaint with the Office of the Information and Privacy Commissioner of Ontario (IPC) at 1-800-387-0073 or www.ipc.on.ca.