PRIVACY POLICY

Our Privacy Commitment to You

Updated Nov 9, 2022

The privacy of personal information is a critically important principle of Jennifer Denys Physio. I am committed to collecting, using, disclosing (sharing), retaining (storing), and discarding personal information responsibly and only to the extent necessary for the services we provide. I am open and transparent about how I handle your personal information. This document describes my privacy policies.

What is Personal Health Information?

Personal health information is information about an identifiable individual. Personal health information relates to the individual’s:

  • physical or mental health (including family health history);

  • health care (including maintenance, preventative or palliative measures),

  • health care provider,

  • payment for the health service including health card number,

  • substituted decision maker, or

  • non-health care information (home contact information) mixed in with other personal health information.

Who We Are

Jennifer Denys Physio is a sole proprietorship consisting of 1 Physiotherapist (Jennifer Denys) who is the Health Information Custodian and Privacy Officer. 

Why We Collect Personal Health Information

I collect, use, and disclose personal information in order to serve our clients. For my clients, the primary purpose for collecting personal health information is to provide physiotherapy services. For example, I collect information about a client’s health history, including their family history, physical condition and function, and social situation in order to help us assess what their health needs are, to advise them of their options, and then to provide the health care they choose to have. A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services I can identify changes that are occurring over time. 

I also collect use, and disclose personal health information for purposes related to these primary purposes:

  • Related Purpose #1: To conduct quality improvement and risk management activities. I review client files to ensure that we provide high quality services. External consultants (auditors, lawyers, practice consultants, voluntary accreditation programs) may conduct audits and quality improvement reviews on my behalf. Each would have their own strict confidentiality of and privacy obligations.

  • Related Purpose #2: To comply with external regulators. I am regulated by the College of Physiotherapists of Ontario who may inspect my records and interview me as a part of its regulatory activities in the public interest. The college has its own strict confidentiality and privacy obligations. In addition, as a professional, I will report serious misconduct, incompetence, or incapacity of other practitioners, whether they belong to other organizations or our own. In addition, we may be required by law to disclose personal health information to various government agencies (eg. Ministry of Health, Children’s Aid Societies, Information and Privacy Commissioner, etc.)

Protecting Personal Information

We understand the importance of protecting personal information. For that reason, we have taken the following steps:

  • Paper information is either under supervision or secured in a locked or restricted area and cross-shredded once digitalized

  • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, strong passwords are used on all computer and mobile devices

  • Personal health information is not stored on mobile devices and is only found on mobile devices in the form of texts or emails patients send. As such, patients are asked to keep such texts and email about transactional details only. 

  • Paper information is transferred through sealed, addressed envelopes or boxes by reputable companies with strong privacy policies.

  • Electronic information is either anonymized or encrypted before being transmitted.

  • I am trained to collect, use and disclose personal information only as necessary to fulfill my physiotherapy duties and in accordance with our privacy policy

  • I do not post any personal information about our clients on social media sites unless I have their specific express consent that is also documented in their respective chart

  • External consultants and agencies with access to personal information must enter into privacy agreements with me

Retention and Destruction of Personal Information

I need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies. 

I keep my client files for at least 10 years from the date of the last client interaction unless the client is younger than 18 years old. In these cases, I keep the young client files for 10 years from the date the client turns 18 years old. All files are electronic and stored encrypted through Jane online software.  

As I previously worked at ellephysio, those charts were paper based. If, in the event, a former client who I saw through ellephysio wishes to give me a paper copy of their previous chart, I will scan the paper document into the electronic medical record of that client and cross-shred the paper version of the record. 

When this retention period is complete, I destroy any paper files containing personal health information by cross-cut shredding. I destroy electronic information by deleting it in a manner that it cannot be restored. When hardware is discarded, we ensure the hardware is physically destroyed or the data is erased or overwritten in a manner that the information cannot be recovered.

You can Look at Your Records

With only a few exceptions, you have the right to see what personal information I hold about you, by contacting me (contact information at the end of this document). I can help you identify what records I might have about you. I will also try to help you understand any information you do not understand. (e.g. short forms, technical language, etc). If I do not know you, I will need to confirm your identity, before providing you with this access. We reserve the right to charge $20.00 for the first twenty pages of records, and 25 cents for each additional page.

I will ask you to put your request in writing. I will respond to your request within 30 days. If we cannot give you access, we will tell you the reason, as best as we lawfully can, as to why.

If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions I may have formed. I may ask you to provide documentation that something in the files is wrong. Where we agree that I made a mistake, I will make the correction. At your request and where it is reasonably possible, I will notify anyone to whom I sent this information (but we may deny your request if it would not reasonably have an effect on the ongoing provision of health care). If I do not agree that I have made a mistake, I will still agree to include in our file a brief statement from you on the point.

If there is a Privacy Breach 

While I take precautions to avoid any breach of your privacy, if there is ever a loss, theft or unauthorized access of your personal health information I will notify you. Upon learning of a breach, I will take the following steps as applicable:

  • I will contain the breach to the best of my ability

  • Retrieving hard copies of personal health information that has been disclosed

  • Ensuring no copies have been made

  • Taking steps to prevent unauthorized access to electronic information (e.g. change passwords, restrict access, temporarily shut down system)

  • I will notify affected individuals

  • I will provide my contact information in case the affected individual has further questions

  • I will provide the Commissioner’s contact information and advise the affected individual their right to complain to the Commissioner

I will notify the Privacy Commissioner and the College of Physiotherapists of Ontario in the following instances:

  • Use or disclosure of personal health information without authority

  • Stolen personal health information

  • Further use or disclosure without authority after a breach

  • Pattern of similar (even accidental) breaches

  • Disciplinary action against a college member

  • Disciplinary action against a non-college member

  • Significant breach

I will track and provide an annual report to the Commissioner regarding our privacy breach statistics.

I will investigate and remediate the problem by:

  • Conducting an internal investigation

  • Determining what steps should be taken to prevent future breaches (e.g. changes to policies, additional safeguards)

  • Ensuring I am appropriate trained and seek further training if required

How we use your information when you visit this website

This part of the Privacy Policy describes how jenniferdenysphysio.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit the Site.

Analytics 

This website collects personal data to power our site analytics, including:

  • Information about your browser, network, and device

  • Web pages you visited before coming to this website

  • Your IP address

This information may also include details about your use of this website, including:

  • Clicks

  • Internal links

  • Pages visited

  • Scrolling

  • Searches

  • Timestamps

We share this information with Squarespace and Google, our website analytics providers, to learn about site traffic and activity.

Cookies

This website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing the cookies dropped on your device, visit The cookies Squarespace uses.

These functional and required cookies are always used, which allow Squarespace, our hosting platform, to securely serve this website to you. 

These analytics and performance cookies are used on this website, as described below, only when you acknowledge our cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data.

Forms

When you submit information to this website via web form, we collect the data requested in the webform to track and respond to your submissions. We share this information with Squarespace, our online store hosting provider so that they can provide website services to us. 

Hosting

This website is hosted by Squarespace. Squarespace collects personal data when you visit this website, including:

  • Information about your browser, network and device

  • Web pages you visited before coming to this website

  • Web pages you view while on this website

  • Your IP address

Squarespace needs the data to run this website and to protect and improve its platform and services. Squarespace analyses the data in a depersonalised form.

Fonts 

This website serves font files from and renders fonts using Google Fonts and Adobe Fonts. To properly display this site to you, these third parties may receive personal information about you, including:

  • Information about your browser, network, or device

  • Information about this site and the page you’re viewing on it

  • Your IP address

Do You Have Questions or Concerns?

The Information Officer, Jennifer Denys can be reached at:

Phone: 905-208-8843
Email: info@jenniferdenys.com
Mailing Address: 86043-1011 Upper Middle Road. Oakville, ON. L6H 5V6

I will attempt to answer any questions or concerns you might have. 

If you wish to make a formal complaint about our privacy practices, you may make it in writing to the Information Officer. She will acknowledge receipt of your complaint, and ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.

You also have the right to complain to the Information and Privacy Commissioner of Ontario if you have concerns about our privacy practices or how your personal health information has been handled, by contacting:

Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8
Telephone: Toronto Area (416) 326-3333
Long Distance: 1 (800) 387-0073 (within Ontario)
TDD/TTY: (416) 325-7539
Fax: 416-325-9195
www.ipc.on.ca