Your Privacy is Our Priority
Cornerstone Family Counselling Services is committed to protecting your Personal Health Information (PHI) and adhering to Ontario’s Personal Health Information Protection Act (PHIPA). This policy outlines our practices to ensure your data is handled safely and with the utmost respect.
Purpose
Cornerstone Family Counselling Services (CFCS), as a Health Information Custodian (HIC), is dedicated to protecting the privacy and security of Personal Health Information (PHI) under our care. This policy ensures client information is managed in compliance with Ontario’s PHIPA guidelines.
What is Personal Health Information (PHI)?
PHI includes any identifying information about an individual, such as:
- Information related to physical or mental health, including family health history.
- Details about health care provided to the individual.
- Identification of a substitute decision-maker.
- Health card number.
CFCS collects PHI to provide counseling and therapy services. This may include your name, date of birth, address, health history, family background, and records of services provided.
Our Privacy Responsibilities
To protect PHI, CFCS and its staff are required to:
- Designate a Privacy Officer responsible for privacy practices.
- Implement clear privacy policies.
- Share only necessary health information with authorized parties, ensuring that only those involved in care have access.
- Notify clients if their information is shared outside the circle of care, intentionally or unintentionally.
- Train all staff, students, and volunteers on PHIPA obligations.
Our Privacy and Security Policy supports CFCS staff in understanding their legal and professional obligations to maintain confidentiality and comply with PHIPA requirements. Staff members are advised to contact the Privacy Officer whenever uncertainty arises.
Guiding Ethical Practices
- CFCS staff must act in accordance with their professional and legal obligations.
- Clients must feel confident that their PHI will remain confidential to preserve trust in the therapeutic relationship.
- Confidentiality is critical to providing the highest standard of care, encouraging clients to share complete and accurate information for better outcomes.
Collecting and Disclosing Information
Collection of PHI
Staff can only collect information directly relevant to the mental health treatment of the client, as per CRPO requirements.
Disclosure of PHI
Staff may only disclose PHI:
- With the patient’s or substitute decision-maker’s consent, and when necessary for lawful purposes.
- Where permitted under legislation, without the patient’s or substitute decision-maker’s consent.
- Where required by law.
Consent
We require client consent before disclosing PHI.
- Implied Consent: Assumed for sharing information within the client’s “circle of care.”
- Express Consent: Required for disclosures outside the circle of care, except as allowed by law.
Lock Boxes
Clients may restrict specific personal health information from being disclosed. CFCS staff will honor these restrictions unless it compromises safety or legal obligations. If restrictions impede safe treatment, staff may refuse to provide non-emergency services, explaining their decision to the client.
Standards and Practices
- Staff will not share client information except for supervision, safety, or when directed by the client or permitted by law.
- In group supervision or discussions, first names, initials, pseudonyms, and age will be used to protect client identity.
- Records will be retained for at least 10 years after the last interaction or the client’s 18th birthday, whichever is later.
- Express consent will be documented for any post-closure requests for information or booster sessions.
Monitoring
CFCS conducts regular audits of our Client Information System to ensure compliance. The designated Privacy Officer performs bi-annual attestations to confirm alignment with privacy practices.
Unauthorized Access
Staff are prohibited from accessing client records unless directly involved in their care. Unauthorized access or misuse of client data will result in disciplinary action, regulatory reporting, or legal action.
Data Breach Response
In the event of a data breach, CFCS will:
- Identify and Contain the Breach: Immediately determine the nature and extent of the breach.
- Notify Affected Individuals: Inform individuals promptly, including the types of information involved and steps to mitigate harm.
- Report to Authorities: Notify the Information and Privacy Commissioner of Ontario as required.
- Conduct a Thorough Investigation: Identify the cause and implement measures to prevent future breaches.
- Review and Update Policies: Update privacy and security policies as needed.
Contact Us
If you have questions or concerns about our privacy practices, please contact:
Evelyn DeMoss
Privacy Officer
Email: [email protected]
Add a form:
Connect with Us
Do you have questions about our privacy policy? Please fill out the form below, and we’ll get back to you promptly.
Contact Form – Fields to Include:
- Name
- Email Address
- Phone Number (optional)
- Preferred Contact Method (dropdown: Email, Phone)
- Questions or Comments (text box)
Submit Button Text: “Please Contact Me”
Image Recommendations:
1.Symbol of Security:
- A lock icon over a digital interface or file folder.
- A shield representing data protection.
2.Abstract Visuals:
- Digital lines or patterns resembling encrypted data.
- A combination of soft colors (blues and greens) with icons representing security (e.g., padlocks, shields).