Privacy policy.

Devon Guy Consulting Privacy Policy

Privacy of personal information is an important principle to Devon Guy Consulting.  We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the goods and services we provide. We try to be open and transparent about how we handle personal information. This document describes our privacy policies. 

What is Personal Health Information?

Personal health information is information about an identifiable individual. Personal health information includes information that relates to:

• the physical, nutritional or mental health of the individual (including family health history);

• the provision of health care to the individual (including identifying the individual’s health care provider(s));

• a plan of service under the Home Care and Community Services Act, 1994;

• payments or eligibility for health care or coverage for health care;

• the donation or testing of an individual’s body part or bodily substance;

• the individual’s health number; or

• the identification of the individual’s substitute decision-maker.

Who We Are

Our organization, Devon Guy Consulting includes at the time of writing one nutritionist. We use a number of consultants and agencies that may, in the course of their duties, have limited access to personal health information we hold. These include computer consultants, bookkeepers and accountants, lawyers, temporary workers to cover holidays and maternity leaves, and website managers. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.

Why We Collect Personal Health Information 

We collect, use and disclose personal information in order to serve our clients. For our clients, the primary purpose for collecting personal health information is to provide nutrition counselling. For example, we collect information about a client’s health history, including their family history, physical condition and function and social situation in order to help us assess what their nutrition care needs are, to advise them of their options and then to provide the nutrition care they choose to have. A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services we can identify changes that are occurring over time. 

We also collect, use and disclose personal health information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:

Related Purpose #1: To obtain payment for services or goods provided. Payment may be obtained from the individual, private insurers or others.

Related Purpose #2: To conduct quality improvement and risk management activities. We review client files to ensure that we provide high quality services, including assessing the performance of our staff. External consultants (e.g., auditors, lawyers, practice consultants, voluntary accreditation programs) may conduct audits and quality improvement reviews on our behalf.

Related Purpose #3: To promote our clinic, new services, special events and opportunities (e.g., a seminar or conference) that we have available. We will always obtain express consent from the client prior to collecting or handling personal health information for this purpose.

Related Purpose #4: To comply with external regulators. Our professionals are regulated by [e.g., the College of Dietitians of Alberta] who may inspect our records and interview our staff as a part of its regulatory activities in the public interest. The College of Dietitians of Alberta has its own strict confidentiality and privacy obligations. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, our organization believes that it should report information suggesting illegal behaviour to the authorities. In addition, we may be required by law to disclose personal health information to various government agencies (e.g., the Ministry of Health, and Long Term Care, children’s aid societies, Canada Customs and Revenue Agency, Information and Privacy Commissioner, etc.).

Related Purpose #5: To educate our staff and students. We value the education and development of future and current professionals. We will review client records in order to educate our staff and students about the provision of health care.

Related Purpose #6: To fundraise for the operations of our organization, with the express or implied consent of our clients. If we rely on implied consent, we will only use the client’s name and address, we will provide clients with an easy opt-out option, and we will not reveal anything about our client’s health in the request.

Related Purpose #7: To facilitate the sale of our organization. If the organization or its assets were to be sold, the potential purchaser would want to conduct a “due diligence” review of the organization’s records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser must first enter into an agreement with the organization to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale has been finalized, the organization may transfer records to the purchaser, but it will make reasonable efforts to provide notice to the individual before doing so. 

Protecting Personal Information

We understand the importance of protecting personal information. For that reason, we have taken the following steps:

• Paper information is either under supervision or secured in a locked or restricted area.

• Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, strong passwords are used on all computers and mobile devices.

• Personal health information is only stored on mobile devices if necessary. All personal health information stored on mobile devices is protected by strong encryption.

• We try to avoid taking personal health information home to work on there. However, when we do so, we transport, use and store the personal health information securely.

• Paper information is transferred through sealed, addressed envelopes or boxes by reputable companies with strong privacy policies.

• Electronic information is either anonymized or encrypted before being transmitted.

• Our staff members are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy.

• We do not post any personal information about our clients on social media sites and our staff members are trained on the appropriate use of social media.

• External consultants and agencies with access to personal information must enter into privacy agreements with us.

Openness about the Personal Information Process

The organization must make its personal information Privacy Policy available to the public. Individuals must be able to obtain and understand this Privacy Policy without unreasonable effort.

Procedure

1. Staff are trained to provide the Privacy Policy document to anyone who requests it.

2. The Privacy Policy document will be posted in the reception area(s) of our organization.

3. The Privacy Policy will be posted on our organization’s website, where applicable.

4. A brochure summarizing the Privacy Policy document is provided to each new client at the time the consent form is signed.

Right to Access Personal Information 

Individuals have the right (with some exceptions) to access personal information about themselves held by the organization and to know what the organization has done with it. This ensures that the personal information is adequate, correct and up to date.

The suggestions below were written by the College of Dietitians of Alberta specifically for RDs to simplify the process of developing information privacy policies for their practices.

The suggested privacy practices translate some of the central requirements of law into statements for RDs providing dietetic services. They deal with some of the most significant personal health information privacy issues in a practical and understandable way, reflecting the professional values and requirements of dietetic practice. (e.g., client centered practice, informed consent, client confidentiality). However, they are simply suggestions and guides for RDs. Users of this guide will need to adapt them to their unique circumstances.