top of page

Since September 22, 2022, new provisions of Québec Law 25 concerning the protection of personal information have come into force in the province of Québec. The deployment of these provisions will be done gradually over a period of 3 years. These changes in terms of confidentiality policy affect the private sector, including Lakeshore Psychology and Wellness Centre.

PRIVACY POLICY FOR SERVICE DELIVERY

v.2023-09-15

In accordance with Québec Law 25 and Canadian Privacy Legislation, please read our policies and procedures on the protection of personal health information:

At Lakeshore Psychology and Wellness Centre, we are committed to protecting the privacy and confidentiality of your Protected Health Information (PHI).

This Privacy Policy for Service Delivery outlines how we handle your PHI, the measures we take to safeguard it, and your rights regarding the use and disclosure of your PHI in the context of the delivery of psychological, psychosocial, wellness or other health-related services. 

Description of Protected Health Information (PHI)

PHI includes any information that can be used to identify you and is related to your physical or mental health, healthcare services received, and payment for those services. This information encompasses, but is not limited to, your name, address, date of birth, medical history, treatment records, payment information, and any other data linked to your healthcare.

 

Policies for Safeguarding PHI

We are committed to protecting your PHI in accordance with the Québec Law 25 and Canadian legislation regarding the protection of personal information. Measures to safeguard your PHI include secure storage, access controls, encryption, and employee training on privacy and security practices.

How PHI Is Used in Our Practice

Your PHI is primarily used for the following purposes:

  • Treatment: To provide you with quality mental health and wellness services;

  • Payment: To bill for services and provide receipts;

  • Practice Operations: For activities such as quality improvement, training, and administrative purposes;

 

Conservation of PHI

Protected Health Information will be stored and conserved in accordance with the ethical requirements of your treating professional's licensing body(ies). The minimum time that PHI must be kept varies from one regulating body to another. You may consult with your treating professional's licensing body(ies) to obtain specific information about their rules for record keeping.

 

Legal Limitations to Confidentiality of PHI

While we are dedicated to maintaining the confidentiality of your PHI, there are legal circumstances under which it may be disclosed without your consent. These include but are not limited to:

  • Public Safety and Harm Prevention: If we believe that disclosing PHI is necessary to prevent a serious threat to public safety or to protect you or others from harm, we may be required to share information with appropriate authorities;

  • Provincial/Federal Laws: Disclosure may be mandated by state or federal laws, such as mandatory reporting of child abuse or suspected child abuse or the harmful neglect of minor children and teens;

  • Credit Card Disputes: Information may be shared to resolve billing disputes;

  • Insurance Audits: Information may be provided to insurers for insurance audits;

  • Parental Authority: Unless we are provided with proof that sole parental authority has been legally awarded by a judge to only one parent or to a legal guardian, parents of minor children and teens have the right to access the PHI of their child, regardless of living arrangements or custody;
  • Court Orders and Subpoenas: In some cases, a court may issue a subpoena or court order compelling the release of PHI. We will not release your information in response to a subpoena without your written consent. Compliance with a legally issued court order is mandatory;

  • Law Enforcement Investigations: PHI may be disclosed to law enforcement authorities when required by law, such as during the investigation of certain crimes or in response to a valid search warrant;

  • Regulatory Compliance: Compliance with regulatory bodies and oversight agencies, such as licensing boards or accreditation organizations, may necessitate the disclosure of PHI for purposes of investigation or audit.

Business Associates and Their Expectations

At Lakeshore Psychology and Wellness Centre, we may engage in business associations with third-party entities to support various aspects of our operations and to provide enhanced services to our clients. These business associations involve sharing certain Protected Health Information (PHI) with these third parties, as required to perform specific services on our behalf.

Listing of Business Associates with Access to PHI

  • Certain aspects of our practice are managed by individual sub-contracted professionals, such as accounting or administrative professionals, as well as student volunteers. These agents are bound by strict confidentiality agreements designed to protect your privacy;

  • This clinic uses the Jane Practice Management Platform to manage our practice, Jane and Zoom (professional) for the provision of video-assisted therapy, VoIP.ms for phone, fax, and voicemail services, Google Workspace for email and secure cloud storage, Sync.com for backup secure cloud storage, Jane Payments and Stripe credit card processing providers, Intuit QuickBooks for bookkeeping and accounting, and standard Internet and cellular network providers. Any potentially identifying information in virtual interactions (e.g., IP address) will be kept secure through the security features offered by these providers and according to their privacy policies, available at the provider websites.

Expectations of Business Associates

We have established strict expectations for our business associates to safeguard your PHI and to comply with applicable privacy and security regulations. The following are some of the key expectations we have from our business associates:

  • Confidentiality and Security: Business associates are required to maintain the confidentiality and security of PHI, ensuring that it is not disclosed or used improperly. They must have security measures in place to protect your information. We also enter into a formal confidentiality agreement with individual third-party professionals, such as accounting or administrative professionals, and volunteers, outlining their obligations and responsibilities regarding PHI, which serve to legally bind business associates to our expectations and regulatory requirements;

  • Limited Use and Disclosure: PHI shared with business associates is to be used solely for the purpose of providing the agreed-upon services. Examples of such services include bookkeeping, accounting, administration, and coordination of care. Unauthorized use or disclosure of PHI is strictly prohibited;

  • Data Breach Notification: In the event of a data breach or unauthorized disclosure of PHI, business associates are required to promptly notify us and take appropriate measures to mitigate the breach and prevent further unauthorized access;

  • Audit and Compliance Monitoring: We conduct periodic audits and assessments to ensure that our business associates are in compliance with their obligations as outlined in applicable laws and herein;

  • Termination of Services: In the event that a business associate fails to meet our expectations or breaches the terms of the business agreement or confidentiality agreement, we retain the right to terminate our association with them.

If you have any questions or concerns about our business associations or the protection of your PHI, please do not hesitate to contact us. Your trust is of utmost importance to us, and we are dedicated to maintaining the highest standards of privacy and security.

Transmission of PHI vs. Communication of PHI

For the purposes of this Policy, "transmission" of PHI is used to denote the authorized sharing of PHI between our professionals, agents, business associates and/or the client or minor client's parents if applicable, as necessary for the purposes of Treatment, Payment and Practice Operations, either verbally or electronically using third-party providers as described in the above section Business Associates and Their Expectations, and in compliance with applicable laws and the ethical rules and guidelines of your provider's licensing body(ies).

 

For the purposes of this Policy, "communication" of PHI is used to denote the sharing of PHI with parties not directly involved with Treatment, Payment and Practice Operations at Lakeshore Psychology and Wellness Centre, in which case your written authorization to release or communicate PHI is required, as described in the below section Authorized Release or Communication of PHI, except in cases where we are legally required to disclose PHI (please refer to the above section Legal Limitations to Confidentiality of PHI).

General Risks Regarding the Electronic Collection, Storage, Transmission or Use of PHI

General privacy risks regarding the electronic collection, storage, transmission or use of PHI include but are not limited to the possibility (however small and despite our best efforts, data encryption and other security measures) that information may be accessed illegally by unauthorized parties or entities, that the transmission of information may be interrupted or disconnected due to technical difficulties, or that your computer could be damaged or hijacked by a computer virus or other unauthorized means.

Privacy and Telehealth Services

Telehealth services offer an alternative means of receiving mental health counseling or other health or wellness support. While telehealth provides flexibility and accessibility, it also involves certain risks to privacy.

 

Potential Risks of Using Telehealth

The general privacy risks regarding the electronic collection, storage, transmission and use of PHI as described above also apply to telehealth services. In addition, please note the following:

  • Privacy Concerns: While we use secure and encrypted platforms for telehealth, it's essential to be aware that no digital platform is entirely immune to privacy breaches. We take all necessary precautions to safeguard your information, but there is a minimal risk of unauthorized access to your sessions.

  • Interruptions: Telehealth sessions may be susceptible to interruptions due to factors beyond our control, such as unstable internet connections, power outages, or technical issues. While we strive for seamless communication, occasional disruptions can occur.

  • Technical Difficulties: Technical issues, such as audio or video disruptions, may arise during telehealth sessions. These difficulties may impact the quality and continuity of the session. We will work to address technical problems promptly to minimize their impact.

 

Shared Responsibility

Responsibility for protecting your privacy and personal information, including during telehealth service provision, is shared between yourself and your service provider or other Lakeshore Psychology and Wellness Center agents, as follows:

  1. To protect your privacy and personal information, including during telehealth services, you agree to use a device equipped with antivirus, firewall and other electronic security software, use a secure or private Wi-Fi connection, take the call alone in a private room where you are not likely to be heard or disturbed, and clear your call/browsing history after the session. Likewise, your therapist will attend your teletherapy session in a private, soundproof room using a secure Wi-Fi connection and a secure, password-protected device equipped with electronic security software;

  2. You agree not to record sessions or portions of telehealth sessions in any manner, including audio or video recordings and screenshots/images. Likewise, your service provider will not record sessions, unless explicitly authorized in writing as described below;

  3. You agree that you will hold Lakeshore Psychology and Wellness and its agents free and harmless from any inadvertent divulgation of your PHI if you do not adhere to these measures.

 

Privacy and Group Therapy/Intervention

Confidentiality and privacy protection in group interventions are far less secure than in individual interventions:

  • Less Secure: Although group participants are instructed that the information and events that occur during the group intervention and the identities of participants are to be held in the strictest confidence, and although group participants are instructed that recording of sessions is strictly prohibited, the potential for a breach of confidentiality or privacy is multiplied in the group context in a manner that is beyond the control of the group therapist/animator;

  • Declaration of Harmlessness: You understand and agree that Lakeshore Psychology and Wellness Center and its associated professionals and agents are not responsible for will be held free and harmless in the event of breaches of confidentiality or privacy by participants in group therapy or other group-based service delivery or interventions.

 

No Recording Policy

To protect your privacy, your therapist or service provider will not record any part of in-person or telehealth sessions, including audio or video recordings and screenshots/images, without your explicit, written consent provided on a Consent to Recording form, which will also explicitly describe the use, duration and security of such recordings. Likewise, you agree not to record sessions or portions of telehealth or in-person sessions in any manner, including audio or video recordings and screenshots/images.

 

Communication via Email, Text Messaging and Social Media and Preferred Communication Channel

At Lakeshore Psychology and Wellness Centre, we recognize the increasing role of email, text messaging and social media in our lives and the potential impact these can have on our therapeutic relationship and your privacy.

Use of Email and Text Messaging

This following outline our guidelines and expectations regarding the use of email and text messaging in the context of psychosocial, wellness and related service provision:

  • Minimize or Avoid Transmission of Sensitive Information: Email and text messaging with your therapist or our administrative staff allow for convenient communication but are not secure, and their use for the transmission of sensitive information should be minimized or avoided.

  • Implicit Consent: Your ongoing use of email or text messaging to communicate with our office will constitute your implicit, ongoing consent to communication using these media;

  • Communication With Other Professionals: In cases where authorized communication between our professionals and other parties or providers (educational, medical, psychological, etc.) is requested, or where such disclosure is required by law, sensitive information will be communicated by our office via email, fax transmission, video conference, or phone call, as required by the office of these other professionals, parties and providers.

Social Media Use

This following outline our guidelines and expectations regarding the use of social media in the context of psychosocial, wellness and related service provision:

  • Respect for Confidentiality and Privacy: We uphold the principles of confidentiality and privacy in our therapeutic relationship. Therefore, we expect clients to maintain the same level of respect for confidentiality when it comes to their involvement with our practice on social media platforms;

  • Do Not Share Identifiable Information: We request that clients do not share any identifiable information about their counselor, other clients, or the content of their sessions on social media. This includes refraining from sharing photos, names, or specific details that could compromise confidentiality;

  • Maintenance of Professional Boundaries: While we value our therapeutic relationship, it is important to maintain professional boundaries. This means our professionals and agents do not engage in social media interactions with current clients. We encourage you to discuss any concerns or questions within the therapeutic session;

  • Avoid Communication Using Social Media: Communication using social media, which is neither safe nor appropriate, must be always avoided;

  • Avoid Dual Relationships: We advise clients to avoid establishing or continuing dual relationships on social media platforms with their counselor. Dual relationships can blur the boundaries of the therapeutic relationship;

  • Exercise Caution: We encourage clients to exercise caution when discussing their mental health or our counseling services on social media. While we support open conversations about mental health, it is essential to consider the potential consequences of public disclosures;

  • Adjust Privacy Settings: We recommend reviewing and adjusting your privacy settings on social media platforms to maximize your personal privacy and security;

  • Report Concerns: If you encounter any content related to your counselor or our practice on social media that raises concerns about your privacy or the therapeutic relationship, please bring it to our attention during a counseling session;

  • Termination of Services for Inappropriate Social Media Use: In cases where a client's use of social media is deemed inappropriate or detrimental to the therapeutic relationship or professional provision of care, we may need to address this concern as part of our therapeutic work or, in extreme cases, consider the termination of services.

Preferred Communication Channel

Our primary and preferred mode of communication is during your appointment or session with your service provider. Please use secure and confidential methods to communicate any concerns, questions, or scheduling issues related to your counseling.

These guidelines and expectations are in place to protect your confidentiality, privacy, and the integrity of the therapeutic relationship. We appreciate your cooperation in adhering to these guidelines and encourage open communication with your treating professional or our administrative staff to address any questions or concerns.
 

Authorized Release or Communication of PHI

You have the right to request and authorize the release of your PHI to other persons or parties. When you make such a request, the following will apply:

  • We will obtain your written authorization before releasing your PHI, except in situations where disclosure is required by law;

  • The authorized release or communication of your PHI will follow the ethical rules and guidelines of the licensing body(ies) of your service provider(s);

  • You may revoke your release or communication of your PHI in writing only by email or registered mail at any time, but this revocation will not apply to actions taken prior to receiving your revocation.

 

Rights Concerning Your PHI

Right to Access Your PHI

You have the right to request access to your PHI. When you make such a request, the following will apply:

  • You will request access to you PHI in writing via email or via registered mail to the Privacy Officer named at the end of this Policy;

  • If you provider or former provider is the Health Information Custodian for your file, we will inform you of this and refer you to your provider for fulfilment of your request, at which point our involvement will be complete;

  • If we are the Health Information Custodian for your file, we will ask your provider or former provider to prepare a copy of your PHI, adhering to the ethical rules and guidelines of the licensing body(ies) of your service provider(s), and we will provide you with a copy of your PHI within 30 business days. This copy may be provided either in electronic or paper format, as per your preference, if it is reasonably feasible.

 

Right to a List of Disclosures of PHI

You have the right to receive a list of disclosures of your PHI for purposes other than treatment, payment, or practice operations. When you make such a request, the following will apply:

  • You will request a list of disclosures of your PHI for purposes other than treatment, payment, or practice operations in writing via email or via registered mail to the Privacy Officer named at the end of this Policy;

  • If you provider or former provider is the Health Information Custodian for your file, we will inform you of this and refer you to your provider for fulfilment of your request, at which point our involvement will be complete;

  • If we are the Health Information Custodian for your file, we will provide you with a list, as documented in your file, of disclosures made during the requested timeframe or the maximum timeframe required by the licensing body(bodies) of your treating professional preceding the date of your request.

 

Right to Request Corrections to PHI

You have the right to request corrections to your PHI if you believe it is inaccurate. When you make such a request, the following will apply:

  • You will request corrections to your PHI in writing via email or via registered mail to the Privacy Officer named at the end of this Policy;

  • If you provider or former provider is the Health Information Custodian for your file, we will inform you of this and refer you to your provider for fulfilment of your request, at which point our involvement will be complete;

  • If we are the Health Information Custodian for your file, we will ask your provider or former provider to evaluate your request and, if necessary, make the required corrections or provide you with a written explanation if your request is denied or, if feasible and appropriate, we will evaluate your request ourselves and if necessary, make the required corrections or provide you with a written explanation if we deny your request.

 

Right to Opt Out of the Electronic Collection, Storage, Transmission and Use of Your PHI

You have the right to opt out of the electronic collection, storage, transmission and use of your PHI. When you make such a request, the following will apply:

  • New Clients: If you are a new client, you may opt out on the consent form in your intake paperwork, without affecting your right to access services;

  • Existing and Former Clients: If you are an existing client, you will notify the Privacy Officer in writing that you are withdrawing your consent to the electronic collection, storage, transmission and use of your PHI. The Privacy Officer will have 30 days to consult with your service provider, evaluate most viable manner of implementing your request, and respond to your request.

  • Acceptance of Limitations Related to Opting Out: In opting out or making a request to opt out of the electronic collection, storage transmission and use of PHI, you acknowledge that the operations of Lakeshore Psychology and Wellness Center, their independent providers and their agents rely on at least a minimum of electronic collection, storage and use of your PHI (for example, for communication, payment, bookkeeping and accounting); as such, while we will do our best to accommodate your request, you understand and accept that it will not be possible for us to provide you with services if your opt-out request precludes minimum operations requirements for service delivery, in which case we will try to provide referral to other providers (if available).

Privacy Officer

In accordance with the legislative provisions outlined by Québec’s Law 25, Kelly Ann Cartwright, Clinic Director occupies the role of Privacy Officer in charge of the protection of personal information.

Questions, Concerns and Requests

If you have any questions, concerns or requests regarding the treatment of your confidential information at Lakeshore Psychology and Wellness Centre, please contact Kelly Ann Cartwright, Privacy Officer, by email or registered mail only, as these requests must be made in writing, at drcartwright@lakeshorepsychology.ca or c/o Privacy Officer, Lakeshore Psychology & Wellness Centre, 15 avenue Cartier, Suite 1, Pointe-Claire, Québec H9S 4R5.

Date of Policy

This policy was last modified on September 15, 2023.

Changes to Policy and Previous Versions

Changes to our Privacy Policy for Service Delivery will be posted on this page.
You may consult previous versions of our Privacy Policy for Service Delivery here: [no previous versions]

Note: This Privacy Policy for Service Delivery does not address the collection, use and disclosure of information received during use of our website; please refer to our Website Privacy Policy for details on how we safeguard your privacy as a user of this website.

bottom of page