Alpine Meadows Nutrition
Privacy Policy
My Privacy Commitment to You
Privacy of personal information is an important principle to Alpine Meadows Nutrition/Anna Maria Campbell, Registered Dietitian. I am committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services I provide. I also try to be open and transparent as to how I handle personal information. This document describes my privacy policies.
I am committed to protecting your privacy and ensuring the confidentiality of your personal health information. The types of personal health information I collect may include (but not limited to) your name, contact information, address, billing information, date of birth, health and medical history, social history, name and address of the primary service provider and any other referring health professional as well as records of the care provided to you.
What is personal information?
Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics (e.g., name, date of birth, gender, age, income, home address or phone number, ethnic background, family status), health (e.g., health history, health conditions, health services received by them) or activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is to be contrasted with business information (e.g., an individual’s business address and telephone number), which is not protected by privacy legislation.
About Alpine Meadows Nutrition
Alpine Meadows Nutrition/Anna Maria Campbell, Registered Dietitian uses some consultants and agencies that may, in the course of their duties, have limited access to personal health information I hold. These may include computer consultants, accountants, lawyers, credit card companies and website managers. Their access to any personal information is restricted as much as reasonably possible. I also have their assurance that they follow appropriate privacy principles.
Why Alpine Meadows Nutrition Collects Personal Health Information
Alpine Meadows Nutrition/Anna Maria Campbell, Registered Dietitian, collects, uses, and discloses personal health information for the following purposes:
1. Collection of Personal Information - Primary Purposes
-
Like all Registered Dietitians, I collect, use and disclose personal information in order to serve my clients. For my clients, the primary purpose for collecting personal information about you is to provide you with dietetic services. I collect information about your health and diet history, your physical condition and function, and your social situation in order to help me assess what your needs are, to advise you of your options and then to provide the health care you choose to have.
-
A second primary purpose is to obtain a baseline of health and social information so that in providing ongoing health services, I can identify changes that are occurring over time. It would be rare for me to collect such information without the client’s express consent, but this might occur in an emergency (e.g., the client is unconscious) or where I believe the client would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message on from my client and I have no reason to believe that the message is not genuine).​
2. Collection of Personal Information - Secondary Purposes
I also collect, use and disclose information for secondary purposes including:
​
•To collect payment for services provided - invoicing clients for service, to process a credit card payment or to collect unpaid accounts. Payment may be obtained from the individual, private insurers or others.
​
•To conduct quality improvement and risk management activities. I review client files to ensure that I am providing high quality services. External consultants (e.g., auditors, lawyers, practice consultants, voluntary accreditation programs) may conduct audits and quality improvement reviews on my behalf.
​
•To comply with external regulators including the College of Dietitians of Alberta, as a part of its regulatory activities in the public interest. The College of Dietitians of Alberta has its own strict confidentiality and privacy obligations. In addition, as professionals, we will report serious misconduct, incompetence or incapacity of other practitioners, whether they belong to other organizations or our own. Also, I may need to report information suggesting illegal behaviour to the authorities. In addition, I may be required by law to disclose personal health information to various government agencies (e.g., the Ministry of Health, and Long Term Care, children’s aid societies, Canada Customs and Revenue Agency, Information and Privacy Commissioner, etc.).
​
•To educate students. I value the education and development of future and current professionals. If I have a student working with me, I will review client records in order to educate students about the provision of health care. Any students working/volunteering with Alpine Meadows Nutrition will be required to agree to strict confidentiality and prior to review or discussion of client records, I will obtain express consent from the clients involved.
​
•To promote or advise clients of special events, programs or opportunities (like a seminar or conference) that I have available. I will always obtain express consent from the client prior to collecting or handling personal health information for this purpose.
​
•To facilitate the sale of my business. If the organization or its assets were to be sold, the potential purchaser would want to conduct a “due diligence” review of the organization’s records to ensure that it is a viable business that has been honestly portrayed. The potential purchaser must first enter into an agreement with the organization to keep the information confidential and secure and not to retain any of the information longer than necessary to conduct the due diligence. Once a sale has been finalized, the organization may transfer records to the purchaser, but it will make reasonable efforts to provide notice to the individual before doing so.
•For other purposes permitted or required by law.
You can choose not to be part of some of these related or secondary purposes (e.g., by paying for your services in advance). I do not, however, have much choice about some of these related or secondary purposes (e.g. external regulation). I will collect, use, and disclose only as much personal health information as is needed to achieve these purposes. You can withhold or withdraw your consent to the collection, use or disclosure of your personal health information by contacting me (details below).
Limits of Confidentiality
As a regulated health care professional, Dietitians are bound to strict confidentiality, but there are exceptions. They can disclose confidential information without the client's consent, when required by law, or when disclosure is necessary to protect the client or others from harm.
-
Risk of Harm: If you disclose intentions to harm yourself or others, the Dietitian may be required to take protective actions.
-
Suspected Abuse: If there is suspicion of abuse or neglect of a child, elderly person, or vulnerable adult, the Dietitian must report it to the appropriate authorities.
-
Legal Requirements: If required by a court order, subpoena, or other legal process, your records may be disclosed.
​
Retention of Information
Client records and information will be retained for ten years following the last date of service (or ten years following their eighteenth birthday, whichever is longer).
I need to retain personal information for some time to ensure that I can answer any questions you might have about the services provided and for my own accountability to external regulatory bodies. However, I do not want to keep personal information too long in order to protect your privacy. As per healthcare policies, I retain personal health information for ten years following the last date of service (or ten years following the client's eighteenth birthday, whichever is longer). I destroy paper files containing personal information by shredding. I destroy electronic information by deleting it and, when the hardware is discarded, I ensure that the hard drive is physically destroyed.
Access to Health Records
You have the right to seek access to your health records that I keep and to ask me to correct a record if you believe it is inaccurate or incomplete. Please contact me for more information.
Protection of Information
I understand the importance of protecting personal information. For that reason, I have taken the following steps:
•Paper information is either under supervision or secured in a locked or restricted area.
​
•Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, strong passwords are used on all computers and mobile devices.
​
•Personal health information is only stored on mobile devices if necessary and is protected by strong passwords.
​
•Use of secure practice management software for record keeping, compliant with applicable privacy laws. The Telehealth and file management software used, Practice Better, is compliant with Alberta's Personal Information Protection Act (PIPA) and Canada's Personal Information Protection And Electronic Documents Act (PIPEDA). For more information, please see this page from Practice Better on privacy and security: https://help.practicebetter.io/hc/en-us/articles/234814027-Privacy-and-Security-on-Practice-Better
​
•I try to avoid taking personal health information outside of my office. However, if I do, I would transport, use and store the personal health information securely.
•Paper information is transferred through sealed, addressed envelopes or boxes by reputable companies with strong privacy policies.
•I do not post any personal information about my clients on social media sites.
•External consultants and agencies with access to personal information must enter into privacy agreements with me.
Please be aware that email communications are not guaranteed to be secure or confidential. Although I take reasonable precautions to protect sensitive information, I cannot guarantee the security of information transmitted via email (including the contact function of this website). If you have concerns about the security of your personal health information (PHI), please do not provide sensitive health information over these communication mediums and contact me through alternative methods.
If there is a privacy breach
While I will take precautions to avoid any breach of your privacy, if there is a loss, theft or unauthorized access of your personal health information I will notify you. Upon learning of a possible or known breach, I will take the following steps, as applicable:
1. Respond immediately to address the breach- take appropriate steps to notify the appropriate parties and contain the breach.
• Depending on the circumstances of the breach, I may notify and work with the Information and Privacy Commissioner of Alberta. PHIPA provides that regulations may be passed setting out certain kinds of breaches that must be reported to the Commissioner: s. 12(3).
2. Containment - Identify the scope of the potential breach and take steps to contain it.
• Assess what and how much information was breached and in what manner (e.g., paper format, electronic format).
• Determine whether copies were made.
• Implement any necessary action to contain further unauthorized access (e.g., change passwords, identification numbers and/or temporarily shut down a system).
3. Notification - Identify those individuals whose privacy was breached and notify them of the breach.
​
• Notify all individuals whose personal health information has been compromised in the most appropriate way possible in light of the sensitivity of the information (e.g., by phone, in writing, at your next appointment, etc.).
• Inform all individuals of the steps that have or will be taken to address the privacy breach and that the Information and Privacy Commissioner’s Office of Alberta has been informed.
• Provide the individuals with the organization’s and the Information and Privacy Commissioner’s Office of Alberta contact information in case individuals have further questions.
• Advise the individual of their right to make a complaint to the Commissioner (s. 12).
4. Investigation and Remediation
• Conduct an internal investigation into the matter to identify how and why the privacy breach occurred.
• Take the necessary steps to implement a plan that strives to avoid a similar privacy breach from occurring in the future.
• I will advise the Information and Privacy Commissioner’s Office of Alberta of the investigation findings and proposed future prevention plan and work together to make any necessary changes.
• Report the results of investigation to the relevant regulatory College if appropriate or required (PHIPA requires HICs to report certain events to the relevant regulatory College, including when a member is suspended, terminated or otherwise disciplined or has had their privileges or business affiliation revoked or restricted as a result of a privacy breach: s. 17.1. The organization may also be required to report the circumstances to a regulatory College under the Regulated Health Professions Act, 1991 in cases of professional misconduct, incompetence or incapacity.)
• Ensure all staff or volunteers are appropriately trained and conduct further training if required.
Questions or Concerns?
If you have questions or concerns about the privacy practices, please contact:
​
Anna Maria Campbell, Registered Dietitian
Alpine Meadows Nutrition
Email: annamaria@alpinemeadowsnutrition.ca
Phone: 416 880 9971
This policy is made under the Personal Information Protection and Electronic Documents Act. That is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the commitments set out above.
For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Québec
K1A 1H3
Phone: (819) 994-5444
​
CHANGE IN NOTICE OF PRIVACY PRACTICES
​
Alpine Meadows Nutrition may change its privacy practices at any time. The new terms shall apply to all PHI about you that I have at the time of change and to new PHI about you that I maintain in the future. If I make any material changes, I will change my Privacy Policy and update it on the website.
​
​