Consent to Use and Store Personal Health Information
At Spring Street Dental we are committed to ensuring a professional, safe and trusted office environment. To provide you with optimized oral health care and excellent service we use, store and analyze certain personal health information that we (a) collect from you, (b) generate through diagnostic testing and treatment planning, or (c) receive from your other health care providers.
We will not collect, disclose, or use any of your information without your knowledge or consent. Only persons with a clinical (or related administrative) need to know a piece of information will be granted access to that information. In the same vein we embrace the principle that only the necessary amount of information shall be disclosed for any task or function. Our staff are trained on the importance of keeping your information safe, secure, and confidential.
We have designated Julian Perez as our privacy officer. You can reach Julian Perez at firstname.lastname@example.org should you have any questions or concerns. We appreciate your feedback.
What information do we collect?
There are a few categories of information we normally collect. The first is personal information such as name, address, other contact information, insurance information, and financial/billing information, which may include credit card numbers and other such information. To the extent we collect credit card information, it is done in compliance with Payment Card Industry Data Security Standards (PCI DSS).
We also collect and generate personal health information including such things as:
- Medical history
- Dental history
- Records of dental visits, recall exams, and appointment scheduling
- Results of diagnosis and testing
- Study models, odontograms and impressions
- Treatment recommendations, treatment plans and progress notes
- Records of consent conversations and when appropriate, signed consent forms
- Referral/Specialists reports and recommendations
How do we use your information?
We believe it is important that you know how we use your information. First, we only collect, use, and disclose information about you for the following purposes:
- To deliver safe and efficient patient care
- To ensure high-quality service
- To assess your health needs
- To advise you of treatment options
- To provide you with information about services offered at our clinic
- To inform you of changes to our office policies or hours
- To establish and maintain communication with you, including to schedule and remind you of appointments
- To enable us to contact you
- To communicate with other health care providers, including specialists and general dentists involved in your care
- To allow us to efficiently follow-up for treatment, care and billing
- For teaching and demonstrating purposes on an anonymous basis
- To complete and submit dental claims and estimates for third party adjudication and payment
- To comply with legal and regulatory requirements, including communication with the provincial dental regulator, privacy commissioner or any statutory review board as required under legislation
- To comply with a court order in the event of legal proceedings
- To invoice for goods and services
- To process credit card, cash and personal cheque payments
- To collect unpaid accounts
- To send you surveys relating to our business and services
- For internal management purposes, such as resource planning, policy development, quality assurance, and human resource management
- To comply with regulatory requirements and the law generally
- In the event that a decision to sell the practice is made:
- To permit potential purchasers to evaluate the dental practice
- To allow potential purchasers to conduct an audit in preparation for a sale
While the above list is rather long, we believe it better to be over-inclusive. Many of the items listed above are unlikely to apply to you.
Before personal information is used or disclosed for a purpose not previously identified, we will advise you of this new purpose or disclosure and will only proceed with your consent.
When we communicate with you, we may communicate via electronic means, such as e-mail or SMS text message. We strive to ensure that our Commercial Electronic Messages (“CEMs”) are sent with consent, identifying information and unsubscribe mechanisms. We require all CEMs from our Office to be in compliance with privacy and anti-SPAM laws. If and when we communicate with you using CEMs, you can opt out of receiving such messages by following the “Unsubscribe” link included at the bottom of such messages or by contacting our office practice manager. Any questions or concerns with respect to CEMs from our Office may be addressed by phone (905) 372-3032 or you may contact us through our website. If our Office inadvertently sends out a CEM without consent, we commit to investigating every such instance and assisting the employee(s) or managers involved with renewing their understanding and awareness of our compliance responsibilities.
How is your information stored and who has access to it?
Your information may be kept in physical form (files, models, etc.) in which case it is either guarded by staff or stored in a locked and secure file cabinet or safe. Digital information may be stored on encrypted file servers in secure/access-controlled locations. Digital information is password protected and stored on systems which save audit trails in the event unauthorized access must be investigated. Our systems are protected by industry standard IT security hardware and software measures.
We may enter into agreements with third-party providers specializing in data storage and protection. Sometimes that data is securely stored in the cloud, which may include locations outside of Canada. In those instances, only persons contractually obligated to secure and protect your data will be able to access that data. We will only enter into contractual agreements with providers which meet Canadian legal standards and requirements for storage and protection of personal health information.
We may also share aggregate and non identifiable data with research institutions or third-party providers to advance oral health care. This is explicitly permitted by legislation as it poses minimal to no risk to patients but has the potential to greatly enhance health care effectiveness. We will only share such data with persons or providers who enter into the necessary agreements to keep information confidential and to safeguard and protect such data.
We work with experts to further protect your information
To meet the complex and ever-changing requirements of dental practice and practice administration, we partner with experts to improve the health care services we deliver and to administer our dental offices more effectively.
In addition to the independent duty of each health care provider to respect and safeguard your privacy rights, our dentists and health care providers partner with Dr. Larry Podolsky Dentistry Professional Corporation which, among other things, is our designated corporate custodian for patient health information and owns the clinic’s charts and records. Dentalcorp Health Services, ULC (“DHS”) acts as our designated Information Manager in addition to providing technical services to our office.
As Information Manager, DHS utilizes best industry standards and technology along with a robust cybersecurity program to protect patient privacy and to ensure compliance with all local and federal laws.
FOR USERS OF OUR ONLINE SERVICES
We use Google Analytics’ 3rd-party audience data such as age, gender, and interests to better understanding the behaviour of our customers and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this website or other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.
You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioural Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/.
We use Remarketing to advertise our practice across the Internet.
Remarketing will display ads to you based on what parts of our website you have viewed by placing a cookie on your web browser.
This cookie does not in any way identify you or give access to your computer or mobile device.
The cookie is used to indicate to other websites that “This person visited a particular page, so show them ads relating to that page.”
Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from us, you can opt-out in several ways:
- Opt-out information for Facebook ads visit: https://www.facebook.com/help/568137493302217