PROTECTING PERSONAL HEALTH INFORMATION

Any information collected that identifies who you are, and any health information stored with that identifying information,

is called Personal Health Information. As a healthcare company in Ontario, Canada, we have obligations to follow the

Personal Health Information Protection Act (PHIPA). Here is how we are keeping your information safe:

INFORMATION SECURITY PRACTICES

Hardware: All computers, phones, and other physical devices that have access to our server and/or email used to collect and store client information are password protected. All staff practice proper password management and device storage and protection. 

Collection and storage: Any personal health information collected electronically through www.kinthera.ca is completed with reasonable security features in place. Any personal health information is stored in a secure database with reasonable security measures in place to ensure its protection.

 

Email: All Kinthera email accounts are password protected and used only when necessary. All Kinthera personnel that handle personal health information follow proper email safety training and protocols. All emails that do contain personal health information will contain only the necessary, minimum personal health information. 

 

De-identifying: Any information collected will be de-identified 1 year after collection. This is the maximum amount of time we would ever need this information, and therefore must properly remove any identifying information related to the data we have collected (i.e. name, email, and phone number). Any other information that we do keep will not be identifiable; there is no reasonable way anyone can identify who’s data it is. Any de-identified data stored for later use is used solely as demographic statistics. This information better informs our matching processes and matching criteria, helping us provide better service over time. 

 

Accessing information: Only necessary Kinthera personnel have access to any personal health information provided by a client. All instances of viewing, handling, modifying, or otherwise dealing with personal health information will be recorded in an electronic audit log and include the necessary information outlined in PHIPA. This log will be recorded electronically and stored in a secure database.


There are components of PHIPA that must be followed in very specific ways, while other components leave an organization with the flexibility to choose how they will comply. The above information only informs you of how Kinthera is complying with these more flexible components. However, we are also compliant with all other components of PHIPA. For more information on PHIPA, visit the Government of Ontario website.

STAFF WITH ACCESS TO YOUR PERSONAL HEALTH INFO

Kinthera has only one health care custodian and no other contact persons with access to any personal health information collected by Kinthera. Should you have any questions about your personal health information, this person can be reached at:

 

     Emily Chatten

     905.914.2736

     emily@kinthera.ca

 

Emily can be reached during regular, weekday business hours. Should you not immediately reach Emily, please provide 1-2 business days for a response.

REVISING OR UPDATING PERSONAL HEALTH INFORMATION

After providing personal health information to Kinthera, should you need to revise or update this information, you have the right to do so. It is reminded that your personal health information will only be held for 1 year, after which time it will be de-identified. To make any revisions or updates during this 1 year period, please contact:

 

     Emily Chatten

     905.914.2736

     emily@kinthera.ca

 

Emily can be reached during regular, weekday business hours. Should you not immediately reach Emily, please provide 1-2 business days for a response.

SUBMITTING A COMPLAINT TO THE COMMISSIONER

Should you feel Kinthera is mishandling or is about to mishandle personal health information according to PHIPA, it is your right to submit a complaint to the Commissioner regarding this offense. In order to do so:

  1. Go to the Information and Privacy Commissioner of Ontario website

  2. Submit a written complaint within 1 year after the subject-matter of the complaint first came to the attention of the complainant or should reasonably have come to the attention of the complainant, whichever is shorter

Your personal health information is very important to us. Should you have any concerns or questions about any of the above policies or procedures, please do not hesitate to contact us. We would be more than happy to go over any of our practices in greater detail, and are always seeking feedback.