Privacy Policy

1. Introduction

Co & Associates (Garion Sparks Austin Social Work Professional Corp) ("Co & Associates," "we," "us," or "our") is committed to protecting the privacy and confidentiality of the personal health information we hold on behalf of our clients. This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal health information in accordance with the Personal Health Information Protection Act, 2004 ("PHIPA") and other applicable Ontario and Canadian privacy legislation.

In this Privacy Policy, "you," "your," and "client" refer to individuals who use or seek to use our therapy and counselling services, including, where applicable, a client's substitute decision-maker as defined under PHIPA.

Our therapists, who include Registered Psychotherapists (RP) regulated by the College of Registered Psychotherapists of Ontario (CRPO) and Registered Social Workers (RSW) regulated by the Ontario College of Social Workers and Social Service Workers (OCSWSSW), are Health Information Custodians under PHIPA and are individually responsible for the personal health information they collect and maintain in the course of providing care.

2. Privacy Officer

Co & Associates has designated a Privacy Officer who is responsible for overseeing compliance with this Privacy Policy and with PHIPA. If you have questions, concerns, or complaints about how your personal health information is handled, please contact our Privacy Officer:

Privacy Officer — Co & Associates, 243 Main St E, Suite 201 & 203, Milton, ON L9T 1P1. Phone: 905-805-6728. Email: [email protected].

3. What Personal Health Information We Collect

Personal health information is information about an identifiable individual that relates to their physical or mental health, the provision of health care, a plan of service, payments or eligibility for health care, or the donation of body parts or bodily substances. We may collect the following types of personal health information:

Your name, date of birth, address, phone number, and email address. Information about your physical and mental health history, including symptoms, diagnoses, and treatment. Information about the health care you receive from us, including session notes, treatment plans, and progress records. Billing and payment information, including insurance details where applicable. Emergency contact information. Information provided by you or, with your consent, by other health care providers within your circle of care.

4. How We Collect Your Information

We collect personal health information directly from you in most cases, including through intake forms, during therapy sessions, and through our secure client portal. We may also collect information from other health care providers within your circle of care, with your implied or express consent, as permitted under PHIPA.

We also collect limited personal information through our website, including information you provide when you submit a contact form or book an appointment online. Our website may use cookies and similar technologies to improve your browsing experience. Cookies do not collect personal health information.

5. How We Use Your Information

We use your personal health information for the following purposes:

To provide you with therapy and counselling services, including assessment, treatment planning, and ongoing care. To communicate with you about your appointments, treatment, and account. To process payments and issue receipts for insurance purposes. To comply with legal and regulatory obligations, including record-keeping requirements of the CRPO and OCSWSSW. To administer and manage our practice, including quality improvement and risk management activities. To compile de-identified statistical information for internal reporting purposes.

6. Consent

Under PHIPA, we require your consent to collect, use, and disclose your personal health information, except in circumstances where PHIPA permits or requires us to act without consent.

Express Consent: We obtain your express consent, either verbally or in writing, when we wish to share your personal health information with individuals or organizations outside your circle of care, such as your employer, insurance company, lawyer, or family members.

Implied Consent: When you request our services, your request constitutes implied consent for us to collect, use, and disclose your personal health information within your circle of care for the purpose of providing you with health care. This means that your information may be shared with other health care providers involved in your care, unless you instruct us otherwise.

Withdrawal of Consent: You may withdraw your consent at any time by providing written notice to our office. Please note that withdrawal of consent cannot be retroactive and may affect our ability to continue providing services to you.

Lockbox: Under PHIPA, you have the right to restrict access to some or all of your personal health information by placing a "lockbox" on your records. This means you can instruct us not to share certain information with other health care providers within your circle of care. Your therapist will explain the implications of placing a lockbox on your records, including any potential impact on the continuity of your care.

7. Disclosure of Your Information

We do not disclose your personal health information except as described in this Privacy Policy or as permitted or required by law. We may disclose your personal health information in the following circumstances:

With your express or implied consent, as described above. To other health care providers within your circle of care, for the purpose of providing or assisting in the provision of health care to you. To our electronic medical record provider, Owl Practice, which acts as our agent for the purpose of securely storing and managing your health records. To comply with a legal obligation, such as a court order, subpoena, or mandatory reporting requirement (for example, reporting a child in need of protection under the Child, Youth and Family Services Act, 2017). To reduce or eliminate a significant risk of serious bodily harm to you or another person. To a regulatory college in connection with a complaint, investigation, or proceeding.

8. Retention of Your Information

We retain your personal health information for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal and regulatory requirements. In accordance with the standards of the CRPO and OCSWSSW, clinical records are retained for a minimum of five years from the date of the last client interaction, or until the client reaches the age of 18, whichever is later. Records may be retained for longer periods where required by law or professional standards.

When personal health information is no longer required, it is securely destroyed or rendered anonymous using methods that prevent unauthorized access.

9. Safeguards

We have implemented physical, organizational, and technological safeguards to protect your personal health information against theft, loss, unauthorized access, disclosure, copying, modification, or destruction. These safeguards include:

Physical safeguards such as secure storage of paper records in locked filing cabinets and restricted access to our office premises. Organizational safeguards such as limiting access to personal health information to those who have a legitimate need to know, requiring confidentiality agreements from all staff and contractors, and providing ongoing privacy training. Technological safeguards such as encryption of electronic records, password protection, secure video conferencing platforms for virtual sessions, and regular software updates and security audits.

We require all third-party service providers who handle personal health information on our behalf to maintain appropriate safeguards and to comply with PHIPA.

10. Virtual Therapy and Electronic Communications

When you participate in virtual therapy sessions, we use secure, encrypted video conferencing technology that meets Ontario privacy requirements. We take additional steps to protect your information during virtual sessions, including verifying your identity, ensuring that sessions are not recorded, and using only approved platforms for communication.

If you consent to communicating with us by email, please be aware that email communication carries inherent privacy risks. We will take reasonable steps to protect the confidentiality of email communications, but we recommend that you avoid including sensitive personal health information in emails where possible.

11. Your Rights

Under PHIPA, you have the following rights with respect to your personal health information:

Right of Access: You have the right to request access to your personal health information held by us. Requests must be made in writing. We will respond within 30 days, or we will notify you if an extension of up to an additional 30 days is required. A reasonable fee may be charged for providing copies of records.

Right of Correction: If you believe that your personal health information is inaccurate or incomplete, you may request a correction in writing. We will respond within 30 days. If we agree that a correction is warranted, we will amend the record. If we do not agree, you have the right to attach a statement of disagreement to your file.

Right to Complain: If you believe that your privacy rights have been violated, you have the right to file a complaint with our Privacy Officer. You also have the right to file a complaint with the Information and Privacy Commissioner of Ontario.

12. Breach Notification

In the event of a breach of your personal health information — meaning theft, loss, or unauthorized access, use, disclosure, copying, or modification — we will take the following steps:

We will contain the breach and take immediate steps to prevent further unauthorized access. We will assess the risk of harm to affected individuals. We will notify you if the breach creates a risk of significant harm. We will investigate the circumstances of the breach and implement measures to prevent future occurrences. We will report the breach to the Information and Privacy Commissioner of Ontario, as required by law.

13. Website Privacy

When you visit our website, we may collect limited non-identifying information through cookies and similar technologies, such as your browser type, operating system, pages visited, and the date and time of your visit. This information is used to improve the functionality and user experience of our website and is not linked to your personal health information.

You may disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of certain features on our website.

We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes.

14. Third-Party Service Providers

We use the following third-party service providers who may have access to personal health information or personal information in the course of providing services to us:

Owl Practice serves as our electronic medical record (EMR) and practice management platform. Owl Practice acts as our agent under PHIPA and is contractually required to maintain appropriate safeguards for your personal health information.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated policy will be posted on our website with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically.

16. Information and Privacy Commissioner of Ontario

If you have concerns about how your personal health information has been handled and are not satisfied with our response, you have the right to file a complaint with the Information and Privacy Commissioner of Ontario:

Information and Privacy Commissioner of Ontario, 2 Bloor Street East, Suite 1400, Toronto, Ontario M4W 1A8. Phone: 1-800-387-0073 (or 416-326-3333 in Toronto). Website: www.ipc.on.ca.

17. Contact Us

If you have questions about this Privacy Policy or about how your personal health information is handled, please contact us:

Co & Associates, 243 Main St E, Suite 201 & 203, Milton, ON L9T 1P1. Phone: 905-805-6728. Email: [email protected].