Privacy Policy

Antahkarana Clinic – MINDSS NEUROLINKS Ph: 8884976550

Privacy Policy regarding Protecting Personal Information

1. Openness and transparency in Privacy Policy

1.1  Ultimately, we value patient privacy policy and act to ensure that it is protected.

1.2  We have this privacy policy to capture our current practices and respond to national and state requirements for the protection of personal information.

1.3  In addition, this privacy policy describes how this office collects, protects, and discloses the personal information of patients and the rights of patients concerning their personal information.

1.4  Thus, we are available to answer any patient questions regarding our privacy policy practices.

2. Accountability

2.1       In most cases, for example, the physician is accountable. This is for the protection of health records. However, the patients get the responsibility to protect their documents since we are in an outpatient setting. We trust that our patients are responsible for maintaining records for follow-up reviews and future use.

2.2       Also, patient information is sensitive by nature. Thus, employees and all others in this office who assist with or provide care must be aware of and adhere to the protections described in this privacy policy for the appropriate use and disclosure of personal information.

2.3       All persons in this office who have access to personal information must adhere to the following information management practices:

  • Access is on a need to know basis
  • We restrict access to authorized users
  • Contractual privacy clauses/agreements with third parties, including cleaning, security personnel, building maintenance personnel, and network technicians.

2.4       Also, this office employs strict privacy policy protections to ensure the following

  • We protect the confidentiality of any personal information we access in the course of providing patient care.
  • Thus, we collect, use and disclose personal information only to provide care and treatment or the administration of that care or for other purposes expressly consented to by the patient.
  • We adhere to the privacy and security policies and procedures of this office.
  • We educate and train staff on the importance of protecting personal information.

Collection, Use, and Disclosure of Personal Information and Privacy Policy

3. Collection of personal information

3.1 We collect the following personal information

  • Identification and contact information, including name and date of birth
  • Billing information including state/district health insurance plan (health card) number and private medical insurance details, if applicable
  • Health information may include medical history and presenting symptoms

3.2 Limits on collection

We will only collect the information required to provide care, administrate the care that is provided and communicate with patients. We will not collect any other information or allow the usage of this information for other purposes, without the patient’s express consent – except where authorized to do so by law. These limits on collection ensure that we do not collect unnecessary information.

4. Use of personal information

4.1 We use personal information collected from patients in this office for the purposes of

  • Identification and contact – Emergency contact
  • To provide continuity of care: Historical record and Health promotion and prevention
  • Administration of the care provided: Prioritization of appointment scheduling and billing the provincial health plan.
  • Professional requirements: Risk or error management and Quality assurance (peer review)
  • Research studies and trials

5. Disclosure of personal information – I

5.1 Implied consent (Disclosures to other providers)

  • Unless otherwise indicated, we assume that patients have consented to use their information to provide them with care, including sharing the information with other health providers involved in their care. By seeking care from us, the patient gives implied consent for the provision of that care.
  • We share relevant health information with other providers involved in the patient’s care. We could also share information that includes, and is not limited to, other physicians’ notes involved in providing care.

5.2 At times, the law requires the physician to disclose personal information without the patient’s consent. This is only in limited situations. Such disclosures should legally be mandated and authorized. We include here some examples of these situations,

  • billing state health plans
  • reporting specific diseases
  • while reporting abuse (child, elder, spouse, etc.)
  • reporting fitness (to drive, fly, etc.)
  • by court order (when subpoenaed in a court case)
  • in regulatory investigations
  • for quality assessment (peer review)
  • for risk and error management, e.g., medical-legal advice

5.1 Disclosure of Personal Information – II

5.3 Express Consent (Disclosures to all other third parties)

  • The patient’s express consent, oral or written, is required before disclosing personal information to third parties for any purpose other than to provide care or unless authorized to do so by law.
  • Examples of situations that involve disclosures to third parties include, but are not limited to, third-party medical examinations and provision of charts or chart summaries to insurance companies or lawyers who have obtained the necessary permission from responsible authorities.
  • Disclosure Log – Before a disclosure is made to a third party, we shall make a notation in the file that the patient has provided express consent, or a signed patient consent form is appended to the file.

5.4 We use withdrawal of consent if

  • Patients have the option to withdraw consent to share their information with other health providers at any time.
  • Patients also have the option to withdraw consent to have their information shared with third parties.
  • Moreover, if a patient chooses to withdraw their consent, the physician discusses any significant consequences concerning their care and treatment with patients.

Office Safeguards and Privacy Policy

6. Security measures

6.1 The security of patient information according to the privacy policy is protected by safeguards that are in place.

6.2 We include a combination of physical, technological, and administrative security measures.

6.2.1 We use the following physical safeguards

  • firstly, we use limited access to the office: monitored alarm system and deadbolt entry lock or keypad entry system
  • secondly, we use limited access to records: need to know basis and locked cabinets
  • finally, we use office layout/features: front desk privacy screens and soundproofing to ensure confidentiality

6.2.2 We use the following technological safeguards

  • firstly, we use protected computer access for patient health information, including passwords and user authentication
  • secondly, we use system protection, including firewall software and virus scanning software
  • thirdly, we use protected external electronic communications with separate Internet access
  • fourthly, we secure electronic record disposal. we safely dispose of computer hard drives and destroy all other removable media
  • finally, wireless connections that are separate from internet connections carrying patient data

7. Administrative Safeguards

  • Henceforth, we discuss office information management practices. Firstly, we provide access on a need-to-know basis. Thus, we restrict them only to authorized users
  • secondly, contractual privacy clauses/agreements with third parties included cleaning, security personnel, building maintenance personnel, and network technicians.
  • Thirdly, staff signed confidentiality agreements as part of their employment contract, and this confidentiality agreement or clause extends beyond the term of employment.

8. Communications and privacy policy

7.1 Firstly, we are sensitive to the privacy policy of personal information, as it is reflected in how we communicate with our patients, others involved in their care, and all third parties.

7.2 We protect personal information regardless of the format.

7.3 Thus, we communicate personal information and follow specific procedures,

7.3.1 Telephone

  • In addition, we will take patient preference concerning phone messages into consideration.
  • Unless authorized, we only leave our name and phone number on messages for patients.

7.3.2      Fax

  • In addition, we only receive digital faxes accessible by a secure sign-on
  • Also, we use pre-programmed numbers to ensure fax received by the proper recipient

7.3.3 Email

  • However, we do not use email for confidential messages, except if consented to by the patient. When patients initiate a confidential message by email, we assume that they have given implied consent for us to reply by email.
  • Thus, firewall and virus scanning software is in place to mitigate against unauthorized modification, loss, access, or disclosure

7.3.4 Post/Courier

  • In addition, we send letters marked as “confidential” in a sealed envelope.

9. Record retention

8.1 If applicable, privacy policy dictates that we retain patient records as required by law and professional regulations – retention of medical records for at least 10 years from the date of last entry or, in the case of minors, 16 years from the time the patient would have reached the age of majority.

8.2 In addition, we use secure offsite record storage.

10. Procedures for secure disposal/destruction of personal information

9.1 We destroy personal information when no longer required. Also, we follow set procedures that govern the storage and destruction of the personal privacy policy.

  1. At times, we use paper shredding to destroy paper records
  2. Also, we physically destroy computer hard drives
  3. In addition, we shred electronic media storage

9.2 Disposal log

We maintain a log before the secure disposal of a health record, with the patient’s name, the time period covered by the destroyed record, the method of destruction, and the person responsible for supervising the destruction – are all normal procedures.

Patient Rights and Privacy Policy

11. Access to information

10.1 Finally, patients do have the right to access their records promptly.

10.2 Thus, if a patient requested a copy of their records, we will provide it at a reasonable cost.

10.3 However, we will only provide access with the approval of the treating physician.

10.4 Thus, if the patient wished to view the original record, one of our staff shall be present. Thus, this is to maintain the integrity of the record, and we could charge a reasonable fee for this access.

10.5 Privacy Policy thus dictated that patients submit access requests in verbal or in writing formats

10.6 However, in response to requests, we follow certain guidelines or procedures.

  • Acknowledge receipt of the request
  • Respond within a timely fashion not exceeding 30 days

12. Limitations on access

11.1 However, in minimal circumstances, it is possible that access to patient records is denied. This is only if providing access will create a risk to the patient or another person.

11.1.1 Accordingly, when we expect that the information seriously endangers the individual’s mental or physical health or safety making the request or another person.

11.1.2 For instance, if the disclosure will reveal personal information about another person who has not consented to the disclosure. In this case, we separate only relevant information and censor other documents.

13. Accuracy of information

12.1 Thus, we make every effort to accurately record and ensure all patient information, as per the privacy policy.

12.2 Nevertheless, the patient can request changes in their own record on noticing inaccuracies. Also, we make an annotation on the document or record it in such cases.

12.3 Finally, a physician’s authorization or approval is necessary for any notation.