The protection of your private personal information (PI) is one of the priorities at this website of Dr. Malak Abu Shakra, Ph.D., C. Psych. (Dr. Abu Shakra). Due to the nature of the business of Dr. Abu Shakra, she is required to collect essential Personal Identifiable Information (PII) as is dictated by law. Additionally, Dr. Abu Shakra is committed to collecting, using and disclosing your PII responsibly, and only to the extent necessary for the goods and services Dr. Abu Shakra provides to you. This document describes how Dr. Abu Shakra’s privacy policies are in alignment with PHIPA, PIPEDA, the Digital Privacy Act, and Freedom of Information and Protection of Privacy (FIPP) in addition to Dr. Abu Shakra’s own strict privacy policies & procedures.
PHIPA: The Provincial; (Ontario) Personal Health Information Protection Act was established in Ontario in 2004. This legislation governs the collection, use and disclosure of personal health information, which is confidential data regarding a patient's mental and physical health.
FIPPAThe Provincial; (Ontario) Freedom of Information and Protection of Privacy Act purpose:
(a) to provide a right of access to information under the control of institutions in accordance with the principles that,
(i) information should be available to the public,
(ii) necessary exemptions from the right of access should be limited and specific, and
(iii) decisions on the disclosure of government information should be reviewed independently of government; and
(b) to protect the privacy of individuals with respect to personal information about themselves held by institutions and to provide individuals with a right of access to that information. R.S.O. 1990, c. F.31, s. 1.
PIPEDA:The Federal; (Canada) Personal Information Protection and Electronic Documents Act sets the ground rules for how private-sector organizations collect, use, and disclose personal information in the course of for-profit, commercial activities across Canada. PIPEDA generally applies to personal information held by private sector organizations that are not federally-regulated, and conduct business everywhere in Canada.
Digital Privacy Act: The Federal; (Canada) The requirement for “valid consent” to the collection, use and disclosure of personal information. Every organization that collects, uses and discloses personal information in the course of commercial activity in Canada (with a few exceptions) must follow new mandatory data breach record-keeping, reporting and notification rules – or face significant non-compliance consequences.
What Is Personal Information (PI)/ Personally Identifiable Information (PII)?
Personal information is information about an identifiable individual. PII includes information that relates to their personal characteristics (e.g., gender, age, income, home address or phone number, ethnic background, family status), their health (e.g., health history, health conditions, health services received by them) or their activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual).
What Is NOT Personal Information?
What is not considered to be Personal Information is business related information (e.g., an individual’s business address, business title, business email address and business telephone number), all of which is not protected by privacy legislation.
Your Personal Information:
Dr. Abu Shakra is required to collect PII information in regards to yourself which will include; legal name, date of birth, place of residence; basically all contact information in addition to an emergency contact with their contact information, in order to provide you with optimal service. There will be requirements to provide your age, health history, current health condition(s), assessment results or diagnoses from other health providers; health services provided to or received by you.
Currently Dr. Abu Shakra’s, support personnel (accountants, legal representatives, IT tech’s) and administrative staff, etc; are all required to uphold Dr. Abu Shakra’s strict policies and procedures in addition to the stringent protection and management of your confidential PII.
In the course of doing business, Dr. Abu Shakra may use a number of consultants, agencies and resources that may, in the course of their duties, have access to your personal information. Including but not limited to; computer consultants & technicians; office security; legal service providers; etc. Dr. Abu Shakra proactively restricts access to your PII and has engaged these resources and possibly others under strict contracts to insure they follow appropriate privacy policies and procedures which are required by law to protect your PII.
Collection of Personal Information: Primary Purposes
About Patients/Clients (Patients)
Like all health service providers, Dr. Abu Shakra may collect, use and disclose PII in order to serve you the patient.
The primary purpose; for collecting personal information, is to provide Dr. Abu Shakra’s services and treatments. For example, Dr. Abu Shakra may collect information on health history, including family history, physical condition, physical function and social situation in order to assess what your health needs are, to advise you of your options.
The secondary purpose; is to obtain a baseline of health and social information to facilitate the provision of ongoing optimum health services, and identify changes that are occurring over time. In the event Dr. Abu Shakra should need to collect such information without the patient’s express consent, as might occur in an emergency (e.g., the patient is unconscious) or where Dr. Abu Shakra reasonably believes the patient would consent if asked and it is impractical to obtain consent (e.g., a family member passing a message to us, from you the patient and Dr. Abu Shakra has no reason to believe that the message is not genuine due to the reasonable nature of it).
Psychologists are regulated by the College of Psychologists of Ontario;
Who may inspect your records as a part of their regulatory activities, and in the public interest.
As part of Dr. Abu Shakra’s Duty of Care requirement(s);
Dr. Abu Shakra is mandated to report serious misconduct, incompetence or incapacity of any practitioner.
Various government agencies (e.g., Canada Revenue Agency, Information and Privacy Commissioner, Human Rights Commission, etc.) have the authority to review your files as a part of their mandates.
In these circumstances, Dr. Abu Shakra may consult with professionals (e.g., legal representative, or accountants) who investigate the matter on her behalf.
The cost of some goods/services provided by Dr. Abu Shakra to patients is paid for by third parties (e.g., WSIB, or private insurance).
These third-party payers often have your consent or by legislative authority to direct us to collect and disclose to them certain information in order to demonstrate patient entitlement to their funding.
Patients or other individuals Dr. Abu Shakra has dealt with may have questions about their goods or services after they have been received years later.
Dr. Abu Shakra also provides ongoing services for many patients over a period of months or years for which previous records are essential resources.
If Dr. Abu Shakra’s practice or its assets were to be sold, the purchaser would conduct a “due diligence” review of Dr. Abu Shakra’s records to ensure that it is a viable business which has been honestly portrayed. This due diligence may involve some review of the accounting and service files. The purchaser would not be able to remove or record personal information. Additionally, before being provided access to the files, the purchaser must provide a written promise / agreement to keep all PII confidential. Only reputable purchasers who have already agreed to purchase the organization’s business or its assets would be provided access to personal information, and only for the purpose of completing their due diligence search prior to closing the purchase.
Members of the General Public;
Dr. Abu Shakra’s primary purpose for collecting a limited amount of your personal information including your email address; is to provide notice of appointments or other services.
Upon your request, Dr. Abu Shakra will remove any reasonable personal information from the contact list. Dr. Abu Shakra does not use, share, sell, or in any way distribute your information in any manner other than it’s original intended use as was provided by you.
Collected Personal Information: Related and Secondary Purposes
Dr. Abu Shakra will also collect, use and disclose information for purposes related to or secondary to the primary purposes and only in compliance with Government Regulations. The most common examples of the related and secondary purposes are as follows, and only upon your consent, would Dr. Abu Shakra share essential information with third parties to provide you with their services under the following circumstances, to name but a few;
invoice patients for goods or services that were not paid for at the time they were provided, to process credit card payments or to collect unpaid accounts.
advise patients that their product or service should be reviewed (e.g., to ensure a product is still functioning properly and appropriate for their then current needs and to consider modifications or replacement).
advise patients and others of special events or opportunities (e.g., a seminar, development of a new service, arrival of a new product).
additionally; external consultants (e.g., auditors, legal service providers, practice consultants, voluntary accreditation programs) may conduct audits and reviews for continuous quality improvements.
You can decline at any time, or discontinue the participation of some of these related or secondary purposes, (e.g., by declining to receive notice of special events or opportunities, and by paying for your services in advance).
Protecting Your Personal Information
Dr. Abu Shakra understands the importance of protecting all private information. For that reason, Dr. Abu Shakra has taken the following steps:
Paper information is either under constant supervision, or secured in a locked or restricted area.
Digital information is secured by passwords & electronic hardware either constantly under supervision or secured in a locked or restricted area at all times. In addition; strong passwords are used on all computers.
When paper information is transferred, it is in sealed, envelopes or boxes, and by reputable bonded courier companies.
Electronic/Digital information is transmitted either through a direct line (fax), is anonymized and/or is encrypted.
External consultants and agencies with access to your personal information must enter into privacy agreements with Dr. Abu Shakra, or sign confidentiality agreements prior to any transfer of private information or access to any PII in the course of providing their services to Dr. Abu Shakra.
Any unauthorized or unnecessary access to any personal information is prohibited.
Retention and Destruction of Personal Information
Dr. Abu Shakra is required to retain personal information for various time frames in accordance with Government Regulations. Additionally, to ensure that Dr. Abu Shakra can answer questions you might have about the services provided and for her own accountability to external regulatory bodies.
Dr. Abu Shakra will retain patient information for a minimum of ten years after the last contact/entry or ten years after the patient reaches, or would have reached, the age of eighteen. Otherwise if you ask, Dr. Abu Shakra will remove “reasonable” contact information right away. Dr. Abu Shakra will keep any personal information relating to general correspondence (e.g., with people who are not patients) newsletters, seminars and marketing activities for approximately six months after the newsletter ceases publication or a marketing activity is over. Paper files containing personal information are destroyed by shredding. Dr. Abu Shakra destroys electronic information by deleting it and, prior to the hardware being discarded; the memory device, or hard drive is physically destroyed.
You Can Look At Your Information
Under the Privacy Act; you have the right to see what personal information Dr. Abu Shakra has in the files regarding you, within reason, and the provisions of the governing bodies, or law. Often all you have to do is contact Dr. Abu Shakra’s Information Officer. She will need to confirm your identity before providing you with this access. Dr. Abu Shakra reserves the right to charge a nominal fee for each of these requests. Please put your request in writing. If Dr. Abu Shakra cannot give you access, she will inform you by letter or email within 30 days and provide you with the reason why she cannot give you access.
If you believe there is a error in Dr. Abu Shakra’s information regarding you; you have the right to request it to be corrected. This request can only apply to factual information, not financial information and not to any professional opinions. You will be required to provide documentation to support your request for the correction of the files. In the event Dr. Abu Shakra does agree that she has an error in the file on you, she will make the correction and notify those to whom she has been authorized by you to send this information originally. If Dr. Abu Shakra does not agree that she has an error, she will still agree to include a brief statement from you on the point in the file and she will forward a copy of that statement to those who received the earlier information.
Do You Have a Request or a Question?
Information Officer: Dr. Malak Abu Shakra
Executive Director & Clinical Psychologist
567 Roehampton Ave, Suite #29
Toronto, ON M4P 1S5
Dr. Abu Shakra will, to the best of her ability, attempt to answer any questions or concerns you might have or provide direction as to where your answers can possibly be found. If you wish to make a formal complaint regarding these privacy practices; you may make it in writing to Dr. Abu Shakra the Information Officer (contact information above). Receipt of your complaint will be acknowledged, investigated promptly and you will be provided with a formal decision and reasons in writing.
If you have a concern about the professionalism or competence of Dr. Abu Shakra, she would ask you to discuss those concerns with her first. If Dr. Abu Shakra cannot satisfy your concerns, you are entitled to contact the regulatory body (the following information lists are maintained on a best efforts basis) as follows:
Notice: the following list is maintained on a best efforts basis
College of Psychologists of Ontario
This policy is made under the (PHIPA) Personal Health Information Protection Act, the (PIPEDA) Personal Information Protection and Electronic Documents Act, and the Digital Privacy Act. All are complex and all provide some additional exceptions to the privacy principles that are too detailed to set out here, and as a result there are some rare exceptions to the commitments Dr. Abu Shakra has set out above.
For more Privacy information and inquiries;
Notice: the following list is maintained on a best efforts basis
The Privacy Commissioner of Canada
The Information and Privacy Commissioner of Ontario