Privacy Policy and Privacy Practices Notice

Advanced Rejuvenation Clinic Ste-Thérèse Inc.
Effective date: January 2, 2025

Introduction and contact details

Purpose and scope

This Privacy Policy and Notice on Privacy Practices (“Privacy Policy”) describes how Clinique Avancée de Réjuvenation Ste-Thérèse Inc. (“we”, “our”, or the “Clinic”), located at 25 Saint-Joseph Street, Office 200, Sainte-Thérèse, QC, J7E 4X5, collects, uses, maintains, protects, and discloses protected health information (“PHI”) from our patients and customers. This Privacy Policy applies to all services provided in our facilities, through our website www.experiencecare.ca and through our electronic health record system, Clinicminds.

Personal Information Protection Officer and Contact Information

In accordance with the Health and Social Services Information Act (Bill 5), we have appointed a privacy officer who is responsible for ensuring the compliance of our privacy practices. If you have any questions, concerns, or requests regarding this Privacy Policy or your health information, please contact:

Privacy Officer: Dr. Francesca Olinga, President

Email: francesca.olinga@experiencecare.ca
Phone: (450) 990-2322
Address: 25 Saint-Joseph Street, Office 200, Sainte-Thérèse, QC, J7E 4X5
Office hours: Monday to Friday, 8:30 a.m. to 5:30 p.m. We are committed to protecting the confidentiality of your health information and to complying with legal obligations in force in Quebec.

Information we collect and maintain

We collect, maintain, and protect the following categories of protected health information:

  • Full name, date of birth and gender
  • Contact information (address, phone numbers, email addresses)
  • Government identification numbers
Demographic Information :
  • Medical history and results of physical and diagnostic exams
  • Lab test results
  • Treatment plans and procedures performed
  • Prescribed medications and medication history
  • Allergies and Adverse Reactions
  • Development notes and clinical observations
  • Consultation reports and reference information
  • Emergency contact details
Clinical Information
  • Appointment schedules and attendance records
  • Billing records and payment history
  • Authorization forms and consent documents
Administrative and financial information

Use and disclosure of health information

Permitted uses and disclosures

We may use and disclose your protected health information (PHI) for the following purposes:

  • Provide, coordinate, and manage your health care.
  • Schedule appointments and follow-up care.
  • Consult other health professionals.
  • Refer you to other health care providers.
Treatment:
  • Billing and collection activities.
  • Obtaining prior authorizations.
  • Revision of health services to assess medical necessity.
Payment :
  • Quality assessment and improvement activities.
  • Assessment of professional competencies.
  • Training programs for health professionals.
  • Legal and audit functions.
Health Care Operations :
Electronic medical record system

We use Clinicminds as our electronic health record (EMR) system. The information shared through this system is:

  • Protégées through encryption and security protocols that comply with industry standards.
  • Accessible only to authorized health care providers and personnel.
  • Monitored through access logs and audit trails.
  • Saved regularly to prevent data loss.
  • Maintained in accordance with applicable privacy laws and regulations.
Marketing and research

We have strict controls over the use of protected health information for marketing and research purposes:

  • We will obtain your explicit written permission before using your health information for marketing purposes.
  • You can unsubscribe from marketing communications at any time.
  • Your decision to unsubscribe will not affect your health care or services.
Marketing communications:
  • Health information can be used in anonymized case studies with the explicit permission of the patient.
  • All identifying information will be removed prior to use.
  • We implement a rigorous de-identification process that meets industry standards.
  • You have the right to refuse to participate in research studies.
  • Participation in research is voluntary and will not affect your care.
Case studies and research:

Patient rights and access to information

Right to access health information

You have the right to see and get a copy of your health information.

  • Requests must be submitted in writing to the Privacy Officer.
  • We will respond to requests within 30 days.
  • An extension of 30 days may be granted with written notice.
  • Electronic or hard copies will be provided depending on your preference.
Application procedure:
  • A fee of $50.00 will be charged for copying and preparing files.
  • Fees may be waived in case of financial difficulties.
  • Payment must be received before the files are submitted.
  • A detailed receipt will be provided.
Expenses:
Right to request changes

You have the right to request changes to your health information.

  • Requests must be submitted in writing to the Privacy Officer.
  • Requests should include a rationale supporting the change.
  • We will respond within 30 days of receipt.
  • An extension of 30 days may be granted with written notice.
Change process:
  • We may refuse requests for changes if the information was not created by our clinic, is not part of the records we hold, is accurate and complete, or is not subject to change under applicable law.
  • A written explanation will be provided in case of refusal.
  • You have the right to submit a statement of disagreement.
Refusal of changes:

Violation notification procedures

Definition and assessment of a violation

A breach is defined as the unauthorized acquisition, access, use, or disclosure of protected health information (PHI) that compromises its security or confidentiality. The assessment includes: a) the nature and extent of the RSPs involved. b) the unauthorized persons who used or received the RSPs c) confirmation that the RSPs were actually acquired or consulted. d) the degree of risk mitigation.

Notification requirements

In the event of a violation, we are committed to:

  • Provide written notification within 60 days of discovery.
  • Include a description of the breach and the types of information involved.
  • Detail the steps individuals should take to protect themselves.
  • Describe our investigation and mitigation efforts
  • Please provide contact information if you have any questions.
Individual notification:
  • Issue a press release for violations affecting more than 500 people.
  • Post a review on the home page of our website.
  • Maintain a toll-free telephone line to provide information.
Media notification:
  • Report to the appropriate authorities in accordance with legal requirements.
  • Document all activities related to the violation
  • Maintain a record of violation notifications.
  • Cooperate with regulatory investigations.
Notification to regulatory authorities:

Retention and destruction of information

Record keeping

We maintain health records in accordance with established standards:

  • Adult patient records : 10 years from the last registration or insertion in the file.
  • Pediatric patient records : until the patient reaches the age of majority, plus 10 years.
  • Records of deceased patients : 10 years from the date of death.
  • Financial records : 7 years from the date of the transaction.
Standard retention period:
  • Cases involved in litigation : until the final resolution, plus 10 years.
  • Research files : according to the requirements of the research protocols.
  • Files subject to legal restraint : until the restraint is lifted.
  • Special category folders : according to applicable laws.
Extended preservation:
Secure destruction

We use secure destruction procedures for protected health information (PHI):

  • Destruction : cross-cut shredding or incineration.
  • Traceability : documented chain of custody and certificate of destruction.
  • Supervision : supervised destruction when required.
  • Calendar : destruction events scheduled on a regular basis.
  • Secure storage : secure storage pending destruction.
Paper files:
  • Erasure : suppression in accordance with Department of Defense standards.
  • Physical destruction : physical destruction of storage media.
  • Documentation : documented destruction procedures and verification of complete destruction.
  • Registers : maintenance of destruction logs.Certification : certification by third parties when required.
  • Certification : certification by third parties when required.
Electronic records:

Policy updates and changes

Revision and updates

This privacy policy is reviewed and updated on a regular basis:

  • Full annual review.
  • Interim updates as required.
  • Documentation of all revisions.
  • Change approval process.
  • Maintaining version control.
Revision schedule:
  • Notice of significant changes.
  • 30-day notice when possible.
  • Documentation of all revisions.
  • Staff training on updates.
  • Update related procedures.
  • Revised policy distribution.
Implementation of the changes:
Communicating changes

We will notify affected individuals of changes to the policy:

  • Posting a review in the establishment.
  • Updates on the website.
  • Direct communication with patients.
  • Communications to staff.
  • Notifications to business partners.
  • Notification documentation.
Notification methods:

Compliance and enforcement

Regulatory compliance

We are committed to complying with applicable privacy laws and regulations:

  • Privacy laws and regulations in Quebec.
  • Federal privacy requirements.
  • Professional licensing standards.
  • Industry standards and best practices.
  • Reporting requirements to regulatory agencies.
Jurisdictional requirements:
  • Regular compliance assessments.
  • Documentation of compliance efforts.
  • Analysis of variances and corrective measures.
  • Follow up on regulatory updates.
  • Compliance training programs.
  • Collaboration with external audits.
Compliance monitoring:
Application and discipline

We rigorously enforce confidentiality requirements:

  • Investigation of reported violations.
  • Documentation of findings.
  • Implementation of corrective measures.
  • Appropriate disciplinary measures.
  • Reporting to the authorities if necessary.
  • Improvement of processes accordingly.
Response to violations:
  • Verbal warnings.
  • Written warnings.
  • Suspension of privileges.
  • Termination of employment.
  • Legal actions if justified.
  • Documentation of all actions taken.
Progressive discipline:

Consent and authorization

Patient consent

We obtain patient consent to this privacy policy by:

  • Signed consent form.
  • Electronic recording of consent.
  • Documentation of attempts to obtain.
  • Registration of denials of consent.
  • Regular consent updates.
Written documentation:
  • Retention of consent records.
  • Documentation of the transmission method.
  • Compliance with record retention requirements.
  • Maintaining the traceability of audits.
  • Regular checking of registrations.
Proof of notification:

Contact and questions

For questions about this privacy policy or to exercise your rights, please contact:

Privacy Officer: Dr. Francesca Olinga, President

Email: francesca.olinga@experiencecare.ca
Phone: (450) 990-2322
Address: 25 Saint-Joseph Street, Office 200, Sainte-Thérèse, QC, J7E 4X5
Office hours: Monday to Friday, 8:30 a.m. to 5:30 p.m. We are committed to protecting the confidentiality of your health information and to complying with legal obligations in force in Quebec.