Consent to Use and Store Personal Health Information
At 306 Dental we are committed to ensuring a professional, safe and trusted office environment. To provide you with optimized oral health care and excellent service we use, store and analyze certain personal health information that we (a) collect from you, (b) generate through diagnostic testing and treatment planning, or (c) receive from your other health care providers.
We will not collect, disclose, or use any of your information without your knowledge or consent. Only persons with a clinical (or related administrative) need to know a piece of information will be granted access to that information. In the same vein we embrace the principle that only the necessary amount of information shall be disclosed for any task or function. Our staff are trained on the importance of keeping your information safe, secure and confidential.
What information do we collect?
There are a few categories of information we normally collect. The first is personal information such as name, address, other contact information, insurance information, and financial/billing information, which may include credit card numbers and other such information. To the extent we collect credit card information, it is done in compliance with Payment Card Industry Data Security Standards (PCI DSS).
We also collect and generate personal health information including such things as:
- Medical history
- Dental history
- Records of dental visits, recall exams and appointment scheduling
- Results of diagnosis and testing
- Study models, odontograms and impressions
- Treatment recommendations, treatment plans and progress notes
- Records of consent conversations and when appropriate, signed consent forms
- Referral/Specialists reports and recommendations
How do we use your information?
We believe it is important that you know how we use your information. To that end, we only collect, use and disclose information about you for the following purposes:
- To deliver safe and efficient patient care
- To ensure high-quality service
- To assess your health needs
- To advise you of treatment options
- To provide you with information about services offered at our clinic
- To inform you of changes to our office policies or hours
- To establish and maintain communication with you, including to schedule and remind you of appointments
- To enable us to contact you
- To communicate with other health care providers, including specialists and general dentists involved in your care
- To allow us to efficiently follow-up for treatment, care and billing
- For teaching and demonstrating purposes on an anonymous basis
- To complete and submit dental claims and estimates for third party adjudication and payment
- To comply with legal and regulatory requirements, including communication with the provincial dental regulator, privacy commissioner or any statutory review board as required under legislation
- To comply with a court order in the event of legal proceedings
- To invoice for goods and services
- To process credit card, cash and personal cheque payments
- To collect unpaid accounts
- To send you surveys relating to our business and services
- For internal management purposes, such as resource planning, policy development, quality assurance, and human resource management
- To comply with regulatory requirements and the law generally
- In the event that a decision to sell the practice is made:
- To permit potential purchasers to evaluate the dental practice
- To allow potential purchasers to conduct an audit in preparation for a sale
While the above list is rather long, we believe it better to be over-inclusive. Many of the items listed above are unlikely to apply to you.
Before personal information is used or disclosed for a purpose not previously identified, we will advise you of this new purpose or disclosure and will only proceed with your consent.
When we communicate with you, we may communicate via electronic means, such as e-mail or SMS text message. We strive to ensure that our Commercial Electronic Messages (“CEMs”) are sent with consent, identifying information and unsubscribe mechanisms. We require all CEMs from our Office to be in compliance with privacy and anti-SPAM laws. If and when we communicate with you using CEMs, you can opt out of receiving such messages by following the “Unsubscribe” link included at the bottom of such messages or by contacting our office practice manager. Any questions or concerns with respect to CEMs from our Office may be addressed to email@example.com or 306-586-3155. If our Office inadvertently sends out a CEM without consent, we commit to investigating every such instance and assisting the employee(s) or managers involved with renewing their understanding and awareness of our compliance responsibilities.
How is your information stored and who has access to it?
Your information may be kept in physical form (files, models, etc.) in which case it is either guarded by staff or stored in a locked and secure file cabinet or safe. Digital information may be stored on encrypted file servers in secure/access-controlled locations. Digital information is password protected and stored on systems which save audit trails in the event unauthorized access must be investigated. Our systems are protected by industry standard IT security hardware and software measures.
We may enter into agreements with third-party providers specializing in data storage and protection. Sometimes that data is securely stored in the cloud, which may include locations outside of Canada. In those instances, only persons contractually obligated to secure and protect your data will be able to access that data. We will only enter into contractual agreements with providers which meet Canadian legal standards and requirements for storage and protection of personal health information.
We may also share aggregate and non-identifiable data with research institutions or third-party providers to advance oral health care. This is explicitly permitted by legislation as it poses minimal to no risk to patients but has the potential to greatly enhance health care effectiveness. We will only share such data with persons or providers who enter into the necessary agreements to keep information confidential and to safeguard and protect such data.