Privacy Policy

At Kensington Medical Clinic we strive to provide our patients with excellent, efficient medical care and services. Every member of our team at Kensington Medical Clinic abides by our commitment to privacy in the handling of personal information. This policy demonstrates the ways we ensure that patients’ privacy is protected. Our policy applies to all personal health information of all patients that are in our possession and control. This policy was last modified on the 1st day of January 2019.

Our privacy policy reflects our compliance with fair information practices, applicable laws and standards of practice.

Protecting Personal Information

1. Openness and transparency
Kensington Medical Clinic values patient privacy and acts in accordance to ensure that it is and remains protected. This policy was written to explain how our office practices and upholds federal and provincial requirements for the protection of personal information. This policy describes how our office collects, protects and discloses the personal information of patients and the rights of patients in respect to their personal information. As an office, we are available to answer any patient questions regarding our privacy practices.

2. Accountability
As a medical clinic we are aware that our physicians are ultimately accountable for the protection of the health records in his/her possession. As patient information is sensitive by nature. Employees and all staff at our clinic are required to periodicaally review this policy as revisions are made. All of our staff must adhere to the protections described in this policy for the appropriate use and disclosure of personal information.

2.1 All of the staff at Kensington Medical Clinic who have access to personal information must adhere to the following information management practices:

  • Access is on a need to know basis
  • Access is restricted to authorized users
  • Third party obligations contractual privacy clauses/agreements with third parties

2.2 Kensington Medical Clinic employs strict privacy protections to ensure that:

  • We protect the confidentiality of any personal information accessed in the course of providing patient care.
  • We collect, use and disclose personal information only for the purposes of providing care and treatment and the administration of that care, or for other purposes expressly consented to by the patient.
  • We adhere to the privacy and security policies and procedures of this office.
  • We educate and train staff on the importance of protecting personal information.

Collection, Use and Disclosure of personal information

3. Collection of personal information
We collect the following personal information from patients:

  • Identification / Contact information (Phone number, Email, Address)
  • name, date of birth
  • Billing information, such as provincial health card number
  • Health information, which includes a patient’s medical history and presenting symptoms

We only collect the information that is required to provide patient care and administrative duties which includes but are not limited to communicating with patients, follow up protocols and setting of appointments. We do not collect any other information, or allow information to be used for other purposes, without the patient’s express consent. This excludes where we are authorized to do so by law. These limits on collection ensure that we do not collect any unnecessary information.

4. Use of personal information
The personal information in which we collect from patients is used by this office for the following purposes:

  • Identification, contact and in cases of emergencies, an emergency contact
  • Provision and continuity of care
  • Historical record, Health promotion and prevention
  • Administrate the care that is provided, appointment scheduling
  • Billing provincial health plan
  • Professional requirements
  • Quality assurance (peer review)

No information given to our clinic is released to any third parties unless specifically requested by the patient at which signed authorization is required.

5. Disclosure of personal information
5.1 Implied consent (Disclosures to other providers)
Unless otherwise indicated, we assume that patients at Kensington Medical Clinic have consented to the use of their information for the purposes of providing them with care. This includes sharing the information with other health providers involved in their care. By seeking care from Kensington Medical Clinic, the patient’s consent is implied for the provision of that care. Relevant health information is shared with other providers involved in the patient’s care, including other physicians working within the confines of our practice at Kensington Medical Clinic, as well as, physicians that are consulted while providing patient care

5.2 Without consent (Disclosures mandated or authorized by law)
Kensington Medical clinic recognizes that in limited situations physician are legally required to disclose personal information without the patient’s consent. Examples of these situations include:

  • billing provincial health plans
  • reporting specific diseases
  • reporting abuse including spousal abuse and child abuse
  • reporting fitness to drive, fly
  • by court order (when subpoenaed in a court case)
  • in regulatory investigations

5.3 Express Consent (Disclosures to all other third parties)
We acknowledge that written consent is required before we disclose personal information to third parties for any purpose other than to provide care unless authorized to do so by law.
These include:

  • third party medical examinations
  • charts or chart summaries to insurance companies
  • charts or chart summaries to Workers Compensation Board

In these situations, a copy of the written signed consent form is attached to the patients record to ensure that proper protocols are followed.

5.4 Withdrawal of consent
Patients have the option to withdraw consent to having their information shared. This includes withdrawing consent with other health providers and with third parties at any time. If a patient chooses to withdraw their consent, a physician within our practice will discuss any possible significant consequences that might result with respect to their care and treatment.

Office Safeguards

6. Security measures
6.1 Kensington Medical Clinic have multiple safeguards put in place to protect the security of patient information. These safeguards include a combination of physical, technological and administrative security measures.

Physical safeguards utilized by Kensington Medical Clinic:

  • limited access to office
  • deadbolt entry lock (or key card/key pad entry system)
  • no public access to we only keep electronic records
  • we ensure a need to know stance for staff accessing records
  • front desk privacy screens
  • soundproofing within the office to ensure information privacy

Technological safeguards utilized by Kensington Medical Clinic:

  • protected computer access for patient health information
  • 2nd level security passwords
  • Individual user authentication for each staff member
  • system protections such as firewall software and virus scanning software
  • Protected external electronic communications – Internet
  • separate private internet access
  • after terminating any devices, whether it being a computer or laptop, properly dispose of all computers and hard drives. With wireless devices such as laptops, we take extra precautions to ensure privacy of patient health information

administrative safeguards utilized by Kensington Medical Clinic:

  • restricted access for authorized users only, this includes the clause of access on a need to know basis

In utilizing these safeguards, we limit third party members from accessing patient information, and if required, they shall only do so through contractual agreements provided with a comparable level of protection.

6.2 Staff signed confidentiality agreements
As an employer, Kensington Medical clinic ensures that all staff have signed confidentiality clause as part of their employment contract. The confidentiality clause within the employment contract states that:

As an employee of Kensington Medical clinic, I understand that I have a legal and professional responsibility to protect patient’s personal information as defined by Kensington’s Confidentiality/Privacy Policy.

Note, this confidentiality clause extends beyond the term of employment.

7. Communications policy
We are sensitive to the privacy of personal information and this is reflected in how we communicate with our patients, others involved in their care and all third parties. We ensure to protect personal information regardless of the format.

We use specific procedures to communicate personal information by:
Use of Telephone:

  • We support the preferences of patients with regards to phone messages and take their thoughts into consideration
  • Unless authorized by the patient, we only leave our name and contact information on messages for patients

Use of Fax:

  • Our SRfax system is located on a secure and supervised computer which is restricted public access, faxes are directly imported into our Oscar system
  • We use pre-programmed fax numbers to ensure fax received by the intended recipient

Use of Email:

  • any confidential information sent over public or external networks is encrypted firewall and virus scanning software is in place to mitigate against unauthorized modification, loss, access or disclosure

Use of Post/Courier:

  • Any envelopes sent via post or couriers are sealed and marked confidential

8. Record retention
As mandated by College guidelines, we retain patient records as required by law and professional regulations. The Canadian Medical Protective Association (CMPA) advises that all physicians retain copies of medical records for at least 10 years from the date of the last entry. In the case of minors, 10 years from the time the patient would have reached the age of majority which is the age 19 in BC jurisdiction. Given the fact that claims may arise beyond the stipulated regulatory period, we keep all records indefinitely as we are an electronic office.

9. Procedures for secure disposal/destruction of personal information
When information is no longer required, it is destroyed according to set procedures that govern the storage and destruction of personal information
We use the following methods to destroy/dispose of paper records:

  • Upon entering any paper records into our electronic system whether received via mail or by the patient directly, all originals are sent to shredding to ensure patient information privacy

We use the following methods to destroy/dispose of electronic records We seek expert advice on how to dispose of electronic records and hardware. At a minimum, we ensure that all information is wiped clean where possible prior to disposal of any electronic devices such as storage devices, CD’s etc. We properly disposed of all computer hard drives, and shred all CD’s )

Before the secure disposal of any health records, we maintain that the information is uploaded to our electronic medical records so that we can uphold the integrity of information provided to us while ensuring patient information privacy.

Patient Rights

10. Access to information
At Kensington Medical Clinic we acknowledge that patients have the right to access their record in a timely manner. If a patient requests a copy of their records, one will be provided at a reasonable cost of $40 dollars which is in accordance to the BCMEA private fee guidelines set forth by the college. Access shall only be provided upon approval of the physician. If a patient wishes to view the original record, one of our staff members must be present to maintain the integrity of the record, and a reasonable fee may be charged for this access. Patients can submit access requests in writing using the release of information form provided by our office.

Our office follows specific procedures to respond to access requests:

  • we acknowledge receipt of request within 2-3 days via email
  • we release the records to the requesting client within 30 days of the request as long as written consent is provided.

11. Limitations on access
In extremely limited circumstances the patient may be denied access to their records, but only if providing access would create a risk to that patient or to another person. For example, when the information could reasonably be expected to seriously endanger the mental or physical health or safety of the individual making the request or another person. Or if the disclosure would reveal personal information about another person who has not consented to the disclosure. In this case, we will do our best to separate out this information and disclose only what is appropriate.

12. Accuracy of information
We make every effort to ensure that all patient information is recorded accurately. Upon arrival to the clinic all contact information is updated. With regards to chart information, if an inaccuracy is noted, the patient can request changes in their own record. This request is documented by an annotation in the record. No changes shall be made to a patient’s record without the approval or authorization of the attending physician.

13. Privacy Complaints
It is important to us that our privacy policies and practices address patient concerns and respond to patient needs.

If a patient believes that this office has not responded to their access request or handled their personal information in a reasonable manner it is encouraged that the person first addresses this with their doctor.

Our complaints process is readily accessible, transparent and simple to use. In most cases, an issue is resolved simply by telling us about it and discussing it. Patient complaints can be made in writing addressed to:

Attn: Privacy officer
Kensington Medical Clinic
6548 Hastings St
Burnaby BC

Patients who wish to pursue the matter further are advised to direct their complaints to:

The College of Physicians and Surgeons of British Columbia or the provincial privacy commissioner.

© 2023 Kensington Walk-In and Pediatric Medical Clinic. Web site by Medora