Gemoscan Canada, Inc.

About Gemoscan

Gemoscan owns and markets the HEMOCODE^TM Food Intolerance System and is responsible for personal information under its control.  As a provider of Hemocode, a healthcare service, Gemoscan collects, uses and discloses personal health information. At Gemoscan, we are committed to meeting the highest standards with respect to maintaining the privacy and confidentiality of the personal health information that we collect, use and disclose. Gemoscan strives to protect the privacy rights of our clients by meeting or exceeding the standards established by law, including Ontario’s Personal Health Information Protection Act, 2004 (“PHIPA”).

Every employee, healthcare provider, contractor and authorized agent of Gemoscan must adhere to a policy of confidentiality with respect to personal health information that they may obtain through the course of their involvement with Gemoscan, which includes adherence to the terms of this Privacy Policy. This policy will be reviewed by every staff member, contractor or outside agent when the individual first becomes involved with Gemoscan and continues in effect indefinitely.

As part of establishing this Privacy Policy, we have appointed Swati Rai, RN. as the contact person for privacy matters.  Ms. Rai can be reached at 416.650.1200.  In keeping with the requirements of PHIPA, for the purposes of protecting the privacy and confidentiality of personal health information, we have also prepared a Privacy Statement, which is available to the public and is posted on our website.

What is Personal Health Information?

Personal health information is “identifying information” about an individual, whether oral or recorded. It includes any information about an individual’s health or health care history.  “Identifying information” means information that could identify an individual when used alone or with other information.

What Personal Health Information Does Gemoscan Collect?

We collect personal health information to facilitate the HEMOCODE^TMSystem.  This may include a client’s name, address, date of birth, health history, diet information and information related to a medical condition.  We also collect blood samples from all clients who participate in the HEMOCODE^TM System.

We collect personal health information about clients directly from clients or from a person authorized to act on their own behalf.  Occasionally, we collect personal health information from clients form other sources, including other care providers, if we have consent to do so or if the law permits.

With limited exceptions, we obtain most personal health information directly from our clients and collect only as much information as is necessary to meet the purpose of the collection. We will not collect personal health information if other information we have will serve the purpose of the collection.

What Does Gemoscan Use Personal Health Information For?

Gemoscan will identify the purposes for which personal health information is being used in advance, and will inform clients of these purposes.  Gemoscan will only use personal health information that is necessary for these purposes.  

For example, personal health information may be used:

• To undertake analysis through the Hemocode System;
• To maintain communication with clients;
• To facilitate payment for the provision of services;
• To evaluate and monitor our services;
• To educate our agents to provide better care and service;
• To comply with legal and regulatory requirements;
• For risk management and quality assurance purposes; and
• As otherwise required by law.

We will obtain the appropriate consent if we wish to use personal health information for any other purpose.

When using personal health information, we exercise the highest level of care and will take all reasonable steps to ensure that personal health information is accurate, complete and up-to-date for the purpose the information is being used. We use advanced technology and well-defined practices to ensure personal health information is processed promptly, accurately, and completely.  

When Does Gemoscan Share Personal Health Information?

At the request of a client, we will share a client’s personal health information with the client’s healthcare providers including his or her pharmacist, physician, chiropractor, etc. (or his or her staff).  Typically, the information is shared by way of telephone discussion or electronic communications, such as email or fax.

In the event that an examination of materials is requested by an insurer, with the express consent of a client, we will provide the necessary documents and information to the health professional, social worker, or vocational rehabilitation expert properly identified by the insurer to review information relating to the client’s health condition, treatments and rehabilitation received as a result of an accident, if applicable, as is reasonably required for the purposes of determining eligibility of benefits.

We may also be required by law or a Court Order to share certain personal health information.

Staff members within Gemoscan will also only use and discuss client’s personal health information for the purposes outlined above.

We will only share personal health information with other professionals, agencies and providers who are involved in the care and treatment of a client if the client or his or her substitute decision maker provides consent for us to do so.

Under no circumstances will we sell client lists or other personal health information to third parties.

How Does Gemoscan Ensure the Safety and Security of Personal Health Information?

Gemoscan recognizes the importance of safeguarding personal health information and will take all steps that are reasonable in the circumstances to ensure that personal health information in our custody or control is protected against theft, loss or unauthorized use or disclosure.  We will also ensure that the records containing this information are protected against unauthorized copying, modification or disposal.

To ensure the safe storage of personal health information, we have taken steps to meet the need for physical security, technological security and administrative controls. The measures we have taken for the physical security of clients’ personal health information include:

• Keeping hard copies of personal health information in locked filing cabinets;
• restricting office access to authorized people; and
• implementing a security system

The technological security measures we have taken include the use of:

• passwords, user IDs for all users in order to access electronic records;
• encryption; and
• firewalls and virus scanners.

We have also implemented administrative controls to protect clients’ personal health information, including:

• staff training and education on privacy and security issues;
• regular audits of our practices to ensure compliance with our policies; and
• confidentiality agreements

What Does Gemoscan Do If There is a Privacy Breach?

In the event that a client’s personal health information has been stolen, lost or accessed by an unauthorized person, our first priority will be to identify and contain the breach, and then to take steps to correct it.  We will notify any client whose personal health information may have been disclosed, lost or shared in an unauthorized manner, at the first reasonable opportunity.

How Long Does Gemoscan Retain Personal Health Information?

Our policy is to retain personal health records for ten (10) years after the client’s participation in the Hemocode System or in accordance with any minimum retention period that is established by law.

How Does Gemoscan Dispose of Personal Health Information?

When personal health information is destroyed, Gemoscan will use safeguards to ensure secure destruction, including by entering into a written agreement with any agent retained to dispose the personal health information, which will set out the requirements for secure disposal and require the agent to confirm in writing that secure disposal has occurred.

What If A Client Needs Access to their Personal Health Information?

With certain limited exceptions, clients have a general right to access and may request a copy of all personal health information kept about them by Gemoscan.

If a client would like to request access his or her personal health information, he or she must make a written request to any Gemoscan staff, who will forward such request to Dr. Jiwa, who will provide the copy or access requested. An access request may be denied where:

• the information does not exist or cannot be found;
• the denial of access is required or authorized by law; or
• the request is frivolous, vexatious or made in bad faith.

We may charge a fee for this service and if so, we will provide notice in advance of processing the request.

All requests for access to personal health information will be responded to in a reasonable time frame.

 
How are Corrections to Personal Health Information Made?

If a client believes that his or her personal health information is not accurate or complete, he or she may make a written request to Ms. Rai to have the information corrected.

Gemoscan will correct personal health information where it is demonstrated that the information in the patient’s record is, in fact, inaccurate or incomplete and necessary information is provided to correct the record.

However, we may refuse to correct personal health information if the information is a professional opinion or an observation of a health care provider.  In these circumstances, where a correction request is denied, clients may append a short statement of disagreement to their record.

All requests for access to personal health information will be responded to in a reasonable time frame.

What if A Client Has Questions or Concerns?

At Gemoscan, we review policies and procedures on an ongoing basis and may revise these from time to time.  If these revisions significantly change how we collect, use or disclose previously collected personal health information, we will inform our clients and obtain consents where required.

If you have any questions or concerns about Privacy at Gemoscan, please speak with
Ms. Rai.

If we are not able to address your concerns, or if you require further information regarding Privacy in Ontario, please contact the following:

Information & Privacy Commissioner/Ontario
80 Bloor Street West, Suite 1700
Toronto, ON M5S 2V1
(416) 326-3333
Commissioner@ipc.on.ca

Any changes to our Privacy Policy shall be acknowledged in this Privacy Policy in a timely manner.  

Last modified on the 14th day of December, 2011.