Privacy Policy

Therapy in the Clouds upholds the privacy of our clients and acknowledges the need for transparency in the ways in which we do so. Thus, Therapy in the Clouds has created this Privacy Policy to ensure our clients understand how we collect, use and disclose information. It is a statement of the Therapy in the Clouds information practices as required by the Personal Health Information Protection Act (PHIPA).

Who We Are: Therapy in the Clouds is a virtual private practice and includes a number of therapists providing psychotherapy and counselling services.

What is Personal Health Information?

At Therapy in the Clouds, your therapist may collect, use or disclose the following personal health information about you:

  • Your physical or mental health, including family health history.
  • Your provision of health care, including identification of your health care provider and your substitute decision maker.
  • A plan of service for long-term care.
  • Payment or eligibility for health care.
  • Your health care number.

How is this Personal Health Information Used?

Therapy in the Clouds collects, uses and discloses personal information to provide psychotherapy and counselling services to our clients. For example, we collect information about clients’ disclosed health and social history and family composition to assess service needs. Therapists will document electronic case notes pertaining to your session to keep a record of relevant information to provide present and future service.

Consent to Collect, Use and Disclose Personal Health Information

Except when required by law, your personal health information will only be collected, used and/or disclosed for the purposes set out in this policy. You may withhold or withdraw your consent to collect, use or disclose your personal health information. Withdrawal of your consent may negatively impact your treatment and/or the level of service you are able to receive.

Protection of Personal Health Information

Therapy in the Clouds is committed to protecting the security of our clients’ personal health information. We have put in place reasonable administrative, technical and physical security measures to help prevent theft, loss and unauthorized use, disclosure, copying, modification and disposal of your personal health information.

Security measures that Therapy in the Cloud has in place to protect your personal health information includes:

  • Policies and procedures to govern the privacy of client information
  • Limiting access to your personal health information to only those required to deliver service to you.
  • Use of passwords to access your personal health information.
  • Storing your personal health information on a secure and protected network.
  • Permanently destroying your personal health information in accordance with the Therapy in the Cloud retention schedule (see below).

Limits on Confidentiality of Personal Health Information

No personal information will be communicated directly or indirectly to any third party without the client’s express written consent, except when there is a legal obligation to release personal health information.

The following are examples of matters in which a therapist has a duty to report, or disclose information:

  1. Harm to self: If a therapist has reason to believe that a client is in danger of physically harming themselves in ways that may be life-threatening, a therapist will direct them to access emergency hospital services and/or contact a family member, close other, or another person such as a police officer who may be able to help protect the client. There may be other emergency health care related circumstances where disclosure is reasonably necessary for the protection of health, in which case a therapist will disclose personal information to other health care professionals as long as a client has not expressly prohibited the therapist from doing so.
  2. Harm to others: If a therapist has reason to believe that a client is threatening physical violence against another person, the therapist is required to take some action (such as contacting the police, notifying the other person, seeking hospitalization for the client, or some combination of these actions) to ensure that the other person is protected.
  3. Abuse/Neglect:
    • If a therapist has reason to believe that a child under the age of 18 is being abused or neglected, the therapist is legally obligated to report this matter to the Children’s Aid Society.
    • If a therapist suspects or is informed of unlawful conduct that resulted in harm or risk of harm to a resident of a Long-Term Care Facility or Retirement Home, or that a resident is being harmed or is at risk of being harmed in any way (e.g., sexual or physical abuse, neglect, misappropriation of resident’s funds), the therapist may be required to contact the applicable Ministry or Regulatory Authority and report all relevant information.
  4. Sexual Abuse: If a therapist learns that a client has been sexually or physically abused by a member of a regulated health profession, the therapist is required to report this information in accordance with the guidelines of the therapist’s applicable regulatory college. The client’s name will not be released without their consent unless such release is court ordered.
  5. Court Order: A therapist and clinical record can be subpoenaed by a court order. A therapist can be required to testify and give information obtained during sessions. Without a court order, this information would never be provided voluntarily without a client’s direct request or consent.  If disclosure of personal information is required or allowed by law or by order of a court, a therapist will not release more information than is required or allowed.

Access and Correction of Personal Health Information

With only a few exceptions, you have the right to access the personal health information we collect about you. We ask you to put your request in writing, by sending an email to cassandra@therapyintheclouds.ca . If there are limitations to such access, we will inform you within 30 days. We reserve the right to charge a reasonable fee for such requests. Within 30 days after receiving the request for access, the health information custodian may extend the time limit under certain circumstances, for a further period of time of not more than 30 days.

As outlined in Ontario’s PHIPA, if a health information custodian has granted an individual access to a record of his or her personal health information and if the individual believes that the record is inaccurate or incomplete for the purposes for which the custodian has collected, uses or has used the information, the individual may request in writing that the custodian correct the record. As soon as possible in the circumstances but no later than 30 days after receiving a request for a correction, the health information custodian shall, by written notice to the individual, grant or refuse the individual’s request or extend the deadline for replying for a period of not more than 30 days.

We will not correct a record that was not originally created by a member of the Therapy in the Clouds team and we do not have sufficient knowledge, expertise or authority to correct the record. We will also not correct a record if the information requested to be corrected is a professional opinion or observation that was made in good faith about an individual. We also will not make a correction if we believe on reasonable grounds that a correction request is frivolous, vexatious or in bad faith.

Retention and Destruction of Personal Health Information

Therapy in the Clouds stores personal information only for as long as is necessary for the purpose for which it was collected in accordance with the laws, ethics and standards applicable to members of the Ontario College of Social Workers and Social Service Workers or such other applicable regulatory bodies in jurisdictions in which we operate.

Records are retained for at least seven years from the date of last interaction with the client, or from seven years from the client’s 18th birthday, whichever is later, as in accordance with the O.C.S.W.S.S.W.

When your personal information is no longer required to be maintained, it will be destroyed in accordance with applicable laws.

Audits

Therapy in the Clouds will engage in periodic audits to verify that our privacy practices continue to comply with our Privacy Policy and applicable legislation.

Questions or Complaints

Therapy in the Clouds is the Health Information Custodian of client health records of all therapists on contract to Therapy in the Clouds. Cassandra Fezzuoglio is the Lead Therapist and Chief Privacy Officer of Therapy in the Clouds. If you have any questions or complaints about this Privacy Policy or the handling of your personal information, please contact our Chief Privacy Officer at cassandra@therapyintheclouds.ca.

If a complaint regarding our information practices has not been resolved to you satisfaction by Therapy in the Clouds, you may contact the Information Privacy Commissioner for assistance in resolving privacy matters related to our clinic:

Information and Privacy Commissioner of Ontario

  • 1-800-387-0073
  • https://www.ipc.on.ca/about-us/contact-us/
  • 2 Bloor Street East,
  • Suite 1400
  • Toronto, ON, M4W 1A8