We keep our client data as safe as possible.
BC health clinics are required to handle personal client information according to (Personal Information Protection Act ) PIPA BC or in some cases PIPEDA (federal legislation). Personal information is any recorded information for identification (name, phone number, address etc…) or as a description (physical attributes, health data, chart notes etc...) of our clients.
To ensure to comply with privacy laws, we have procedures for collecting and storing data, obtain client consent, collect information carefully, limit the internal use of personal information, limit external disclosure of personal information, respond to clients’ request their information within 30 days, maintain accurate client information and protect/store information with care.
In addition to government mandated legislation we maintain client privacy in accordance with E-Health BC Personal Health Information Access and Protection of Privacy Act (applicable to public health organizations) by committing to storing digital health records on Canadian servers.
We use BC’s privacy law as a guideline.
Kent MacWilliam (firstname.lastname@example.org) is the appointed Symmetrix compliance officer. Cloud systems used to store client data remain within our control. We obtain consent from clients for collecting and using personal information, and only collect data and consents required to perform the service we are delivering to each client.
The internal use of personal information is limited to the purpose for collecting the information. Besides instances where required by law, we will limit the external disclosure of client information, and seek consent when necessary. Clients are informed that their personal information is being transferred to a cloud provider, any information other than contact details and routine email correspondence between health and legal professionals is stored securely on servers in Canada.
We use physical, administrative and technical safeguards to protect your personal information and keep client records highly secure. Our physical safeguards are locked file cabinets with paper documents, restrict staff access to documents, and shred printed records. Our administrative security safeguards are staff training on privacy, require relevant suppliers to sign confidentiality agreements, and create unique logins and strong passwords for each staff member.
The local computer network is protected by firewall and we use password-protected devices that lock within 5 minutes of use. We use exclusively Apple computer products for their security benefits. All personal information is deleted from local hard disks when not in use, and any data stored temporarily on USB or hard disk must be encrypted.
Any payment information is handled exclusively through our billing system and not written or stored in a file. While we’re keeping client information safe we’re also responsible keeping information accurate. Symmetrix staff will periodically update client data as needed.
Clients (or their legal representatives) have the right to request access to their personal information. We will respond in 30 days or less if we have the information, if we are granting full or partial access and how the information will be accessed. In the rare case we refuse (either by choice or compelled by law) a client access to their personal information we will provide the reason for the refusal and inform the client of their right for a OIPC Commissioner to review our refusal. Requests can be made using normal communications to Symmetrix staff.