OBJECTIVE AND SCOPE
LMC Diabetes and Endocrinology Ltd. (“LMC”) is a national provider of healthcare services. As part of our
obligations as healthcare professionals, we are dedicated to maintaining high standards of confidentiality
with respect to all information that has been provided to us, with a particular focus on personal health
information. This policy statement (the “Policy”) has been prepared to affirm our commitment to
maintaining the privacy of our patients and to inform you of our practices concerning the collection, use
and disclosure of Personal Information (as defined below) by LMC.
Our obligations as healthcare professionals are defined, in part, by the national and provincial
regulations that govern each of our professions (e.g. College of Physicians and Surgeons of Ontario and
in each province respectively, Dietitians of Canada, College of Nurses of each province respectively, etc.).
The obligations set out in this Policy apply to all professionals, employees, contractors and agents who
provide services in connection with our delivery of services to our patients.
For the purposes of this Policy, “Demographic Information” means any information other than Personal
Health Information (as defined under the Personal Health Information Protection Act, 2004 (“PHIPA”)
and as reproduced below), recorded in any form, about an identified individual, or an individual whose
identity may be inferred or determined from the information. This Policy does not cover any information,
recorded in any form, about more than one individual where the identity of the individuals is not known
and cannot be inferred from the information (“Aggregated Information”). LMC retains the right to use
Aggregated Information in any way that it determines appropriate.
For the purposes of this Policy, “Personal Health Informa?on” means identifying information about an
individual in oral or recorded form, if the information,
(a) relates to the physical or mental health of the individual, including information that consists of
the health history of the individual’s family,
(b) relates to the providing of health care to the individual, including the identification of a person
as a provider of health care to the individual,
(c) is a plan of service within the meaning of the Home Care and Community Services Act, 1994 for
(d) relates to payments or eligibility for health care, or eligibility for coverage for health care, in
respect of the individual,
(e) relates to the donation by the individual of any body part or bodily substance of the individual
or is derived from the testing or examination of any such body part or bodily substance,
(f) is the individual’s health number, or
(g) identifies an individual’s substitute decision-maker.
Personal Health Information also includes identifying information that is not Personal Health Information
as described above, but that is contained in a record that contains Personal Health Information.
Demographic Information and Personal Health Information are referred to collectively in this document
as “Personal Information”.
Demographic Information and Personal Health Information are referred to collectively in this document
as “Personal Information”.
To the greatest extent possible, we will collect Personal Information directly from the individual
concerned. In certain cases, we will be required to collect Personal Information from other sources,
including but not limited to your employer, treating physician, consulting physicians, and insurers. In
those cases, we will request your consent to obtain information from those sources, except where the
law permits us to collect Personal Information without consent.
We routinely collect anonymous/non-personal information. Anonymous/non-personal information is
information that cannot be associated with or traced back to a specific individual or business entity. For
example, our web servers collect some anonymous/non-personal information automatically when you
visit our website and app (collectively, the “Sites”). Gathered electronically, this information may include
the pages you visited, the type of web browser you are using, the level of encryption your browser
supports and your Internet Protocol address. The anonymous/non-personal information collected may
be used for research and analytical purposes. For example, we are able to determine how many times
our online Policy has been visited but we do not know any specific information about those visitors.
When you visit our Site, information is not collected that could identify you personally unless you choose
to provide it voluntarily. You are welcome to browse these Sites at any time anonymously and privately
without revealing any Personal Information about yourself.
To help us better understand our clients, we may also gather information for analytical purposes by
conducting anonymous patient surveys, by extracting demographic information from existing files and
from Statistics Canada.
PROTECTING YOUR PRIVACY – OUR COMMITMENT TO YOU
Protecting your privacy means that (i) we keep your Personal Information in strict confidence, other than
situations where we have your consent or the law allows us to disclose Personal Information without
consent; (ii) you have control over how we obtain, use, and give out Personal Information about you; (iii)
you may request access to the Personal Information we have about you; and (iv) we respect your privacy
when we promote our products and services
WHY DOES LMC COLLECT PERSONAL INFORMATION?
We collect Personal Information for the purpose of providing healthcare services to you. Having up-todate and accurate information helps us provide you with the best possible service and recommendations
and, in certain cases, to offer additional services we believe might be of benefit to you.
OWNERSHIP OF PERSONAL INFORMATION
It is important to note that as a patient, you own your Personal Information. This Policy outlines how you
can make changes to, request access to, or obtain copies of your Personal Information. However, the
format in which your Personal Information is kept, including but not limited to the medical records,
charts, film, software, databases, applications, methodologies and processes for gathering, processing
and storing such Personal Information belongs to LMC and/or our physicians, as applicable.
HOW DOES LMC OBTAIN CONSENT TO USE AND DISCLOSE PERSONAL INFORMATION?
We are obliged to keep your Demographic Information and Personal Health Information confidential
except when authorized by you, subject to limited exceptions. We use Personal Information for the
purposes described above.
In some cases, your consent to the use and/or disclosure of your Personal Information will be obtained
verbally or in writing, through an informed consent form. For example, our LMC Patient Registration
Form contains a section for Health Research – Registry Consent.
Your provision of Personal Information to LMC means that you agree and consent that we may collect,
with these terms, you are requested not to provide any Personal Information to LMC.
Remember, the choice to provide us with Personal Information is always yours, and your consent for us
to use your Personal Information can be withdrawn in writing at any time.
In the course of daily operations, access to private, sensitive and confidential information is restricted to
authorized employees who have a legitimate business purpose and reason for accessing it. For example,
when you call us, visit our offices, or email us, our designated employees will access your Personal
Information to assist you in providing services to you. It is important to note that only medical
professionals (nurses, physicians, technicians, educators, physician assistants, etc.) or others on a needto-know basis will have access to your Personal Information.
Unauthorized access to and/or disclosure of a patient’s Personal Information by an employee of LMC is
strictly prohibited. All employees are expected to maintain the confidentiality of Personal Information at
OUTSIDE SUPPLIER SERVICES
In order to provide certain services, we sometimes contract outside organizations or health professionals
to perform specialized services such as independent medical evaluations, paramedical examinations, or
data processing. Our trusted service suppliers may at times be responsible for processing and handling
some of the Personal Information we receive from you. For example, referring you to a specialist
physician for additional tests – we need to be able to provide them with enough Personal Information to
be able to assist you.
In these cases, LMC may disclose Personal Information about you to organizations that perform services
on behalf of LMC. Personal Information will only be provided to such organizations if they agree to use
such information solely for the purposes of providing services to LMC and under the instruction of LMC
and, with respect to that information, to act in a manner consistent with the relevant principles
articulated in this Policy.
WHEN WOULD WE USE YOUR PERSONAL INFORMATION WITHOUT YOUR CONSENT?
Please note that there are circumstances where the use and/or disclosure of Demographic Information
and/or Personal Health Information may be justified or permitted or where LMC is obliged to disclose
information without your consent.
Circumstances under which your Personal Information may be used without your consent include (but
not limited to):
- planning or delivering programs or services;
- risk management, error management or actvites to improve or maintain the quality of care of
any related program or service;
- educating agents to provide health care;
- research (provided that specific requirements and conditions are met);
- obtaining payment or processing, monitoring, verifying or reimbursing health care claims;
- where permitted or required by law; or
- purposes for which the information was collected or created and for all the functions reasonably
necessary for carrying out that purpose, subject to certain exceptions.
Circumstances under which your Personal Information may be disclosed without your consent include
(but are not limited to):
- eliminating or reducing a significant risk of serious bodily harm to a person or group of persons;
- transferring records to archives for conservation;
- complying with an inspection, investigation or similar procedure authorized by a warrant, PHIPA,
or another statute;
- determining an individual’s eligibility for publicly funded health care or related services or
- allowing the Ministry of Health and Long-Term Care to provide funding to an institution for the
provision of health care; or
- where required or permitted by law, such as in the context of legal proceedings or contemplated
legal proceedings where LMC is, or is expected to be, a party or witness.
Where obliged or permitted to disclose information without consent, LMC will not disclose more
information than is required.
LMC does not sell, trade, barter or exchange for consideration any Personal Information it has obtained.
Personal Information may also be subject to transfer to another organization in the event of a merger or
change of ownership of all or part of LMC. This will occur only if the parties have entered into an
agreement under which the collection, use and disclosure of the information is restricted to those
purposes that relate to the business transaction, including a determination of whether or not to proceed
with the business transaction, and is to be used by the parties to carry out and complete the business
ACCURACY OF YOUR PERSONAL INFORMATION
Decisions, including healthcare recommendations, are often made based on the information we have.
Therefore, it is important that your Personal Information is accurate and complete. We endeavour to
ensure that any Personal Information provided and in our possession is as accurate, current and
complete as necessary for the purposes for which LMC uses that information.
As a patient, you can request to check your information to verify, update and correct it.
Requests for access to your Personal Information should be made in writing (see the Contact Us section
in this document for the information). After receiving the request, should you wish to receive copies of
your records, we will provide you with a reasonable cost estimate that reflects the cost of photocopying
and staff time for generating the photocopied records.
If you only wish to view the original record, one of our staff must be present to maintain the integrity of
As per our obligations as healthcare providers, we will only refuse access to medical records in limited
circumstances; for example, if granting access could reasonably be expected to result in a risk of serious
harm to the treatment or recovery of the individual or a risk of serious bodily harm to the individual or
another person, or if the record or information in the record is subject to legal privilege. In such cases,
we will do our best to sever the part of the requested record to which the individual does not have a
right of access and provide access to the part of the record containing Personal Health Information about
If you have a sensory disability, we will give you access to your Personal Information in any alternative
format you request if we already have it in that format or if its conversion into that format is reasonable
and necessary in order for you to be able to exercise your rights under applicable legislation. Again, a
request to view your Personal Information in an alternative format must be made in writing, and we will
provide you with a reasonable cost estimate that reflects the cost for such conversion.
To help us keep your Personal Information up-to-date, we encourage you to amend inaccuracies and
make corrections as often as necessary. Despite our reasonable efforts, errors sometimes do occur.
Should you identify any incorrect or out-of-date information in your file(s), we will make the proper
annotations and provide you with a copy of the corrected information. Where appropriate and/or
applicable, we will communicate these changes to other parties who may have unintentionally received
incorrect information from us.
For corrections to your Personal Information, you can request changes to be made to your record and
this request will be documented by an annotation in the record. However, we will only make changes to
reflect factual inaccuracies, rather than correcting medical opinions, diagnoses, laboratory evaluations or
other medical evidence, which we as healthcare providers are required to keep.
All requests to access or to make corrections and changes to your Personal Information must be made to
us in writing.
We will deal quickly with your request to see or correct your information, and always respond to you
within 30 days. If we need to extend the time, or we have to refuse your request, we will tell you why,
subject to any legal restrictions, and we will notify you of the new deadline, the reasons for the
extension, and your rights under applicable legislation respecting the extension.
RETENTION AND DISPOSAL OF PERSONAL INFORMATION
The length of time that we retain information varies, depending on the product or service and the nature
of the information. This period may extend beyond the end of a person’s relationship with us. Where
possible, LMC keeps Personal Information only as long as it is required for the reasons it was collected.
With respect to patient medical records, we retain them at least as long as required by law and
provincial health regulations.
Currently, the principal places in which LMC holds Personal Information are in the cities in which LMC
has offices and nearby municipalities where off-site storage facilities may be located, or, in instances
where LMC uses third-party contractors to provide services to you (e.g. physicians who perform
independent medical evaluations, or nurses who perform paramedical examinations), at such premises
for those third-party contractors.
When your Personal Information is no longer required for LMC’s purposes, we have procedures to
destroy, delete, erase or convert it into an anonymous form.
We destroy our records in a way that protects patient privacy in accordance with regulations made
under appropriate provincial legislation. We use supervised shredding contractors who must adhere to
contractual privacy obligations.
We use technology and maintain security standards to protect your Personal Information against
unauthorized access, disclosure, inappropriate alteration or misuse. We use safety and security
measures that are appropriate to the sensitivity level of your information. LMC further protects Personal
Information by restricting access to it to those employees that the management of LMC has determined
need to know that information in order that LMC may provide its services.
Electronic patient files are kept in a secured environment with restricted access. Paper-based files are
stored in locked fire-resistant filing cabinets or filing rooms equipped with sprinkler systems. Access to
these areas is also highly restricted.
We manage our own server environment and our firewall infrastructure is strictly adhered to. Our
security practices are reviewed on a regular basis and we routinely employ current technologies to
ensure that the confidentiality and privacy of your information is not compromised.
Our computer-security specialists build security into all our computer systems. For information stored in
electronic format, this protects your information at all times, when it is stored in data files or handled by
our employees. Our systems also protect your information if and when it is transmitted, for example,
between our offices.
COMMUNICATING PERSONAL INFORMATION TO LMC
LMC provides patients the opportunity to communicate by e-mail, text message or voicemail.
Transmidng Personal Information by e-mail, text message or voicemail, however, has a number of risks
that patients should consider before using e-mail, text message or voicemail. These include, but are not
limited to, the following risks:
- E-mail, text message or voicemail can be circulated, forwarded, and stored in numerous paper
and electronic files.
- E-mail, text message or voicemail can be immediately broadcasted worldwide and be received
by many intended and unintended recipients.
- Senders can easily misaddress an e-mail, text messages or voicemail.
- E-mail, text message or voicemail are easier to falsify than handwritten or signed documents.
- Backup copies of e-mail, text message or voicemail may exist even after the sender of the
recipient has deleted his or her copy.
- Employer and on-line services have a right to archive and inspect e-mails or text messages
transmitted through their systems.
- E-mail, text message or voicemail can be intercepted, altered, forwarded, or used without
authorization or detection.
- E-mail, text message or voicemail can be used to introduce viruses into computer systems.
- E-mail, text message or voicemail can be used as evidence in court.
Whenever possible, we encourage you to provide us with your Personal Information over the phone or
ACCOUNTABILITY AND TRANSPARENCY
LMC will readily make available to individuals the policies and procedures that support its commitment
to protecting individuals’ privacy. LMC has assigned an individual who is responsible for overseeing such
policies and procedures. Our Privacy Officer is LMC’s Director of Operational Excellence & IT.
An individual may challenge LMC’s compliance with applicable privacy statutes by contacting LMC’s
Privacy Officer as set out at the bottom of this page.
BREACH OF PRIVACY
A privacy breach occurs when Personal Health Information is collected, used or disclosed without
authorization. LMC has a privacy breach protocol in place so that there is a process to follow in the event of a
privacy breach. For instance, any breach of privacy must be reported to the Privacy Officer and other staff
member responsible for privacy and containing privacy breaches. LMC will conduct an internal
investigation into the privacy breach and take appropriate remedial action. LMC will also report certain
privacy breaches to the Information and Privacy Commissioner and professional regulatory colleges in the
appropriate jurisdiction. Individuals affected by a privacy breach will be notified by LMC at the first
AMENDMENT OF LMC PRACTICES AND THIS POLICY
This Policy is in effect as of April 26, 2018. LMC will from time to time review and revise its privacy
practices and this Policy. In the event of any amendment, an appropriate notice will be posted on LMC’s
Site. Policy changes will apply to the information collected from the date of posting of the revised Policy
to LMC’s Site as well as to existing information held by LMC. Your continued access or use of LMC’s Site
and its services after any such changes constitutes your acceptance of the Policy as revised.
CONTACTING US – QUESTIONS/SUGGESTIONS ABOUT THIS POLICY
In the event an individual has questions about (a) access to Personal Information; (b) the collection, use,
management or disclosure of your Personal Information; or (c) this Policy, that person should contact
LMC in writing.
Ken Chung, Director Opera?onal Excellence & IT
1929 Bayview Ave., Suite #106, Toronto, ON M4G 3E8