Who We Are
CBT Associates is a group practice and includes a number of psychologists, psychological associates, social workers and psychotherapists. We also include psychologists in supervised practice and senior Ph.D. psychology students working under the supervision of a psychologist.
What is Personal Information?
The term “personal health information” has the same meaning as set out in Ontario’s Personal Health Information Protection Act, 2004 (“PHIPA”), and includes information relating to your physical or mental health, as well as your health history, medical records, prescriptions, and your health number.
Personal information is different from business information (e.g., an individual’s business address and business phone number), which is not protected by privacy legislation.
How Is This Personal Information Used?
CBT Associates collects, uses and discloses personal information only to provide psychological and/or social work services to our clients. For example, we collect information about clients’ health history, including their family history, physical condition and function and social situation in order to help us assess what their mental health needs are, to advise clients of their options and then to provide the psychological and/or social work services that they choose to receive. Another primary purpose for collecting personal information is to obtain a baseline and ongoing record of psychological functioning so that in providing psychological and/or social work services we can monitor treatment progress and identify changes that occur over time.
In some situations, the primary purpose of collecting personal information would be to conduct an assessment to provide a professional opinion about an individual’s psychological functioning. With the client’s consent, the opinion would be reported to the appropriate person or agency, for example, an insurance company, Workplace Safety and Insurance Board, psychological/legal reports, Children’s Aid Society, and rehabilitation companies.
For Members of the General Public Who Call for Information About Our Services
For members of the general public, our primary purposes for collecting personal information (e.g., contact phone numbers) are to make them aware of the range of psychological services available in our clinic and to direct them to the appropriate clinician.
Additional Reasons Why We Collect Personal Information
Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples include:
- Invoice clients for services that were not paid for at the time, to process credit card payments or to collect unpaid accounts.
- Psychologists in supervised or autonomous practice are regulated by the College of Psychologists of Ontario who may inspect our records and interview our psychologists as part of their regulatory activities in the public interest The College of Psychologists of Ontario has its own strict privacy obligations.
- Psychotherapists and social workers are subject to similar regulatory oversight by their respective colleges.
- The cost of some services provided by the organization to clients is paid for by third parties (e.g., insurance companies, Workplace Safety and Insurance Board, First Nations and Inuit Health Branch, CUPE). These third-party payers often have your consent or legislative authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to this funding (e.g., Workplace Safety and Insurance Board, First Nations Identification).
Our Security Measures
We are committed to protecting the security of our clients’ personal information. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the personal information. We apply security safeguards appropriate to the sensitivity of the personal information, such as retaining information in secure facilities and making personal information accessible only to authorized employees on a need-to-know basis. We have clearly defined internal policies and practices.
We adhere to the rules and regulations set in Personal Health Information Protection Act, PIPEDA and Health Insurance Portability and Accountability Act of 1996 (HIPAA). We are certified by HIPAA and all our staff and associates are trained in privacy and security.
Limits on Protection of Personal Information
Limits to the protection of personal information include: legally mandated disclosure to the Children’s Aid Society; the College of Psychologists of Ontario, the College of Registered Psychotherapists of Ontario, and the Ontario College of Social Workers and Social Service Workers; and court orders to release information, search warrants for a file for a criminal or legal case, and subpoenas.
No personal information will be communicated directly or indirectly to any third party without the client’s expressed written consent, except when there is a legal obligation to release personal information:
- Harm to self: If a therapist has reason to believe that a client is in danger of physically harming him/herself in ways that may be life-threatening, a therapist will have to make a referral to a hospital and/or contact a family member, close other, or another person such as a police officer who may be able to help protect the client. There may be other emergency health care related circumstances where disclosure is reasonably necessary for the protection of health, in which case a therapist will disclose personal information to other health care professionals as long as a client has not expressly prohibited the therapist from doing so.
- Harm to others: If a therapist has reason to believe that a client is seriously threatening physical violence against another person, or if a client has a history of physically violent behaviour, and if a therapist believes that a client is an actual threat to the safety of another person, the therapist is required to take some action (such as contacting the police, notifying the other person, seeking hospitalization, or some combination of these actions) to ensure that the other person is protected.
- If a therapist has reason to believe that a child under the age of 16 is being abused or neglected, the therapist is legally obligated to report this situation to the Children’s Aid Society.
- If a therapist suspects or is informed of unlawful conduct that resulted in harm or risk of harm to a resident of a Long-Term Care Facility or Retirement Home, or that a resident is being harmed or is at risk of being harmed in any way (e.g., sexual or physical abuse, neglect, misappropriation of resident’s funds), the therapist may be required to contact the applicable Ministry or Regulatory Authority and report all relevant information.
- Sexual Abuse: If a therapist learns that a client has been sexually or physically abused by a member of the regulated health profession, the therapist is required to report this information in accordance with the guidelines of the therapist’s applicable regulatory college. The client’s name will not be released without his/her consent unless such release is court ordered.
- Court Order: A therapist and clinical record can be subpoenaed by a court order. A therapist can be required to testify and give information obtained during sessions. Without a court order, this information would never be provided voluntarily without a client’s direct request or consent.
- Quality Control:
- On occasion, a therapist may be randomly selected to participate in a Peer Assisted Review by his/her regulatory college (or another Regulatory Body). As part of this process, a file may be potentially reviewed by a member of the regulatory college. Regulatory colleges have privacy and security policies in place to protect personal information.
- A therapist may be supervised in his/her clinical work by a more senior colleague. A client will be informed of any such supervisory arrangement. That supervisor may access a client’s clinical file for the purposes of quality control.
If disclosure of personal information is required or allowed by law or by order of a court, a therapist will not release more information than is required or allowed.
Retention and Destruction of Personal Information
We need to retain personal information to ensure that we can answer any questions you might have about the services provided and for our own accountability. We retain personal information only for as long as is necessary for the purpose for which it was collected in accordance with the laws, ethics and standards applicable to members of the College of Psychologists of Ontario, the College of Registered Psychotherapists of Ontario, the Ontario College of Social Workers and Social Service Workers or such other applicable regulatory body in jurisdictions in which we operate. When your personal information is no longer required or required to be maintained, it will be destroyed or de-personalized in accordance with applicable laws.
- Clients or other individuals we deal with may have questions about our services after they have been received. We also provide ongoing services for many of our clients over a period of months or years for which our previous records are helpful. We retain our client information for a minimum of ten years after the last contact to enable us to respond to those questions and provide our services. The College of Psychologists of Ontario, the College of Registered Psychotherapists of Ontario, the Ontario College of Social Workers and Social Service Workers also require us to retain our clients’ records. For clients who are seen before the age of 18, records are retained for ten years following their 18th
- If CBT Associates were sold, none of the client records would be transferred to or accessed by the new owners.
- We destroy electronic information by deleting it and, when the hardware is replaced or discarded, we ensure that the hard drive is physically destroyed.
- Personal information that is not part of the permanent clinical file is destroyed or de-identified.
You Can Look at Your Information
With only a few exceptions, you have the right to see the personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information that you do not understand (e.g., abbreviations, technical language, etc.). We may need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a fee for such requests. We may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access.
If you believe that there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions that we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will still agree to include in our file a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
Do You Have a Question?
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Privacy & Security Officer and/or Information Officer by e-mail or mail to
175 Bloor Street East
Suite 801, North Tower
Toronto, Ontario M4W 3R8.
For more information on your privacy rights, you may contact:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Information and Privacy Commissioner of Ontario
2 Bloor Street East,
Toronto, ON M4W 1A8