MedRehab Group is aware that as of January 1st, 2004 The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to all organizations in Canada (except in British Columbia, Alberta, and Quebec, which have substantially similar provincial legislation) that collect, use or disclose personal information in the course of doing commercial business.

MedRehab Group has created this policy in order to demonstrate our firm commitment to the protection of personal information. The type of personal information that MedRehab Group may collect about individuals includes but is not limited to:

• Personal information: gender, age, identification or claim number, insurance coverage, home address or phone number, ethnic background, language preference, level of education or training, family status;
• Health information: health history, health conditions, test results, physical examination findings, diagnosis, clinical opinion, functional measurements, treatment notes, prognosis, compliance with assessment and treatment, reasons for discharge, status at discharge and future recommendations;
• Professional / work information: occupation/profession, work hours; name, title, and business contact information of your place of employment (ex. work telephone numbers, office mailing address and business e-mail address).

MedRehab Group is committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for the services we provide. MedRehab Group incorporates the following principles, as outlined in Bill C-6, in order to achieve the protection of personal information:

• Accountability,
• Identifying the purposes for the collection of personal information,
• Obtaining consent,
• Limiting collection and limiting use,
• Disclosure and retention,
• Ensuring accuracy,
• Instituting adequate safeguards,
• Making information management policies readily available,
• Providing individuals with access to information about themselves,
• And giving individual’s a right to challenge an organization’s compliance with these principles.

The protection of personal information is not a new concept for MedRehab. Since inception, MedRehab has been collecting health information and following the health professional’s adherence to keeping of confidential all medical and personal information. From the day of hire, staff members are made aware of and adhere to this confidentiality, or protection, of information policy.

MedRehab Group maintains all files for up to one year at our operating location and then all files are moved to archives; the archive is in a secured storage facility within one Km. The files are held for a period of no less than 10 years. Upon expiration of the 10 year period, a professional shredding company is contracted to shred/destroy these files.

Digital files are password protected with only authorized and essential personnel having access; PDF documents can be created as necessary. On-site locked filing cabinets are provided for confidential information.

MedRehab Group makes all reasonable efforts to ensure that the purposes for which the information will be used are identified so that knowledgeable consent can be provided, in some cases, this includes the acquirement of a translator. A consent form is used to explain the purpose of the personal information to be collected and identify to whom the information will be disclosed. Should a client be unable to read the consent, a verbal explanation is provided.

MedRehab Group will not collect, use or disclose personal information without consent unless otherwise permitted or required by a professional regulatory body or by law.

MedRehab Group will retain personal information for the duration necessary to fulfill its stated purposes, its legal obligations or its regulatory requirements. Personal information will be kept as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. MedRehab Group has established safeguards to protect personal information in its care, including organizational, physical, technological safeguards and website protection.

A client may request access to personal information by making the request in writing. MedRehab Group will provide a response to your request within 30 days, either providing access to the requested information, providing a written notice of why an extension of the time is required to respond, or provide you with written reasons why access has been declined.

If your request for access is denied, information about the recourse available through the Federal Privacy Commissioner will be provided.

A suitable time must be arranged so that a suitable professional can review the material with the client and explain ab- breviations or medical terminology to avoid misunderstanding and misinterpretation. The client has the right to request correction or amendment of any personal information if its accuracy and completeness is challenged and found to be deficient or incorrect. If MedRehab Group does not agree to your request to correct or amend your personal information, this disagreement will be noted in the file as well as the reasons for the refusal to amend. Conversely, when personal infor- mation has been corrected or amended, or when a disagreement regarding amendment has occurred, all parties that have received the original personal information will be informed of the changes or informed of the disagreement.

Clients have the right to address a challenge if they believe MedRehab Group is not in compliance with its policies and management related to the protection of personal information. The complaint must be put in writing and given to man- agement who will investigate all complaints related to the protection of personal information. If the complaint is found to be justified, management will implement corrective actions.

MedRehab Group management will follow up with the client to describe the actions taken and determine if the client is satisfied. If the client does not believe that they have received adequate redress from MedRehab Group, the client may make a complaint to the Federal Privacy Commissioner.

Technology Security

The following outlines MedRehab Group information gathering and dissemination practices for its website (the “Site”):

MedRehab Group may request information that personally identifies you or allows us to contact you when you use or register for our Site. This information includes your name, address, phone number, e-mail address, insurance company etc (Personal Information). Personal Information is also collected by us at other times when specifically requested from you in order to fulfill service business transactions. MedRehab Group may use your Personal Information to send your information by e-mail about the services and information that we offer on our Site. You may opt-out of receiving future e-mail communications when you register or by sending a request to that effect via e-mail.

Cookies are pieces of information that a website creates for record keeping purposes which are hosted by the client’s browsers on the computer hard drive. Cookies can make the Internet more useful by storing information about your preferences and choices on our Site. This enables customised delivery information and advertisements. If you choose not to allow cookies, you can usually change your browser to prevent cookies. You should note, however, that disabling cookies may limit your ability to access all of the services otherwise made available on our Site.

MedRehab Group has reasonable security measures in place to protect against the loss, misuse and interception by third parties of the information under MedRehab Group’s control. However, complete confidentiality & security is not yet possible over the Internet. We assume no liability for any damages you may suffer as a result of interception, alteration or misuse of information (including your Personal Information) transmitted over the Internet.

The client also has responsibilities to maintain secure personal information. Don’t divulge account numbers or passwords to unauthorized personnel; take responsibility for maintaining the confidentiality of your account number and password – you are responsible for all uses of your account, whether or not actually or expressly authorized by you. MedRehab Group cannot be held responsible for any activity in an account which results from your failure to keep your own password secure.

MedRehab Group may disclose your Personal Information if we are required to do so by law of in the good faith belief that such action is necessary or appropriate to (a) conform to or comply with any law, regulation or court order or (b) protect the personal safety of users of our Site or the public. MedRehab Group also reserves the right to disclose Personal Infor- mation to appropriate authorities at our discretion when it appears that activities which are illegal or in violation of our Terms of Service are taking place.

MedRehab Group may make changes to this policy from time to time. Changes to this policy will be posted so be sure to check periodically. Questions or comments about this policy, or the practices of this Site, or your dealings with MedRehab Group, contact us by phone or e-mail. Any questions arising from our Privacy Policy may also be addressed to Mr. Frank Giambagno, in writing, and at 8333 Weston Road, Suite B05, Woodbridge, Ontario, L4L 8E2.