How to Write a Public Privacy Statement for Your Practice

Example Clinic is committed to protecting the privacy and confidentiality of your personal health information. We collect, use, and disclose personal health information in accordance with the Personal Health Information Protection Act (PHIPA).

1. Who we are

Example Clinic is a physiotherapy clinic located in Nowhere, Ontario. The clinic owner, Firstname Lastname, is the Health Information Custodian. All physiotherapists working at the clinic act as agents of the Health Information Custodian and are required to follow our privacy policies and PHIPA requirements.

2. What is personal health information?

Personal health information includes identifying information about your physical or mental health or the health care you receive. This may include:

• Your name, contact information, and date of birth
• Your health history and assessment findings
• Treatment plans, progress notes, and reports
• Appointment and billing information
• Insurance or third‑party payor details

3. How we collect personal health information

We usually collect personal health information directly from you or from someone legally authorized to act on your behalf. With your consent, or where permitted by law, we may also collect information from other health‑care providers, insurers, or referral sources to support your care.

We only collect the information that is reasonably necessary to provide physiotherapy services.

4. How we use and share your personal health information

We use your personal health information to:

• Assess, treat, and care for you
• Communicate with you about your care and appointments
• Share relevant information with other health‑care providers involved in your care
• Get payment from insurers or third‑party payors
• Meet legal, regulatory, and professional obligations

Your consent is required for most uses and disclosures. Sometimes the law allows or requires disclosure without your consent. For example, to reduce serious risk of harm or to meet mandatory reporting obligations.

5. Your choices and consent

You can withhold or withdraw consent for some uses or disclosures of your personal health information.

You can also ask that we do not share specific information with certain people or organizations. This is sometimes called a “lock box.” We will follow your request unless the law says otherwise.

6. How we protect your personal health information

We take reasonable steps to protect your personal health information against theft, loss, and unauthorized access, use, or disclosure. Safeguards may include:

• Secure electronic record systems
• Locked filing cabinets for paper records
• Password protection and access controls
• Privacy training and confidentiality agreements for staff

7. Accessing or correcting your records

You have the right to:

• Request access to your personal health record
• Ask for corrections if information seems inaccurate or incomplete

Requests must be in writing. We will respond to your request within 30 days.

8. Who to contact with questions or concerns

If you have any questions or concerns about our privacy practices, please contact our Health Information Custodian:

Firstname Lastname
Phone: 888-888-8888
Email: owner@exampleclinic.com

If you think your privacy rights have been violated, you can also contact the Information and Privacy Commissioner of Ontario (IPC):

Website: www.ipc.on.ca
Phone: 1‑800‑387‑0073