Privacy Statement Form

Privacy Statement
I am committed to protecting and respecting your privacy which means that I collect, use and disclose your personal information responsibly and only to the extent necessary for the services I provide. This document describes the policies and procedures as they relate to collecting, using and disclosing your personal information. It also offers information about how to access your records and request correction of recorded personal information.

What is Personal Information?
Personal information is information about an identifiable individual. It includes information that relates to an individual’s personal characteristics (e.g., gender, age, home address), health (e.g., medical history, health services), activities and views (e.g., religion, politics, opinions). Personal health information is protected by privacy legislation (e.g., Personal Health Information Protection Act), and differs from business information that is not protected by privacy legislation.

Collection of Your Personal Health Information
The purposes of collecting your personal and health information are to provide you with appropriate and quality psychological services, contact you for service-related reasons, and prevent harm. I will not collect information from you for any other purpose (such as conducting research) without first obtaining your informed consent. If you do not want to provide consent for the collection of this latter kind of information, you are completely free to refuse and there will be no impact on your services. I will collect personal health information directly from you, except when you have provided consent for me to collect such information from others (e.g, spouse, family physician), or when the law requires me to collect information without your consent (i.e., emergency situations to prevent potential harm).

By law and in accordance with professional standards, I am required to keep a record of my contacts with and services to you. Your record includes information that you have provided to me or have authorized me to receive, such as consent forms, session notes, assessment results, billing information, contact records, and correspondence that I have sent or received relating to your service. The physical records are the property of my practice; however, you have rights regarding access to and disclosure from your record (discussed below), regardless of the form in which the information is recorded. In this office, information is recorded in both written and electronic form.

Use of your Personal Health Information
Your personal health information is primarily used to provide you with psychological services such as psychological assessment and intervention. The delivery of psychological services includes such tasks as service planning, maintaining records, monitoring, billing, and collecting unpaid accounts. Other uses of your personal health information include to guide and improve the quality of services provided in my practice. Further, the College of Psychologists of Ontario may conduct external audits of psychologists’ files; the College is the organization that regulates psychologists in this province. Audits involve accessing and inspecting client records, however I do not permit any identifiable client information to be removed from my premises for the purpose of an external audit without your consent. In addition, all individuals involved in such an activity are professionals required by law to maintain the confidentiality of all information that is accessed. Finally, when psychological services are paid for by third parties (e.g., WSIB), those third-party payers often require clients’ consent to collect and disclose to them information that demonstrates their entitlement to this funding or coverage. Discussing what information is shared with third-party payers is an important part of the consent process as well as a topic that can and should be discussed as needed during service delivery, and I encourage you to ask me questions or raise any concerns you may have on this topic.

Disclosure of Your Personal Health Information
Psychologists licensed with the College of Psychologists of Ontario have a duty to protect and maintain client confidentiality, with the exception of very limited circumstances discussed below. Confidentiality serves to establish and preserve trust in the client-therapist professional relationship and provide the highest standard of care.

Under almost no circumstances is it permissible to reveal confidential information, with the exception of the limited situations listed below. These limits of confidentiality are as follows:

1. Permission/Consent: When you have provided your explicit permission to disclose your confidential information. Written consent is preferred; however verbal consent may be provided.
2. Child Abuse: Under the Child and Family Services Act (CFSA; 1990) there is a duty to report promptly to a children’s aid society when there are reasonable grounds to suspect that a child is or may be in need of protection.
3. Risk of Harm to Self or Others: It may be necessary to disclose confidential information to eliminate or reduce significant risk of serious bodily harm to a person or group of persons.
4. If Required by Law: It may be necessary to disclose confidential information if required by relevant law and/or legislation (e.g., court order, mandatory WSIB reporting).
5. Long-Term Care and Retirement Homes: There is a duty to report reasonable grounds to suspect that a resident of a nursing retirement home has suffered harm or is at risk of harm.
6. Abuse by a Health Care Professional: There is a duty to report reasonable grounds to believe that a regulated health professional (e.g., physician, psychologist) has sexually abused a patient.

When providing consent to the disclosure of your personal health information (#1 above), you may restrict the information that I do share (with the exceptions noted above). If, however, it is my opinion that the information you wish to restrict is reasonably necessary for another health service provider to provide appropriate services, I am required by law to inform the other provider that you have refused consent to provide some needed information.

The law requires that any disclosure of your personal health information is limited to information that is reasonably necessary for the purpose of that disclosure and does not include private information provided by a third party. Professional ethical standards governing my practice also require that I not disclose any information that might cause serious harm to someone, unless required by law.

Protection of Your Personal Health Information
The privacy of your personal information is protected through the use of established procedures in my office. Examples of those procedures include that paper and electronic information is secured in a locked area, computers are password protected, paper records are transmitted in sealed and addressed envelopes stamped “confidential,” and electronic documents are encrypted and password protected. Email communication is only used with your consent. Faxing is used to transmit confidential client information to verified fax numbers.

Remote electronic data storage is stored on a dedicated, encrypted system that is accessed through user authentication and secured socket layer (SSL) encryption using a MySQL database that meets PIPEDA and PHIPPA regulatory. Data is stored in a RAID system, meaning that data written to the desk is simultaneously written to a second disk within the server, with the server itself housed in Canada at a SSAE16 facility, which means that the servers are housed in sealed rooms that require multi factor authentication, including physical keys, digital passwords, and biometric fingerprinting to access. The server facility utilizes backup network connections and a diesel powered backup power supply. Services feed into a secure backup pipeline, in which data transferred between the liver server and the backup server occurred over the SSH protocol, which uses SSL security. Data can only be accessed by the system administrator with the permission of Dr. Gray.

Retention of Your Personal Health Information
The College of Psychologists of Ontario requires that client records be kept for at least 10 years past the date of last contact for adults and for persons who were minors at the time of receiving services, 10 years past the date he/she turns 18 years old. Paper records are destroyed through cross-cut shredding and electronic information is deleted. Computers are reset to factory settings then destroyed before being disposed of.

Your Access to your Personal Health Information
With a few exceptions, you have the right to access your personal health information and to request copies of the information (I reserve the right to charge a nominal fee for record gathering and photocopying). If the record contains personal health information about another individual, that person’s information must be severed before you access the record. Other exceptions include access to data from psychological assessments, information provided in confidence by a third party, and information that could result in serious harm to someone’s treatment or recovery (including your own) or in serious bodily harm to someone (including yourself).

If you are the custodial parent or guardian of an adolescent under the age of 18 years who has received or is receiving service, you may not access the personal health information of that adolescent unless (a) s/he has provided written consent for you to access such information, or (b) s/he has been deemed incompetent to consent to the service on her or his own.

If you believe that the information in your record is not accurate, you have the right to request a correction. This right applies to factual information, not to my clinical opinion. Your request must be in writing and I will need 30 days to review it. Where we agree that there is an error, I will make the necessary correction(s) and notify all individuals to whom I may have sent the incorrect information. Correction is made in the form of an addendum, meaning that the original document is not expunged. If I do not agree that I have made a mistake, you may submit a notice of disagreement that I must file in your record, and I will forward that notice to all persons to whom I may have sent the information.

Questions and Concerns
I, Dr. Lori Gray, will answer any questions you may have regarding this Privacy Statement and to provide you with any further information about privacy practices or limits of confidentiality that are specific to your situation. If you have a concern about my privacy policies and procedures or have a complaint about how your privacy has been handled, please do not hesitate to speak or write to me.

I, Dr. Lori Gray, am the Information Officer and will attempt to answer any questions that you might have. I can be reached at:

If you wish to make a formal complaint about the privacy practices, you may make it in writing to the Information Officer. I will acknowledge receipt of your complaint, ensure that it is investigated promptly, and see that you are provided with a formal written decision with reasons.

If you have a concern about the professionalism or competence of the services, I would ask you to discuss those concerns with me. If I cannot satisfy your concerns, you are entitled to complain to the regulatory body:

College of Psychologists of Ontario
110 Eglinton Avenue West, Suite 500, Toronto, ON, M4R 1A3
Phone: (416) 961-8817, (800) 489-8388, Fax: (416) 961-2635

This policy is made under the Personal Information Protection and Electronics Documents Act. That is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out here. There are some rare exceptions to the comments set out above.

For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:

112 Kent Street, Ottawa, ON, K1A 1H3
Phone: (613) 995-8210, (800) 282-1376, Fax (613) 947-6850, TTY (613) 992-9190

Client Consent
I understand that to provide me with psychological services, Frontline Resilience will collect my personal health information and other related business information.

I have reviewed the Frontline Resilience Privacy Policy about the collection, use, and disclosure of personal information, steps taken to protect the information and my right to review my personal information. I understand how the Privacy Policy applies to me. I have been given a chance to ask any questions I have about the Privacy Policies and they have been answered to my satisfaction.

I understand that, as explained in the Policies and Procedures for personal information, there are some rare exceptions to these commitments when mandatory disclosure would be required.

I agree to Frontline Resilience’s collection, use, and disclosure of personal information about me as set out above and and contained in these documents provided to me.