I am committed to protecting and respecting your privacy which means that I collect, use and disclose
your personal information responsibly and only to the extent necessary for the services I provide. This
document describes the policies and procedures as they relate to collecting, using and disclosing your
personal information. It also offers information about how to access your records and request
correction of recorded personal information.
What is Personal Information?
Personal information is information about an identifiable individual. It includes information that relates
to an individual’s personal characteristics (e.g., gender, age, home address), health (e.g., medical
history, health services), activities and views (e.g., religion, politics, opinions). Personal health
information is protected by privacy legislation (e.g., Personal Health Information Protection Act), and
differs from business information that is not protected by privacy legislation.
Collection of Your Personal Health Information
The purposes of collecting your personal and health information are to provide you with appropriate
and quality psychological services, contact you for service-related reasons, and prevent harm. I will
not collect information from you for any other purpose (such as conducting research) without first
obtaining your informed consent. If you do not want to provide consent for the collection of this latter
kind of information, you are completely free to refuse and there will be no impact on your services. I
will collect personal health information directly from you, except when you have provided consent for
me to collect such information from others (e.g, spouse, family physician), or when the law requires
me to collect information without your consent (i.e., emergency situations to prevent potential harm).
By law and in accordance with professional standards, I am required to keep a record of my contacts
with and services to you. Your record includes information that you have provided to me or have
authorized me to receive, such as consent forms, session notes, assessment results, billing
information, contact records, and correspondence that I have sent or received relating to your service.
The physical records are the property of my practice; however, you have rights regarding access to
and disclosure from your record (discussed below), regardless of the form in which the information is
recorded. In this office, information is recorded in both written and electronic form.
Use of your Personal Health Information
Your personal health information is primarily used to provide you with psychological services such as
psychological assessment and intervention. The delivery of psychological services includes such tasks
as service planning, maintaining records, monitoring, billing, and collecting unpaid accounts. Other
uses of your personal health information include to guide and improve the quality of services provided
in my practice. Further, the College of Psychologists of Ontario may conduct external audits of
psychologists’ files; the College is the organization that regulates psychologists in this province. Audits
involve accessing and inspecting client records, however I do not permit any identifiable client
information to be removed from my premises for the purpose of an external audit without your
consent. In addition, all individuals involved in such an activity are professionals required by law to
maintain the confidentiality of all information that is accessed. Finally, when psychological services are
paid for by third parties (e.g., WSIB), those third-party payers often require clients’ consent to collect
and disclose to them information that demonstrates their entitlement to this funding or coverage.
Discussing what information is shared with third-party payers is an important part of the consent
process as well as a topic that can and should be discussed as needed during service delivery, and I
encourage you to ask me questions or raise any concerns you may have on this topic.
Disclosure of Your Personal Health Information
Psychologists licensed with the College of Psychologists of Ontario have a duty to protect and
maintain client confidentiality, with the exception of very limited circumstances discussed below.
Confidentiality serves to establish and preserve trust in the client-therapist professional relationship
and provide the highest standard of care.
Under almost no circumstances is it permissible to reveal confidential information, with the exception
of the limited situations listed below. These limits of confidentiality are as follows:
Permission/Consent: When you have provided your explicit permission to disclose your
confidential information. Written consent is preferred; however verbal consent may be provided.
Child Abuse: Under the Child and Family Services Act (CFSA; 1990) there is a
duty to report promptly to a children’s aid society when there are reasonable
grounds to suspect that a child is or may be in need of protection.
Risk of Harm to Self or Others: It may be necessary to disclose confidential information to
eliminate or reduce significant risk of serious bodily harm to a person or group of persons.
If Required by Law: It may be necessary to disclose confidential information if required by relevant
law and/or legislation (e.g., court order, mandatory WSIB reporting).
Long-Term Care and Retirement Homes: There is a duty to report reasonable grounds to suspect
that a resident of a nursing retirement home has suffered harm or is at risk of harm.
Abuse by a Health Care Professional: There is a duty to report reasonable grounds to believe that
a regulated health professional (e.g., physician, psychologist) has sexually abused a patient.
When providing consent to the disclosure of your personal health information (#1 above), you may
restrict the information that I do share (with the exceptions noted above). If, however, it is my opinion
that the information you wish to restrict is reasonably necessary for another health service provider to
provide appropriate services, I am required by law to inform the other provider that you have refused
consent to provide some needed information.
The law requires that any disclosure of your personal health information is limited to information that is
reasonably necessary for the purpose of that disclosure and does not include private information
provided by a third party. Professional ethical standards governing my practice also require that I not
disclose any information that might cause serious harm to someone, unless required by law.
Protection of Your Personal Health Information
The privacy of your personal information is protected through the use of established procedures in my
office. Examples of those procedures include that paper and electronic information is secured in a
locked area, computers are password protected, paper records are transmitted in sealed and
addressed envelopes stamped “confidential,” and electronic documents are encrypted and password
protected. Email communication is only used with your consent. Faxing is used to transmit confidential
client information to verified fax numbers.
Remote electronic data storage is stored on a dedicated, encrypted system that is accessed through
user authentication and secured socket layer (SSL) encryption using a MySQL database that meets
PIPEDA and PHIPPA regulatory. Data is stored in a RAID system, meaning that data written to the
desk is simultaneously written to a second disk within the server, with the server itself housed in
Canada at a SSAE16 facility, which means that the servers are housed in sealed rooms that require
multi factor authentication, including physical keys, digital passwords, and biometric fingerprinting to
access. The server facility utilizes backup network connections and a diesel powered backup power
supply. Services feed into a secure backup pipeline, in which data transferred between the liver server
and the backup server occurred over the SSH protocol, which uses SSL security. Data can only be
accessed by the system administrator with the permission of Dr. Gray.
Retention of Your Personal Health Information
The College of Psychologists of Ontario requires that client records be kept for at least 10 years past
the date of last contact for adults and for persons who were minors at the time of receiving services,
10 years past the date he/she turns 18 years old. Paper records are destroyed through cross-cut
shredding and electronic information is deleted. Computers are reset to factory settings then
destroyed before being disposed of.
Your Access to your Personal Health Information
With a few exceptions, you have the right to access your personal health information and to request
copies of the information (I reserve the right to charge a nominal fee for record gathering and
photocopying). If the record contains personal health information about another individual, that
person’s information must be severed before you access the record. Other exceptions include access
to data from psychological assessments, information provided in confidence by a third party, and
information that could result in serious harm to someone’s treatment or recovery (including your own)
or in serious bodily harm to someone (including yourself).
If you are the custodial parent or guardian of an adolescent under the age of 18 years who has
received or is receiving service, you may not access the personal health information of that adolescent
unless (a) s/he has provided written consent for you to access such information, or (b) s/he has been
deemed incompetent to consent to the service on her or his own.
If you believe that the information in your record is not accurate, you have the right to request a
correction. This right applies to factual information, not to my clinical opinion. Your request must be in
writing and I will need 30 days to review it. Where we agree that there is an error, I will make the
necessary correction(s) and notify all individuals to whom I may have sent the incorrect information.
Correction is made in the form of an addendum, meaning that the original document is not expunged.
If I do not agree that I have made a mistake, you may submit a notice of disagreement that I must file
in your record, and I will forward that notice to all persons to whom I may have sent the information.
Questions and Concerns
I, Dr. Lori Gray, will answer any questions you may have regarding this Privacy Statement and to
provide you with any further information about privacy practices or limits of confidentiality that are
specific to your situation. If you have a concern about my privacy policies and procedures or have a
complaint about how your privacy has been handled, please do not hesitate to speak or write to me.
I, Dr. Lori Gray, am the Information Officer and will attempt to answer any questions that you might
have. I can be reached at:
If you wish to make a formal complaint about the privacy practices, you may make it in writing to the
Information Officer. I will acknowledge receipt of your complaint, ensure that it is investigated promptly,
and see that you are provided with a formal written decision with reasons.
If you have a concern about the professionalism or competence of the services, I would ask you to
discuss those concerns with me. If I cannot satisfy your concerns, you are entitled to complain to the
College of Psychologists of Ontario
110 Eglinton Avenue West, Suite 500, Toronto, ON, M4R 1A3
Phone: (416) 961-8817, (800) 489-8388, Fax: (416) 961-2635
This policy is made under the Personal Information Protection and Electronics Documents Act. That is
a complex Act and provides some additional exceptions to the privacy principles that are too detailed
to set out here. There are some rare exceptions to the comments set out above.
For more general inquiries, the Information and Privacy Commissioner of Canada oversees the
administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of
ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:
112 Kent Street, Ottawa, ON, K1A 1H3
Phone: (613) 995-8210, (800) 282-1376, Fax (613) 947-6850, TTY (613) 992-9190
I understand that to provide me with psychological services, Frontline Resilience will collect my
personal health information and other related business information.
personal information, steps taken to protect the information and my right to review my personal
questions I have about the Privacy Policies and they have been answered to my satisfaction.
I understand that, as explained in the Policies and Procedures for personal information, there are
some rare exceptions to these commitments when mandatory disclosure would be required.
I agree to Frontline Resilience’s collection, use, and disclosure of personal information about me as
set out above and and contained in these documents provided to me.