Privacy and Personal Information Protection Policy
Introduction
SSMT Clinic places great importance on protecting the personal information of its patients, employees, and partners. We are committed to complying with the Act Respecting the Protection of Personal Information in the Private Sector and applying rigorous standards to ensure the confidentiality and security of collected data. This policy describes our practices regarding the collection, use, sharing, retention, and destruction of personal information.
1. Collection of Personal Information
We collect the following personal information:
- Identification Data : Full name, date of birth, health insurance number and expiration date, full address, phone number, and email address.
- Medical Information : Medical history and reason for consultation.
- Additional Contact Information : Pharmacy details.
- Payment Information : Required for cancellation policies, missed appointments, or medical record opening fees.
This information is collected through:
- Paper forms completed in the clinic.
- Online forms available on our website.
Consent is implicit in all cases, except for payment information, where explicit consent is required.
2. Use of Personal Information
The personal information collected is used for the following purposes:
- Identification : Full name, date of birth, and health insurance number to verify patients' identity.
- Healthcare Services : Medical history and reason for consultation to provide appropriate care.
- References and Analyses : Health insurance number expiration date for lab samples, referrals, or prescriptions.
- Communication : Contact details to confirm appointments, send prescriptions to pharmacies, or notify of clinic closures.
- Patient Portal: : Email address for accessing a secure platform containing medical information.
3. Sharing of Personal Information
Personal information may be shared with the following third parties:
- Laboratories for medical analyses.
- Specialized Clinics for referrals or diagnostic examinations.
- Hospitals and Other Healthcare Professionals to ensure continuity of care.
- Insurers for administrative purposes.
- Telus Health for managing records through the Medesync EMR system.
These exchanges are primarily conducted via fax or the secure messaging system of our Medesync EMR. We ensure that partners adhere to strict security standards.
4. Security Measures
The security of personal information is a priority. We implement the following measures:
- Secure System : Data is stored in the Medesync EMR, compliant with Telus Health standards and the Quebec Ministry of Health and Social Services' Quebec Program for Electronic Medical Record Adoption.
- Restricted Access : Each user has a unique password with two-factor authentication.
- Training and Audits : Staff receive regular training, and internal audits are conducted to ensure compliance.
- Document Destruction : Paper documents are destroyed after digitization or through secure services such as Recyshred, a company specializing in the destruction of confidential documents.
5. Retention of Information
Electronic records are retained indefinitely in the Medesync EMR in compliance with our needs and legal requirements. Paper documents are temporarily stored before being digitized or securely destroyed.
6. Patient Rights
Patients have the following rights:
- Access : Request a copy of their medical record (verbally or in writing).
- Modification : Correct inaccurate information through a request or the patient portal.
- Deletion : Submit a verbal or written request to delete personal information, subject to legal obligations.
No specific form is required for these requests. Patients can contact the clinic’s administrative staff to make modifications.
7. Cookies
The website uses cookies to analyze traffic and personalize the user experience. This data includes:
- IP address
- Operating system
- Pages visited and requests
- Date and time of connection
You can configure your browser to disable cookies, but certain website functionalities may be limited.
8. Policy Updates
This policy is updated regularly. The online version is always the most recent.
9. Personal Information Protection Officer
The personal information protection officer is Françoise Houle, General Manager of the clinic. For any questions or requests regarding this policy, you can contact her at: