top of page

Privacy Policy

1. Introduction

At ISM we are committed to protecting the privacy and confidentiality of your personal health information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in compliance with the Personal Health Information Protection Act, 2004 (PHIPA) and the standards set by the College of Registered Psychotherapists of Ontario (CRPO).

2. Collection of Personal Health Information

We collect personal health information directly from you or from individuals you have authorized. This information includes, but is not limited to:

  • Your name, date of birth, address, and contact information

  • Health history, including mental and physical health

  • Family health history

  • Records of your visits, sessions, and the care provided

  • Billing and payment information (We do not keep payment information)

We collect this information to provide you with appropriate care, to communicate with you, and to fulfill our administrative and legal obligations.

3. Use and Disclosure of Personal Health Information

Your personal health information is used to:

 Provide assessment, diagnosis, and treatment

  • Communicate with you regarding your care

  • Coordinate care with other healthcare providers within your circle of care

  • Process payments and insurance claims

  • Comply with legal and regulatory requirements

We will not disclose your information without your consent, except in the following circumstances:  

  • When there is a risk of serious harm to you or others

  • When there is suspicion of child abuse or neglect

  • When required by law, such as a court order

  • When reporting misconduct by a regulated health professional

In situations involving group, family, or couple therapy, information disclosed by individuals is kept confidential and is not shared without consent.

4. Safeguarding Your Information

We take the following measures to protect your personal health information:

  • Storing paper records in locked cabinets

  • Using secure, password-protected electronic systems

  • Implementing policies to prevent unauthorized access

  • Training staff on privacy and confidentiality protocols

We retain your records in accordance with CRPO guidelines.

5. Access and Correction

You have the right to access your personal health information and request corrections if you believe there are inaccuracies. Requests must be made in writing, and we will respond within 30 days. If we cannot fulfill your request, we will provide an explanation.

 6. Privacy Breaches

In the event of a privacy breach, we will:

  • Notify you promptly

  • Investigate the breach

  • Take steps to mitigate any harm

  • Report the breach to the Information and Privacy Commissioner of Ontario, if required

bottom of page