a)      Accountability:  We are responsible for all personal information under our control. We have appointed a Privacy Officer who is responsible to ensure compliance of the Privacy Policy. All staff members at Prairie Fitness & Rehab are required to comply with our privacy policy.  If it is necessary to disclose or transfer personal information to third parties as set out in the Privacy Policy we use safeguards to provide protection of this information.
 

b)      Identifying Purposes:  When we need to collect personal information, we will identify the purpose for which the information is required in a clear, informed way.  If we want to use any personal
information for a purpose other than what was identified at the time the personal information was collected, we will get prior consent of the individual to that additional use.
 

c)      Consent:  Personal information will only be collected, used or disclosed with the knowledge and consent of the individual.  Consent for the use or disclosure of personal information will be obtained at the time of collection as well as when a new use is identified.
 

d)      Limiting Collection:  We only collect the amount and type of personal information required for our identified proposes.  We only collect personal information by fair and lawful means.
 

e)      Limiting Use, Disclosure and Retention:  Personal information will be used and disclosed only for the purpose for which it was collected or as required by law.  When personal information is no longer required to fulfill the purpose for which it was collected, it will be destroyed, provided there are no legal requirements for its continued retention.  Our practices for information and records retention and destruction meet provincial and federal standards and compliance of all professional regulatory bodies.
 

f)      Accuracy:  We will minimize the possibility of incorrect personal information by making sure all personal information collected is as accurate, complete and up-to-date as is necessary for the purposes for which it is used, when making a decision about the individual, and when disclosing information to third parties.
 

g)      Safeguards:  We will ensure personal information will be protected with safeguards appropriate to the nature of the information. Employees will be made aware of the importance of maintaining the confidentiality of personal information, and we will be careful when destroying or disposing of personal information to prevent unauthorized users from gaining access to it.  We will safeguard personal information by physical measures including locked filing cabinets and restricted access; organizational measures including individualized security alarm codes, security cameras, confidentiality contracts, training/education and limiting access; and technological measures including passwords and firewalls, etc.
 

h)      Openness:  Individuals will have access to our policies and procedures concerning personal information including: how to gain access to their personal information, the type of personal information that is kept by us and/or transferred to third parties (including a general account of its use), the name and contact information of our Privacy Officer, how to submit a complaint, and information on our policies, standards and codes pertaining to personal information.
 

i)      Individual Access:  Inform individuals (when requested) if we have any personal information about them.  Explain how it has been used and provide a list of third parties to which it has been disclosed.  We will grant individuals access to their personal information when requested in writing and respond to requests in a timely fashion and at no or reasonable cost to the individual.  Any individual who needs assistance in preparing a written request for personal information will be assisted.  Requested information provided to the individual will be in understandable format.  An individual can challenge the accuracy of his or her personal information and request to have it amended.  We will send any information that has been amended, where appropriate, to any third parties that have access to the information. Certain requests for access may be refused if permitted or required by law, or if subject to the exceptions outlined in HIPA.  The reasons for denying access will be provided to the individual in writing, including information on any recourse available.
 

j)      Recourse/Questions:  We will provide recourse where available.  All written complaints will be investigated.  If justified, we will take all appropriate measures, including if necessary, amending our policies and procedures.  We will notify the complainant of the outcome of the investigation.  We will record any disagreement on file and advise third parties where it’s appropriate.