Patient Privacy Policy


The term Employees shall refer to all employees, volunteers, seconded workers, students, contractors, and agencies or organizations providing services to or acting on behalf of the Ingersoll NPLC.


The Ingersoll NPLC is dedicated to quality patient care and improving the health status of our communities. A patient’s right to privacy is balanced with the Ingersoll NPLC’s obligation to provide effective health care treatment.

The Ingersoll NPLC is a medical facility which handles sensitive patient information on a regular basis. In accordance with the Privacy Act, the Ingersoll NPLC requires all Employees to handle sensitive personal patient information in a confidential and appropriate manner. It is understood that any individuals acting on behalf of the Ingersoll NPLC will become aware of confidential information regarding our patients through the course of their employment. Employees agree that if confidential information is not effectively protected, the operations of the Ingersoll NPLC may be threatened, and the well-being and privacy of our patients may suffer irreparably.


Personal Health Information (PHI) is “identifying” information about an individual’s health or health care history. It includes:
• The individual’s physical or mental health, including family history
• The provision of health care to the individual
• Long-term care services
• The individual’s health card number
• Blood or body part donations
• Payment of eligibility for health care
• The identity of a health care provider or a substitute decision maker for the individual.

A health information custodian (HIC) is an individual or organization that, as a result of their power or duties, has custody or control of personal health information.

Examples of health information custodians include
• Health care practitioners (family physicians, nurses, social workers, dietitians, etc)
• Hospitals, including psychiatric facilities
• Pharmacies
• Laboratories
• Nursing homes, retirement homes and long term care facilities
• Community Care Access Centres
• Ambulance services
• Ministry of Health and Long Term Care

The Ingersoll NPLC contact person is an agent of the health information custodian and is authorized on behalf of the custodian to,
a) facilitate the custodian’s compliance with this Act
b) ensure that all agents of the custodian are appropriately informed of their duties under this Act;
c) respond to inquiries from the public about the custodian’s information practices;
d) respond to requests of an individual for access to or correction of a record of personal health information about the individual that is in the custody or under the control of the custodian; and
e) receive complaints from the public about the custodian’s alleged contravention of this
Act or its regulations. 2004, c. 3, Sched. A, s. 15 (3).

The Clinic Manager will act as the Privacy Officer and the contact person for the Ingersoll NPLC Health Information Custodians.

The contact details for the Privacy Officer are as follows,

Stephanie Nevins, Clinic Manager
Phone: 519 926 6752

The Circle of Care is not a defined term under PHIPA. It is a term of reference used to describe health information custodians and their authorized agents who are permitted to rely on an individual’s implied consent when collecting, using, disclosing or handling personal health information for the purpose of providing direct health care.

At the Ingersoll NPLC, the circle of care can include:
• NPs
• Physicians
• Nurses
• Specialist or other health care providers
• Health care professionals selected by the patient (e.g., pharmacist)
• Counsellors
• Administrative personnel

Consent – express consent may be given verbally, in writing or by electronic means.

Implied consent permits a health care custodian to infer from the surrounding circumstances that an individual would reasonably agree to the collection, use of disclosure of his/her personal health information.

What are the implications of PHIPA for the Ingersoll NPLC?
1. Health information may be sent to a specialist, and returned to the primary care provider without patient consent. This is considered to be transfer of information within the circle of care and consistent with good clinical care
2. The Ingersoll NPLC must request and receive express consent before providing health information to anyone outside of the circle of care – e.g., insurance companies, employers
3. Ingersoll NPLC staff must not provide patient health information to anyone other than the patient without express consent of the patient. This includes the provision of information to family members.
4. Staff must use their best efforts to protect patient confidentiality. Records should be protected, computer screens should not be visible to patients or visitors, and conversations should be kept private.
5. Employees must not access patient records unless required for treatment or care purposes. Doing so unnecessarily or without patient consent is cause for disciplinary action, including dismissal.


The Ingersoll NPLC abides by the Health Information Protection Act (November 2004), comprising both the Personal Health Information Protection Act (2004) (PHIPA) and the Quality of Care Information Protection Act (2004) (QCIPA).

The Ingersoll NPLC is responsible for the personal information and personal health information under its control and will in good faith endeavour to ensure that all personal information will be kept private, confidential and secure.

Ingersoll NPLC employees are accountable for maintaining confidentiality and privacy of all information collected, accessed or disclosed during and after their employment or professional contact.

To review the Ingersoll NPLC’s full Privacy and Confidentiality Policy or for any inquires please contact,
Stephanie Nevins, Clinic Manager
Phone: 519 926 6752