Protecting health information - Personal health information act

We value patient privacy and act to protect it. The new provincial legislation (PHIA) is intended to ensure that personal health information management rules are clear, consistent and relevant to all records of personal health information. The following statement was written to capture our current practices and to respond to legal requirements for the protection of personal health information. Under PHIA, we have an obligation to protect the privacy of the information we collect, use and disclose about you. This policy describes how our clinic collects, protects, uses and discloses personal information, and the rights of the patients with respect to their personal health information.


We collect the following personal information: Identification and Contact information including but not limited to: name, date of birth, address, phone number, health card number and expiry date. This includes financial information related to your eligibility for health care services. We also collect Health information, which may include among other things: physical and mental health history, presenting symptoms, family history and medications.


Information collected from patients in this clinic will be used for: identification and contact, emergency contact, provision and continuity of medical care, historical medical record, health promotion and prevention, administration of care provided, prioritization of scheduling, billing for medical services, professional requirements, risk or error management, quality assurance, planning of health care services, and research trials or studies approved under PHIA.


The "Physician Custodians" in our clinic are ultimately responsible for the protection of the personal health information in our possession. This clinic only collects, uses and discloses personal information for the purposes of providing care and treatment,, or for the administration of such care. Anyone in our clinic who is required to review your personal health information would have access to it. We may disclose personal health information to health professionals outside of our clinic if they are in the "circle of care" for your medical problems, enabling them to provide appropriate care to you.

(a) Knowledgeable Implied Consent - Unless otherwise indicated, we assume that the patients have consented to the use of their information for the purposes of providing care, including sharing that information with other health care providers involved in their care. By virtue of seeking care from us, the patient's consent is implied for the provision of that care. Relevant health information may be shared with other providers in our clinic who are in the "circle of care".

(b) Without Consent - There are limited situations where our physicians are legally required to disclose personal information without the patient's consent. Examples include, but are not limited to: billing health plans, reporting specific diseases, reporting abuse, reporting fitness to perform a particular function, by court order, in regulatory investigations, for quality assessment, for risk management reasons.

(c) Express Consent - The patient's express written consent will be required before we disclose personal information to third parties for any purpose other than to provide care or when required by law. Before a disclosure is made to a third party, a note shall be made in the patient's chart that the patient has provided express written consent and a copy of such consent will be appended to the patient's file.

(d) Withdrawal of Consent - Patients have the right to withdraw their consent to disclosure with other health providers or third parties at any time. If a patient chooses to withdraw their consent, the physician will discuss any significant consequences that might result with respect to care and treatment.


Safeguards are in place to protect the security of patient information. These consist of a combination of administrative, physical and technological safeguards. We use the following administrative safeguards: office information management policy, access restricted to authorized users on a need-to-know basis, and maintaining confidentiality agreements with our staff that persist beyond their employment with us, as well as contractual agreements with others that may have access to our space. We use the following physical safeguards: limited access to our space by third parties, closed reception area, and monitored alarm system, office layout features and front desk privacy screen. We use the following technological safeguards: user authorization and individual passwords, virus scanning and firewall software, separate internet access, encryption of information that arrives electronically and special care is taken with mobile devices such as laptops. Employees and all others in this office, including locum physicians and students must be aware of and adhere to the protection described in this policy.


We retain patient records as required by law in the province of Nova Scotia, and college regulations. We retain records for a period of ten years following the patient's last visit with our physicians, or for ten years past the age of majority (age 19) in the case of minors. When information is no longer required, it is destroyed according to set procedures that govern storage and destruction of records. Paper records are shredded in a secure fashion. For electronic records, we seek expert advice to make certain that the patient's record is removed from any on-site data storage device, including CD's and DVD's. We maintain a log of destroyed records with the patient's name, date and method of disposal.

return to page top


Patients have the right to access their personal information in a timely fashion. There are specific limited exceptions to what you cannot access including information that was collected during an investigation, or information that includes the personal information of another person. If a patient requests a copy of their chart, one shall be provided for a reasonable fee. If a patient wishes to view the original chart, one of our staff must be present to maintain the integrity of the record, and a reasonable fee may be charged for this service. Patients must submit their request in writing and we will respond in a timely fashion. In extremely limited circumstances, a patient's request may be denied if the physician deems that access to the record would create a risk to the patient or to another person, or if the disclosure would reveal personal information about another person who has not consented to the disclosure. In this case, we would do our best to separate out the relevant information.


We make every effort to ensure that all patient information is recorded accurately. If an inaccuracy is noted, the patient can request changes to their own record by contacting our privacy contact person in writing. There are limited exceptions to your right to a correction of your record, including when you the information you request to be corrected is part of a professional opinion of a health care practitioner. No notation may be made without the authorization of the physician.


If your personal health information is breached and we believe that this breach may cause you harm or embarrassment, we are required to notify you of the breach, or report it to the Review Officer for PHIA. If a patient believes that their personal health information was not handled appropriately, they may file a complaint with our privacy contact person, who will provide the necessary information and forms. If this does not resolve the complaint, further review may be requested by the PHIA Review Officer. Our privacy contact person can provide you with the contact information at your request.

return to page top

Adapted from the PHIA Toolkit for Custodians, April 2013

Meet the staff at Crossroads Family Practice


Our duty clinic is open Monday to Friday.


Please bring your medications with you when you visit.

Please Remember