1. Purpose and Scope

This policy applies to all personal information collected from clients, patients, employees, contractors, and anyone engaging with CAYA Health Centre. It governs the way we manage personal information throughout its lifecycle.

2. Collection, Use, and Disclosure of Personal Information

We collect only the information necessary to:
– Provide healthcare services,
– Coordinate care (e.g., referrals to labs, specialists, or hospitals),
– Manage billing (including MSP and private insurers),
– Maintain administrative records,
– Meet legal and regulatory obligations,
– Engage in health research and statistical reporting (with no patient identifiers shared unless specifically authorized).

Examples of collected information include contact details, health history, care needs, insurance information, and billing records.

Consent:
By seeking care at CAYA, you give implied consent for the use of your information for your treatment and care coordination. For our allied health services, you will be invited to sign a separate consent form detailing services and other considerations.

We will always obtain your explicit written consent before sharing information for other purposes, unless required by law (e.g., a court order). No information will go to other doctors’ offices, therapists, lawyers, etc., without your specific written consent unless a judge signs a court order.

We do not sell, rent, or trade your personal information.

3. Safeguarding Your Information

We use a combination of physical, technical, and administrative safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.

Safeguards include:
– Secure electronic systems,
– Confidentiality agreements with all staff and contractors,
– Controlled access to information based on role necessity,
– Secure disposal of outdated records.

4. Accessing and Correcting Your Information

You have the right to:
– Request access to your personal records,
– Request correction of any inaccuracies.

Requests can be made through our management team, who will assist you through the process. Please note that, under PIPA, access may be limited in rare cases where disclosure could cause harm or breach another person’s confidentiality.

If a correction is requested:
– Verified errors will be corrected within 30 days,
– Any third parties who received incorrect information within the past year will be notified,
– If a correction is not made, a statement of disagreement will be attached to your record.

5. Retention and Disposal

We retain personal information only as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and professional requirements.

When information is no longer required, it is securely destroyed or anonymized.

6. Questions, Concerns, or Complaints

If you have questions about how your personal information is collected, used, or protected at CAYA Health Centre, or if you would like to raise a concern, please contact our management team:

Clinic Manager, Isabell Boese
CAYA Health Centre
Info@cayahealthcentre.com

A member of our leadership team will respond to your inquiry and work with you to address any concerns. If our office has not dealt with your concern to your satisfaction, you can contact the College of Physicians and Surgeons of BC, the College of Health and Care Professionals of BC, and speak with their privacy officer to help solve the issue.

If you are still not satisfied, you can contact the Office of the Information and Privacy Commissioner for BC, who has the final word on the matter. Our privacy officer will provide you with the necessary contact information and the procedure to follow should you require it.

7. Third-Party Service Providers

To help us deliver the best possible service, we use third-party service providers for various operational purposes. These services may include hosting, cloud storage, analytics, billing, and more. Some of these third-party services include:

– JaneApp: For online booking, patient records, and clinical management.
– Google Workspace: For email and document management.

– Google Analytics: For tracking metrics and usage on our website
– Cortico: For secure communication and data exchange.

– WordPress: To create and host our website, store and process data obtained through our website

We ensure that these Third-Party Service Providers comply with privacy and security standards that align with our privacy policies. Information collected by these service providers may be stored on servers located outside of your province, country, or jurisdiction, which may have different data protection laws. However, we take appropriate measures to ensure that your data is handled securely.

8. Passive Data Collection

In addition to the personal information you provide directly to us, we may also collect information automatically through the use of cookies and other tracking technologies when you visit our website.

Cookies:
We use cookies to enhance your experience on our website by remembering your preferences and providing personalized content. Cookies are small pieces of data stored on your device, and they help us understand how users interact with our website. You can manage cookie settings through your browser, but disabling cookies may affect your ability to use certain features of the website.

Log Data:
When you visit our website, we automatically collect information such as your IP address, browser type, device type, the page you accessed, and the time of your visit. This information helps us monitor and improve the performance of our website.

9. Website-Specific Privacy

When you visit our website, Google Analytics platforms may collect non-identifiable information for the purpose of improving our services and understanding our user base. This includes, but is not limited to, data on how you use our website, the types of devices you use, your general location, and interactions with our website’s content.

Updated: April 28, 2025