Clinic 360 Privacy Policy

Policy Statement 

At Clinic 360 privacy is governed by the Personal Health Information Protection Act (PHIPA), a law that establishes rules concerning the collection, use and disclosure of personal health information. As a health information custodian, Clinic 360 and its agents (including staff, physicians, students and volunteers) are responsible for ensuring that the personal health information of our patients is treated with respect and sensitivity.

Accountability for Personal Health Information

Clinic 360 is responsible for personal health information under its control in compliance with the Personal Health Information Protection Act (PHIPA), 2004.

Accountability for compliance of the Clinic 360 with the policy rests with the Clinic Director, although other individuals within Clinic 360 are responsible for the day-to-day collection and processing of personal health information. Clinic 360 is responsible for personal health information in its possession or custody, including information that has been transferred to an agent of Clinic 360. Clinic 360 will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party. Clinic 360 has implemented policies and practices to give effect to this policy, including but not limited to:

  1. Procedures to protect personal health information.
  2. Signing of a Confidentiality Agreement by all agents of Clinic 360 prior to commencement of employment or affiliation with Clinic 360.
  3. Procedures to receive and respond to complaints and inquiries about Clinic 360’s information practices.
  4. Responding to requests for access to, or corrections of, personal health information in the custody of Clinic 360.

Identifying Purposes for the Collection of Personal Health Information

Permitted purposes are the delivery of direct patient care, the administration of the health care system, and meeting legal and regulatory requirements as directed in by PHIPA. 

Identifying the purposes for which personal health information is collected at or before the time of collection allows Clinic 360 to determine the information it needs to collect to fulfill these purposes.

We only collect the information that is required to provide patient care and administrative duties which includes but are not limited to communicating with patients, follow up protocols and setting of appointments. We do not collect any other information, or allow information to be used for other purposes, without the patient’s express consent. This excludes where we are authorized to do so by law. These limits on collection ensure that we do not collect any unnecessary information.                                                                  

Consent for the Collection, Use & Disclosure of Personal Health Information

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal health information, except where inappropriate.

Note: In certain circumstances, personal health information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. Seeking consent may be impossible or inappropriate, for example when the individual is seriously ill or mentally incapacitated. In these circumstances, consent of the individual’s substitute decision maker will be sought, where feasible.

Consent is required for the collection of personal health information and the subsequent use or disclosure of this information. Typically, Clinic 360 will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when Clinic 360 wants to use information for a purpose not previously identified). Clinic 360 will make a reasonable effort to ensure that the individual is advised of the purposes for which the information will be used. To make the consent meaningful, the purposes must be stated in such a manner that the individual can reasonably understand how the information will be used or disclosed. Clinic 360 will not, as a condition of providing care, require an individual to consent to the collection, use, or disclosure of information beyond that required to fulfill the specified and legitimate purposes.  In obtaining consent, the reasonable expectations of the individual are also relevant. Clinic 360 can assume that an individual’s request for treatment constitutes implied consent for specific purposes.  The way in which Clinic 360 seeks consent may vary, depending on the circumstances and the type of information collected.

Individuals can give consent in many ways. For example:

  1. A form may be used to seek consent, collect information, and inform the individual of the use that will be made of the information. By completing and signing the form, the individual is giving consent to the collection and specified uses and/or disclosures.
  2. Consent may be given verbally or in writing at the time that individuals use a health service
  3. Consent may be given verbally when information is collected over the telephone.

In cases where express consent is required and it is provided verbally, this exchange is documented in the patient’s record of personal health information.

An individual may withdraw consent at any time, subject to legal restrictions and reasonable notice. Withdrawal of the consent will not have a retroactive effect. Clinic 360 will inform the individual of the implications of such withdrawal.

Limiting Collection of Personal Health Information

The collection of personal health information will be limited to that which is necessary for the purposes identified by Clinic 360. Information will be collected by fair and lawful means. Clinic 360 will not collect personal health information indiscriminately. Information collected will be limited to that which is necessary to fulfill the purposes identified.  This requirement implies that consent with respect to collection must not be obtained through deception.

Limiting Use, Disclosure & Retention of Personal Health Information

Personal health information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.  Personal health information will be retained only as long as necessary for the fulfillment of those purposes. If using personal health information for a new purpose, Clinic 360 will document this purpose. Personal health information that is no longer required to fulfill the identified purposes will be destroyed, erased, or made anonymous in accordance to applicable legislation.

Ensuring Accuracy of Personal Health Information

Clinic 360 will take reasonable steps to ensure that information is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about the individual. Limitations on the accuracy and completeness of personal health information disclosed will be clearly set out to the recipient where possible. When an individual successfully demonstrates the inaccuracy or incompleteness of personal health information; Clinic 360 will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.

When a challenge is not resolved to the satisfaction of the individual, Clinic 360 will record the substance of the unresolved challenge in the form of a letter from the patient stored in the patient’s medical record. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.          

Ensuring Safeguards for Personal Health Information

Security safeguards appropriate to the sensitivity of the information will protect personal health information.  Security safeguards are used to protect personal health information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.  Clinic 360 protects personal health information regardless of the format in which it is held.  The nature of safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage.

The methods of protection will include:

  1. physical measures, for example, locked filing cabinets and restricted access to offices
  2. organizational measures, for example, policies, training, limiting access on a “need-to-know” basis
  3. technological measures, for example, the use of passwords, secure computer networks, encryption, and audits

Clinic 360 will make its employees aware of the importance of maintaining the confidentiality of personal health information. As a condition of employment, all new Clinic 360 employees/agents (e.g., employee, clinician, volunteer , student, consultant, or contractor) must sign a Confidentiality Agreement with Clinic 360. This safeguard may also be facilitated through contractual provisions. Personal health information being transported outside of Clinic 360 will be done so in a secure manner.
Care will be used in the disposal or destruction of personal health information, to prevent unauthorized parties from gaining access to the information.

Openness About Personal Health Information Policies & Practices

 Clinic 360 values patient privacy and acts in accordance to ensure that it is and remains protected. This policy was written to explain how our office practices and upholds federal and provincial requirements for the protection of personal information. This policy describes how our office collects, protects and discloses the personal information of patients and the rights of patients in respect to their personal information. As an office, we are available to answer any patient questions regarding our privacy practices

Individual Access to Own Personal Health Information

Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal health information and will be given access to that information. A written request may be required by Clinic 360 to adequately identify you. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, Clinic 360 may not be able to provide access to all the personal health information it holds about an individual. Exceptions to the access requirement will be in accordance with the law. The reasons for denying access will be provided to the individual. Examples may include information that could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege.

Upon request, Clinic 360 will inform an individual whether or not it holds personal health information about that individual. Clinic 360 will seek to indicate the source of this information and will allow the individual access to this information. However, it may choose to make sensitive medical information available through a medical practitioner.

An individual will be required to provide sufficient information to permit Clinic 360 to provide an account of the existence, use, and disclosure of personal health information. The information provided will only be used for this purpose. In providing an account of third parties to which it has disclosed personal health information about an individual, Clinic 360 will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, Clinic 360 will provide a list of the organizations to which it may have disclosed information.

Clinic 360 will respond to an individual’s request within the period specified in the
Personal Health Information Protection Act and at reasonable cost to the individual. Clinic 360 uses the fee structure recommended by the Information and Privacy Commissioner of Ontario.

Challenging Compliance with Clinic 360’s Privacy Policies & Practices

An individual will be able to address a challenge concerning compliance with this policy. Clinic 360 has procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal health information. Clinic 360 will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. Clinic 360 will investigate all complaints. If a complaint is found to be justified, Clinic 360 will take appropriate measures, including, if necessary, amending its policies and practices.

Complaints can be directed to the Clinic Director at:

Alina@clinic360.com

Individuals may also make a complaint to the Ontario Information and Privacy Commissioner.

 Definitions

Agent – A person that, with the authorization of Clinic 360, acts for or on behalf of the organization in respect of personal health information for the purposes of Clinic 360 and not the agent’s own purposes, whether or not the agent has the authority to bind the custodian, whether or not the agent is employed by Clinic 360 and whether or not the agent is being remunerated.  Examples of agents of Clinic 360 include, but are not limited to: employees, volunteer, students, physicians, residents, consultants, researchers, vendors.

Health Information Custodian – Listed persons or organizations under the Personal Health Information Protection Act such as hospitals, who have custody or control of personal health information as a result of the work they do. As a public hospital, Clinic 360 is considered to be a Health Information Custodian (Personal Health Information Protection Act, 2004, Schedule A).

Personal Health Information – Information about an individual whether living or deceased and whether in oral or recorded form. It is information that can identify an individual and that relates to matters such as the individuals physical or mental health, the providing of health care to the individual, payments or eligibility for health care in respect of the individual, the donation by the individual of a body part or bodily substance and the individuals health number. (Personal Health Information Protection Act, 2004, section 4.1)  Personal health information can be information about a physician or other care provider, a hospital staff person, a patient, or a patient’s family member. Examples of personal health information include a name, medical record number, health insurance number, address, telephone number, and personal health information related to a patient’s care such as blood type, X-rays, consultation notes, etc.

Record of Personal Health Information – The Personal Health Information Protection Act defines a record as personal health information in any form or in any medium whether in written, printed, photographic or electronic form or otherwise.

Terms & Conditions – 360 Sleeve E-Commerce & Facebook Storefront

1. General
By purchasing from the 360 Sleeve online store or Facebook storefront, you agree to the following terms and conditions. These terms apply to all transactions made through our e-commerce platforms.

2. Order Processing & Payment

  • Orders are processed within 1-3 business days after payment confirmation.
  • We accept major credit cards and other payment methods as specified at checkout.
  • Prices are listed in CAD and are subject to change without notice.

3. Shipping & Delivery

  • Shipping rates and estimated delivery times are provided at checkout.
  • We are not responsible for delays caused by carriers, customs, or unforeseen circumstances.
  • Customers are responsible for providing accurate shipping information. Orders with incorrect addresses may result in additional fees.

4. Return & Refund Policy

Skin Care Products:

  • Returns accepted within 30 days of purchase if the product is unopened and in its original packaging.
  • Opened or used products are non-returnable and non-refundable.

Vitamins & Consumable Products:

  • All sales are final. Due to safety and health regulations, we do not accept returns or issue refunds on vitamins or any other edible/consumable products.

Damaged or Incorrect Items:

  • If you receive a damaged or incorrect item, contact us within 5 days of delivery at [insert customer support email].
  • Please provide photos of the item and packaging for verification.

5. Exchanges

  • We do not offer exchanges. If eligible, you may return an unopened item and place a new order.

6. Facebook Storefront Purchases

  • The same return and refund policies apply to purchases made through our Facebook Storefront.
  • All transactions made via Facebook are subject to Facebook’s commerce policies in addition to our store policies.

7. Cancellations

  • Orders may be canceled within 24 hours of placement if they have not yet been shipped. Once shipped, orders cannot be canceled.

8. Changes to Terms & Conditions
360 Sleeve reserves the right to update these terms at any time without prior notice. Any changes will be reflected on this page.

For further inquiries, please contact our customer support team at [insert contact info].

By completing your purchase, you acknowledge and agree to these terms.