top of page

Privacy Policy

Privacy Policy

1. Introduction

 

Resilient Pathways is committed to protecting the privacy, confidentiality, and security of the personal information and health information of our clients. This policy outlines how we collect, use, disclose, retain and dispose of personal information and health information in compliance with applicable laws, regulatory standards from OCSWSSW, and good counselling practice.

 

This policy applies to all services provided by Resilient Pathways in Ontario, whether delivered in person, virtually, via telephone, email or other electronic means.

 

⸻

 

2. Definitions

    •    “Personal information”: Information about an identifiable individual (which may include name, contact information, demographic data, etc.).

    •    “Personal health information”: As defined in PHIPA: information about an individual’s physical or mental health, provision of health care to the individual, and other prescribed health-information types.

    •    “Client”: An individual receiving counselling, therapy, social work or related services from Resilient Pathways.

    •    “Services”: Any counselling, psychotherapy, social work, or other related services we provide.

    •    “We/us/our”: Resilient Pathways and its staff/contractors.

    •    “Consent”: Voluntary agreement to the collection, use, disclosure of personal/personal-health information, given by the client (or authorized representative, if applicable).

 

⸻

 

3. Legal & Regulatory Context

    •    As members of OCSWSSW (or practicing in a context subject to its standards), we abide by the Code of Ethics and Standards of Practice, including Principle V: Confidentiality: “College registrants shall hold all client information in strict confidence and comply with any applicable privacy and other legislation.”  

    •    Under Principle IV: The Social Work and Social Service Work Record, registrants must ensure records are managed in a manner that protects client privacy and in accordance with any applicable privacy and other legislation.  

    •    PHIPA (in Ontario) governs the collection, use, disclosure, retention and disposal of personal health information; we comply with its requirements where applicable, including when we are a “health information custodian” or when we handle personal health information.  

    •    PIPEDA (Canada) may apply in certain contexts where federal personal-information obligations apply (e.g., commercial operations across provinces).

    •    We also attend to the Practice Guidelines of OCSWSSW for Consent and Confidentiality (including with children & youth) and other practice-guidelines such as those for virtual/online practice.  

 

⸻

 

4. What Information We Collect

 

We collect only the personal information and health information that is reasonably necessary to provide our services. This may include:

    •    Identifying details (name, date of birth, address, contact information)

    •    Emergency contact information

    •    Relevant health and social/psychological history (including mental health, medical history, medications, previous counselling/therapy)

    •    Service-related information (sessions dates, notes, goals, progress, agreements)

    •    Billing/payment information (insurance, invoices, receipts)

    •    For virtual services: technology usage data, virtual session logs (e.g., video conference metadata)

    •    Any other information the client voluntarily provides in order to facilitate assessment and intervention

 

We inform clients at the outset (or before collection) what information is collected and why.

 

⸻

 

5. How We Use Information

 

We use the collected information for the following purposes:

    •    To establish and maintain our therapeutic relationship and provide safe, effective services

    •    To assess client needs, plan interventions, monitor progress and evaluate outcomes

    •    To communicate with clients, schedule appointments, send reminders or follow-ups

    •    To manage billing, insurance claims, payment processing, risk management

    •    To comply with legal/regulatory obligations (e.g., mandatory reporting, audits)

    •    To improve our services (anonymous/de-identified data for quality-improvement, research, training)

    •    To protect the safety of clients, others or to comply with court orders or legal obligations

 

We do not use the information for unrelated or secondary purposes unless we inform you and obtain your consent (or are otherwise permitted/required by law).

 

⸻

 

6. Consent, Disclosure and Limits to Confidentiality

 

Consent

 

At the beginning of the service relationship, we obtain the client’s informed consent for collection, use and disclosure of personal and health information. Clients may withdraw or limit consent at any time (subject to legal or contractual obligations).

We will document consent (in writing or electronically) as required.  

 

Disclosure

 

We will not disclose identifying personal or health information to third parties without the client’s consent, except in the following circumstances (limits to confidentiality) where disclosure is permitted or required by law:

    •    If there is a serious and imminent risk of harm to the client or to others (including children) and disclosure is required to protect them.  

    •    Where there is mandatory reporting (for example under the Child, Youth and Family Services Act, 2017) of child abuse or neglect.  

    •    If a court order or other legal/regulatory obligation requires disclosure.  

    •    Where our regulatory body (OCSWSSW) is conducting an investigation or proceeding and requires information.  

    •    For billing, insurance, legal or administrative processes where you have consented (e.g., you provide consent to insurance company)

    •    For supervision, peer consultation, quality-assurance purposes (with de-identified information where possible)

    •    Other limited cases permitted under PHIPA, PIPEDA or other applicable law

 

Clients will be informed early in the relationship of the limits to confidentiality, including how virtual services may introduce additional risks (see Section 9).  

 

Requesting Access or Correction

 

Clients have the right to access their records (subject to legal limitations) and to request corrections of factual errors. We will respond to such requests within a reasonable timeframe, subject to applicable legislation.

Where access is denied (in whole or in part), we will provide reasons in writing and inform the client of any review mechanisms available.

 

⸻

 

7. Record Keeping, Retention and Disposal

 

We maintain appropriate records for each client (in accordance with OCSWSSW Principle IV) that are accurate, current, legible (if paper) or stored securely (if electronic).  

 

Retention

 

We retain client records for a period consistent with professional standards, regulatory requirements, and legal obligations. For example, records may be kept for a minimum of 10 years after the last contact or longer if required (or as per the specific guidance for minors, risk matters, etc.).

(You may insert your specific retention timeframe here.)

 

Disposal

 

After the retention period expires, we ensure secure destruction of client records (shredding paper, permanently deleting electronic files, wiping backups, etc.), such that personal identifiers cannot be reconstructed.

We also ensure that electronic systems are designed so that once disposal takes place, retrieval is no longer possible.

 

⸻

 

8. Safeguards and Security

 

We use reasonable administrative, technical and physical safeguards to protect personal information and health information under our control against unauthorized access, use, disclosure, alteration or destruction. These include:

    •    Secure electronic record systems (encrypted storage, password protection, firewalls, secure backups)

    •    Secure physical storage of paper records (locked cabinets, restricted access)

    •    Secure transmission protocols for email, video-conferencing or any online platform (encryption, secure login, verifying client identity)

    •    Access controls: only those staff/contractors with a need to know may access information

    •    Regular review of security practices, updates to software/hardware, disaster-recovery and business-continuity planning

    •    Training of staff/contractors on confidentiality, privacy legislation, and secure practices

    •    For virtual/online services: we ensure that storage/servers are in a jurisdiction with protections consistent with Ontario law, or that appropriate safeguards are in place.  

 

⸻

 

9. Virtual and Electronic Practice

 

When services are delivered via electronic means (video, telephone, email, messaging), additional considerations apply:

    •    We will explain to clients the limits of confidentiality with respect to virtual practice (e.g., risk of interception, technology failure, boundaries of privacy at client’s end).  

    •    We will verify the identity of the client where feasible.  

    •    We will develop a safety plan with the client (for example: what to do if the call is interrupted, or they are not alone).  

    •    We ensure that the technology/platform used meets appropriate security standards (encryption, secure login, confidentiality of records).

    •    We inform clients if data is stored outside Ontario/Canada and explain the potential risks if applicable.

    •    Clients must ensure they are in a private location for the session, and are responsible to take steps to maintain their own confidentiality on their end (e.g., headphones, clearing screen).

 

⸻

 

10. Third-Party Service Providers

 

We may use third-party service providers for records management, billing, video-conferencing platforms, email services, etc. When we do so:

    •    We ensure that such providers are contractually obliged to safeguard confidentiality and personal information in accordance with applicable legislation.

    •    We ensure that the provider’s data-storage jurisdiction is consistent with Ontario / Canadian privacy protections (or where it is outside, we ensure additional safeguards).

    •    We limit the provider’s access to only what is needed for the service.

    •    We monitor and review the provider’s practices as necessary.

 

⸻

 

11. Client Rights and Responsibilities

 

Client Rights

 

As a client of Resilient Pathways you have the right to:

    •    Be informed about how your information will be collected, used, disclosed, retained and destroyed

    •    Give or withhold consent for the collection, use or disclosure of your information (to the extent permitted by law)

    •    Access your records, request corrections, and receive a copy of this privacy policy

    •    Ask questions regarding our privacy practices and lodge complaints if you believe your privacy has been compromised

    •    Be informed of changes to this privacy policy

 

Client Responsibilities

 

You are asked to:

    •    Provide accurate and complete information as requested

    •    Ensure your own privacy when participating in electronic/virtual services (e.g., ensuring you are in a private location)

    •    Let us know if your contact or other relevant information changes

    •    Inform us if you have concerns regarding confidentiality or security so we can address them

 

⸻

 

12. Complaints and Breach Notification

 

If you believe your privacy rights have been breached, you may:

    •    Contact us at [insert contact details: e.g., privacy@resilientpathways.ca, address, phone number]

    •    We will investigate the matter promptly, communicate the findings and, if applicable, take corrective steps

    •    If required under applicable legislation (e.g., PHIPA) we will notify you of any unauthorized access, use or disclosure of your personal health information that poses a risk of significant harm

    •    You may also contact the Office of the Information and Privacy Commissioner of Ontario (or other applicable supervisory authority) if you are not satisfied with our response

 

⸻

 

13. Amendments to This Policy

 

We may amend this Privacy Policy from time to time to reflect changes in legislation, regulatory requirements, technology, or our practices. We will notify clients of any significant changes (for example via email or at the next session) and make the updated version available on our website [insert website URL]. The date of last revision will be indicated at the top of the policy.

 

⸻

 

14. Summary of Key Points

    •    Your information is collected only as needed, with your consent, for the services we provide.

    •    We protect your confidentiality — only disclose when required by law or with your consent.

    •    We store and dispose of your records securely and in compliance with regulatory standards.

    •    For electronic/virtual services, extra safeguards and disclosures apply.

    •    You have rights regarding your information: access, correction, complaint.

    •    We abide by Ontario’s regulatory standards (OCSWSSW) and privacy legislation such as PHIPA and PIPEDA.

 

⸻

 

Contact Information

 

If you have any questions about this Privacy Policy or our privacy practices, please contact:

Resilient Pathways

Email Address: rpcounsellingandmediation@gmail.com

Website: www.resilientpathways.ca

​

​

​

​

bottom of page