PIPA

For the privacy and security of health information in British Columbia, private practitioners must follow the Personal Information Protection Act (PIPA). This is BC’s private sector privacy law, and has been deemed “substantially similar” to PIPEDA. PIPA sets the rules for the collection, use and disclosure of personal information and personal employee information by private sector organizations in British Columbia.

Our Booking Service, Owl

Compliance with Privacy Laws in British Columbia (PIPA)

You have the right to request access to your personal health information.

Extensive export options make exporting Client information out of Owl simple and easy. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.

Unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of information. Here are some of the safeguards they suggest, and how they relate to Owl:

Technological security, such as password protection and encryption on computers and mobile devices

Owl helps practices achieve this security through our own security measures. At Owl, we use bank-level encryption (SSL) to encrypt all data that moves between our secure and dedicated servers and the device and browser on which a clinician accesses their Owl Practice account. Data that is encrypted between our secure and dedicated servers and the device and browser on which a clinician accessing their Owl account is done using SHA256 with RSA. We continuously test our systems to ensure all of our encryption layers have the most up-to-date patches for any vulnerabilities that surface over time (example: Heartbleed/CVE-2014-0160).

Administrative security, such as confidentiality agreements and terms of use for information technology, and a role based access to any systems that means employees are only provided access to the information they need to do their job:

Owl’s User Types allow practices to achieve this security, as Office Admin and Therapist Users can be limited from accessing certain types of information in the practice that they may not need access to.

Digital Communications & Social Media

Regulatory Body

British Columbia Association of Clinical Counsellors

Friending and Connecting Arches Counselling or individual therapists do not accept friend or contact requests from current or former clients on any social networking site. Confidentiality and privacy may be compromised and maintains to protect professional boundaries of the therapeutic relationship. 

Following

Arches Counselling requires no social media contact with clients but encourage you to stay up-to-date by following us on Instagram.

Arches Counselling will not follow any individuals and only uses social media for business purposes. If you have any concerns or you have a business that we follow, we encourage you to let us know as soon as possible. If aspects of your online activities are relevant than please bring them into your session.

Contact

SMS (mobile phone text messaging) can be used for scheduling but do not share anything that if there were a breach of security, the cell phone was lost that this information could be made public. I always store your contact with initials; however, it would be easy enough to trace a phone number back to a name.  Messages on Social Networking sites are not secure and may not be responded to. Arches encourage all clients to use the secure messaging platform that OWLpractice provides.  Please be aware that any content in email or text that is considered relevant to your well-being as a client will be copied and added to your notes.   Emailing Please be aware that any content related to your therapy sessions is retained in the logs of both your and our internet service providers. Any information exchanged is vulnerable to a confidentiality breach and becomes part of your legal record.  If you have questions or concerns about any of these policies and procedures or regarding our potential interactions on the Internet, do bring them to my attention so that we can discuss them.   Electronic Devices If any of your devices use location-based services or have a passive LBS app enabled on your phone it may be possible to track visits to the office.

Business Review Sites

Arches Counselling is listed on several sites Yelp, Google, Yahoo, and other business listings. As a client, a request for a testimonial, rating, or endorsement may also compromise your privacy and confidentiality.  The British Columbia Association of Clinical Counsellors (BCACC) Standard for Promoting and Advertising Services states, “an RCC should never solicit testimonials, expressly or by implication, from clients or other persons who, because of their particular circumstances, may be vulnerable to undue influence” (BCACC Code of Ethical Conduct and Standards of Clinical Practice and Guidelines for Registered Clinical Counsellors, 2011). In the 2014 revision of the ethics code. The summary is that counsellors can use unsolicited testimonials as long as they have discussed the implications with the client and received his or her permission  If you are ever unsatisfied we encourage you to bring it up to your therapist directly, another staff member at Arches Counselling. We do have external professionals who are willing to mediate any issue that cannot be resolved.

This social media policy is adapted from Keely Kolmes, Psy.D and licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License, making it available to other mental wellness professionals.