Privacy policy

Our Commitment to Your Privacy

At Nemati Psychology, respecting your privacy and safeguarding your personal health information is a core part of our commitment to ethical, responsible, and client-centered care. We are dedicated to being transparent about how your information is collected, used, stored, and protected, in compliance with the Personal Health Information Protection Act, 2004 (PHIPA) and all applicable privacy laws.

This Privacy Policy is designed to clearly explain how your information is collected, used, stored, and protected, so you can feel confident and secure in choosing us for your care.

Who We Are

Nemati Psychology is a group practice comprised of licensed psychologists. We may be supported by administrative staff who assist with scheduling, communications, and clinic operations.

At times, we engage external service providers, such as accountants, bookkeepers, insurance processors, credit card payment services, and legal consultants, who may have limited access to administrative information strictly as needed to perform their duties. Access is restricted to the minimum necessary information, and we require all external partners to adhere to confidentiality obligations and recognized privacy standards.

What is Personal Health Information (PHI)?

Personal Health Information (PHI) refers to any identifying information about you that relates to your health or the provision of health care services. This includes, but is not limited to:
- Your name, date of birth, contact information, and health insurance number
- Information about your physical or mental health history, including family health history
- Health services you have received or may require
- Psychological assessments, clinical notes, and treatment plans
- Billing and payment information
- Substitute decision-maker details
PHI can be recorded orally, in writing, electronically, or photographically.

Collection of Information About the General Public

We may collect non-identifiable information from the general public who interact with our website or communicate with Nemati Psychology, even if they do not become clients. This includes website traffic data (such as IP addresses and browser types) used strictly for security and performance purposes.

Collection of Information About Staff, Students, and Contractors

Personal information is also collected about administrative staff, clinicians, contractors, or students. This is necessary for professional supervision, hiring, administrative functions, and compliance with regulatory and privacy standards.

Types of Personal Information We Collect

We collect your contact details, emergency contacts, health history, presenting concerns, clinician preferences, insurance information, session records, communications with the clinic or your clinician, clinical notes, assessment results, psychometric data, and any other relevant information to support your care.

How We Collect Your Information

We collect personal health information directly from you or, where appropriate, from authorized third parties with your consent. This may include:
- Secure online intake forms submitted via encrypted Hushmail or Jane App
- Clinical interviews, assessments, and therapy sessions
- Secure communications such as encrypted emails and telephone conversations
- Information from healthcare providers or insurers with your consent
- Emergency contacts provided by you

How Your Information is Stored and Protected

Your information is securely stored and protected through:
- Jane App: A PHIPA-compliant, encrypted Canadian-based electronic health record system
- Hushmail: A PHIPA-compliant encrypted email service
- Data Security Measures: Encryption, password protection, two-factor authentication, and secure servers
- Paper Files: Temporary paper files, if any, are scanned into Jane and destroyed securely
- Administrative Safeguards: Staff confidentiality agreements, privacy training, access control, and periodic audits
- Virtual and remote psychological services are provided through secure, encrypted video platforms, including Zoom for Healthcare, Jane App, and Doxy.me. These platforms are selected to meet applicable privacy and security standards for the protection of personal health information.

How We Use Your Information

We use your information to:
- Provide psychotherapy, assessment, and psychological services
- Communicate with you about appointments, clinical care, or updates
- Process payments and insurance claims with your consent
- Maintain accurate clinical records
- Conduct internal quality assurance or peer supervision using de-identified information
- Meet legal, ethical, or regulatory requirements

We do not use your information for marketing, research, or other non-clinical purposes without separate explicit consent.

When Your Information May Be Disclosed

We disclose information without your consent only as legally required, such as when:
- Required to reduce serious risk of harm to you or others
- Reporting suspected child abuse
- Reporting abuse or neglect of a vulnerable adult in a care facility
- Required by a subpoena, warrant, or court order
- Regulatory audit by the College of Psychologists and Behaviour analysts of Ontario
- Required to report sexual abuse by a regulated health professional
- Required to respond to a request under the Missing Persons Act, 2018
- Necessary for billing disclosures to insurers or third-party payers
Whenever possible, you will be informed about disclosures made without consent.

Virtual Services and Cybersecurity Responsibilities

Virtual services are provided through encrypted platforms. Clients are responsible for using secure networks and devices during sessions and communications.

Despite best efforts to secure information, electronic communication always carries inherent risks, and by using virtual services, you acknowledge and accept these risks.

Substitute Decision-Maker Policy

If a client is unable to provide informed consent (e.g., due to incapacity), a legally appointed substitute decision-maker may act on the client's behalf regarding information collection, use, and disclosure.

Survivability of Privacy Obligations

The privacy obligations outlined in this policy continue indefinitely, even after services with Nemati Psychology end or the practice closes.

Your Rights Regarding Your Information

With only a few exceptions, you have the right to:
- Request access to your personal health information
- Request corrections to incomplete or inaccurate information
- Submit a Statement of Disagreement if a correction request is denied
- Withdraw consent for future collection, use, or disclosure, except where required by law
- Request copies of clinical records (nominal administrative fees may apply)

We may ask that your request be submitted in writing. We will make every effort to respond as promptly as possible, typically within 30 days. Access may be denied or limited if disclosure would cause serious harm to you or another person, reveal third-party information, or violate legal standards. If we are unable to grant access to your information, we will provide an explanation to the best of our ability.

If you believe that your record contains an error, you have the right to request a correction. This applies to factual information and does not extend to professional opinions or clinical impressions. We may ask you to provide documentation supporting the correction. Where an error is confirmed, we will make the necessary amendment. Upon your request, and where reasonably practical, we will also notify any third parties who received the incorrect information (unless doing so would have no meaningful impact on ongoing healthcare provision). If we do not agree that a correction is warranted, you may submit a brief written statement of disagreement, which will be added to your file.

Retention and Destruction of Information

Records are retained for at least 10 years following the last clinical contact or 10 years after a minor turns 18, whichever is longer. After the retention period, records are securely destroyed.

Website Privacy and Cookie Policy

When visiting www.nematipsychology.com:
- Non-identifiable information (e.g., IP address, browser type) may be collected automatically for security and performance purposes
- Cookies may be used strictly for site navigation and function; we do not use tracking or marketing cookies
- Visitor data is never sold, rented, or disclosed to third parties
- Submitting a contact form does not create a client-therapist relationship

Privacy Breach Protocol

In the event of a privacy breach:
- Immediate steps will be taken to investigate, contain, and remediate
- Affected individuals will be notified
- The breach will be reported to the Information and Privacy Commissioner of Ontario as required

Third-Party Service Providers

Third-party service providers (e.g., Jane App, Hushmail, IT providers, accountants) are contractually obligated to maintain confidentiality and access only necessary information.

Changes to This Privacy Policy

Nemati Psychology may update this Privacy Policy from time to time to reflect changes in legal requirements, clinical practices, technologies, or administrative processes.

We encourage you to periodically review this Privacy Policy to remain informed about how we protect your personal information.

Contact Information

If you have any questions, concerns, or requests related to your information, please contact Dr. Maryam Nemati, who is the designated Health Information Custodian (HIC) for Nemati Psychology:

Email: maryam@nematipsychology.com
Phone: (437) 747-7311

If you have any concerns about the privacy practices outlined in this policy, or for any questions, you also have the right to contact:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400, Toronto, Ontario, M4W 1A8
Phone: (416) 326-3333 or 1-800-387-0073
www.ipc.on.ca

You have the right to contact the College of Psychologists and Behaviour Analysts of Ontario if you have concerns about the professional conduct, ethical behaviour, or competence of a psychologist or psychological associate. The College is the regulatory body responsible for protecting the public by ensuring that psychologists practice safely, competently, and ethically.

The College of Psychologists and Behaviour Analysts of Ontario
110 Eglinton Avenue West, Suite 500
Toronto, ON. M4R 1A3
Phone: (416) 961-8817 | Fax (416) 961-2635
https://cpbao.ca