The Labyrinth Alcove Counselling & Psychotherapy

PRIVACY POLICY

Effective Date: March 27, 2026
Last Updated: March 26, 2026

1. IDENTIFICATION OF HEALTH INFORMATION CUSTODIAN

The Labyrinth Alcove Counselling & Psychotherapy (the “Practice”) operates as a sole proprietorship in Ontario, Canada.

Amanda Zoltek, MSW, RSW (OCSWSSW Registration No. 840749) is a Health Information Custodian (“HIC”) as defined under the Personal Health Information Protection Act, 2004 (“PHIPA”). The HIC is responsible for compliance with PHIPA and applicable privacy legislation.

The Practice retains custody and control of all personal health information (“PHI”) collected, created, received, or maintained in the course of providing services.

All employees, contractors, supervisors, consultants, IT providers, and other service providers who may access PHI are considered agents under PHIPA and are contractually and legally bound to confidentiality obligations.

Practice Contact:
Shelburne, Ontario
Phone: (647) 963-6760
Email: hello@thelabyrinthalcove.ca

2. LEGISLATIVE FRAMEWORK

This Privacy Policy is governed by and interpreted in accordance with:

·       Personal Health Information Protection Act, 2004 (PHIPA) – Ontario

·       Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada

·       Health Care Consent Act (HCCA) – Ontario

·       Ontario College of Social Workers and Social Service Workers (OCSWSSW) Standards of Practice and Code of Ethics

Where multiple laws apply, the Practice adheres to the higher or more protective standard.

This policy reflects the ten Fair Information Principles under PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use, safeguards, openness, accuracy, access, and challenging compliance.

Nothing in this Policy limits statutory rights under applicable privacy legislation.

3. DEFINITIONS

·       Personal Health Information (PHI): As defined under PHIPA.

·       Personal Information: As defined under PIPEDA.

·       Agent: A person authorized by the HIC to act on their behalf.

·       Circle of Care: Health care providers directly involved in care where implied consent may apply under PHIPA.

4. AGE, CAPACITY & CONSENT TO TREATMENT

·       Services are provided to individuals aged 16 and older.

·       Capacity to consent is assessed individually under the HCCA.

·       Where a client lacks capacity, a legally authorized substitute decision-maker will provide consent.

·       For capable clients under 18, parental access to records is not automatic and will be assessed according to PHIPA and applicable law.

5. ACCOUNTABILITY & PRIVACY OFFICER

The Practice is responsible for all PHI under its custody or control and:

·       Maintains written privacy policies and procedures.

·       Restricts access to PHI on a role-based, minimum-necessary basis.

·       Requires confidentiality agreements from all agents.

·       Conducts due diligence in selecting service providers.

·       Investigates privacy complaints and suspected breaches.

·       Documents all access requests and disclosures.

Privacy Officer:
Amanda Zoltek, MSW, RSW
hello@thelabyrinthalcove.ca | (647) 963-6760

Agents may access PHI only as necessary to perform their authorized duties and in accordance with section 17 of PHIPA.

6. SUPERVISION, ASSOCIATES & FUTURE GROWTH

The Practice may, now or in the future, engage:

·       Independent contractors

·       Supervisees

·       Clinical associates

·       Administrative support personnel

Key points:

·       Each clinician providing psychotherapy acts as an independent regulated professional and, where applicable, as their own HIC.

·       Supervision or consultation may involve review of PHI for quality of care, minimizing identifying details wherever possible.

·       Supervisors act as authorized agents only for professional oversight and do not establish a therapeutic relationship.

·       Custodianship of PHI remains with the Practice, and safeguards are implemented for all agents.

·       Clients will be informed in writing of their treating clinician and custodianship structure.

7. PURPOSES FOR COLLECTION

PHI and personal information are collected only as necessary to:

·       Provide psychotherapy, counselling, and related services

·       Conduct assessments and develop treatment plans

·       Maintain clinical documentation

·       Communicate with clients

·       Obtain payment and process insurance claims

·       Participate in professional supervision or consultation

·       Comply with legal, regulatory, professional, and insurance obligations

The Practice does not sell, rent, trade, or commercialize personal information.

8. LEGAL AUTHORITY FOR COLLECTION

Information is collected with:

·       Express consent

·       Implied consent (where legally appropriate within the circle of care)

·       Legal authority under PHIPA

·       Mandatory reporting obligations

·       Court order or statutory requirement

Refusal to provide necessary information may limit or prevent safe or effective service.

9. INFORMATION COLLECTED

·       Identifying Information: Name, DOB, address, phone, email

·       Clinical Information: Mental health history, assessments, treatment plans, psychotherapy notes, session documentation, risk assessments

·       Administrative Information: Billing, payment records, insurance, appointment history, consent documentation

·       Website Information: IP address, browser, device type, pages visited, time spent (via Squarespace analytics)

·       Collateral Information: Information from third parties with express consent

Only minimum necessary information is collected.

10. CONSENT

·       Consent is informed, voluntary, ongoing, and documented.

·       Express consent is required for:

o   Disclosure outside the circle of care

o   Communication with insurers

o   Release of records

o   Collection from third parties

o   Electronic transmission of PHI

·       Consent may be withdrawn at any time; withdrawal may limit service provision.

11. LIMITS OF CONFIDENTIALITY

PHI confidentiality is maintained except where disclosure is required or permitted by law, including:

·       Risk of serious bodily harm

·       Child protection reporting

·       Reporting abuse by regulated professionals

·       Professional supervision/consultation (minimized identifiers)

·       Court order or subpoena

·       Regulatory investigation

Receipt of a subpoena does not automatically require full disclosure; legal advice may be sought.

Disclosure will be limited to the minimum necessary information.

12. SAFEGUARDS (FULLY DIGITAL PRACTICE)

·       No paper files are maintained; all records are digital.

·       Records are stored in Jane Software Inc., a secure, encrypted electronic health record system.

·       Safeguards include:

o   Password-protected, encrypted devices

o   Encrypted storage

o   Secure servers and firewalls

o   Role-based access

o   Secure deletion upon retention expiry

·       No method of electronic storage or transmission can be guaranteed 100% secure.

13. ELECTRONIC COMMUNICATION & VIRTUAL SERVICES

·       Virtual services use Jane Software Inc. as an authorized agent.

·       Appointment reminders may be sent via opted-in text or email.

·       Clients acknowledge:

o   Standard email/text is not guaranteed secure

o   Information may be intercepted, hacked, or accessed without authorization

o   Clinical advice and crisis response are not provided via unsecured channels

o   Emergency response capacity is limited in virtual care

By opting into electronic communications, the Client acknowledges and assumes the associated privacy risks.

14. WEBSITE COOKIES & ANALYTICS

·       Website hosted on Squarespace; may collect: IP address, browser, device, pages visited, time on pages.

·       Analytics used only to improve website experience.

·       Data is separate from clinical records.

·       Users may disable cookies, noting some features may be affected.

15. THIRD-PARTY SERVICE PROVIDERS & CROSS-BORDER STORAGE

·       Jane Software Inc. – EHR & virtual services

·       Hover – Domain & email hosting

·       Squarespace – Website hosting & analytics

·       Jane stores PHI and acts as an authorized agent.

·       PHI may be stored outside Canada; foreign laws may apply.

·       Practice remains sole HIC at all times and requires contractual safeguards.

Jane’s Privacy Notice: https://jane.app/legal/privacy-notice

16. RETENTION & DESTRUCTION

Records are retained:

·       A minimum of ten (10) years following the last date of service; or

·       Ten (10) years after a minor reaches age 18.

Records may be retained longer where legally required or where risk management considerations reasonably justify extended retention. Retention periods comply with the record-keeping requirements of the Ontario College of Social Workers and Social Service Workers.

Upon expiry, records are securely destroyed using methods that prevent reconstruction or recovery.

17. ACCURACY, ACCESS & RECORD REQUESTS

·       The Practice takes reasonable steps to maintain accurate, complete, up-to-date records.

·       Clients may request corrections; refusals under PHIPA will include a statement of disagreement.

·       Access requests processed per PHIPA timelines; administrative fees may apply.

18. RECORD REQUESTS, REPORTS, AND COURT INVOLVEMENT

Disbursements including but not limited to preparation of clinical summaries, reports, letters, record copies, subpoena responses, affidavits, case conference participation, and court attendance are professional services separate from psychotherapy sessions.

These services are billed at $180 per hour, billed in 15-minute increments.

Court attendance is subject to a minimum charge of three (3) hours, regardless of actual time spent.

Fees apply to:

·       Record review

·       Preparation time

·       Report writing

·       Consultation

·       Travel time

·       Waiting time

·       Court attendance

Fees are determined based on time required, complexity, urgency, and professional rate in effect at the time of service. Fees are subject to change upon reasonable notice.

The Practice reserves the right to require payment in advance of releasing records or providing court-related services, where permitted by law.

19. PRIVACY BREACHES

In the event of a privacy breach, the Practice will:

·       Contain the breach

·       Assess risk of harm

·       Notify affected individuals where required

·       Notify the Information and Privacy Commissioner of Ontario where required

·       Document remediation steps

20. WEBSITE DISCLAIMER

Information on this website is for general informational purposes only and does not constitute psychotherapy, counselling, or clinical advice.

Viewing this website or contacting the Practice does not establish a therapeutic relationship.

The website is not intended for emergency communication.

21. SOCIAL MEDIA BOUNDARIES

No clinical services are provided via social media.

Comments or interactions on public platforms do not constitute clinical communication.

The Practice does not accept friend or follow requests from Clients on personal accounts.

22. COMPLAINTS

Clients may contact the Privacy Officer directly.

Unresolved complaints may be directed to:

Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
(416) 326-3333
1-800-387-0073

23. GOVERNING LAW

This Privacy Policy is governed exclusively by the laws of the Province of Ontario and applicable federal laws of Canada.

Nothing in this Privacy Policy limits the statutory rights of Clients under applicable privacy legislation.

24. SEVERABILITY

If any provision of this Privacy Policy is found invalid or unenforceable, the remaining provisions shall remain in full force and effect.

25. POLICY UPDATES

The Practice reserves the right to amend this Privacy Policy at any time to reflect legislative, regulatory, technological, or operational changes.

The most current version will be posted on the Practice website.

Continued use of services following publication of an updated policy constitutes acknowledgment of the revised terms.