top of page

Privacy Policy

Last Updated: June 2026

​

At VMA Psych, we are committed to protecting the privacy, confidentiality, and security of the personal information and personal health information entrusted to us by our clients, website visitors, referral partners, and community members.

 

As a psychological and mental health clinic operating in Ontario, our privacy practices are strictly governed by the Personal Health Information Protection Act, 2004 (PHIPA), applicable federal privacy legislation, and the standards established by our provincial regulatory bodies:

  • The College of Psychologists and Behaviour Analysts of Ontario (CPBAO)

  • The College of Registered Psychotherapists of Ontario (CRPO)

  • The Ontario College of Social Workers and Social Service Workers (OCSWSSW)

​

This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you interact with our clinic, website, and services.

​

1. Information We Collect

​

We collect both Personal Information and Personal Health Information as required to provide our services safely and effectively.

​

Personal Information (Website and Communications)

  • Name, email address, phone number, and other contact details voluntarily provided.

  • Information submitted through contact forms, consultation requests, or newsletter sign-ups.

  • Technical and website usage data (IP address, browser type, pages visited, timestamps).

  • Cookie and analytics data used to improve website performance and user experience.

​

Personal Health Information (Clinical Services)

  • Intake forms and informed consent documents.

  • Medical, psychological, educational, developmental, and family history.

  • Assessment results, psychometric testing data, and clinical progress notes.

  • Billing and private insurance-related information.

​

2. How We Use Your Information

​

Clinical Care

  • Scheduling and delivering counselling, psychotherapy, and psychological services.

  • Conducting diagnostic assessments and generating formal clinical reports.

  • Providing clinical recommendations and multidisciplinary treatment planning.

​

Administrative Operations

  • Processing payments and issuing receipts for private insurance reimbursement.

  • Managing, backing up, and auditing clinical records.

  • Responding to direct inquiries and intake service requests.

​

Communication

  • Automated appointment reminders and confirmations.

  • Clinic operational updates and requested informational resources.

​

Website Improvement

  • Monitoring website performance, security, and stability.

  • Analyzing anonymous, aggregated usage trends to optimize user experience.

​

3. Marketing Communications and CRM Systems

 

VMA Psych may occasionally send communications related to clinic services, mental health resources, newsletters, and events.

​

  • Consent-Based Marketing: Marketing communications are strictly opt-in. You may withdraw your consent or unsubscribe at any time via the link provided in our emails.

  • System Separation (Data Isolation): To ensure maximum compliance with PHIPA, we utilize two entirely separate digital environments:

    • Owl Practice (EMR): This is our secure, PHIPA-compliant Electronic Medical Records platform. All personal health information, clinical notes, and assessment data live exclusively here.

    • HubSpot (CRM): This system is used solely for managing general inquiries, public communications, and client engagement marketing. No Personal Health Information (PHI) or clinical diagnostic data is ever stored within HubSpot.

  • Data Protection: No personal information or personal health information is ever sold, rented, monetized, or shared with external organizations for third-party marketing, advertising, or commercial data development purposes. Access is strictly limited to authorized administrative personnel.

​

4. Confidentiality and Disclosure (The Circle of Care)

​

All personal health information is kept strictly confidential within the VMA Psych multidisciplinary team. We use Ontario’s "Circle of Care" framework, which means your information is shared only internally among the clinicians directly involved in your assessment or treatment planning to ensure coordinated, high-quality care.

 

Information is never disclosed outside the clinic without your express written consent, except where we are legally mandated or permitted to do so under Ontario law.

​

Legal Exceptions to Confidentiality Include:

  • Risk of Harm: If there is a clear and imminent risk of serious bodily harm to the client or an identifiable third party.

  • Child Protection: If there is a reason to suspect that a child under the age of 16 is experiencing, or is at risk of experiencing, abuse or neglect.

  • Elder/Vulnerable Adult Protection: If there is a reason to suspect abuse or neglect of a resident living in an Ontario long-term care home or retirement home.

  • Professional Misconduct: If a client reveals sexual abuse by a regulated health professional in Ontario, we are legally required to report the professional’s name to their respective College (the client’s identity remains protected unless they choose otherwise).

  • Legal Proceedings: If our records are requested via a court order, legal subpoena, or warrant issued by a judge.

​​

5. Data Security and Safeguards

​

We employ industry-standard administrative, technical, and physical safeguards to protect your data against unauthorized access, loss, theft, modification, or disclosure:

  • Use of secure, PHIPA-compliant, end-to-end encrypted EMR infrastructure (Owl Practice) hosted locally within Canada.

  • Role-based access controls ensuring only your direct care team can access your clinical charts.

  • Encrypted digital storage devices and firewall-protected local networks.

  • Physical security measures, including restricted access protocols and locked filing infrastructure at our physical Etobicoke location.

​

6. Record Retention

​

In accordance with Ontario regulations governing psychological and healthcare practices, clinical records are retained for a minimum of 10 years after the date of last contact.

​

For clients who were minors (under the age of 18) at the time of their last clinical contact, records are securely retained for 10 years after the day the client turned, or would have turned, 18 years old. Following this legal retention window, files are securely and permanently destroyed.

​

7. Your Rights

​

Under PHIPA, you hold comprehensive rights regarding your personal health information, including the right to:

  • Request access to view or receive a copy of your clinical records (subject to a reasonable administrative fee for preparation).

  • Request formal corrections to your records if you identify inaccurate or incomplete information.

  • Withdraw or place limits on your consent for the use or disclosure of your information (subject to legal or contractual limitations).

  • Manage your communication preferences or opt out of non-clinical marketing lists at any time.

​

8. Contact Information & Complaints

 

To exercise your rights, update your communication preferences, or ask questions regarding VMA Psych's privacy management, please contact our designated Privacy Officer:

​

VMA Psych Privacy Officer

5409 Eglinton Avenue West, Suite 105

Etobicoke, Ontario

Email: info@vmapsych.com

Phone: (416) 519-9140

​

If your privacy concern is not resolved to your satisfaction by our internal team, you have the right to file a formal complaint with Ontario's provincial oversight body:

​

Information and Privacy Commissioner of Ontario (IPC)

2 Bloor Street East, Suite 1400

Toronto, Ontario, M4W 1A8

Phone: 416-326-3333

Email: info@ipc.on.ca

bottom of page