Skip to content

Becoming Yourself Counselling and Consulting

Privacy Policy 

Statement of Private Health Information Practices

Becoming Yourself Counselling and Consulting is committed to protecting the privacy and security of our clients’ Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA), as well as applicable Canadian laws such as the Personal Health Information Protection Act (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA).

What are HIPAA, PIPEDA, and PHIPA?

1. HIPAA (Health Insurance Portability and Accountability Act) is a U.S. law designed to safeguard individuals’ medical information privacy, ensure the security of healthcare data, and promote the continuity of health insurance coverage. While HIPAA is not enforced in Canada, HIPAA-compliant software demonstrates elevated security features, making it useful in the context of telehealth privacy.

2. The Personal Information Protection and Electronic Documents Act (PIPEDA) is a federal privacy law in Canada that governs how private sector organizations, including healthcare providers and mental health professionals, collect, use, and disclose personal information of their patients, clients, or customers.

3. The Personal Health Information Protection Act (PHIPA) is Ontario’s legislation governing the collection, use, and disclosure of personal health information. Clinics in Ontario must follow PHIPA, which is similar to PIPEDA, but specifically focuses on healthcare.

Steps Becoming Yourself Counselling and Consulting Has Taken to Remain PHIPA Compliant:

1. Understanding PHIPA Requirements: Becoming Yourself Counselling and Consulting is well-versed in PHIPA’s provisions regarding the collection, use, and disclosure of personal health information (PHI). We understand our obligations under this legislation.

2. Securing Telehealth Platforms: We use secure telehealth platforms that comply with PHIPA standards, ensuring encryption, access controls, and other security features to protect PHI.

3. Informed Consent: Before engaging in telehealth sessions, we obtain informed consent from clients and explain the potential privacy and security risks associated with telehealth.

4. Protecting PHI: During telehealth sessions, we ensure PHI confidentiality by conducting sessions in private, secure locations and avoiding public Wi-Fi networks or unsecured devices.

5. Secure Communication: We use encrypted email or secure messaging platforms, such as Proton Mail, to communicate PHI. We avoid using regular email or SMS for sensitive information exchange.

6. Policies and Procedures: We implement and maintain policies and procedures aligned with PHIPA for telehealth practices, including protocols for handling PHI, obtaining consent, ensuring security, and managing breaches.

7. Training and Education: Michael Holker ensures that all staff members are educated on PHIPA compliance and best practices for telehealth, ensuring they understand their roles in protecting PHI.

8. Monitoring Compliance: Becoming Yourself Counselling and Consulting regularly audits telehealth practices to ensure compliance with PHIPA and promptly addresses any issues.

9. Staying Informed: We stay updated on PHIPA regulations and best practices in telehealth privacy and security.

10. Seeking Professional Advice: When specific questions arise regarding PHIPA compliance, we consult legal professionals or experts on health privacy laws.

11. Maintaining Up-to-Date Health Records: We diligently maintain accurate and current PHI, ensuring administrative and clinical records are regularly updated.

12. Securing Records: We implement security measures to safeguard PHI from theft, loss, or unauthorized access.

13. Retention and Disposal of Records: Records are retained according to regulatory requirements, ensuring compliance and addressing all related procedural matters.

14. Breach Procedures: In the event of unauthorized disclosure of PHI, we promptly inform the affected individuals and maintain records of the incident.

15. Privacy Contact Person: A designated Privacy Contact Person oversees compliance efforts, facilitates access to records, and responds to privacy-related inquiries and complaints.

16. Public Privacy Practices: We publish our privacy practices, including PHI handling procedures, contact information, and instructions for accessing or correcting records.

17. Agents for PHI Handling: We appoint agents for the secure handling of PHI, following established protocols.

18. Obtaining Consent: We obtain express or implied consent for the collection, use, and disclosure of PHI where appropriate.

19. Access to PHI: We provide prompt access to PHI upon request, ensuring that individuals receive access to their information within 30 days of making a request.

Telepsychology Software Compliance:

Proton Mail: Proton Mail provides secure email communications that comply with Canadian privacy laws, including PHIPA and PIPEDA, by offering encryption and secure data handling.

Jane Clinic Software: Jane Clinic Software is designed to meet HIPAA and PIPEDA standards with encryption, access controls, audit trails, and regular updates for safeguarding PHI. Jane Clinic Software also offers signed Business Associate Agreements for HIPAA compliance.

Both Proton Mail and Jane Clinic Software adhere to strict security protocols to ensure the confidentiality, integrity, and availability of personal health information.

Use of Klarify AI Tool: Privacy and Security Practices

As part of my ongoing efforts to improve the quality and efficiency of care, I use Klarify, a Canadian-based AI-powered platform designed to assist in creating clinical documentation and minimizing administrative work. Klarify helps me reduce the time I spend on note-taking so that I can stay more present in sessions and focus more fully on your needs.

Klarify is used only with client consent, and clients may opt out at any time.

What Klarify Does

Klarify securely processes post-session dictations or, with your consent, session recordings (in-person or virtual). These recordings or dictations are used to generate high-quality clinical notes that support your therapeutic process.

Klarify is designed with privacy-first principles:

  • Recordings are deleted immediately after notes are generated.
  • Recordings are de-identified — they are processed without linking to personal identifiers such as your name, date of birth, or contact information.
  • The clinical notes themselves contain only minimal identifying information necessary for clinical care.

Security and Privacy Protections

Klarify adheres to Canadian privacy laws:

  • PHIPA (Personal Health Information Protection Act)
  • PIPEDA (Personal Information Protection and Electronic Documents Act)

Additional security measures include:

  • Data is stored on Canadian servers.
  • Klarify uses multi-layered encryption that is comparable to that used in government and banking systems.Session data is accessible only to me as your therapist.
  • Klarify does not sell or share your personal health information for any advertising or commercial purposes.

Data Handling

  • Session recordings (if used) are deleted immediately after note generation.
  • Clinical notes are encrypted and stored securely.
  • Access to notes is controlled through secure authentication processes.

Use of De-Identified Data

Klarify may create fully de-identified data (data with all personal identifiers removed) for use in ethical, academic mental health research in collaboration with Canadian universities such as the University of British Columbia or the University of Toronto.

  • De-identified data is never used to train AI models for commercial purposes.
  • It is never used for advertising, sold to third parties, or linked back to individual clients.

The goal of any such use is solely to advance understanding of mental health and improve care practices.

Your Choices and Rights

Participation in the use of Klarify is entirely voluntary.

You may choose one of three options:

1. Full consent — use of session recordings and dictations.

2. Partial consent — use of post-session dictation only.

3. No consent — traditional note-taking methods only.

You may withdraw your consent at any time, without affecting the therapeutic relationship.

Transparency

This information is provided to ensure that your privacy is protected and that you have full control over how your information is used. The full Klarify Terms of Service and Privacy Policy can be reviewed at www.klarify.ca.

Disclaimer:

Becoming Yourself Counselling and Consulting uses Proton Mail for secure communication, Jane Clinic Software for record-keeping, and the Klarify AI tool, all of which are compliant with PHIPA and PIPEDA. However, virtual care does present some privacy risks, and there is a possibility that PHI could be unintentionally disclosed or intercepted. We aim to mitigate these risks, but we ask clients to be aware of the following:

1. Emails, calls, or texts may not have the same level of security as in-person appointments.

2. Use personal, secure devices and private networks for telehealth sessions.

3. Understand that electronic communication is not a substitute for emergency care. Please contact emergency services if required.

For Future Inquiries:

Contact our PHI Compliance Officer: For privacy-related concerns or requests for accessing records, please contact Michael Holker at Info@Becomingyourself.com

Access to Records: To request access or corrections to PHI, submit a written request to Info@Becomingyourself.com

Complaints: Complaints regarding PHI practices can be submitted to our clinic or the Privacy Commissioner in your jurisdiction.

© 2025 All Rights Reserved. Becoming Yourself Counselling and Consulting