Version 1.0 (January 2026)
Pinwheel Clinic (“Pinwheel,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us by patients, parents, guardians, and families. This Patient Privacy Policy explains how we collect, use, disclose, store, and protect personal information, including personal health information, in accordance with the British Columbia Personal Information Protection Act (PIPA).
This policy applies to all services provided by Pinwheel Clinic, including psychological assessment, psychotherapy, counselling, academic intervention, and related team-based services.
Pinwheel Clinic is responsible for the personal information under its custody or control. We have designated a Privacy Officer who is responsible for: overseeing compliance with PIPA, responding to privacy-related questions or concerns, managing requests for access or correction of personal information, and responding to privacy complaints or breaches.
Privacy Officer contact information:
Dr Melissa Duff, Chief Operating Officer
Pinwheel Clinic
Email: admin@pinwheelclinic.com
Phone: 250-580-0909
“Personal information” means information about an identifiable individual. In a healthcare setting, this includes personal health information, such as name, date of birth, and contact details, medical, psychological, educational, and mental health history, assessment results, clinical notes, reports, and treatment records, billing, payment, and insurance information, and correspondence with or about you.
We collect personal information directly from you or, where appropriate, from a parent, guardian, or legally authorized representative. We may also collect information from other sources with your consent or where permitted or required by law, such as referring physicians or healthcare providers, schools or educational professionals, insurers or benefits administrators, or other service providers involved in your care.
We collect, use, and disclose personal information for purposes related to providing safe, effective, and coordinated care, including delivering psychological, counselling, assessment, and academic intervention services; team-based care involving psychologists, counsellors, psychometrists, physicians, students, and educators; assessment, diagnosis, treatment planning, and recommendations; communication with you, your family, or other authorized parties; billing, payment processing, and insurance claims (where authorized); quality assurance, training, supervision, and service improvement (using de-identified or aggregated information where possible); meeting legal, regulatory, and professional obligations.
Implied Consent
In most cases, we rely on implied consent to collect, use, and disclose personal health information for purposes directly related to providing care. Implied consent is based on your voluntary participation in services after being informed of our privacy practices.
Express Consent
We will seek express (written or verbal) consent when required, including for disclosures outside the usual “circle of care”, release of information to third parties such as insurers, schools, or legal representatives, use of email, text, or other electronic communication where risks have been explained, and any secondary use not directly related to care.
You may withdraw or limit your consent at any time by notifying us in writing, subject to legal or professional obligations.
When services involve children or youth, we collect and manage personal information in accordance with PIPA and applicable professional standards. Depending on the circumstances, consent and access rights may involve parents or legal guardians, youth who are capable of making their own healthcare decisions, or shared decision-making arrangements.
We aim to balance parental involvement with the privacy and best interests of the child or youth.
Pinwheel Clinic provides care through a team-based model. This means your personal information may be accessed by members of your care team, including supervised students or trainees, strictly on a need-to-know basis. Students and trainees are required to follow the same confidentiality and privacy standards as regulated professionals.
We use secure electronic systems to manage records, scheduling, billing, and communication. These systems may include cloud-based services and may be operated by third-party providers. Reasonable safeguards are in place to protect your information.
In some cases, personal information may be stored or processed outside of Canada. While we take steps to protect your information, no electronic system is entirely risk-free.
We protect personal information using safeguards appropriate to its sensitivity, including:
Physical safeguards: locked filing cabinets, secure offices
Administrative safeguards: role-based access, staff training, confidentiality agreement
Technical safeguards: passwords, encryption, secure systems, and audit controls
We take reasonable steps to ensure that personal information is accurate, complete, and up to date. You may request correction of your personal information if you believe it is inaccurate or incomplete.