Privacy Policy

Table of Contents

    Virani NP Services Inc.

    Last updated: April 28, 2026

    Virani NP Services Inc. (“VNPS,” “we,” “us,” or “our”) is committed to protecting the privacy, confidentiality, and security of personal information and personal health information. VNPS provides virtual psychiatric and mental-health services, including assessment, diagnosis, treatment planning, prescribing, psychotherapy-related services where applicable, care coordination, and administrative support.

    VNPS handles personal health information in accordance with Ontario’s Personal Health Information Protection Act, 2004 (PHIPA), applicable privacy laws, and professional standards for regulated health professionals.

    Information We Collect

    We collect only the information reasonably necessary to provide care, operate the clinic, meet legal obligations, and support patient safety. This may include:

    Patient identity and contact information; date of birth; health card or insurance information where applicable; clinical history; psychiatric, medical, medication, substance-use, family, and social history; assessment forms; diagnoses; treatment plans; prescriptions; lab results; diagnostic reports; consultation notes; emergency contact information; payment information; referral information; and communications with VNPS.

    Where clinically appropriate and authorized, VNPS may also collect or view information from other health-care sources, including hospitals, laboratories, pharmacies, community providers, referral sources, and provincial electronic health record systems.

    How We Use Information

    VNPS uses personal health information to:

    Provide psychiatric and mental-health assessment and treatment; confirm identity and eligibility for services; manage appointments and communications; prescribe and monitor medications; review labs, medication history, clinical reports, hospital records, discharge summaries, ED visits, and other relevant records; coordinate care with other providers; issue referrals, forms, notes, and requisitions; process payment, billing, and receipts; improve clinic operations; maintain records; comply with legal, regulatory, and professional obligations; and respond to safety concerns, complaints, audits, or investigations.

    ConnectingOntario / Provincial EHR Access

    Where VNPS is authorized to access ConnectingOntario or other provincial electronic health record systems, access is limited to permitted clinical and operational purposes related to patient care. VNPS clinicians or authorized staff may review relevant information such as lab results, diagnostic imaging reports, prescribed medications, hospital records, emergency department visits, discharge summaries, consultation reports, and community-care documentation.

    EHR access is restricted to authorized users, limited to the minimum necessary information, and subject to audit and monitoring. Patients may contact Ontario Health regarding consent directives or restrictions on access to provincial EHR records. Ontario Health describes consent directives as a way for patients to block or unblock access to EHR records.  

    Disclosure of Information

    VNPS may disclose personal health information only as permitted or required by law, including:

    To other health-care providers involved in care; to pharmacies, laboratories, hospitals, specialists, primary-care providers, insurers, or benefit administrators where needed; with patient consent; to emergency contacts or emergency services where there is a serious safety concern; to regulators or legal authorities where required; to service providers that support clinic operations under confidentiality and security obligations; or where otherwise permitted or required by PHIPA or another law.

    VNPS does not sell personal health information.

    Consent and Confidentiality

    VNPS relies on patient consent to collect, use, and disclose personal health information. In many care-related circumstances, consent may be implied within the patient’s circle of care. Express consent is obtained where required by law, clinic policy, or the nature of the disclosure.

    Patients may withdraw or limit consent, subject to legal limits. Withdrawal is not retroactive and may affect VNPS’s ability to provide safe or complete care.

    Confidentiality may be limited where disclosure is required or permitted by law, including serious risk of harm, medical emergency, mandatory reporting obligations, court order, regulatory investigation, or other legal requirement.

    Virtual Care and Electronic Communication

    VNPS provides care through virtual platforms, secure electronic records, telephone, video, forms, email, SMS, e-fax, and patient portal tools. VNPS uses reasonable safeguards to protect information, but electronic communication carries inherent risks, including misdirected messages, unauthorized access, technical failure, or interception.

    Patients should use a private location, secure devices, strong passwords, and avoid sharing portal credentials.

    Technology, Service Providers, and Automation

    VNPS may use third-party service providers for electronic medical records, scheduling, secure forms, patient communication, e-fax, payment processing, accounting, IT/security, analytics, and other clinic operations. These providers may access information only as needed to provide their services and are expected to use appropriate confidentiality and security safeguards.

    Some providers may process or store information outside Canada. If so, information may be subject to the laws of that jurisdiction.

    Where VNPS uses administrative automation or AI-enabled tools, VNPS applies privacy safeguards and does not knowingly use identifiable personal health information to train public AI models.

    Safeguards

    VNPS uses administrative, technical, and physical safeguards appropriate to the sensitivity of health information. These include role-based access, unique user credentials, secure electronic records, privacy training, confidentiality obligations, access controls, audit logs where available, secure disposal, and breach-response procedures.

    PHIPA requires health information custodians to take reasonable steps to protect personal health information against theft, loss, unauthorized use, disclosure, copying, modification, or disposal.  

    Retention and Secure Disposal

    VNPS retains clinical records for at least the period required by law and professional standards. As a general rule, health records are retained for a minimum of 10 years after the last patient encounter, or for minors, at least 10 years after the patient turns 18, unless a longer period is required for legal, regulatory, clinical, audit, or risk-management reasons.

    When records are no longer required, VNPS securely destroys or de-identifies them.

    Access and Correction

    Patients may request access to their personal health information or request correction of incomplete or inaccurate information, subject to limited legal exceptions. Requests should be made to VNPS in writing. VNPS may need to verify identity before responding.

    Patients may access available records through the patient portal where applicable. Formal access or correction requests can be directed to the Privacy Officer.

    Privacy Breaches

    If personal health information is lost, stolen, accessed, used, or disclosed without authorization, VNPS will take steps to contain, investigate, remediate, and notify affected individuals and regulators where required by law. PHIPA requires notification to affected individuals at the first reasonable opportunity in the event of theft, loss, unauthorized use, or unauthorized disclosure, and certain breaches must be reported to the IPC.  

    Website, Cookies, and External Links

    VNPS may use cookies or similar technologies to operate and improve its website, understand website traffic, and support online booking or patient communication. Website analytics should not be used to submit sensitive clinical information unless the form or portal is specifically intended for secure clinical use.

    VNPS’s website may link to third-party websites. VNPS is not responsible for the privacy practices of external websites.

    Privacy Officer and Questions

    For privacy questions, access/correction requests, complaints, or concerns, please contact:

    Privacy Officer
    Virani NP Services Inc.
    Email: jamal@vnps.ca
    Alternative email: info@vnps.ca
    Phone: 1-844-888-8894
    Fax: 844-444-0281
    Mail: 225-700 East Beaver Creek Rd., Richmond Hill, ON, L4B 3P4

    Complaints

    Patients may contact VNPS’s Privacy Officer with any privacy concern. VNPS will review and respond to privacy complaints in a timely manner.

    Patients also have the right to complain to the Information and Privacy Commissioner of Ontario (IPC).

    Information and Privacy Commissioner of Ontario
    2 Bloor Street East, Suite 1400
    Toronto, ON M4W 1A8
    Phone: 416-326-3333
    Toll-free: 1-800-387-0073
    Email: info@ipc.on.ca