Personal Information includes any information about an identifiable individual. For example, name, age, home address and phone number, social insurance number, marital status, religion, income, credit history, medical information, education, lifestyle information or employment information. Personal information does not include Contact Information (described below) or aggregate information that does not identify a specific individual.
Contact Information means information that would enable an individual to be contacted at a place of business and includes name, position name or title, business telephone number, business address, business email or business fax number.
Clients are organizations which contract with Healthserv for customized and integrated occupational health services.
Employees are individuals employed by Clients and who participate in the occupational health and case management programs facilitated by Healthserv.
3. Legislation & Regulation
Healthserv is committed to collecting, using, disclosing and retaining Personal Information in accordance with all applicable laws, including the British Columbia Personal Information Protection Act, RSBC 2003, c. 63 (“PIPA”). And, where applicable, Healthserv’s Occupational Health Nurses will collect, use or disclose Personal Information in accordance with the Bylaws, Professional Standards and Practice Standards of the College of Registered Nurses, as well as with the Canadian Nurses Association Code of Ethics. And where applicable, Healthserv’s Occupational Health Physicians will collect, use or disclose Personal Information in accordance with the Bylaws, Professionals Standards and Practice Standards of the College of Physicians of British Columbia as well as the Canadian Medical Association.
The Office of the Information and Privacy Commissioner of British Columbia (“OPIC”) is responsible for providing independent oversight and enforcement of British Columbia’s privacy laws, including PIPA. Any individual who is not satisfied with Healthserv’s conduct with respect to Personal Information may file a complaint with OPIC:
Office of the Information and Privacy Commissioner for British Columbia, PO Box 9038 Stn. Prov. Govt. Victoria B.C. V8W 9A4
Healthserv collects uses and discloses Personal Information in order to provide customized and integrated occupational health services to its Clients Employees/members, including:
(a) To verify identity;
(b) To open and manage cases, including to:
(i) review and interpret medical, employment and lifestyle information for the purpose of making recommendations and developing a plan of care;
(ii) inform and refer to medical specialists; functional assessors
(ii) make travel or hotel arrangements for Employees travelling for the purpose of medical or functional evaluations;
(c) To provide medical services or conduct medical examinations, including with respect to Wellness Clinics, Exposure Monitoring and Immunization Programs;
(d) To provide mental health support;
(e) To provide addiction monitoring services;
(f) To perform Job Demands Analysis and Ergonomic Assessments;
(g) To perform Pre-Placement Assessments;
(h) To prepare aggregate or statistical information for Clients;
(i) To facilitate and arrange Independent Medical Evaluations;
(j) To verify creditworthiness;
(k) To identify and understand the needs of our Clients and Client preferences, and to ensure a high standard of service to Clients and their Employees; and
(l) To provide individuals with information regarding services or products which may be of interest to them, subject to applicable laws;
(m) To meet applicable regulatory requirements and to comply with all applicable laws.
Healthserv collects Personal Information including:
(a) Personal history information including date of birth and home address;
(b) Medical history and records including illness, injury, surgical, diagnostic and laboratory reports;
(c) Functional information including activities of daily living, job demands, physical limitations and required accommodations;
(d) Employment records including employment history, job type, performance and discipline records; and
(e) Lifestyle information including diet, weight, alcohol or drug consumption, smoking status and activity levels.
Healthserv discloses Personal Information of Employees to Clients, treating medical practitioners and specialists, third-party service providers and in all cases, disclosure will be limited to the terms upon which consent of the individual was provided subject to those situations where PIPA or other applicable laws provide that consent for disclosure is not required.
Healthserv will never sell an individual’s Personal Information to a third party.
Healthserv will obtain an individual’s consent to collect, use or disclose their Personal Information except where Healthserv is permitted to do so without consent by law or where consent is implied.
Healthserv will obtain express consent either orally, in writing or electronically, as appropriate, depending on the sensitivity of the Personal Information in question. In some cases consent will be implied where the purpose for collecting, using or disclosing the Personal Information is obvious and an individual voluntarily provides their Personal Information to Healthserv for that purpose.
Consent may be withdrawn, in whole, or in part, at any time. However, consent may not be withdrawn if doing so would frustrate a legal obligation. When consent is withdrawn it may frustrate or restrict Healthserv’s ability to provide a particular service or product. In such circumstances, Healthserv will explain the consequences of withdrawal to the individual in order to assist him or her in making a decision.
Healthserv does not require the consent of an individual to collect, use or disclose Personal Information where such collection, use or disclosure without consent is authorized by law, including when:
(a) There is an emergency that threatens an individual’s life, health or personal security;
(b) Where the Personal Information is available from a public source identified in the applicable regulations, such as a telephone directory;
(c) Where a disclosure is to Healthserv’s legal counsel;
(d) Where the collection, use or disclosure is for the purposes of collecting a debt or protecting Healthserv from fraud; or
(e) To investigate the breach of an agreement or contravention of a law.
If Healthserv uses an individual’s Personal Information to make a decision that directly affects that individual, Healthserv will retain his or her Personal Information for at least seven years so that the individual has a reasonable opportunity to request access to it.
Healthserv will otherwise retain Personal Information for as long as necessary to fulfill identified purposes or to fulfill legal or business purposes. Personal Information that is no longer retained will be destroyed in a secure manner, including physically by shredding documents and by deleting digital or electronically stored information.
8. Retaining Personal Information
Healthserv will make reasonable efforts to ensure that Personal Information collected, used, disclosed or retained by Healthserv is accurate and complete.
Individuals may request correction to their Personal Information in order to ensure its accuracy and completeness. A request to correct Personal Information must be made in writing and must provide sufficient detail to identify the Personal Information and the correction being sought.
If the Personal Information in question is inaccurate or incomplete, Healthserv will correct the information as required and will send the corrected information to any organization to which it disclosed the Personal Information in the previous year. If the correction is not made, Healthserv will note the correction request in the file.
9. Ensuring Accuracy of Personal Information
Healthserv implements organizational and technological controls to protect Personal Information in its custody or control, including:
(a) the use of locked filing cabinets; locked server stacks
(b) User IDs, passwords, encryption and firewalls;
(c) restricting employee access on a “need to know” basis;
(d) Physically securing offices where any Personal Information is stored; and
(e) Requiring third party service providers to use security measures at least comparable to those implemented by Healthserv.
Healthserv will continually review and update its security policies and controls as technology changes to ensure ongoing Personal Information security.
10. Securing Personal Information
Individuals have a right to access their Personal Information, subject to come exceptions. For example, an individual may not access their Personal Information where such information is covered by solicitor-client privilege, or where disclosure to the individual would reveal Personal Information about another individual, or would give rise to health or safety concerns.
Requests for access to Personal Information must be made in writing, and must provide sufficient detail to identify the Personal Information being sought. Individuals may also request information regarding how Healthserv has used their Personal Information and to whom their Personal Information has been disclosed.
Healthserv will have thirty (30) days to respond to a request for access to Personal Information, and, if necessary, may require up to a thirty (30) day extension in which case it will advise the applicant in writing. Healthserv may charge a minimal fee for access to Personal Information. In the event a fee is required, applicants will be advised of the fee upfront before the request is processed and will be given an opportunity to abandon all or part of a request.
Healthserv will respond to all access requests in writing. If refused, Healthserv will provide the reasons for the refusal and any recourse available to the Individual with respect to the refusal.
11. Providing Clients, Customers Access to Personal Information
Any individual who is not satisfied with the response of Healthserv’s Privacy Officer may file a complaint with OPIC.
12. Privacy Officer
Revision Date: April 2016