accessibility ACCESSIBILITY
PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Health Information Act came into effect April 25, 2001, and governs the collection, use, and disclosure of Health Information within Alberta’s health care system and the Personal Information Protection and Electronic Documents Act and Personal Information Protection Act came into effect on January 1, 2004 and governs the collection, use and disclosure of Personal Information other than Health Information. In addition, Canada’s anti-spam legislation came into effect on July 1, 2014. Canada’s anti-spam legislation regulates how businesses and individuals communicate electronically. We collect Personal Information about our patients directly from the patient or from the person acting on their behalf. Occasionally, we collect Personal Information about a patient from other sources if we have obtained the patient’s consent to do so or if the law permits. Privacy of Personal Information is an important principle in the provision of quality care to our patients. We understand the importance of protecting your Personal Information. We are committed to collecting, using and disclosing your Personal Information responsibly and in accordance with the law. We also try to be as open and transparent as possible about the way we handle your Personal Information. This Office has developed this Privacy and Anti-Spam Code (this “Code”) to provide a general description of our information and communication practices, how to obtain access to your Personal Information, how to amend incorrect information, and how to make a complaint to our Office or the Information and Privacy Commissioner. As the rules governing the collection, use, and disclosure of Personal Information may change, our practices will evolve and adapt in response to such changes and this Code may be amended from time to time as a result thereof. We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation. ANTI-SPAM POLICY OVERVIEW When we communicate with you, we may communicate via electronic means, such as Accountability for this Office’s compliance with Privacy Laws rests with our Privacy Officer even though others in the Office may be responsible for the day-to-day collection and processing of Personal Information. Our staff are briefed on the importance of your privacy and receive training on the handling of your Personal Information. Our Office is comprised of many persons working together to ensure that our patients and clients receive proper care. Some of our team members are Health Information Custodians and some are not. We take this opportunity to describe the structure of our Office so that you understand who may be handling your Personal Information and in what manner. At our Office, professional dental or orthodontic services are performed by Service Providers. All professionals performing these services at the Office are Members of the College and are considered Health Information Custodians. All institutional health care services performed at the Office are provided by our Affiliate. The individuals providing the institutional health care services for our Affiliate may be Health Information Custodians whereas our Affiliate may not. We have appointed our Affiliate as our “contact person” pursuant to the Privacy Laws. To facilitate the ability of our Affiliate to carry out its responsibilities to us, your Personal Information may be disclosed to, used by, and collected by our Affiliate. All actions by our Affiliate in respect of your Personal Information shall be in compliance with this Code and Privacy Laws. By providing your Personal Information to this Office, you are consenting to its use by us, the Service Providers and our Affiliate. We have permitted our Affiliate to collect, use, disclose, retain, or dispose of our patients’ Personal Information which we ourselves may collect, use, disclose, retain, or dispose of, provided that its actions are not contrary to the limits imposed by Privacy Laws or such other applicable law. We have informed our Affiliate of its duties under Privacy Laws and other applicable law. This Office is responsible for Personal Information in our possession or custody, including Personal Information that has been transferred to a third party for processing. Our Office will implement policies and practices to give effect to the principles regarding the collection, use and disclosure of Personal Information, including: implementing policies to protect Personal Information; training staff about this Code and our practices; establishing procedures to receive and respond to complaints and inquiries regarding Personal Information; and developing information to explain this Code and privacy procedures. We have also appointed our Affiliate as our Information Manager pursuant to Section 66 of HIA. Our Office has entered into a written agreement with our Affiliate as information manager in accordance with the Legislation for the provision of any or all of the services in Subsection 66(1) under HIA. Our Office will implement policies and practices to facilitate the implementation of HIA and PIPA and its regulations. Identifying Purposes for Collecting Information The purposes for which Personal Information is collected in this Office will be identified before or at the time it is collected. This Office collects Personal Information that is reasonably appropriate in the circumstances in order to fulfill the purposes disclosed by our Office and those that are otherwise permitted under applicable laws, including for the following purposes: to deliver safe and efficient patient care; to identify and to ensure continuous high quality service; to assess your health needs; to advise you of treatment options; to enable us to contact you; to provide health care; to establish and maintain communication with you, including to distribute health care information and to book and confirm appointments; to offer and provide treatment, care and services in relationship to the oral and maxillofacial complex and dental care generally; to communicate with other treating health-care providers, including specialists and general dentists, who are the referring dentists and/or peripheral dentists; for teaching and demonstrating purposes on an anonymous basis; to allow us to efficiently follow-up for treatment, care and billing; to complete and submit dental and health services claims for third party adjudication and payment; to comply with agreements/undertakings entered into voluntarily by this Office or a Service Provider with the College for regulatory and monitoring purposes; to conduct investigations, discipline proceedings, practice reviews or inspections relating to the members of a health profession or health discipline; to permit potential purchasers, practice brokers or advisors to evaluate this Office, including an audit, on a confidential basis; to conduct research or perform data matching or other services to facilitate another person’s research in certain instances outlined in the HIA to deliver your charts and records to insurance carriers to enable them to assess liability and quantify damages; to manage patient and clients’ accounts, including invoicing, processing credit card payments and collecting unpaid accounts; to communicate with insurance companies and to otherwise process requests by you; for internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation, reporting, obtaining or processing payment for health services and human resource management; and to comply generally with Privacy Laws and all other applicable regulatory requirements. When this Office collects Personal Information we will only collect Personal Information necessary for the purpose we identify to you before or at the time of collection. When Personal Information has been collected and is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to its use or disclosure. Your consent will be obtained before the Personal Information will be used or disclosed for any such new purpose. When you sign the Patient Consent Form, you will be deemed to understand and accept this Office’s collection, use and disclosure of your Personal Information for the specified purposes, in each case subject to this Code and Privacy Laws. Consent Unless specifically permitted under the Privacy Laws, Consent is required when we are disclosing your Personal Information to someone other than you. Except as otherwise permitted at law, the Consent to disclose your Personal Information must be either electronic or in writing, and must include: an authorization for the Custodian to disclose the Personal Information specified in the Consent the purpose for which the Personal Information may be disclosed the identity of the person to whom the Personal Information may be disclosed an acknowledgement that the individual providing the Consent has been made aware of the reasons why the Personal Information is needed and the risks and benefits to the individual of consenting or refusing to consent the date the Consent is effective and the date, if any, on which the Consent expires, and a statement that the Consent may be revoked at any time by the individual providing in. A Consent or revocation of a Consent that is in writing must be signed by the person providing the Consent. A Consent or revocation of a Consent that is electronic is valid only if it completed with the requirements set out in the Regulations under the Legislation Limiting Use, Disclosure and Retention Personal Information shall not be used or disclosed for purposes other than those for which the information is collected, except with your Consent, or as required or permitted by law. Our Office may disclose certain Personal Information in accordance with Privacy Laws. This Office and our Affiliates may perform activities outside of Canada through third party agents. You acknowledge and agree that as a result, your Personal Information may be processed, used, stored or accessed in other countries and may be subject to the laws of those countries. For example, Personal Information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries. We will use contractual and/or other means to provide a comparable level of protection over your Personal Information while it is being accessed and/or processed by any such third party. Our Office has protocols in place for the retention of Personal Information. In destroying Personal Information, our Office has developed guidelines to ensure secure destruction in accordance with the College’s Guidelines on Dental Recordkeeping. As discussed in this Code, Personal Information may be transferred and stored outside of Canada. We encourage you to contact the Privacy Officer should you require further information. Accuracy of Personal Information This Office endeavors to ensure that your Personal Information is as accurate, complete, and as up-to-date as necessary for the purposes that it is to be used. The extent to which your Personal Information is accurate, complete and up-to-date will depend upon the use of the Personal Information while at all times, taking into account the interest of our patients. Your Personal Information needs to be sufficiently accurate, complete and up-to-date to minimize the possibility that inaccurate, incomplete or out-of-date Personal Information is used to make a decision about you as our patient. If your Personal Information changes, or if you believe the Personal Information maintained by our Office is inaccurate, we ask that you contact our Office to have the information updated or corrected. Safeguards for Personal Information Our Office staff are aware of the importance of maintaining the confidentiality of your Personal Information and we have taken appropriate measures to safeguard your Personal Information. These safeguards are in place to protect your Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Your Personal Information is protected, whether recorded on paper or electronically, and care is used in its care and destruction of to prevent unauthorized access at all times while in our care and control. Safeguards are in place for the proper disposal of records to prevent any reasonably anticipated unauthorized use or disclosure of your Personal Information or unauthorized access to your Health Information following its disposal. Openness about Privacy Our Office will make readily available to you specific information about our Office policies and practices relating to the management of Personal Information. This information includes: the individuals at this Office and the Privacy Officer to whom you can direct any questions or complaints regarding your Personal Information; a copy of our Patient Consent Form that explains how this Office collects, uses and discloses your Personal Information; and this Code. Patient Access to Personal Information You have a right of access to any record containing Personal Information about you. Upon written request and with reasonable notice, our Office will make every reasonable effort to assist you and to respond to you openly, accurately and completely. In accordance with HIA and other Legislation, our Office may refuse to disclose Personal Information to you in certain instances. Within 30 days of your request for a record containing health information, our Office will make every reasonable effort to advise you whether access to your record or part of it is granted or refused. If access to the record or part of it is granted, our Office will advise you of where, when and how access will be given. If access to the record or part of it is refused, our Office will advise you of the reasons for refusal and the provisions of the Legislation on which the refusal is based and the contact information of an Affiliate who can answer your questions about the refusal. You are free to ask for a review of our decision by the Commissioner. If a request for Personal Information to which the Freedom of Information and Protection of Privacy Act (FIPPA) applies, the part of the request that relates to that information is deemed to be a request under section 7(1) of FIPPA. Challenging Compliance You shall be able to challenge compliance with these principles with the Office’s Privacy Officer who is accountable within the Office for the compliance with HIA and PIA by each our Custodians. Our Office has in place procedures to receive and respond to your complaints or inquiries. The procedures are easily accessible and simple to use. The Privacy Officer in our Office will investigate each and every complaint made to the Office in writing. If a complaint is found to be justified, the Privacy Officer will take appropriate measures, including, if necessary, amending any office policies and practices. Updating this Privacy and Anti-Spam Code Any changes to our privacy standards and information handling practices will be reflected in this Code in a timely manner. Our Office reserves the right to change, modify, add, or remove portions of this Code at any time. Please check this page periodically for any modifications. To determine when this Code was last updated, please refer to the modification date at the bottom of this Code. How to Contact Us Our Privacy Officer is our Affiliate. For more information about our privacy protection or communication practices, or to raise a concern you have with our practices, contact our Affiliate at: 21 St. Clair Avenue East, Suite #1420 Toronto, Ontario M4T 1L9 Attention: Guy Amini, General Counsel In certain instances as outlined under HIA and PIPA you are able to make complaints to the Commissioner, which the Commissioner may investigate and attempt to resolve. The Commissioner can be reached at: Information and Privacy Commissioner/Alberta #410, 9925-109 Street Edmonton, Alberta T5K 2J8 1-888-878-4044 generalinfo@oipc.ab.ca Last revised: October, 2014 APPENDIX –A DEFINITIONS Affiliate – means Dental Corporation of Canada Inc. and/or an affiliate or agent thereof, which provides institutional health care services, including dental laboratory, radiological and other diagnostic services, and the operation of dental operatories and dental equipment Collection – The act of gathering, acquiring or obtaining personal information from any source, including third party sources by any means College – Alberta Dental Association and College Commercial Electronic Message or CEM – is a message sent directly to an electronic address (such as an email address, a phone number, an instant messaging account, or social media account) with the purpose, or one of its purposes, of encouraging participation in a commercial activity. Commissioner – The Information and Privacy Commissioner for the Province of Alberta Consent – A voluntary agreement with what is being done or is being proposed to be done. Consent can either be express or implied. Express consent may be given explicitly, either orally or in writing Custodians – Means a person or organization as listed in HIA that has custody or control of Health Information Disclosure – Making Personal Information available to other health information custodians or other persons Health Information – Identifying information about an individual, that has been written, photographed, recorded or stored in some manner in a record, if the information relates to the physical or mental health of the individual, a health service provided to an individual including information respecting a health care services provider who provides a health care service to that individual, the provisions of health care to the individual, the donation made by the individual of a body part of bodily substance, a drug provided to the individual, a health care aid, device, product, equipment or other item provided to the individual pursuant to a prescription or other authorization or the amount of any benefit paid or payable in respect of a health services provided to the individual. Included in the definition of Health Information is personal information such as demographic information, including the individual’s personal health number, location information, telecommunications information, residency information, health services eligibility information and billing information. Information Manager – means a person or body that processes, stores, retrieves or disposes of Personal Information, in accordance with the regulations, strips, encodes or otherwise transforms Personal Information to create non-identifying health information, or provides information management or information technologies services Member – A member of the College and includes a health profession corporation registered with the College to practice dentistry in Alberta Office – The dental office operated by A. Meikle Professional Corporation which provides professional dental services comprising of diagnosis, the interpretation of x-ray radiographs produced by the Affiliate, treatment planning and intra-oral professional services at Suite 190, 2880 Glenmore Trail SE, Calgary, Alberta T2C 2E7. Patient – An individual about whom our Office collects Personal Information in order to carry out prognosis, diagnosis, and treatment, including controlled acts Personal Directive – means a personal directive made by a person who is at least 18 years of age in writing, dated and signed at the end by the maker in the presence of a witness and by the witness in the presence of the maker Personal Information – Identifying information about an individual, other than business contact information, and includes Health Information Privacy Laws – Health Professions Act, Government Organization Act, Regulations made under these Acts, and By-laws of the College, the Health Information Act (HIA), the Personal Information Protection and Electronic Documents Act, the Personal Information Protection Act (PIPA) and An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (CASL) Privacy Officer – means the contact person designated in this Privacy and Anti-Spam Code as the agent of our Office authorized on our behalf to, among other things, facilitate our compliance with the Privacy Laws Service Providers – means dentists and dental professional corporations providing professional services at the Office in conjunction with A. Meikle Professional Corporation