As part of our Privacy protocols, SIMAC has incorporated the 10 Principles of PIPEDA into our Quality Control Program as follows:
or 905-709-3999). The Privacy Officer is responsible for ensuring that the organization is in continual compliance with all of the 10 principle areas of the Act. The Privacy Officer is also the Health Information Custodian as per PHIPA regulations.
- Identifying purposes - SIMAC openly states the reasons why personal information is being collected and is specific in identifying how this information will be used.
- Consent - Consent of individuals to collect their personal information and to use it for the specific intended purposes is obtained with the Informed Consent Form signed by all claimants prior to each assessment and on a form signed by employees during the hiring process.
- Limiting collection - SIMAC limits the amount and type of information gathered to what is necessary for the identified purposes. Our internal information-handling policies and practices state the type of information we collect and the reason we require it. All employees are required to understand our policies and be able to explain why the information is needed, if asked.
- Limiting use, disclosure, and retention – SIMAC has policies in place regarding the parameters of use for specific groupings of information and clearly identifies the information lifecycle: 1) information - why it is collected 2) how it is used, how it is stored 3) when its usage is defined as finished, and 4) how this information is disposed of or destroyed.
- Accuracy – SIMAC takes the necessary steps to keep personal information as accurate, complete and up to date as necessary, taking into account its use and the interests of the individual.
- Safeguards – SIMAC protects personal information against loss or theft, safeguards the information from unauthorized access, disclosure, copying, use or modification, and has policies and practices to protect personal information regardless of the format in which it is held.
- Openness - SIMAC informs customers and employees that it has policies and practices for the management of personal information and makes these policies and practices understandable and easily available.
- Individual access - When requested, SIMAC will inform individuals if it has any personal information about them and explain how it is or has been used and provide a list of any organizations to which it has been disclosed, as well as give individuals access to their information.
- Challenging compliance – SIMAC has a complaint policy and procedures that are implemented to address any complaints about compliance with PIPEDA or handling of personal information. If a complaint is received, the process is explained to the complainant and the appropriate steps are taken to resolve the situation, according to our policies.
Definition of Personal Information:
Personal information is defined as any identifying information about an individual or group of individuals, including name, date of birth, address, phone number, e-mail address, social insurance/security number, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records, loan records, opinions, and personal views.
Collecting of Personal/Medical Information:
SIMAC will limit the collection of personal and/or medical information to:
- Information required for the purposes of compensation, monitoring terms of employment, disbursement of benefits and maintaining an accurate and up-to-date personnel file.
- Information required by federal or provincial laws.
- Information provided to SIMAC with the express consent of the subject of an assessment with respect to conducting an independent medical assessment.
- Information pertinent to the assessment process that is provided to an assessor by the subject of the assessment, or deduced by an assessor during an assessment.
SIMAC will obtain informed consent when collecting personal and/or medical information.
Using Personal/Medical Information:
SIMAC will limit the use of confidential and/or medical information to:
- Purposes required for the compensation, monitoring terms of employment, disbursement of benefits and maintaining an accurate and up-to-date personnel file.
- Other purposes as required by federal or provincial laws.
- Processing and completing the assessment process.
- Booking appropriate assessments as requested by the claimant’s insurer
- Providing comprehensive assessment reports to the referral party or as required by law.
Storage of Personal/Medical Information:
- All personal/medical information collected is stored securely - either electronically on SIMAC’s secure data server and/or in a locked, restricted access filing system. Access to the server is limited and password protected.
Transfer of Personal/Medical Information:
SIMAC uses secure methods to transfer the personal and/or medical collected in the course of business. The approved methods include:
- Secure internet portals such as IME Workflow, SecureDox and SmartSimple
- Direct fax
- Email with password encryption
- Personal delivery
Retention of Personal/Medical Information:
- SIMAC maintains hard copy personal/medical information for a minimum of 10 years. Data that is stored electronically is automatically retained, as the data server is securely backed-up on a daily basis. The backed-up data is stored off-site and is encrypted for increased security.
Disposal of Personal/Medical Information:
- Hard copy personnel and claimant information that is no longer required in hard copy format is placed in a secured receptacle for shredding by a fully bonded service provider.
Communication of SIMAC Information Handling Policy to Third Parties:
SIMAC will provide information to its employees, contractors, and customers about the policies and practices for the management of personal information. All employees are required to be aware of the policies and be able to explain to a third party:
- the reasons we collect information
- how it is used
- how it is protected
- how it is disposed of
Access to Personal/Confidential Information:
- If requested, SIMAC will inform individuals if it has any personal information about them and explain how it is being/has been used. SIMAC will also identify any persons/organizations with which the personal information has been shared.
- If requested, SIMAC will provide access to the personal information collected on a person.
Handling Complaints on Compliance:
- Any complaints received by SIMAC with regard to PIPEDA and/or SIMAC’s Information Handling Policy will be dealt with in accordance with the procedures of SIMAC’s Complaint Management Policy.
- SIMAC employees are prepared to assist any party wishing to file a complaint under either PIPEDA or PHIPA by advising them of the following procedures:
- Any person who has reasonable grounds to believe that another person has contravened or is about to contravene a provision of PIPEDA or PHIPA may make a complaint to the Privacy Commissioner of Canada (PHIPA) or the Information and Privacy Commissioner of Ontario (PIPEDA)
- Such complaints must be made in writing and, depending on which act the complaint pertains to, certain time restrictions may apply.
- The Privacy Commissioner of Canada may be reached at 1-800-282-1376 or www.privcom.gc.ca. The Information and Privacy Commissioner of Ontario can be reached at 1-800-387-0073 or www.ipc.on.ca