Protection of privacy is a key element in the professional standards adhered to at SIMAC. As such SIMAC has implemented a Privacy Policy that ensures adherence to both PIPEDA (Personal Information Protection and Electronic Documents Act) and PHIPA (Personal Health Information Protection Act) requirements. SIMAC employees are provided with training to ensure they understand the requirements and are fully compliant.
In the course of conducting business, SIMAC is required to collect, retain and disseminate certain personal and medical information about employees, contractors and claimants. The following procedures are used to protect the privacy of all individuals whose personal information has been collected by SIMAC.
Definition of Personal Information:
Personal information is defined as any identifying information about an individual or group of individuals, including name, date of birth, address, phone number, e-mail address, social insurance/security number, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records, loan records, opinions, and personal views.
- Collecting of Personal/Medical Information:
Employees/Contractors – SIMAC will limit the collection of personal and/or medical information from its employees and contractors to:
- Information required for the purposes of compensation, monitoring terms of employment, disbursement of benefits and maintaining an accurate and up-to-date personnel file.
- Information required by federal or provincial laws.
Claimants – SIMAC will limit the collection of personal and/or medical information from claimants to:
- Information provided by the claimant’s insurer and forwarded to SIMAC with the express consent of the claimant with respect to conducting an independent medical assessment.
- Information pertinent to the assessment process that is provided to an assessor by a claimant, or deduced by an assessor during an assessment.
- Informed Consent:
SIMAC will obtain informed consent when collecting personal and/or medical information.
Employees are required to sign a consent form on the collection and usage of personal information during the hiring process and are further educated on handling and usage of personal information as they are trained in their roles in the company.Claimants are required to sign an informed consent for the collection of information prior to each assessment.
- Using Personal/Medical Information:
Employees/Contractors – SIMAC will limit the use of confidential and/or medical information from its employees and contractors to:- Purposes required for the compensation, monitoring terms of employment, disbursement of benefits and maintaining an accurate and up-to-date personnel file.
- Other purposes as required by federal or provincial laws.
Claimants – SIMAC and its authorized contractors (assessors) will limit the use of confidential and/or medical information from claimants to:
- Booking appropriate assessments as requested by the claimant’s insurer, employer and or legal representative.
- Arranging collateral services (transportation, interpretation, assistive devices) as required for the purposes of conducting an assessment.
- Completing an independent evaluation of the claimant and writing a report based on the findings of that assessment.
- Providing a report on the findings of an assessment to the claimant’s insurer.
- Consultation with Specialists on the roster to rule out “conflict of interest” prior to assignment.
- Storage of Personal/Medical Information:
All personal/medical information collected from employees and/or contractors is secured in a locked cabinet and is accessible only to the President & CEO, the HR Manager, and the VP of Accounting. Digital information on a personal nature is stored in a secure, password-protected folder on the SIMAC data server and is only accessible to the President & CEO, the HR Manager, and the VP of Accounting.All claimant personal/medical information is stored electronically on SIMAC’s secure data server. Access to the server is limited and password protected. SIMAC also maintains hard copy files on claimants. The information contained in the hard files is limited to the minimum required in order to book the appropriate assessments and follow up on the progress, reports, etc.
- Transfer of Personal/Medical Information:
SIMAC uses secure methods to transfer the personal and/or medical information of its employees, contractors and claimants. The approved methods include:- Secure internet portals such as IME Workflow, SecureDocs and SmartSimple
- Direct fax
- Email with password encryption
- Courier
- Personal delivery
- Retention of Personal/Medical Information:
SIMAC maintains personnel and claimant files for a minimum of 10 years. Data that is stored electronically is automatically retained, as the data server is securely backed-up on a daily basis. The backed up data is stored off-site and is encrypted for increased security.Hard copy personnel and claimant files are archived to an off-site secure storage facility after 10 years from the most recent active date of use.
- Disposal of Personal/Medical Information:
Hard copy personnel and claimant information which is no longer required in hard copy format is placed in a secured receptacle for shredding by a fully-bonded service provider. - Provision of Personal/Medical Information for Collateral Services:
In the course of conducting business, SIMAC is required to provide personal information to third-party vendors of collateral services (i.e. transportation, interpretation, assistive devices). In such cases, the information provided will be restricted to that required to complete the service. SIMAC will only deal with reputable service providers who follow PIPEDA guidelines and take measures to secure and protect the personal information provided in the course of our business. - Communication of SIMAC Information Handling Parties to Third Parties:
SIMAC will provide information to its employees, contractors, customers and their claimants about the policies and practices for the management of personal information. All employees are required to be aware of the policies and be able to explain to a third party:- the reasons we collect information
- how it is used
- how it is protected
- how it is disposed of
- Access to Personal/Confidential Information:
- If requested, SIMAC will inform individuals if it has any personal information about them and explain how it is being/has been used. SIMAC will also provide a list of any persons/organizations with which the personal information has been shared.
- If requested, SIMAC will provide access to the personal information collected on a person.
- If a claimant requests copies of the medical briefs collected by their insurer and/or the medical reports completed by the assessors, they will be referred to their insurer to collect this information. The legal relationship between the insurer and the insured requires that all such information be provided to the insured by the insurer.
- Handling Complaints on Compliance:
Any complaints received by SIMAC with regard to PIPEDA and/or SIMAC’s Information Handling Policy will be dealt with in accordance with the procedures of SIMAC’s Complaint Management Policy.SIMAC employees are prepared to assist any party wishing to file a complaint under either PIPEDA or PHIPA by advising them of the following procedures:
- Any person who has reasonable grounds to believe that another person has contravened or is about to contravene a provision of PIPEDA or PHIPA may make a complaint to the Privacy Commissioner of Canada (PHIPA) or the Information and Privacy Commissioner of Ontario (PIPEDA)
- Such complaints must be made in writing and, depending on which act the complaint pertains to, certain time restrictions may apply.
- The Privacy Commissioner of Canada may be reached at 1-800-282-1376 or www.privcom.gc.ca
- The Information and Privacy Commissioner of Ontario can be reached at 1-800-387-0073 or www.ipc.on.ca