Privacy Policy – As at January 1, 2015

OverC Personal Health Management is committed to safeguarding the Personal Information entrusted to us by our clients. We manage your Personal Information in accordance with The Health Information Protection Act (HIPA) and other applicable laws. This policy outlines the principles and practices we follow in protecting your Personal Information.

This policy applies to OverC Personal Health Management; OverC will require any person or third party company providing services on OverC’s behalf to comply with this policy. A copy of this policy is provided to any client upon request.

What is personal Information?

Personal Information means information about an identifiable individual. This includes an individual’s name, home address and phone number, age, sex, marital or family status, an identifying number, financial information, etc. For the purposes of this policy, Personal Information includes Personal Heath Information, which is: information with respect to the physical or mental health of an individual or with respect to any health services provided to that individual.  Personal Health Information also includes information collected in the course of providing health services or incidental to the provision of health services, and also includes health registration information.

What Personal Information do we collect?

We collect only the Personal Information needed for the purposes of providing services to our clients, pursuant to the Membership Agreement (“Services”). If collection of Personal Information occurs for any other purposes, we will inform our clients of such purpose at the time of collection, unless information is provided for an obvious purpose (i.e.: provision of credit card information to pay a membership fee or invoice).  We normally collect Personal Information directly from our clients.  In some circumstances, we may collect Personal Information from third parties, including “trustees” who have provided health services to a client, within the contemplation of HIPA, but such collection will occur only with a client’s consent, or as authorized by law. 

Consent

We will obtain a client’s express consent to collect, use or disclose client Personal Information, for the purpose of providing the Services, except in specific circumstances, where collection, use or disclosure without consent is authorized or required by law. Consent will be implied where information is supplied for an obvious purpose.

We may not be able to provide Services to a client who will not consent to the collection, use or disclosure of certain Personal Information that is necessary for us to fully and effectively provide those Services. Where express consent is needed, we will normally ask clients to provide their consent orally (in person or by telephone), or in writing (by signing a consent form).

A client may withdraw consent to the use and disclosure of Personal Information at any time, unless the Personal Information is necessary for us to fulfill our legal obligations. We may be unable to or decline to provide you with Services if we do not have the necessary Personal Information.

We may collect, use or disclose client Personal Information without consent only as authorized by law. For example, consent will not be required when the collection, use or disclosure relates to an emergency that threatens a person’s life, health or safety.

How do we use and disclose Personal Information?

We use and disclose client Personal Information only for the purpose for which the information was collected, except as authorized by law.  If we wish to use or disclose client Personal Information for any new purpose, we will ask for the client’s consent. We may not seek consent if the law allows this (e.g. for the purpose of collecting a debt).

How do we safeguard Personal Information?

We make every reasonable effort to ensure that Personal Information is accurate and complete. We rely on individuals to notify us if there is a change to their Personal Information that may affect their relationship with our organization. If a client is aware of an error in our information about themselves, they should let us know and we will correct it on request wherever possible. In some cases we may ask for a written request for correction.

We will use physical, technical and administrative safeguards in order to protect Personal Information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, unauthorized access, disclosure or modification to Personal Information.

We use appropriate security measures when destroying Personal Information, including shredding paper records and permanently deleting electronic records.

We retain Personal Information only as long as is reasonable to fulfill the purposes for which the information was collected or for legal or business purposes.

Access to records containing Personal Information

Clients have a right to access their own Personal Information in a record that is in the custody or under the control of OverC Personal Health Management, subject to some exceptions. For example, organizations are required under The Personal Information Protection and Electronic Documents Act to refuse to provide access to information that would reveal Personal Information about another individual.

If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide a client with the remainder of the record.

A client may make a request for access to their Personal Information by writing to Perry Kimber, Privacy Officer, OverC Personal Health Management. A client must provide sufficient information in your request to allow us to identify the information they are seeking.

A client may also request information about our use of their Personal Information and any disclosure of that information to persons outside our organization. In addition, a client may request a correction of an error or omission in their Personal Information.

We will respond to a client request within 30 calendar days, unless an extension is required, in which case we will confirm that to the client. We may charge a reasonable fee to provide information, but not to make a correction to information that is inaccurate on our file. We will advise clients of any fees that may apply before beginning to process their request.

Changes

Our Privacy Policy may change from time to time. We will not reduce client rights under this Privacy Policy without their explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for client review.

Questions and complaints

If a client has a question or concern about any collection, use or disclosure of Personal Information by OverC Personal Health Management, or about a request for access to their own Personal Information, they may contact Perry Kimber, Privacy Officer.

 

 

OverC Health Management

100-1202 Emerson Avenue

Saskatoon, SK S7H 2X1
 

Email: admin@overchealth.ca

Website: http://www.overchealth.ca

Phone: 306.934.2535

Fax: 306.934.2517