Bigstone Health Commission is committed to safeguarding the personal information entrusted to us by our clients. This policy outlines the principles and practices we follow in protecting your personal information. We manage your personal information in accordance with Alberta’s Personal Information Protection Act (PIPA), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable laws. In the event of substantial similarity between the two Acts, PIPA will take precedent unless the privacy matter occurs outside of Alberta’s borders or where other exceptions may apply by law.
This policy applies to Bigstone Health Commission, or any individual, when acting or collecting information on our behalf.
A copy of this policy is provided to any client on request.
What is personal information?
Personal information means information about an identifiable individual. This includes an individual’s name, home address and phone number, age, sex, marital or family status, an identifying number, financial information, educational history, etc.
What personal information do we collect?
We collect only the personal information that we need for the purposes of providing services to our clients, including personal information needed to:
• Deliver requested health care and services
• Notify clients of upcoming events of interest
• Meet regulatory requirements
We normally collect client information directly from our clients. We may collect your information from other persons with your consent or as authorized by law.
We inform our clients, before or at the time of collecting personal information, of the purposes for which we are collecting the information.
We ask for consent to collect, use or disclose client personal information, except in specific circumstances where collection, use or disclosure without consent is authorized or required by law. We may assume your consent in cases where you volunteer information for an obvious purpose.
In cases where we collected personal information before January 1, 2004, we assume your consent to our use and, where applicable, disclosure for the purpose for which the information was collected.
We ask for your express consent for some purposes and may not be able to provide certain services if you are unwilling to provide consent to the collection, use or disclosure of certain personal information. Where express consent is needed, we will normally ask clients to provide their consent orally (in person, by telephone), in writing (by signing a consent form, by checking a box on a form, or electronically by clicking a button).
A client may withdraw consent to the use and disclosure of personal information at any time, unless the personal information is necessary for us to fulfil our legal obligations. We will respect your decision, but we may not be able to provide you with certain products and services if we do not have the necessary personal information.
We may collect, use or disclose client personal information without consent only as authorized by law. For example, we may not request consent when the collection, use or disclosure is reasonable for an investigation or legal proceeding, to collect a debt owed to our organization, in an emergency that threatens life, health or safety, or when the personal information is from a public telephone directory.
How do we use and disclose personal information?
We use and disclose client personal information only for the purposes for which the information was collected, except as authorized by law. For example, we may use client contact information to deliver goods. The law also allows us to use that contact information for the purpose of collecting a debt owed to our organization, should that be necessary.
How do we safeguard personal information?
We make every reasonable effort to ensure that client information is accurate and complete. We rely on our clients to notify us if there is a change to their personal information that may affect their relationship with our organization. If you are aware of an error in our information about you, please let us know and we will correct it on request wherever possible.
In some cases we may ask for a written request for correction.
We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.
We retain client personal information only as long as is reasonable to fulfil the purposes for which the information was collected or for legal or business purposes.
Access to records containing personal information
Clients of Bigstone Health Commission have a right of access to their own personal information in a record that is in our custody or under our control, subject to some exceptions. For example, organizations are required under the Personal Information Protection Act to refuse to provide access to information that would reveal personal information about another individual. Organizations are authorized under the Act to refuse access to personal information if disclosure would reveal confidential business information. Access may also be refused if the information is privileged or contained in mediation records.
If we refuse a request in whole or in part, we will provide the reasons for the refusal. In some cases where exceptions to access apply, we may withhold that information and provide you with the remainder of the record.
You may make a request for access to your personal information by writing to Erwin Montemayor or Pieter Nagel to ensure compliance with PIPA. You must provide sufficient information in your request to allow us to identify the information you are seeking.
You may also request information about our use of your personal information and any disclosure of that information to persons outside our organization. For personal information collected before January 2004, if we do not have a record of disclosures, we will provide information about any disclosure of your information that is likely to have occurred.
You may also request a correction of an error or omission in your personal information.
We will respond to your request within 45 calendar days, unless an extension is granted.
In general, the Bigstone Health Commission follows the following 10 principles regarding privacy as outlined by the Government of Canada:
1. Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
2. Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
3. Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8. Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance. http://www.ic.gc.ca/eic/site/ecic-ceac.nsf/eng/gv00466.html#question1
Questions and Complaints
If you have a question or concern about any collection, use or disclosure of personal information by Bigstone Health Commission, or about a request for access to your own personal information, please contact Erwin Montemayor or Pieter Nagel as our designate contact for privacy issues:
Bigstone Health Commission
P.O. Box 1020 Wabasca, AB, T0G 2K0
Phone: 780-891-2000 Toll Free: 1-877-767-7060
If you are not satisfied with the response you receive, you should contact the Information and Privacy Commissioner of Alberta:
Office of the Information and Privacy Commissioner of Alberta
Suite 2460, 801 – 6 Avenue, SW
Calgary, Alberta T2P 3W2
Phone: (403) 297-2728 Toll Free: 1-888-878-4044
Web site: http://servicealberta.ca/pipa/
Please note: This policy was compiled using policy templates and information provided by both the Government of Alberta and the Government of Canada. For more information on PIPA and PIPEDA, please refer to the following government Web sites.
Bigstone Health Commission
Updated: June 27, 2018