PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE
Please refer to Appendix A for a glossary of defined terms.
The Personal Information Protection and Electronic Documents Act (PIPEDA) came into effect in 2001, and governs the collection, use, and disclosure of Personal Information, including Personal Health Information within Prince Edward Island’s private sector, including dental practices. In addition, Canada’s anti-spam legislation (CASL) came into effect on July 1, 2014. Canada’s anti-spam legislation regulates how businesses and individuals communicate electronically.
This Office collects Personal Information about our patients directly from the patient or from the person acting on their behalf. Occasionally, we collect Personal Information about a patient from other sources if we have obtained the patient’s consent to do so or if the law permits.
Privacy of Personal Information is an important principle in the provision of quality dental care to our patients. We understand the importance of protecting your Personal Information. We are committed to collecting, using and disclosing your Personal Information responsibly and in accordance with the law. We also try to be as open and transparent as possible about the way we handle your Personal Information.
This Office has developed this Privacy and Anti-Spam Code (this “Code”) to provide a general description of our information and communication practices, how to obtain access to your Personal Information, how to amend incorrect information, and how to make a complaint to our Office or the Privacy Commissioner of Canada.
We have tried to make our Code as easy to understand as possible. This Code is organized to follow PIPEDA’s ten interrelated principles that are the foundation of PIPEDA. As the rules governing the collection, use, and disclosure of Personal Information may change, our practices will evolve and adapt in response to such changes and this Code may be amended from time to time as a result thereof.
We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.
Affiliate – means Dentalcorp Health Services ULC and/or an affiliate or agent thereof, which provides institutional health care services, including dental laboratory, radiological and other diagnostic services, and the operation of dental operatories and dental equipment.
Collection – The act of gathering, acquiring, receiving, gaining access to or obtaining Personal Information from any source, including third party sources, by any means.
College – Dental Council of Prince Edward Island.
Commercial Electronic Message or CEM – is a message sent directly to an electronic address (such as an email address, a phone number, an instant messaging account, or social media account) with the purpose, or one of its purposes, of encouraging participation in a commercial activity.
Commissioner – The Privacy Commissioner of Canada.
Consent – A voluntary agreement with what is being done or is being proposed to be done. Consent can either be express or implied. Express consent may be given explicitly, either orally or in writing.
Custodians – Means a person or organization that has custody or control of Personal Health Information
Disclosure – Making Personal Information available or releasing it to other persons or bodies.
Member – A member of the College and includes a health professional corporation licensed to practice dentistry in Prince Edward Island.
Office – The dental office, operated by Dr. Podolsky (PEI) Professional Corporation which provides professional dental services comprising of diagnosis, the interpretation of x-ray radiographs produced by our Affiliate, treatment planning and intra-oral professional services at 645 Water Street East, Summerside, PE C1N 4H9.
Patient – An individual about whom our Office collects Personal Health Information in order to carry out prognosis, diagnosis, and treatment, including controlled acts.
Personal Health Information – means with respect to an individual, whether living or deceased, information concerning the physical or mental health of the individual, information concerning any health services provided to the individual, information concerning the donation by the individual of any body part or any bodily substance of the individual or information derived from the testing or examination of a body part or bodily substance of the individual, information that is collected in the course of providing health services to the individual, or information that is collected incidentally to the provision of health services to the individual.
Personal Information – Identifying information about an individual, and includes Personal Health Information. Personal Information excludes an individual’s business contact information where the collection, use or disclosure of is for the purposes of communicating or facilitating communication with the individual in relation to their employment, business or profession.
Privacy Laws – All applicable laws governing the collection, use, storage or disclosure of Personal Information, including: the Dental Profession Act, By-laws of the College, the Personal Information Protection and Electronic Documents Act (PIPEDA), An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (CASL), and regulations made under these Acts.
Privacy Officer – means the contact person designated in this Privacy and Anti-Spam Code as the agent of our Office, authorized on our behalf to, among other things, facilitate our compliance with Privacy Laws.
Service Providers – means dentists and dental professional corporations providing professional services at the Office in conjunction with Dr. Podolsky (PEI) Professional Corporation and our Affiliate.
ANTI-SPAM POLICY OVERVIEW
When we communicate with you, we may communicate via electronic means, such as e-mail. We strive to ensure that our Commercial Electronic Messages (“CEMs”) are sent with consent, identifying information and unsubscribe mechanisms. We require all CEMs from our Office to be in compliance with Privacy Laws. If and when we communicate with you using CEMs, you can opt out of receiving such messages by following the “Unsubscribe” link included at the bottom of such messages or by contacting Leah Ann Moyer. Any questions or concerns with respect to CEMs from our Office may be addressed to Leah Ann Moyer. In the event that our Office inadvertently sends out a CEM without consent, we commit to investigating every such instance and assisting the employee(s) or manager(s) involved with renewing their understanding and awareness of our compliance responsibilities.
Principle 1: Accountability
Accountability for this Office’s compliance with Privacy Laws rests with the designated Privacy Officer even though others in the Office may be responsible for the day-to-day collection and processing of Personal Information.
Our staff are briefed on the importance of privacy and receive training on the handling of Personal Information.
Our Office is comprised of many persons working together to ensure that our patients receive proper care; some of these persons are Custodians whereas some are not. We take this opportunity to describe the structure of our Office so that you understand who may be handling your Personal Information and in what manner.
At our Office, professional dental services are performed by Service Providers. All dentists performing professional services at the Office are Members of the College. All dentists performing services at the Office are considered Custodians. All institutional health care services performed in the Office are provided by our Affiliate. The individuals providing the services for Our Affiliate may be Custodians whereas Our Affiliate may not be. We have appointed our Affiliate as our designated individual who is accountable for our Office’s compliance with PIPEDA pursuant to Clause 4.1 of Schedule 1 of PIPEDA. To facilitate the ability of our Affiliate to carry out its responsibilities to us, your Personal Information may be disclosed to, used by, and collected by our Affiliate. All actions by our Affiliate in respect of your Personal Information shall be in compliance with this Code and Privacy Laws.
Your Personal Information may also be disclosed to, used by or collected by the following independent third parties for the purposes as described below:
· our third party contractors (who may be located outside Canada) for purposes related to supporting our Office’s business (e.g., call centre activities, technical solutions and support), in which case we will require such third parties to agree to treat your Personal Information in accordance with this Code;
· third parties in connection with a sale, assignment, merger, amalgamation, plan of arrangement or other transfer of the business of our Office or Affiliate, (including but not limited to all pre-sale, assignment, merger, amalgamation, plan of arrangement or transfer activities and all transaction negotiations and due diligence activities) to which the information relates, in which case we will require any such buyer, assignee, successor party, transferee or other party related to the transaction to agree to treat the information in accordance with this Code; and
· any governmental, administrative, judicial or regulatory authority for the purpose of co-operating in proceedings, inquiries and investigations requested by such authorities or to comply with any legal or regulatory requirements or to protect our rights, property or interests, including to enforce this Code.
In addition, aggregated and anonymized information, which does not allow you to be personally identified to third parties, may be disclosed to, used by or collected by third parties.
By providing your Personal Information to this Office or by using our services, you are consenting to its use by us, the third parties listed above, the Service Providers and our Affiliate, as set out in this Code. We have permitted our Affiliate to collect, use, disclose, retain, or dispose of our patients’ Personal Information which we ourselves may collect, use, disclose, retain, or dispose of, provided that its actions are not contrary to the limits imposed by Privacy Laws or such other applicable law. We have informed our Affiliate of its duties under Privacy Laws or other applicable law.
This Office is responsible for information in our possession or custody, including information that has been transferred to a third party for processing. We will use contractual or other means to provide a comparable level of protection while the information is being accessed and/or processed by that third party.
Our Office will implement policies and practices to give effect to the principles regarding the collection, use and disclosure of Personal Information, including:
· implementing policies to protect Personal Information;
· establishing procedures to receive and respond to complaints and inquiries regarding Personal Information;
· training staff about this Code and our practices; and
· developing information to explain this Code and privacy procedures.
Principle 2: Identifying Purposes for Collecting Information
The purposes for which Personal Information is collected in this Office will be identified before or at the time the information is collected.
This Office collects Personal Information that is reasonably appropriate in the circumstances in order to fulfill the purposes disclosed by our Office and those that are otherwise permitted under applicable laws, including for the following purposes:
· to deliver safe and efficient patient care;
· to identify and to ensure continuous high quality service;
· to assess your health needs;
· to provide health care;
· to advise you of treatment options;
· to enable us to contact you to offer and provide treatment, care and services in relationship to the oral and maxillofacial complex and dental care generally;
· to communicate with other treating health care providers, including specialists and general dentists who are the referring dentists and/or peripheral dentists;
· to allow us to maintain communication and contact with you to distribute health care information and to book and confirm appointments;
· to allow us to efficiently follow-up for treatment, care and billing;
· for teaching and demonstrating purposes on an anonymous basis;
· to complete and submit dental claims for third party adjudication and payment;
· to comply with legal and regulatory requirements, including the delivery of patients’ charts and records to the College in a timely fashion, if required;
· to comply with agreements/undertakings entered into voluntarily by a Member with the College, including the delivery and/or review of patients’ charts and records to the College in a timely fashion for regulatory and monitoring purposes;
· to conduct investigations, discipline proceedings, practice reviews or inspections relating to the members of a health profession or health discipline;
· to contact you regarding surveys relating to our business and services;
· to permit potential purchasers, practice brokers or advisors to evaluate the dental practice;
· to allow potential purchasers, practice brokers or advisors to conduct an audit in preparation for a practice sale;
· to deliver your charts and records to the dentist’s insurance carrier to enable the insurance company to assess liability and quantify damages, if any;
· to invoice for goods and services;
· to process credit card payments;
· to collect unpaid accounts;
· to assist this Office to comply with all regulatory requirements; or
· to comply generally with the law for internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation, reporting, obtaining or processing payment for health services and human resource management.
This Office will identify the purposes for which Personal Health Information is collected, at or before the time of collection. We will only collect that information necessary for the identified purposes. When Personal Information has been collected and is to be used or disclosed for a purpose not previously identified, the new purpose will be identified prior to its use or disclosure. Your consent is required before the information can be used or disclosed for any such new purpose.
Our Privacy Officer will be able to explain to you the purpose for which the information is being collected.
When you sign the Patient Consent Form, you will be deemed to understand and accept this Office’s collection, use and disclosure of your information for the specified purposes, in each case subject to this Code and Privacy Laws.
Principle 3: Consent
This Office requires either express consent or implied consent from our patients before we may collect, use, or disclose Personal Information. When we collect, use, and disclose your Personal Information for health care purposes, Privacy Laws generally permits us to rely upon your implied consent. However, if the purpose is something other than health care, we may be required to obtain your express consent. Privacy Laws also provides instances where we may collect, use, or disclose your Personal Information without consent.
Implied consent enables us to conclude from surrounding circumstances that a patient would reasonably agree to the collection, use, or disclosure of Personal Information. We may rely upon your implied consent if we are collecting your Personal Health Information to provide health care.
Express consent is generally required when the information is considered sensitive.
In order for the principles of consent to be satisfied, our Office has undertaken reasonable efforts to ensure that you are advised of the purposes for which information is being used, and that you understand those purposes. Once consent is obtained, we do not need to seek your consent again, unless the use, purpose or disclosure changes.
Existing protocols for electronic submissions of dental claims may require a signature on file. Specific consent may be required for additional requests from insurers. This shall be collected at the time, or in conjunction with, predeterminations for extensive services, provided the scope of information released is disclosed. If there is any doubt, information shall be released directly to you for review and submission.
Consent for the collection, use and disclosure of Personal Information may be given in a number of ways, such as:
· signed medical history form;
· signed introductory questionnaire;
· taken verbally over the telephone and then charted;
· e-mail; or
· written correspondence.
Seeking consent may be impossible or inappropriate when the individual is a minor.
You may withdraw consent upon reasonable notice to our Office.
Principle 4: Limiting Collection of Personal Health Information
The collection of Personal Information by our Office shall be limited to that which is necessary for the purposes identified in this Code.
Principle 5: Limiting Use, Disclosure and Retention
Personal Information shall not be used or disclosed for purposes other than those for which the information is collected, except with your express Consent, or as required or permitted by law.
Our Office may disclose certain Personal Information in accordance with Privacy Laws.
This Office and our Affiliates may perform activities in other provinces and territories and outside of Canada through third party agents. You acknowledge and agree that, as a result, your Personal Information may be transferred to, processed, used, stored or accessed in other provinces and territories and in other countries, and may be subject to the laws of those jurisdictions. For example, Personal Information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries.
We will use contractual or other means to provide a comparable level of protection while the information is being accessed and/or processed by any such third party. However, contractual or other measures we may use to protect your Personal Information are subject to the legal requirements of foreign jurisdictions where your Personal Information may be transferred, processed, used, stored or accessed.
Our Office keeps Personal Information only as long as necessary to satisfy the purposes for which it was collected, however, some Personal Information is kept for a number of years to comply with legal requirements. Our Office has protocols in place for the retention and destruction of Personal Information in accordance with applicable law.
As discussed in this Code, Personal Information may be transferred and stored outside of Canada. We encourage you to contact the Privacy Officer should you require further information.
Principle 6: Accuracy of Personal Health Information
This Office endeavours to ensure that your Personal Information is as accurate, complete, and as up-to-date as necessary for the purposes that it is to be used.
The extent to which your Personal Information shall be accurate, complete and up-to-date will depend upon the use of the information, taking into account the interest of our patients.
Your Personal Information shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inaccurate, incomplete or out-of-date Personal Information is used to make a decision about you as our patient.
If your information changes, or if you believe the information maintained by our Office is inaccurate, we ask that you contact our Privacy Officer to have the information updated or corrected.
Principle 7: Safeguards for Personal Health Information
Our Office staff are aware of the importance of maintaining the security and confidentiality of your Personal Information. Our Office has taken appropriate measures to safeguard your Personal Information from loss and theft, as well as unauthorized access, disclosure, copying, use, modification or tampering.
Your Personal Information is protected, whether recorded on paper or electronically. Care is used in its retention and destruction to prevent unauthorized access at all times while in our care and control.
Safeguards are in place for the proper disposal of records to prevent any reasonably anticipated unauthorized access, use or disclosure of your Personal Information following its disposal.
Principle 8: Openness about Privacy
Our Office will make readily available to you specific information about our Office policies and practices relating to the management of Personal Information.
This information includes:
· the individual at this Office and the Privacy Officer to whom you can direct any questions or complaints regarding your Personal Information;
· a copy of our Patient Consent Form that explains how this Office collects, uses and discloses your Personal Information; and
· this Code.
Principle 9: Patient Access to Personal Information
You have a right of access to your Personal Information, subject to specific and limited exceptions, and a right of correction or accurate amendment of your Personal Information.
Upon written request and with reasonable notice, you shall be informed of the existence, use and disclosure of your Personal Information, and shall be given access to that information, subject to certain legal exceptions. Upon written request and with reasonable notice, our Office will advise you whether or not we hold Personal Information about you.
Upon written request and with reasonable notice, our Office shall provide you with an accounting of how your Personal Information has been used. In providing this information, we will attempt to be as specific as possible.
We will respond to your request within a reasonable period of time, and at minimal or no cost to you. The request for information will be provided or made available in a form that is generally understandable.
Each dentist will comply with the regulations of the College that define patient access to records.
You are free to challenge the accuracy and completeness of the information and seek to have it altered, amended, or changed for accuracy and completeness.
When a challenge is not resolved to your satisfaction, we will record the substance of the unresolved challenge.
When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question. This disclosure may be appropriate where a dentist has been challenged about a change to a service date or services rendered under consideration for insurance benefits.
Principle 10: Challenging Compliance
You shall be able to challenge compliance with these principles with the Office’s Privacy Officer who is accountable within the Office for the compliance with Privacy Laws. Our Office has in place procedures to receive and respond to your complaints or inquiries.
The procedures are easily accessible and simple to use.
Our Office has an obligation to inform our patients who make inquiries about how to access the privacy complaint process in our Office.
The Privacy Officer will investigate each and every complaint made to the Office in writing.
If a complaint is found to be justified, the Privacy Officer will take appropriate measures, including, if necessary, amending any office policies and practices.
Updating this Privacy and Anti-Spam Code
Any changes to our privacy standards and information handling practices will be reflected in this Code in a timely manner. Our Office reserves the right to change, modify, add, or remove portions of this Code at any time.
Please check this page periodically for any modifications. To determine when this Code was last updated, please refer to the modification date at the bottom of this Code. By providing Personal Information to this Office and/or by using our services after changes to this Code have been made, you accept and consent to those changes.
We use Google Analytics’ 3rd-party audience data such as age, gender, and interests to better understanding the behaviour of our customers and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this website or other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.
You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioural Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Network ads’ preferences at http://www.google.com/ads/preferences/.
We use Remarketing to advertise our practice across the Internet.
Remarketing will display ads to you based on what parts of our website you have viewed by placing a cookie on your web browser.
This cookie does not in any way identify you or give access to your computer or mobile device.
The cookie is used to indicate to other websites that “This person visited a particular page, so show them ads relating to that page.”
Remarketing allows us to tailor our marketing to better suit your needs and only display ads that are relevant to you.
If you do not wish to see ads from us, you can opt out in several ways:
3. Opt out information for Facebook ads visit: https://www.facebook.com/help/568137493302217
How to Contact Us
Our Privacy Officer is our Affiliate.
For more information about our privacy protection or communication practices, or to raise a concern you have with our practices, contact our Affiliate at:
181 Bay Street, Suite #2600
Attention: Guy Amini, Chief Legal Counsel
You have the right to complain to the Commissioner if you think we have violated your rights. The Privacy Commissioner of Canada can be reached at:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Last revised: March, 2018