Ashfield Healthcare (“Ashfield”) has long been committed to maintaining the accuracy, confidentiality, security and privacy of customer personal information . As an organization that deals with/has access to confidential health information on a daily basis, we are very conscious of our continued responsibility to respect personal privacy, safeguard confidentiality of health records and implement appropriate security measures. Accordingly, Ashfield complies with all federal and provincial laws respecting privacy and has adopted this Privacy Code based on the principles set out in Schedule 1 of the Personal Information Protection and Electronic Documents Act ( Canada ), to assist you to understand what information we collect and how that information is used .
1. PRINCIPLE 1 – Ashfield IS RESPONSIBLE FOR THE PERSONAL INFORMATION UNDER ITS CONTROL AND HAS DESIGNATED A PRIVACY OFFICER WHO SHALL BE ACCOUNTABLE FOR THE ORGANIZATION'S COMPLIANCE WITH THE FOLLOWING PRINCIPLES
1.1. Accountability rests with the Privacy Officer of Ashfield, even though other individuals with the organization may be responsible for the day-to-day collection and processing of personal information. The Privacy Officer is designated to oversee Ashfield's compliance with its policy. In addition, other individuals may be delegated to act on behalf of the Policy Officer.
1.2. Ashfield is responsible for personal information in its possession or under its control. As such, Ashfield will use appropriate means to ensure that all existing and future contracts ensure a level of privacy protection equal to Ashfield's policies whenever information is being processed by third parties.
1.3. Ashfield has implemented policies and practices to give effect to these principles, including
(a) the implementation of procedures to protect personal information;
(b) the establishment of procedures to quickly receive and respond to complaints and inquiries;
(c) training and communicating to staff about Ashfield's policies and practices; and
2. PRINCIPLE 2 – Ashfield SHALL IDENTIFY THE PURPOSES FOR WHICH PERSONAL INFORMATION IS COLLECTED AT OR BEFORE THE TIME THE INFORMATION IS COLLECTED.
2.1. Ashfield collects information at different times which may be used for a variety of purposes depending on the circumstances. These include:
- Maintaining a record of medical queries, requests for information and complaints;
- Developing, implementing, marketing and managing Ashfield's services;
In the case of Healthcare Professionals:
- Supplying you with clinical evaluation packages and allied information materials on behalf of Ashfield clients;
- Supplying products or services for specific programs on behalf of Ashfield clients;
- Monitoring and reviewing Ashfield's compliance with relevant codes of conduct in its dealings with you.
2.2. If we plan to use personal information we have collected for a purpose not previously identified, we will identify and document this purpose before such use.
2.3. Ashfield will make reasonable efforts to specify the identified purpose, orally or in writing, to the individual from whom the information is collected either at the time of collection or pursuant thereto.
3. PRINCIPLE 3 – THE KNOWLEDGE AND CONSENT OF THE INDIVIDUAL ARE REQUIRED FOR THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION, EXCEPT WHERE INAPPROPRIATE.
3.1. The way in which we seek consent, including whether it is express or implied consent, may vary depending on the sensitivity of the information and the reasonable expectations of the individual. An individual may withdraw consent at any time, subject to legal and contractual restrictions and reasonable notice.
3.2. Ashfield will typically seek consent for the use or disclosure of personal information at the time of collection, but in certain circumstances consent may be sought afterwards.
3.3. Ashfield will only ask individuals to consent to the collection, use or disclosure of personal information as a condition of verifying eligibility of receipt of a service or product we provide or represent, if such use, collection or disclosure is required to fulfill an identified purpose.
3.4. In certain circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge and consent of the individual. These circumstances include: personal information which is subject to solicitor-client privilege or is publicly available as defined by regulation; where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely manner; to investigate a breach of agreement or a contravention of the law; to act in respect of an emergency that threatens the life, health or security of an individual; for debt collection; or to comply with a subpoena, warrant or court order.
4. PRINCIPLE 4 – Ashfield WILL LIMIT THE AMOUNT AND TYPE OF PERSONAL INFORMATION COLLECTED TO THAT WHICH IS NECESSARY FOR THE PURPOSES IDENTIFIED BY Ashfield. WE WILL ONLY COLLECT PERSONAL INFORMATION BY FAIR AND LAWFUL MEANS.
5. PRINCIPLE 5 - Ashfield SHALL NOT USE OR DISCLOSE PERSONAL INFORMATION FOR PURPOSES OTHER THAN THOSE FOR WHICH IT WAS COLLECTED, EXCEPT WITH CONSENT OF THE INDIVIDUAL OR AS REQUIRED BY LAW. PERSONAL INFORMATION SHALL BE RETAINED ONLY AS LONG AS IS NECESSARY FOR THE FULFILMENT OF THOSE PURPOSES.
5.1. Ashfield shall retain personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. In some circumstances where personal information has been utilized to make a decision about an individual, Ashfield shall retain that personal information for a period of time that is reasonably sufficient to allow for access by the individual.
5.2. Personal information that is no longer required to fulfill an identified purpose shall be erased, destroyed or made anonymous.
6. PRINCIPLE 6 – Ashfield WILL USE ITS BEST EFFORTS TO ENSURE THAT PERSONAL INFORMATION IS AS ACCURATE, COMPLETE AND UP-TO-DATE AS IS NECESSARY FOR THE PURPOSES FOR WHICH IT IS TO BE USED.
6.1. Personal information used by Ashfield shall be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about an individual.
6.2. Ashfield shall not routinely update personal information about individuals, but only as and when necessary to fulfill the identified purposes for which the information was collected.
7. PRINCIPLE 7 – Ashfield WILL PROTECT PERSONAL INFORMATION BY SECURITY SAFEGUARDS APPROPRIATE TO THE SENSITIVITY OF THE INFORMATION.
7.1. Ashfield shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Ashfield shall protect personal information regardless of the format in which it was held.
7.2. Nature of the safeguards taken:
(a) physical measures – building security, lock boxes, etc.;
(b) organizational measures – "need to know" basis; and
(c) technological measures – use of encryption and passwords
7.3. Ashfield has made its employees aware of the importance of maintaining the confidentiality of personal information by signing a Confidentiality Document as a precondition of employment.
8. PRINCIPLE 8 – Ashfield WILL MAKE READILY AVAILABLE TO INDIVIDUALS SPECIFIC INFORMATION ABOUT ITS POLICIES AND PRACTICES RELATING TO THE MANAGEMENT OF PERSONAL INFORMATION.
8.1. Ashfield shall make information regarding its policies and practices available in a form that is generally understandable, including:
(a) how to gain access to personal information held by Ashfield;
(b) the type of personal information held by Ashfield, including a general account of its use;
(c) personal information available to related organizations (affiliates); and
(d) How to contact our Privacy Officer:
Attn: Privacy Officer
263 Labrosse Ave
Pointe-Claire QC H9R 1A3
(514) 630-7484, Ext. 231
8.2. Ashfield makes information about its policies and practices relating to personal information available through its web-site http://www.ashfieldhealthcare.com/gb/privacy-policy/ , by e-mail and by regular mail, depending on the circumstances.
9. PRINCIPLE 9 – UPON WRITTEN REQUEST, Ashfield WILL INFORM AN INDIVIDUAL OF THE EXISTENCE, USE AND DISCLOSURE OF HIS OR HER PERSONAL INFORMATION AND WE WILL GIVE THE INDIVIDUAL ACCESS TO THAT INFORMATION. AN INDIVIDUAL CAN CHALLENGE THE ACCURACY AND COMPLETENESS OF THE INFORMATION AND HAVE IT AMENDED AS APPROPRIATE.
9.1. Ashfield will respond to an individual's written request for information within 30 days of receipt of a request properly filed. We require an individual to provide sufficient information to permit us to provide an account of the existence, use and disclosure of personal information. This information shall be provided in an understandable, timely and low-cost manner from the perspective of the individual.
9.2. Should an individual successfully demonstrate any inaccuracy or omission in the records, Ashfield will make the appropriate amendments to the information. When a challenge is not resolved to the satisfaction of the individual, a statement of disagreement shall be attached to the individual's records. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question (if any).
9.3. In certain situations, Ashfield may not be able to provide access to all the personal information it holds about an individual. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege. The reasons for denying access shall be provided by Ashfield upon request.
10. PRINCIPLE 10 – AN INDIVIDUAL CAN ADDRESS A CHALLENGE CONCERNING COMPLIANCE WITH THE ABOVE PRINCIPLES TO THE DESIGNATED PERSON ACCOUNTABLE FOR Ashfield'S COMPLIANCE WITH THE POLICY.
10.1. Ashfield will investigate all complaints. If a complaint is found to be justified, Ashfield will take appropriate measures, including, if necessary, amending its policies and practices.
How to contact the Privacy Officer:
Access requests, inquiries or complaints should be addressed in writing to:
Attn: Privacy Officer
263 Labrosse Ave
Pointe-Claire QC H9R 1A3
Fax: (514) 630-9815