Please refer to Appendix A for a glossary of defined terms.
IntroductionThe Health Information Protection Act (HIPA) came into effect on September 1, 2003, and governs the collection, use, and disclosure of Personal Health Information within Saskatchewan’s health care system, and the Personal Information Protection and Electronic Documents Act, which came into effect in 2001, governs Personal Information other than Personal Health Information. In addition, Canada’s anti-spam legislation came into effect on July 1, 2014. Canada’s anti-spam legislation regulates how businesses and individuals communicate electronically. We collect Personal Information about our patients directly from the patient or from the person acting on their behalf. Occasionally, we collect Personal Information about a patient from other sources if we have obtained the patient’s consent to do so or if the law permits. Privacy of Personal Information is an important principle in the provision of quality care to our patients. We understand the importance of protecting your Personal Information. We are committed to collecting, using and disclosing your Personal Information responsibly and in accordance with the law. We also try to be as open and transparent as possible about the way we handle your Personal Information. This Office has developed this Privacy and Anti-Spam Code (this “Code”) to provide a general description of our information and communication practices, how to obtain access to your Personal Information, how to amend incorrect information, and how to make a complaint to our Office or the Information and Privacy Commissioner. As the rules governing the collection, use, and disclosure of Personal Information may change, our practices will evolve and adapt in response to such changes and this Code may be amended from time to time as a result thereof. We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.
Anti-Spam Policy OverviewWhen we communicate with you, we may communicate via electronic means, such as e-mail. We strive to ensure that our communications do not contain any spam. “Spam” refers to any unsolicited Commercial Electronic Messages (or CEMs) that have been sent without consent. In that light, we require all CEMs from our Office to be in compliance with Privacy Laws. If and when we communicate with you using CEMs, you can opt out of receiving such messages by following the “Unsubscribe” link included at the bottom of such messages or by contacting Dr. Lauretta Gray (306) 933-3221. Any questions or concerns with respect to CEMs from our Office may be addressed Dr. Lauretta Gray (306) 933-3221 102 Central Street East, Warman SK, S0K 4S0. In the event that our Office inadvertently sends out a CEM without consent, we commit to investigating every such instance and assisting the employee(s) or managers involved with renewing their understanding and awareness of our compliance responsibilities.
Personal Information Handling Principles
AccountabilityAccountability for this Office’s compliance with Privacy Laws rests with the Health Information Trustee and our Privacy Officer even though others in the Office may be responsible for the day-to-day collection and processing of Personal Information. Our staff are briefed on the importance of your privacy and receive training on the handling of your Personal Information. Our Office is comprised of many persons working together to ensure that our patients and clients receive proper care. We take this opportunity to describe the structure of our Office so that you understand who may be handling your Personal Information and in what manner. At our Office, professional dental or orthodontic services are performed by Service Providers. All professionals performing these services at the Office are Members of the College. All institutional health care services performed at the Office are provided by our Affiliate. We have appointed our Affiliate as our “contact person” pursuant to the Privacy Laws. To facilitate the ability of our Affiliate to carry out its responsibilities to us, your Personal Information may be disclosed to, used by, and collected by our Affiliate. All actions in respect of your Personal Information by persons working together to provide you with care shall be on a need-to-know basis and in compliance with this Code and Privacy Laws. By providing your Personal Information to this Office, you are consenting to its use as contemplated in this Code. This Office is responsible for Personal Information in our possession or custody, including Personal Information that has been transferred to a third party for processing. Our Office will implement policies and practices to give effect to the principles regarding the collection, use and disclosure of Personal Information, including:
- implementing policies to protect Personal Information;
- training staff about this Code and our practices;
- establishing procedures to receive and respond to complaints and inquiries regarding Personal Information; and
- developing information to explain this Code and privacy procedures.
Identifying Purposes for Collecting InformationThe purposes for which Personal Information is collected in this Office will be identified before or at the time it is collected. This Office collects Personal Information that is reasonably appropriate in the circumstance in order to fulfill the purposes disclosed by our Office, as well as otherwise permitted under applicable laws including for the following purposes:
- to deliver safe and efficient patient care;
- to identify and to ensure continuous high quality service;
- to assess your health needs;
- to advise you of treatment options;
- to enable us to contact you;
- to provide health care;
- to establish and maintain communication with you, including to distribute health care information and to book and confirm appointments;
- to offer and provide treatment, care and services in relationship to the oral and maxillofacial complex and dental care generally;
- to communicate with other treating health-care providers, including specialists and general dentists, who are the referring dentists and/or peripheral dentists;
- for teaching and demonstrating purposes on an anonymous basis;
- to allow us to efficiently follow-up for treatment, care and billing;
- to complete and submit dental and health services claims for third party adjudication and payment;
- to comply with legal and regulatory requirements, including the delivery of patients’ charts and records to the College when required by The Dental Disciplines Act (DDA);
- to comply with agreements/undertakings entered into voluntarily by this Office or a Service Provider with the College for regulatory and monitoring purposes;
- to permit potential purchasers, practice brokers or advisors to evaluate this Office, including an audit, on a confidential basis;
- to deliver your charts and records to insurance carriers to enable them to assess liability and quantify damages;
- to prepare materials for the College or any professional conduct or discipline committee as required;
- to manage patient and clients’ accounts, including invoicing, processing credit card payments and collecting unpaid accounts;
- to communicate with insurance companies and to otherwise process requests by you;
- for internal management purposes, including planning, resource allocation, policy development, quality improvement, monitoring, audit, evaluation, reporting, obtaining or processing payment for health services and human resource management; and
- to comply generally with Privacy Laws and all other applicable regulatory requirements.
ConsentOur Office requires either express consent or implied consent from our patients before we may collect, use, or disclose Personal Information. When we collect, use, and disclose your Personal Information for health care purposes, Privacy Laws generally permit us to rely upon your implied consent. However, if the purpose is something other than health care, we may be required to obtain your express consent. The Privacy Laws also provides instances where we may collect, use, or disclose your Personal Information without consent. Implied consent enables us to conclude from surrounding circumstances that a patient would reasonably agree to the collection, use, or disclosure of Personal Information. We may rely upon your implied consent if we are collecting your Personal Information to provide health care. Express consent is required when we are disclosing your Personal Information to someone for a purpose other than providing or assisting in providing health care. In order for the principles of consent to be satisfied, our Office has undertaken reasonable efforts to ensure that you are advised of the purposes for which Personal Information is being used, and that you understand those purposes. Once consent is obtained, we do not need to seek your consent again unless the use, purpose or disclosure changes. Our existing protocols for electronic submissions of dental claims require a signature on file. Specific consent may be required for additional requests from insurers. This consent shall be collected at the time, or in conjunction with, predeterminations for extensive services, provided that the scope of Personal Information released is disclosed. If there is any doubt, Personal Information shall be released directly to you for your review and submission. Your consent for the collection, use and disclosure of Personal Information may be given in a number of ways, such as:
- signed medical history form;
- signed introductory questionnaire;
- taken verbally over the telephone and then charted; or
- written correspondence.
Limiting Use, Disclosure and RetentionPersonal Information shall not be used or disclosed for purposes other than those for which the information is collected, except with your express Consent, or as required or permitted by law. Our Office may disclose certain Personal Information in accordance with Privacy Laws. This Office and our Affiliate may perform activities outside of Canada through third party agents. You acknowledge and agree that as a result, your Personal Information may be processed, used, stored or accessed in other countries and may be subject to the laws of those countries. For example, Personal Information may be disclosed in response to valid demands or requests from government authorities, courts, or law enforcement in other countries. We will use contractual and/or other means to provide a comparable level of protection over your Personal Information while it is being accessed and/or processed by any such third party. Our Office has protocols in place for the retention of Personal Information. Retention of information records is defined and referenced in the College’s Bylaws. In destroying Personal Information, our Office has developed guidelines to ensure secure destruction in accordance with the College’s Bylaws and Privacy Laws. As discussed in this Code, Personal Information may be transferred and stored outside of Canada. We encourage you to contact the Privacy Officer should you require further information.
Accuracy of Personal InformationThis Office endeavours to ensure that your Personal Information is as accurate, complete, and as up-to-date as necessary for the purposes that it is to be used. The extent to which your Personal Information is accurate, complete and up-to-date will depend upon the use of the Personal Information while at all times, taking into account the interest of our patients. Your Personal Information needs to be sufficiently accurate, complete and up-to-date to minimize the possibility that inaccurate, incomplete or out-of-date Personal Information is used to make a decision about you as our patient. If your Personal Information changes, or if you believe the Personal Information maintained by our Office is inaccurate, we ask that you contact our Office to have the information updated or corrected.
Safeguards for Personal InformationOur Office staff are aware of the importance of maintaining the confidentiality of your Personal Information and we have taken appropriate measures to safeguard your Personal Information. These safeguards are in place to protect your Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Your Personal Information is protected, whether recorded on paper or electronically, and care is used in its care and destruction to prevent unauthorized access at all times while in our custody and control.
Openness about PrivacyOur Office will make readily available to you specific information about our Office policies and practices relating to the management of Personal Information. This information includes:
- the individuals at this Office and the Privacy Officer to whom you can direct any questions or complaints regarding your Personal Information;
- a copy of our Patient Consent Form that explains how this Office collects, uses and discloses your Personal Information; and
- this Code.