|
Privacy Policy
Overview
Shepell·fgi is committed to the highest standards of privacy, confidentiality and data security to protect the personal information of all Shepell·fgi EAP and Disability Management Services clients. The management of personal information is the cornerstone to Shepell·fgi’s services, and Shepell·fgi complies with the most stringent requirements of managing privacy and confidentiality both federally and provincially across Canada and in the United States. In Canada, we specifically comply with the Federal Privacy Legislation, the Personal Information Protection & Electronic Documents Act (PIPEDA), and the governing provincial acts and regulations including Ontario’s Personal Health Information Protection ActIn the U.S. we comply with the U.S. Health Insurance Portability & Accountability Act (HIPAA) of 1996. The Shepell·fgi Privacy Policy provides standards and rules for the collection, use, disclosure, and retention of personal health information.
Accountability Shepell·fgi is responsible for personal information under its control and has designated individuals who are accountable for Shepell·fgi’s compliance with the following:
- Accountability for Shepell·fgi’s compliance with the policy rests with the Chief Executive Officer, Rod Phillips, although other individuals within Shepell·fgi are responsible for the day-to-day collection and processing of personal information. In addition, other individuals within Shepell·fgi are delegated to act on behalf of the Chief Executive Officer including the Corporate Privacy Officer.
The Corporate Privacy Officer for Shepell·fgi is Eric Acker, Chief Operating Officer. This is communicated both internally and externally for public knowledge
Legal Counsel for Shepell·fgi and to the Corporate Privacy Officer is Brian Greenspan, Legal Affairs and Risk Management. This is communicated both internally and externally for public knowledge.
The EAP Privacy Ombudsperson for Shepell·fgi is Marie-Andrée Latour, Clinical Director, Work-Life and Professional Services.This is communicated both internally and externally for public knowledge.
The Disability Management Privacy Ombudsperson for Shepell·fgi is Pamela Connor, Vice President, Health Management Operations & Account Management. This is communicated both internally and externally for public knowledge.
In compliance with Council On Accreditation (COA), Shepell·fgi has policies and procedures that protect the privacy and confidentiality of personal information, including:
- Implementing policies and procedures to protect personal information.
- Establishing procedures to receive and respond to complaints and inquiries.
- Training staff and communicating to staff information about Shepell·fgi's policies and procedures.
- Developing information to explain Shepell·fgi's policies and procedures.
Identifying Purposes
Shepell·fgi will identify the purposes for which personal information is collected, at or before the time the information is collected.
- The primary purposes for the collection of personal information are to identify the individual as an eligible user of the EAP program, assist Shepell·fgi staff in providing EAP and Disability Management services, the administration of the EAP or Disability Management programs; conducting research for quality assurance, inspections, evaluations and audits, for accumulating aggregate utilization statistics and other key metrics for reporting purposes and meeting legal and regulatory requirements.
- Identifying the purposes for which personal information is collected at or before the time of collection allows Shepell·fgi to determine the information it requires for fulfilling these purposes.
- The identified purposes are specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. For example, a "Statement of Understanding" is presented both telephonically, electronically, and at an in person appointment.
- When personal information that has been collected is to be used for a purpose not initially identified, the new purpose shall be identified prior to use.
- Unless the new purpose is required by law, Shepell·fgi will obtain consent from the individual, before information can be used for that purpose.
- Shepell·fgi employees collecting information are able to explain the purposes for which the information is being collected.
The kind of information collected
1.Information gathered is used to identify your eligibility to use Shepell·fgi's EAP services and for the delivery of Disability Management services.
2.Contact information, with specific guidelines as to where and when client wants to be contacted, and whether or not counselors/case managers may leave specific or non-specific messages with or without their name and office phone number.
3. Demographic information, used to facilitate demographic profiling and trend analysis; information gathered is used to assist Shepell·fgi and the Corporate Customer in planning programs that address the specific needs of an organization and its employees. We are also then able to provide anonymous and aggregate statistics to the sponsor of your EAP and/or Disability Management program.
4. Case information is gathered in order to assist the counsellor/case manager in their role.
Consent
Shepell·fgi ensures that the consent of the individual is obtained for the collection, use, and/or disclosure of personal information, except in limited situations where the law requires disclosure as described below.
All clients must review a Statement of Understanding that details the service provided by our EAP and Disability Management programs, and that specifically addresses the issues of privacy and the conditions of overriding privacy status.
Shepell·fgi must explain that information is shared only with the individual's informed, voluntary and written consent, except under the following unusual circumstances:
1. When individuals pose a danger to themselves (i.e. threatens suicide) or to others (i.e. threatening to injure another).
2. When a clear danger to public health is presented (i.e. an employee with an infectious disease works in a food preparation area - Krever Commission Report)
3. There is suspicion of child abuse/neglect.
4. Where the employee's occupation is considered to be safety sensitive and the employee to whom services are provided is imposing an imminent risk of harm to self or others carrying out their job duties. (i.e. for substance abuse with transport companies).
Consent is required for the collection, use and disclosure of personal information. Shepell·fgi obtains consent at or before the time of collection of personal information. In circumstances where a new purpose has been identified, Shepell·fgi will obtain consent from the individual prior to any collection, use and/or disclosure of this information. Shepell·fgi will seek to obtain consent from an authorized representative such as a legal guardian or person appointed under a power of attorney in cases where a minor, seriously ill, or mentally incapacitated individual is involved as required by law.
The principle requires "knowledge and consent." Shepell·fgi will make every effort to make the consent meaningful by clearly stating the purpose(s) for which the information is to be collected, used or disclosed.
The way in which Shepell·fgi seeks consent may vary depending on the circumstances and the type of information collected. For example, consent can be obtained in person, by phone, by mail, or via the Internet. For Shepell·fgi, the form of consent will take into consideration, the reasonable expectations of the individual, the circumstances surrounding the collection, the sensitivity of the information involved and the method of service delivery. For example, clinical services may be provided via e-counselling, telephonically, and in face-to-face counselling.
Shepell·fgi can assume that an individual's request for EAP services constitutes consent for specified purposes. Shepell·fgi will not use or disclose an individual's personal information for purposes other than what is reasonably expected or requested.
Shepell·fgi records consent received from the individual in a variety of ways. For example, via a signed Statement of Understanding, copy of e-mail to clinical file, copy of check-off box, and a record of oral consent to the client file.
Subject to legal or contractual restrictions, consent may be revoked at any time with written notice to Shepell·fgi. Written consent is only valid for the specific request. Effort will be made to ensure the client is aware of the implications of providing and revoking consent.
Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by Shepell·fgi. All personal information shall be collected by fair and lawful means.
Shepell·fgi shall not collect personal information indiscriminately. Both the amount and type of information collected shall be limited to that which is necessary to fulfill the purposes identified. Shepell·fgi shall specify the type of information collected as part of its information-handling policies and practices.
The requirement that personal information be collected by fair and lawful means is intended to prevent organizations from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. This requirement implies that consent with respect to collection, use or disclosure must not be obtained through deception.
Limiting Use, Disclosure, and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes, unless required by law to retain such information for a longer period of time.
Personal information will be stored in strict confidence and accessed only by authorized Shepell·fgi employees and agents or consultants retained by Shepell·fgi.
Personal information will be retained and/or destroyed in accordance with current Shepell·fgi policies and applicable laws.
Multiple Services
For clients using two or more of the services offered at Shepell·fgi (ie. EAP services and Disability Management services), the personal information collected for the purpose of providing one service will not be used or disclosed for the purpose of providing any additional services. Separate files are created for each service used by a client, and the personal information from one file is not shared or combined with any other files.
Shepell·fgi uses separate and distinct databases for each of EAP and Disability Management services, and the two databases are not linked. Additionally, separate dedicated staff populate each database and do not share information. The information contained within the secured networks is subject to rigorous security standards using active directory policies based on “need to know” and role based access. Hard copies of this information are locked onsite and subject to the same rigorous security standards.
Accuracy
All information collected by Shepell·fgi will be as accurate and complete as is necessary to our services. Maintaining accurate records ensures our ability to provide you with personalized, appropriate and up-to-date service. Your information will be updated only when necessary to ensure we can fulfill the obligations for which it was collected.
Safeguards
Shepell·fgi will safeguard personal information from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held, by employing various methods of protection, appropriate to the sensitivity of the information.
The methods of protection will include:
- Physical measures (locked filing cabinets, restricted access to files and offices);
- Technological measures (passwords, encryptions, firewalls, and audits); and
- Organizational controls (security clearances, limiting access on a "need-to-know" basis, staff training, confidentiality agreements, policies and procedures).
- As a condition of employment/consultancy, the Shepell·fgi contract presents a confidentiality clause that binds all Shepell·fgi employees/consultants to a confidentiality agreement.
- Shepell·fgi shall employ care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
Openness
At any time you may ask Shepell·fgi to explain to you how your information is being used. Shepell·fgi will make readily available to individuals specific information about our policies and practices relating to the management of personal information.
Shepell·fgi will make these policies and practices understandable and easily available through a variety of formats. Information about these policies and practices may be made available in person, in writing, by telephone, in publications and on the Corporate Web site.
The information made available will include:
- The name or title and business address of the person who is accountable for Shepell·fgi 's privacy policies and practices and to whom complaints or inquiries can be forwarded.
- The means of gaining access to personal information held by Shepell·fgi.
- A description of the type of personal information held by Shepell·fgi, including a general account of its use and disclosure.
Individual Access
Upon request, Shepell·fgi shall inform the individual of the existence, use, and disclosure of his or her personal information and will be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Note: Shepell·fgi may deny access to certain personal information it holds about an individual if the information is prohibitively costly to provide, if it contains references to other individuals, if it cannot be disclosed for legal, security or commercial proprietary reasons, or if it is subject to solicitor-client or litigation privilege. Shepell·fgi will advise the individual of the reason for denying the access request.
An individual will be required to provide sufficient information to permit Shepell·fgi to provide an account of the existence, use, and disclosure of personal information. The information will only be used for this purpose.
In providing an account of third parties to which it has disclosed personal information about an individual, Shepell·fgi will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual, Shepell·fgi will provide a list of organizations to which it may have disclosed information about the individual.
Shepell·fgi will respond to an individual's request within a reasonable time and at a cost intended to cover actual expenses related to retrieval, photocopying and delivery. The requested information shall be provided or made available in a form that is generally understandable. For example, where Shepell·fgi uses abbreviations or codes to record information, an explanation shall be provided.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information Shepell·fgi uses to make a decision, Shepell·fgi will correct or update the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, Shepell·fgi will transmit the amended information to third parties having access to the information in question.
When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by Shepell·fgi. When appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual accountable for Shepell·fgi’s compliance, Shepell·fgi 's Corporate Privacy Officer.
Shepell·fgi shall put procedures in place to receive and respond to complaints or inquires about its policies and practices relating to the handling of personal information. The complaints procedures will be easily accessible and simple to use.
Shepell·fgi shall inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. A range of these procedures may exist.
Shepell·fgi shall investigate all complaints. If a complaint is found to be justified, Shepell·fgi will take appropriate measure, including, if necessary, amending its policies and practices.
[top]
|
