Privacy

As Global Medical Services (hereinafter referred to as “GMS”) believes that your privacy is a fundamental priority, we have always employed the highest standards of ensuring the security of your personal information and privacy. Furthermore, we recognize the importance of protecting our clients’ personal information that is collected, used, or disclosed by GMS during both commercial and health-related activities across provincial and international borders.

As mandated by the newly implemented federal legislation, Personal Information Protection and Electronic Documents Act (hereinafter referred to as “PIPEDA”), GMS is ensuring that all personal information under its control is protected through a formal Personal Information Protection and Privacy Policy, and related procedures.

Coming into effect on 1 January 2004, PIPEDA’s regulations cover two specific sets of information: personal information and personal health information.

PIPEDA defines “personal information” as, “…information about an identifiable individual, but does not include the name, title, or business address or telephone number of an employee of an organization.”1

Moreover, PIPEDA defines “personal health information” as, “… a) information concerning the physical or mental health of the individual; b) information concerning any health service provided to the individual; c) information concerning the donation by the individual of any body part or any bodily substance of the individual for information derived from the testing or examination of a body part or bodily substance of the individual; d) information that is collected in the course of providing health services to the individual; or e) information that is collected incidentally to the provision of health services to the individual.”2

In light of these definitions, GMS collects two sets of data that could be classified as “personal information” or “personal health information”:

1. Personal contact information of individuals who participate in a variety of training programs offered by GMS
2. Personal information collected, used, or disclosed during the medical treatment of GMS clients following the use of GMS-managed automated external defibrillators

GMS wishes to assure its clients that it will abide by the following 10 Principles, as located in Schedule 1 of PIPEDA and developed by the Canadian Standards Association, when dealing with the collection, use, or distribution of personal information and personal health information.

As GMS is responsible for all personal information under its control, a Privacy Officer has been designated to be accountable for GMS compliance with the following principles. The identity of this Privacy Officer and his/her contact information shall be made available upon request, and on the GMS website.

GMS will also implement policies and practices to give effect to the principles, including:

• Executing company-wide procedures to protect personal information.
• Establishing procedures to receive and respond to complaints and inquiries.
• Training staff and communicating to staff information about GMS’ policies and
  practices.
• Developing public information packages to explain GMS privacy policies and procedures.

GMS will ensure that the purposes for which personal information is collected shall be identified at or before the time the information is collected. These purposes shall be documented in compliance with the Openness Principle and the Individual Access Principle, and shall be done orally or in writing at the time of collection.

In the event that personal information of GMS clients has been collected and will be used for a purpose not previously identified, the new purpose shall be made known to clients prior to use. Further consent from these clients will be required before the information in question can be used for that purpose.

GMS recognizes that the knowledge and consent of its clients are required for the collection, use, or disclosure of personal information, except under certain conditions (see Section 7 of PIPEDA for further information on these circumstances). However, in the majority of cases consent must be received prior to the collection and use of personal information.

GMS will make every reasonable effort to ensure its clients are advised of the purposes for which the information will be used. GMS will not require its clients to consent to the collection, use, or disclosure of their personal information for anything other than the explicitly specified purposes.

GMS will generally seek implied consent on matters regarding the collection, use, or disclosure of clients’ personal information. GMS will also allow for its clients to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Furthermore, GMS will inform its clients of all implications that would result from such a withdrawal.

GMS will guarantee that the collection of its clients’ personal information shall be limited to that which is necessary for the purposes identified by GMS. Furthermore, all information will be collected by fair and lawful means. In addition, GMS assures its clients it will not collect personal information indiscriminately.

GMS will adhere to the principle that the personal information of its clients shall not be used or disclosed for purposes other than that for which it was collected, except with the consent of the individual or as required by law. The personal information of its clients will only be retained for as long as necessary to fulfill those purposes.

Any new purposes for using or disclosing such personal information shall be disclosed to our clients prior to use.

GMS will also retain all personal information of our clients that is used to make a decision that directly affects the individual in question for at least one year after the decision has been made, to allow the client enough time to review their personal information if necessary.

Personal information collected from GMS clients shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used, and to minimize the possibility that inappropriate information may be used to make a decision about the individual.

GMS also guarantees that personal information of clients shall not be routinely updated, unless such a process is necessary to fulfill the purposes for which the information was collected. In the event that our clients request to have their personal information changed, a formal set of procedures will be followed in response to such a request. These guidelines are identified as Procedures for Responding to Requests for Corrections to Personal Information.

GMS guarantees that appropriate safeguards will protect all of its clients’ personal information. These safeguards will protect all personal information under the control of GMS against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Furthermore, GMS will protect its clients’ personal information regardless of the format in which it is held.

Methods of securing personal information under the control of GMS will include physical,
organizational, and technological measures. The measures are described in detail in our
Procedures for Securing and Handling Personal Information.

All GMS employees will be made aware of the importance of maintaining the confidentiality of the personal information of its clients.

GMS prides itself on its level of openness with regards to the personal information of its clients. The GMS Privacy Officer will make specific information about GMS policies and practices relating to the management of personal information readily available to clients and the public.

The Personal Information Protection and Privacy Policy of GMS, in addition to all related guidelines and procedures, will be made available upon request and on the GMS website.

As part of its Procedures for Responding to Requests for Access to Personal Information, GMS will inform its clients upon written request of the existence, use, or disclosure of their personal information and shall allow them access to such information, pending certain guidelines of response. Moreover, GMS will allow its clients to challenge the accuracy and completeness of the information, and have it amended as necessary, pending certain guidelines.

All requests for access to personal information and for corrections to be made must be in writing. The Privacy Officer of GMS will assist any client who informs them of a need for assistance in preparing a request. Following receipt of such a request, GMS will make every effort to respond with due diligence within 30 days of receiving the request.

This time limit may be extended, however, to a maximum of 30 days if:

• The client did not provide enough detail to enable GMS to identify the personal information requested.
• Meeting the time limit would unreasonably interfere with the activities of the
  organization.
• The time required to undertake any consultations necessary to respond to the request would make the time limit impracticable to meet.
• The period is necessary in order to be able to convert the personal information into a readable format.

Should GMS request such an extension, it must be made to the Privacy Commissioner of Canada, and forwarded to the client, advising them of the reasons for requesting the extension and their right to make a complaint to the Commissioner with respect to the extension.

GMS may also charge a minimal fee for responding to the client’s request, which will be disclosed at the point of receiving the request.

GMS may also respond within the allotted period of time and deny the request from their client. In this case, the client must be provided with a formal summary of the reasons for the refusal, and any recourse that they may have under PIPEDA.

The GMS Privacy Officer will make it clear to GMS clients that they will be able to address any and all challenges concerning compliance with the above principles. Furthermore, the Privacy Officer will provide clients with the various GMS procedures and policies that address the formal responses to requests for access to personal information, corrections to personal information, and the filing of complaints against GMS.

The Privacy Officer will also make clear that if GMS clients are dissatisfied with the response and/or means of handling their personal information request, they will be directed to file a written complaint to the federal Privacy Commissioner, who may then choose to investigate the matter.

¹ Personal Information Protection Act .
² Ibid.