ODA Privacy Policy

Print

The Ontario Dental Association (“ODA”) values the relationship it has with its members, all dentists, dental students, employees, dental-related organizations and institutions it deals with, and members of the public, and is committed to the protection of their personal information.

Accordingly, the ODA, its employees, agents and volunteers are required to adhere to this Privacy Policy, which is based on the privacy principles set out in the federal statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Ontario statute, the Personal Health Information Protection Act, 2004 (PHIPA). “Personal Information,” as used in this Privacy Policy is defined below.

In some cases, the ODA may set policies about releasing to the public information that is not considered Personal Information, in which case the ODA, its employees and volunteers will be bound by such policies. The ODA may set policies around releasing Personal Information about members or other individuals, but only with their consent and in accordance with the requirements of the applicable legislation, i.e., PIPEDA and/or PHIPA.


Definitions1

  • “Collect” means to gather, acquire, receive or obtain personal information by any means from any source, and “collection” has a corresponding meaning.
  • "Use” means to handle or deal with personal information that is in the custody or control of the ODA, and includes disclosing the information to an agent acting on behalf of the ODA.
  • “Disclose” means to release or make available personal information that is in the custody or control of the ODA, to another individual who is not an agent of the ODA, and “disclosure” has a corresponding meaning.
  • “Personal Information” means information about a specific, identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Personal information includes “personal health information.”
  • “Personal Health Information” means identifying information about an individual in oral or recorded form, if the information relates to:

(a) the physical or mental health of the individual, including information that consists of the health history of the individual’s family;
(b) the provision of health care to the individual, including the identification of a person as a provider of health care to the individual;
(c) a plan of service within the meaning of the Long-Term Care Act, 1994;
(d) payments or eligibility for health care in respect of the individual;
(e) the donation of a body part or bodily substance of the individual, or is derived from the testing or examination of such body part or substance
(f) the individual’s health or insurance number;
(g) the identity of an individual’s substitute decision maker; and
(h) identifying information contained in an individual’s health record or dental record.


1. Accountability
The ODA is responsible for all Personal Information under its control and has designated an individual or individuals who are accountable for the ODA's compliance with the following principles.

The ODA has designated a Chief Privacy Officer who is accountable for the overall compliance of the ODA with the privacy principles in this Policy, including day-to-day oversight. At the same time, because many individuals within the ODA have responsibility for the day-to-day collection and processing of Personal Information, all departments will comply with this Privacy Policy as it may apply to their work and to certain individuals, and may be delegated to act on behalf of the Chief Privacy Officer.

The ODA is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing. It will use contractual or other means to provide a comparable level of protection for information being processed by a third party.


2. Identifying Purpose

The ODA will identify and document the purposes for which it collects, uses or discloses Personal Information at or before the time of collection.

The ODA will make a reasonable effort to specify the identified purposes, orally or in writing, to the individual from whom the Personal Information is collected either at the time of collection or after collection but before use. The ODA will state the identified purposes in such manner that an individual can reasonably understand how the information will be used or disclosed.

The ODA will identify any other purposes which may arise for the collection, use or disclosure of Personal Information at or before the time the Personal Information is collected. These purposes will be detailed and communicated to individuals in the ODA’s Privacy Statement(s) and/or Frequently Asked Questions (FAQ).

If a new purpose arises in respect of Personal Information already collected, the ODA will identify the new purpose prior to the use or disclosure of the Personal Information.

(i) Members and Prospective Members
The ODA collects, uses and discloses Personal Information concerning its members and all dentists in Ontario for the following purposes:

a) Providing products, services and information of interest to its members and dentists in Ontario;
b) Providing the Ontario Dentist Journal and other information or media containing information of interest to all dentists in Ontario;
c) Exchanging information with dental-related organizations and institutions in order to facilitate the provision of products, services and information of interest to its member dentists in Ontario;
d) Any other purposes as communicated in the ODA Privacy Statement for ODA Members and Prospective Members, as may be amended from time to time.

(ii) Employees
The ODA collects and uses Personal Information concerning its employees to provide them certain benefits and with information which is relevant to their work or terms of employment or other employment related activities. The ODA does not disclose Personal Information of employees for non-employment related activities.

(iii) Other Individuals
The ODA may collect and use Personal Information from members of the public who contact the ODA requesting information on oral health or to participate in programs such as the ODA Mediation Program.

The ODA may also collect and use personal information from the staff persons employed by ODA member dentists for the purpose of providing them with services available to staff of ODA members, such as extended health care (EHC) benefits, and the employee assistance program.


3. Consent
The ODA will collect, use, or disclose Personal Information only with the knowledge and consent of the individual, except in emergencies and on other occasions permitted or required by law, or where appropriate.

The way in which the ODA seeks consent, including whether it is express (i.e., explicit verbal, written, or other authorization) or implied (i.e. can reasonably be determined through the actions or inaction of the individual), may vary depending upon the sensitivity of the information and the reasonable expectations of the individual. An individual can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The ODA will inform individuals of any implications of withdrawing consent.

Typically, the ODA will seek consent for the use or disclosure of information at the time of collection. In certain circumstances, such as a proposed use of information for new purposes not previously identified, consent may be sought after the information has been collected but before use.

The ODA will not require an individual, as a condition of the supply of his or her services, to consent to the collection, use or disclosure of Personal Information beyond that required to fulfill legitimate purposes.

In certain circumstances, as permitted or required by law, the ODA may collect, use or disclose Personal Information without the knowledge or consent of the individual. These circumstances include Personal Information:

a) that for legal, medical, or security reasons make it impossible or impractical to seek consent
b) which is subject to solicitor-client privilege;
c) which is publicly available;
d) where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way;
e) which is required to investigate a breach of an agreement or a contravention of a law;
f) required to act in an emergency that threatens the life, health or security of an individual;
g) for debt collection; or to comply with a subpoena, warrant or court order;
h) for the detection and prevention of fraud or for law enforcement where seeking the consent of the individual might defeat the purpose of collecting the information; or
i) when the individual is a minor, seriously ill, or mentally incapacitated.


4. Limiting Collection
The ODA will limit the amount and type of Personal Information collected to that which is necessary for identified purposes and will only collect Personal Information by fair and lawful means.

The ODA will collect information in a straightforward and honest fashion. The ODA will not coerce, threaten, or mislead individuals into providing personal information, nor collect information surreptitiously (without individual consent or knowledge), nor gather from other people, such as family members, work colleagues, or acquaintances without the knowledge and consent of the individual, except in the most compelling circumstances, or for purposes such as law enforcement.

To the maximum extent possible, the ODA will identify personal information sources to ensure maximum fairness and openness in information collection practices.


5. Limiting Use, Disclosure and Retention
The ODA will not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. The ODA will retain Personal Information only as long as necessary to fulfil the identified purposes.

The ODA will retain Personal Information which has been used to make a decision about an individual long enough to allow the individual access to the information after the decision has been made and, in the event of an access request or a challenge, long enough to exhaust any recourse an individual may have under the law.

Where Personal Information is no longer required to fulfill the identified purposes, the ODA will destroy, erase, or make it anonymous. The ODA will communicate its practices regarding use, disclosure, and retention, to the business functions responsible for retaining personal information. The ODA will inform individuals of its retention periods and what it intends to do with the information after the maximum retention periods are reached.


6. Accuracy
The ODA will use its best efforts to ensure that Personal Information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.

The ODA will use its best efforts to ensure that Personal Information that is used on an ongoing basis, including information that is disclosed to others, and information that is used to make a decision about an individual is accurate, complete, and up-to-date.


7. Security
The ODA will protect Personal Information with safeguards appropriate to the sensitivity of the information.

The ODA will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification regardless of the format in which the information is held. The ODA will make its employees aware of the importance of maintaining the confidentiality of Personal Information, and will exercise care in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the information.

Depending on the format of the Personal Information, security measures may include physical precautions such as locking file cabinets and restricting access to cabinets, offices and files, organizational measures such as security clearances and limiting access on a need-to-know basis and technological measures including passwords and encryption.

8. Openness
The ODA will make specific information about its policies and practices regarding the management of Personal Information readily available, except to the extent that it is confidential commercial information.

Specifically, the ODA will publicize information about:

a) how to obtain details of the Personal Information held on file for identified individuals;
b) the type of Personal Information held by the ODA, including a general account of its use;
c) general information concerning its Privacy Policy and related policies and procedures;
d) what Personal Information is made available to related companies; and
e) how to make requests or complaints to the ODA’s Chief Privacy Officer.


9. Individual Access
Upon receipt of a written request, the ODA will inform an individual of the existence, use and disclosure of his or her Personal Information and will give the individual access to that Personal Information, which may be challenged and corrected, depending on the circumstances.

The ODA will respond to all individual written requests within a reasonable time, usually about ten (10) business days, depending upon the complexity of the request and the information, and will assist any individual who informs the ODA that he or she needs assistance in preparing a request. The ODA may require an individual to provide additional information which will assist it in providing an account of the existence, use, and disclosure of Personal Information.

The ODA will usually provide the requested information without charge. However, the ODA reserves the right to impose a charge, depending on the extent of the request and retrieval of information required. The ODA will inform the individual of the approximate amount of any charge to respond to the request and will not retrieve the information until payment is made. Requested information will be provided in a form that is generally understandable. Where possible, the ODA will indicate the source of the information.

If an individual successfully demonstrates the inaccuracy or incompleteness of Personal Information, the ODA will amend the information as required. If a challenge is not resolved to the satisfaction of the individual, the ODA will record the substance of the unresolved challenge. The ODA will take reasonable steps to advise third parties having access to the information of any amendments, or unresolved challenges, as the case may be.

In certain situations, the ODA may refuse a request or restrict access to all the Personal Information it holds about an individual. Exceptions to the access requirement will be limited and specific, as permitted or required by law. The reasons for denying or restricting access will be provided to the individual upon request, where permitted by law, and may include:

a) information containing references to other individuals;
b) confidential commercial information;
c) information which by its nature must remain confidential;
d) information collected in the course of investigating a breach of an
e) agreement;
f) information collected in the course of a dispute resolution process;
g) information that is subject to solicitor-client privilege; or
h) any portion of information which for, one or more of these reasons may not be readily severable from the information as a whole.


10. Challenging Compliance
Any individual may address a written challenge concerning the ODA’s compliance with its Privacy Policy to the ODA’s Chief Privacy Officer.

The ODA will investigate all written complaints. Should it find that a complaint is justified, the ODA will take all appropriate steps to correct the information and amend the policy or practice as required, and will notify the individual about the outcome.

*Privacy Policy approved at June 13th , 2007 Board of Directors meeting.


References
1. The definitions in this Privacy Policy are adopted from those found in PHIPA and PIPEDA.

Top

Share
OralHealth