The purpose of this document is to outline the processes and procedures required to safeguard personal information that is collected and maintained for members of health and welfare plan members of the CAUS MULTI-UNION BENEFITS TRUST FUND. These guidelines are intended to comply with requirements of the federal Personal Information Protection and Electronic Documents Act as well as applicable provincial legislation and will be reviewed regularly and updated as necessary to remain current.
Definition of Personal Information:
Personal information is defined as information regarding an individual which is not publicly available. Personal information would include the following:
- Social Insurance Number
- Date of Birth
- Address (provided it is not listed in a public directory)
- Salary/Earnings/Hours (or other information on which health benefits are based)
- Medical Information
- Union membership status
- Identification of spouse/dependents/beneficiaries
- Bank account information
For Information Collected Prior to January 1, 2004
Consent will be implied for personal information which was collected prior to January 1, 2004 and for salary/earnings/hours information collected after January 1, 2004 whose participation in the health plan began before January 1, 2004. All other aspects of these guidelines, (i.e., limiting collection, use and disclosure), will apply equally to personal information collected prior to and after January 1, 2004. To attempt to obtain consent for all personal information collected prior to January 1, 2004 would be unreasonably onerous.
For Information Collected On and After January 1, 2004
At the time personal information regarding a member of a health plan is initially collected, the member will be asked to complete a registration/enrollment form wherein they consent to the collection and use of the identified personal information. This consent will also encompass information obtained on an ongoing basis from the employer, (i.e., salary/hours/earnings). As initially information may be obtained directly from the member=s employer, participating employers will be provided with copies of the forms and instructions for their use. At the time personal information is initially received from an employer, (i.e., initial hours reported), we will verify a duly executed registration/enrollment form is on file. If not, a form will be issued directly to the member. If the form is not returned, consent will be implied by virtue of participation in the health plan.
Consent may be obtained from the member directly or from the member=s duly authorized agent. Consent may not be required in certain circumstances such as in the case of an emergency or if required by law.
Consent can be withdrawn at any time and in such cases, the member will be advised what the subsequent impact will be on their ability to claim benefits from the health plan.
The registration/enrollment form will request the member’s consent to use the Social Insurance Number for identification purposes. The Social Insurance Number may be required for tax reporting purposes if T4 slips for life insurance premiums are being issued. If consent is not directly provided, a unique ID will be assigned for record keeping purposes.
At the time of application for a benefit from the health plan, consent for any additional personal information required, (i.e., medical information), will be obtained by means of the appropriate form.
Collection of Personal Information
The collection of personal information will be limited to the information required for the proper administration of the health plan. Members will be advised, at the time of initial registration/enrollment or at the time of application for health benefits, of this purpose for collecting personal information.
At the time of registration/enrollment, personal information collected will be limited to:
|Personal Information||Purpose for Collection|
|Social Insurance Number||For identification and tax purposes|
|Date of Birth||To determine eligibility for benefits|
|Address||For communication purposes|
|Gender||To determine eligibility for benefits|
|Union affiliation and join date||To determine eligibility for benefits|
|Hire Date||To determine eligibility for benefits|
|Beneficiary designation/s||To determine recipient in the event of death|
|Spouse name and date of birth||To determine eligibility for benefits|
|Dependent child/s name and date of birth||To determine eligibility for benefits|
On an ongoing basis, information regarding salary/earnings/hours, (or whatever other basis is used to determine eligibility for benefits), will be collected directly from the employer and/or the union. Date of birth and current address information may also be collected from the employer or the union but only in the event this information has not been supplied directly by the member. This information will only be used to communicate with the member regarding their eligibility for benefits or otherwise for the proper administration of the health plan.
Use and Disclosure of Personal Information
Personal information will only be used for the purposes identified herein, unless consent is provided to do otherwise.
Personal information may be disclosed to the following external parties for the identified purpose:
|External Party||Purpose for Disclosure (Business Need)|
|Auditor||Test and review accuracy|
|Legal Counsel||Plan interpretation|
|Records Storage Provider||Off site storage of hard copy records|
|Software Vendor/Network Support||Modification, repair or testing of software or hardware systems|
|Insurance Carrier||Plan interpretation|
|Authorized Third Party Providers (specifically direct pay prescription
drug provider, employee assistance provider)
|To determine eligibility to benefit|
Personal information will only be disclosed if there is a business need related to the proper administration of the health plan. Every effort will be made where possible to shield the identity of the individual member, (i.e., the provision of statistics without names if possible). In the event personal information is required to be disclosed, the external party will be required to verify they comply with applicable privacy regulations.
Personal information can be disclosed to other external parties and for purposes other than the proper administration of the health plan provided appropriate consent is obtained from the member prior to the disclosure.
Retention of Personal Information
Personal information will be retained for the period of eligibility and for an additional period of seven years following the lapse of eligibility.
Records may be retained for an alternate period of time at the request of the client.Accuracy of Personal Information
Reasonable efforts will be made to ensure personal information is accurate and current. Personal information will be corrected and updated upon proper notification from the member, the employer or the union as applicable.
Security of Personal Information
Appropriate measures will be taken to safeguard personal information as follows:
– Access to the facility is restricted to employees and any visitors must be accompanied and monitored by an employee.
– Access to electronic records is secured by network security measures (user access levels and passwords) and firewall technology.
– Personal information will not be transmitted or communicated using email unless on a secured, intranet basis.
– Any documents containing personal information will be destroyed in a manner which ensures confidentiality is maintained.
– Outside of regular business hours, any documents which identify a Social Insurance Number and associated name or other similar sensitive information will be secured in a locked container.Access to Personal Information
Upon request, a member may review the personal information on file as well as request an account of its collection, use and disclosure. Such requests will be addressed in a reasonable period of time not to exceed 45 days. Depending on the complexity of the request, a fee may apply but such fee would be disclosed in advance. In the event access cannot be provided, the reason for denying access will be identified.