Privacy Guidelines

 

The purpose of this document is to outline the processes and procedures required to safeguard personal information that is collected and maintained for members of health and welfare plan members of the CAUS MULTI-UNION BENEFITS TRUST FUND. These guidelines are intended to comply with requirements of the federal Personal Information Protection and Electronic Documents Act as well as applicable provincial legislation and will be reviewed regularly and updated as necessary to remain current.

Definition of Personal Information:

Personal information is defined as information regarding an individual which is not publicly available. Personal information would include the following:

  • Social Insurance Number
  • Date of Birth
  • Address (provided it is not listed in a public directory)
  • Salary/Earnings/Hours (or other information on which health benefits are based)
  • Medical Information
  • Union membership status
  • Identification of spouse/dependents/beneficiaries
  • Bank account information

Accountability

Privacy related inquiries should be directed to the Privacy Policy Officer. The Privacy Policy Officer will investigate all inquiries and complaints and take such action as appropriate to rectify the situation. Inquiries and complaints should be directed to Gord Godsmark godsmark@causbenefits.com.

Consent

For Information Collected Prior to January 1, 2004

Consent will be implied for personal information which was collected prior to January 1, 2004 and for salary/earnings/hours information collected after January 1, 2004 whose participation in the health plan began before January 1, 2004. All other aspects of these guidelines, (i.e., limiting collection, use and disclosure), will apply equally to personal information collected prior to and after January 1, 2004. To attempt to obtain consent for all personal information collected prior to January 1, 2004 would be unreasonably onerous.

For Information Collected On and After January 1, 2004

At the time personal information regarding a member of a health plan is initially collected, the member will be asked to complete a registration/enrollment form wherein they consent to the collection and use of the identified personal information. This consent will also encompass information obtained on an ongoing basis from the employer, (i.e., salary/hours/earnings). As initially information may be obtained directly from the member=s employer, participating employers will be provided with copies of the forms and instructions for their use. At the time personal information is initially received from an employer, (i.e., initial hours reported), we will verify a duly executed registration/enrollment form is on file. If not, a form will be issued directly to the member. If the form is not returned, consent will be implied by virtue of participation in the health plan.

Consent may be obtained from the member directly or from the member=s duly authorized agent. Consent may not be required in certain circumstances such as in the case of an emergency or if required by law.

Consent can be withdrawn at any time and in such cases, the member will be advised what the subsequent impact will be on their ability to claim benefits from the health plan.

The registration/enrollment form will request the member’s consent to use the Social Insurance Number for identification purposes. The Social Insurance Number may be required for tax reporting purposes if T4 slips for life insurance premiums are being issued. If consent is not directly provided, a unique ID will be assigned for record keeping purposes.

At the time of application for a benefit from the health plan, consent for any additional personal information required, (i.e., medical information), will be obtained by means of the appropriate form.

Collection of Personal Information

The collection of personal information will be limited to the information required for the proper administration of the health plan. Members will be advised, at the time of initial registration/enrollment or at the time of application for health benefits, of this purpose for collecting personal information.

At the time of registration/enrollment, personal information collected will be limited to:

Personal Information Purpose for Collection
Social Insurance Number For identification and tax purposes
Date of Birth To determine eligibility for benefits
Address For communication purposes
Gender To determine eligibility for benefits
Union affiliation and join date To determine eligibility for benefits
Hire Date To determine eligibility for benefits
Beneficiary designation/s To determine recipient in the event of death
Spouse name and date of birth To determine eligibility for benefits
Dependent child/s name and date of birth To determine eligibility for benefits

 

On an ongoing basis, information regarding salary/earnings/hours, (or whatever other basis is used to determine eligibility for benefits), will be collected directly from the employer and/or the union. Date of birth and current address information may also be collected from the employer or the union but only in the event this information has not been supplied directly by the member. This information will only be used to communicate with the member regarding their eligibility for benefits or otherwise for the proper administration of the health plan.

Use and Disclosure of Personal Information

Personal information will only be used for the purposes identified herein, unless consent is provided to do otherwise.

Personal information may be disclosed to the following external parties for the identified purpose:

External Party Purpose for Disclosure (Business Need)
Consultant Plan interpretation 

Plan review

Auditor Test and review accuracy
Legal Counsel Plan interpretation
Records Storage Provider Off site storage of hard copy records
Software Vendor/Network Support Modification, repair or testing of software or hardware systems
Insurance Carrier Plan interpretation
Authorized Third Party Providers (specifically direct pay prescription
drug provider, employee assistance provider)
To determine eligibility to benefit

 

Personal information will only be disclosed if there is a business need related to the proper administration of the health plan. Every effort will be made where possible to shield the identity of the individual member, (i.e., the provision of statistics without names if possible). In the event personal information is required to be disclosed, the external party will be required to verify they comply with applicable privacy regulations.

Personal information can be disclosed to other external parties and for purposes other than the proper administration of the health plan provided appropriate consent is obtained from the member prior to the disclosure.

Retention of Personal Information

Personal information will be retained for the period of eligibility and for an additional period of seven years following the lapse of  eligibility.

Records may be retained for an alternate period of time at the request of the client.Accuracy of Personal Information

Reasonable efforts will be made to ensure personal information is accurate and current. Personal information will be corrected and updated upon proper notification from the member, the employer or the union as applicable.

Security of Personal Information

Appropriate measures will be taken to safeguard personal information as follows:

– Access to the facility is restricted to employees and any visitors must be accompanied and monitored by an employee.

– Access to electronic records is secured by network security measures (user access levels and passwords) and firewall technology.

– Personal information will not be transmitted or communicated using email unless on a secured, intranet basis.

– Any documents containing personal information will be destroyed in a manner which ensures confidentiality is maintained.

– Outside of regular business hours, any documents which identify a Social Insurance Number and associated name or other similar sensitive information will be secured in a locked container.Access to Personal Information

Upon request, a member may review the personal information on file as well as request an account of its collection, use and disclosure. Such requests will be addressed in a reasonable period of time not to exceed 45 days. Depending on the complexity of the request, a fee may apply but such fee would be disclosed in advance. In the event access cannot be provided, the reason for denying access will be identified.

 Posted by at 1:16 pm