Privacy Policy

BACKGROUND

According to the first annual report issued by the Privacy Commissioner of Canada (1984), “Privacy is not simply a precious and often irreplaceable human resource; respect for privacy is the acknowledgment of respect for human dignity and of the individuality of [hu]man[ity].” Everyone has the legal right to have their privacy respected and their personal health information protected by the health practitioners from whom they are receiving healthcare services. 

Therefore, Organizational Solutions Inc. has developed strict policies to ensure clients are receiving services in a manner that protects their privacy, as well as their personal health information. Specifically, the policies incorporate all relevant privacy legislation set forth by Canada’s federal government, namely the Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), and Ontario’s Personal Health Information Protection Act (PHIPA). 

Privacy of personal information is a critically important principle to everyone at Organizational Solutions Inc. We are committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for our services. We also try to be open and transparent about handling personal information. 

Personal Health Information

Personal information refers to information about an identifiable individual. It includes information that relates to an individual’s characteristics (e.g., name, date of birth, home address, and telephone number), health (e.g., presenting problem, health history, health services received by the individual, social situation) or activities and views (e.g., opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is not the same as business information (e.g., an individual’s business address and telephone number), which is not protected by privacy legislation.

POLICY

At Organizational Solutions Inc., the privacy and protection of personal information is important to us. At Organizational Solutions Inc., we are committed to protecting the privacy, confidentiality, accuracy, and security of the personal information we collect, use, retain and disclose. We are also concerned about the personal information of our employees and representatives. In order to ensure the protection of client files, it is forbidden to remove original files from Organizational Solutions Inc. Offices.

Individuals of which OSI manages or has managed their claim/file can legally request a copy of their information/file/documents through a formal written request to Organizational Solutions Inc. Valid; written consent is required where the individual requests that OSI share their file/personal information with a designated third party.

guidelines

Personal information pertains to recorded data that identifies an individual, whether communicated through oral, electronic, or written form. Organizational Solutions Inc.’s personal information typically includes, but is not limited to, an individual’s: 

• • • • Name, home address or home telephone number. 
      • Client ID number. 
      • Emergency contact info. 
      • Age, gender, marital status, or family status. 
      • Identifying numbers, symbols or other particulars assigned to the individual. 
      • Health and healthcare history, including information about physical or psychological disability. 
      • Educational, financial, or employment history. 

Note: Personal Information does not include the name, title, business address, or telephone number of an employee of Organizational Solutions Inc.) 

Please note: For the security and protection of our operations staff at OSI, we do not use or publish our last names on any communication for client or claim-related purposes, including requesting additional information from care providers. We also ask that our employees not publish their last names on any forums that indicate OSI as their place of employment, including LinkedIn. 

Our policy at Organizational Solutions Inc. sets high standards for collecting, using, disclosing, and retaining personal information. For our clients, the primary purpose of collecting personal information about an individual is to provide Disability Management services for that person. We collect only the information we need for the purposes of managing claims. Our files are kept for the purpose of providing an early and safe return to work and assessment information. We retain information for as long as necessary for the purpose for which it was collected and in accordance with legislation.

Website information

Organizational Solutions Inc. uses our “Careers” page that serves to communicate career opportunities. When an individual submits their resume on our website by clicking the “Submit” button, they are submitting personally identifiable information.

For members of the general public and clients, our primary purpose for collecting personal information is to provide notice of special events, such as a seminar or conference, or to make them aware of services at Organizational Solutions Inc. 

Links to Other Sites 

The privacy policy only covers Organizational Solutions Inc.’s website. When you visit our website, you may discover that it contains links that may take you to sites operated by third parties that are not within Organizational Solutions Inc.’s control and are not covered by this Privacy Policy. If you use a link, you are advised to check their applicable privacy practices and policy for each particular new site. We at Organizational Solutions Inc. do not accept any responsibility or liability for the practices of other websites. 

Contractors 

The people who are contracted to do work for us are required to have prior knowledge and consent to Organizational Solutions Inc.’s Privacy Policy. Our primary purpose for collecting personal information is to ensure we can contact them in the future (work assignments) for necessary work-related communications (sending paycheques), letters of reference, or an evaluation of their work. 

Common Purposes 

We also collect and disclose information for common purposes such as: 

• • • • To invoice clients for goods and services or to collect unpaid accounts. 
      • To advise clients that their service should be reviewed (e.g. to ensure service is still relevant to personal needs). 
      • To advise customers and others of special events or opportunities (e.g. seminars or conferences or new service options). 
      • For reviewing client and other files for the purpose of ensuring our high standards and services are being met. This may include external consultants such as lawyers, accountants, or private consultants on our behalf and continuing quality control reviews of our company and its standards and services. 
      • We use aggregate data for research to advance the evidence-based nature of the profession. 
      • Occasionally, there may be the opportunity to win prizes through participation in periodic prize draws or other promotions on our website, at seminars, or elsewhere. To enter, we may ask that an individual provide their name, address, and phone number. Unless they opt out by contacting us, the information provided will be collected, used, and disclosed as provided in this Privacy Policy. 
      • We also use a third-party provider to help us gather information about the areas that are visited on our website in order to evaluate and improve the customer experience and the convenience of the website. The third-party provider is contractually restricted with the information provided to us in any manner. 

Using email or fax to communicate health information 

The privacy of client emails and faxes containing vital medical information is paramount to Organizational Solutions Inc. As with the paper record, the client has the right to privacy and confidentiality of their personally identified medical information. 

Organizational Solutions Inc.’s Health Professionals have a duty to retain the confidential nature of patient records at all times. Clients will be informed of privacy issues and will be given detailed instructions regarding the information they provide over the Internet. 

All client data containing sensitive and confidential information is assigned security protections to control access to the information. 

Email attachment

This email and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the email message and any attachments or copies, and you are prohibited from retaining, distributing, disclosing, or using any information contained herein. Please inform us of the erroneous delivery by return email. Thank you for your cooperation. 

CONFIDENTIEL: Ce courriel est confidentiel et protégé. L’expéditeur ne renonce pas aux droits et obligations qui s’y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu’il contient par une personne autre que le (les) destinataire(s) désigné(s) est interdite. Si vous recevez ce courriel par erreur, veuillez m’en aviser immédiatement, par retour de courriel ou par un autre moyen. 

Fax attachment 

Confidentiality Notice: 

The document accompanying this fax transmission contains confidential information belonging to the sender, which is legally privileged. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on or regarding the contents of this faxed information is strictly prohibited. If you have received this fax in error, we apologize and ask that you immediately notify the above by telephone to arrange for the return of the fax. 

Organizational Solutions Inc.’s Health Professionals must be knowledgeable regarding the risks and benefits as well as mechanisms for protecting patient privacy, confidentiality, and systems security in our present information age. 

Quality Assurance 

“Confidentiality refers to the trust placed that the information shared will be respected and used only for the purpose disclosed.

 Confidentiality is an inherent requirement of the daily activities of any health record professional (Styffe, 1997).” 

Duty of Health Professionals 

All of Organizational Solutions Inc.’s Health Professionals have a duty to retain the confidential nature of patient records at all times. Health information management includes not only the collection of patient data but also protecting it, interpreting it, and analyzing it to make decisions.

Organizational Solutions Inc.’s Health Professionals will ensure that they comply with the professional standards of their governing regulatory bodies in maintaining security accountability. Every reasonable effort will be taken to ensure subcontractors also adhere to Organizational Solutions Inc.’s privacy standards. 

An Organizational Solutions Inc. internal audit of privacy practices will be conducted on a periodic basis. 

SECURITY AND CONFIDENTIALITY AGREEMENT 

The following is classed as Confidential Information: 

• • • Client lists 
    • Client medical histories 
    • Client personal information  
    • Medical research 

• • • Labour relations 
    • Human resource planning, policies, or procedures 
    • Company financial information, status and statements 
    • Any information or documentation labelled “Confidential” by the Company or listed as such by separate memorandum or e-mail that informs of confidential status 
    • Any information pertaining to (Organizational Solutions Inc.’s) clients, prospects, or visitors 

Any information relating to the Company that is freely in the public domain may not be considered “Confidential.” In the event that an employee can prove that information was possessed before it was received from Organizational Solutions Inc. or that information was gained from an unrelated third party, said information will not be classified as “Confidential.” 

Signed member consent 

All claim forms include express informed consent wording, permitting Organizational Solutions Inc. to gather medical and personal information to use for the identified purpose and to share specific information with the authorized parties as necessary. 

Retention of Medical Forms 

Organizational Solutions Inc. has taken reasonable measures to provide security for any personal information stored in Organizational Solutions Inc.’s offices, such as passwords, read-only options, and secure filing cabinets in a secure room. 

Claims Audit Agreement

Audits are only allowed if specified in the client contract. Auditors must sign a confidentiality agreement when a claims audit takes place. Should Organizational Solutions Inc. subcontract the services outlined in the policy to another firm, Organizational Solutions Inc. will require the subcontracted firm to commit in writing (signed and dated) to the complete privacy and security of any personal information to which they may have access. 

Claims Audit Agreement 

If there is a suspected or actual breach of a client’s private and confidential information, Organizational Solution Inc. must: 

1. 1. 1. Implement the privacy breach protocol; 
      2. Contain the breach; 
      3. Notify the clients affected by the breach; 
      4. Investigate and remediate the breach; and, 
      5. If applicable, report the breach to the Information and Privacy Commissioner of Ontario (IPC) and the appropriate regulatory/governing colleges. 

If you require more information in regard to our privacy breach process, please contact us at privacyofficer@orgsoln.com. 

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION 

We are required by legislation to retain personal information for a period of time to ensure that we can answer any questions clients might have about the services provided and for our own accountability to regulatory colleges. 

As required by our regulatory colleges, Organizational Solutions Inc. retains personal information for seven years following the client’s last contact or, if the client was less than 18 years of age at the time of the last contact, for ten years following the day the client would have turned 18. 

Under our general correspondence, we keep any personal information relating to people who are not clients contained in newsletters, seminars, and marketing activities for six months after the newsletter ceases publication or a seminar or marketing activity is over. 

Once a file has been retained for the time outlined above, we destroy it consistent with PHIPA guidelines. To safeguard the privacy of Organizational Solutions Inc. clients, we cross-shred paper files containing personal information. We destroy electronic information by securely deleting or overwriting it (whichever is more secure), and once the hardware is discarded, we ensure the hard drive is physically destroyed. Provide for withdrawal of consent- Clients have the right to withdraw consent at any time (subject to legal or contractual restrictions and reasonable notice); OSI provides a convenient way for them to do so easily, inexpensively, and with immediate effect. Withdrawal of consent can be completed by emailing privacy4legal@orgsoln.com or calling 905-315-7179 or 1-866-674-7656. We may ask that all requests be made in writing to Organizational Solutions Inc. If we cannot provide access, we will inform the requesting individual/client within a secure and timely manner and provide a reason why we cannot provide access. 

Nondisclosure 

In working for Organizational Solutions Inc., employees shall not divulge, disclose, provide or disseminate Confidential Information to any third party not employed by Organizational Solutions Inc. at any time, for any reason, unless Organizational Solutions Inc. gives written authorization.

Furthermore, Confidential Information shall not be used for any purpose other than its reasonable use in the normal performance of employment duties for Organizational Solutions Inc. 

Company Property 

Upon termination of employment with Organizational Solutions Inc., employees shall promptly return (without duplicating or summarizing) any and all material pertaining to Organizational Solutions Inc. business in their possession, including, but not limited to, all client information (charts, lists, etc.), physical property, documents, keys, electronic information storage media, manuals, letters, notes, and reports. 

PRIVACY AND CONFIDENTIALITY – PROTECTING PERSONAL INFORMATION 

We understand the importance of protecting personal information. For that reason, we have taken the following steps in the storage and maintenance of our client’s personal information and personal health information, consistent with PHIPA and PIPEDA requirements: 

• • • Paper information is stored either under supervision or secured in a locked or restricted area. 
    • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. 
    • Passwords are used on computers to access personal health information. 
    • Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies (e.g., Canada Post, Purolator, UPS, etc.). All paper information that is transmitted through mail or courier is to be expedited and registered for tracking, with a signature required by the recipient upon delivery. 
    • Information is transmitted electronically (e.g., email) if it is completely anonymized/de-identified and/or contained in a password-encrypted PDF document attached to the electronic/email transmission. 

PRINCIPLES APPLYING TO THE PRIVACY POLICY 

Accountability 

Each employee at Organizational Solutions Inc. is responsible for personal information under their control, and each is ultimately accountable to Liz Scott, Principal, for compliance with this Privacy Policy. Liz Scott, Principal, will ensure that, as a whole, Organizational Solutions Inc. adheres to this Privacy Policy. 

Identify Purposes 

The purpose for which any personal information is being collected will be identified before or at the time the information is collected. 

Limiting Collection 

The personal information will be limited to that which is necessary for the purposes identified. Personal information will be collected under policies and procedures that are fair and lawful. 

Limiting Use, Disclosure, and Retention 

Personal information will not be used, disclosed, or retained for purposes other than those for which the information was collected unless the individual gives permission for another reason or it is permitted under law. Personal information will be retained as long as the file is active and for such periods as prescribed by applicable laws. A file will be deemed inactive when the case is closed. Information in an inactive file will be retained for seven (7) years, except in cases in which a long latency disease exists, e.g. hearing loss or there is a current legal issue or ligation in progress. Long-latency disease files will be retained for 30 years. Guidelines will be developed with respect to the destruction, erasure, or anonymizing of personal information once it is no longer required. 

Accuracy 

Personal information will remain accurate, complete, and current as necessary for the identified purposes for which it is to be used. 

Safeguarding Information 

Organizational Solutions Inc. will protect personal information with safeguards appropriate to the sensitivity of the information provided (Please refer to the Employee Procedure for Safeguarding Personal Information Policy). Personal information is only transmitted via email when using password-encrypted PDF documents. 

Openness 

Organizational Solutions Inc. will make specific policies and procedures for an individual’s personal information available in a manner that the information is readily available and easy to understand. 

Individual Access-Client access to records 

It is the policy of Organizational Solutions Inc. that clients have a legal and moral right to know what information is contained about them in their records.

If a client believes there is a mistake in the information contained in their record, they have the right to ask for it to be corrected; this applies to factual information and not to any professional opinions we may have formed. We may ask that clients provide documentation that supports the notion that our files are incorrect. If changed, a statement of changed information is included in the record. If the request for a change is declined, the client may file a notice of disagreement in the record. 

Organizational Solutions Inc. will give access to an individual who wishes to review or verify personal information. A written request must be sent to privacyofficer@orgsoln.com.

Upon request to review, their file identity will be verified. Once identity is verified, the individual will be permitted to review personal information that has been collected; individuals can make a request in writing to Organizational Solutions Inc. and, within a reasonable amount of time, ask how their personal information is being used and to whom it has been disclosed. 

Addressing Complaints and Suggestions 

Individuals can address any complaint or suggestion regarding compliance with the above principles. Organizational Solutions Inc. has policies and procedures to receive, investigate, and respond to complaints and suggestions. You may learn more about these policies and procedures by contacting the Privacy Officer at 905-315-7179 or 1-866-674-7656. 

Changes to the Privacy Policy 

Organizational Solutions Inc. reserves the right to change or modify this Privacy Policy at anytime. Any changes or modifications to this Privacy Policy will be effective immediately. Organizational Solutions Inc. commits to ensuring compliance with applicable privacy legislation. This policy will be reviewed on an annual basis. 

References

1. A) Health-Specific Privacy Acts (for Health Professionals): 

• • • Ontario: Personal Health Information Protection Act (PHIPA) 
    • Alberta: Health Information Act (HIA) 
    • Manitoba: Personal Health Information Act (PHIA)
    • (No health-specific privacy legislation in Quebec & BC) 

    B) General Private Sector Privacy Acts: 

• • • • Ontario & Manitoba: Personal Information Protection and Electronic Documents Act (PIPEDA) 
      • Quebec: An Act Respecting the Protection of Personal Information in the Private Sector 
      • British Columbia: Personal Information Protection Act (PIPA) of BC 
      • Alberta: Personal Information Protection Act (PIPA) of Alberta 

If you have any other questions about this Privacy Policy, write to: 

Liz R. Scott, Privacy Officer / CEO 

ORGANIZATIONAL SOLUTIONS INC. 

2186 Mountain Grove Ave., Suite #253

Burlington, ON L7P 4X4

privacyofficer@orgsoln.com