Healthlinc Medical Equipment Ltd. (the “Company”) is committed to protecting the privacy of clients, end-users (usually patients in care facilities using our products), and business partners dealing with the Company. This policy informs you of the Company’s practices concerning the collection, use and disclosure of personal information and ensures compliance with applicable privacy laws, including the B.C. Personal Information Protection Act (“PIPA”) and the B.C. Freedom of Information and Protection of Privacy Act (“FOIPPA”).
What is Personal Information?
This policy applies to “personal information”. This is defined by legislation as any information about an identified or easily identifiable individual. Personal information does not include business contact information (e.g. business telephone and fax number, business address and email), information about corporations or other entities or information about individuals not associated with their identity (e.g. anonymous statistics).
Personal information is very broadly defined and includes unrecorded information or information recorded in any form, including in writing, electronically or on video or audio tape. Personal information includes relatively obvious or publicly available information such as home address, age or hair colour, through to more sensitive information such as credit card numbers or other financial information.
The Collection, Use and Disclosure of Personal Information
The Company collects only such personal information about individuals as is reasonably required to provide our products and services to them. In the case of Company clients this includes the following information which the Company uses for the following purposes:
- Client or end-user names, addresses, phone numbers, and email addresses in order to generate client quotes/deliveries (and quotes are often sent to third party funders including Veterans Affairs Canada, the Non-Insured Health Benefits (NIHB) Program, the BC Ministry of Social Development & Poverty Reduction, the BC Ministry of Children & Family Development, Pacific Blue Cross, etc.);
- Client financial and banking information, including credit card information, for processing payments;
- Client therapist, physician, and nurse information (including such health care providers’ name, work centre, phone number, etc.) to be collected with client orders as required or where such health care provider contacts the Company to set up an order on behalf of a client;
- Client owned products and equipment (e.g. hospital bed, wheelchair, etc., purchased from us or used with our products) in order to generate services orders for clients;
- Client birthdates, Personal Health Numbers, NIHB band numbers, and other identifying designations, in order to generate quotes, determine a client’s eligibility for certain funding or supply programs, or as required by certain Company third party partners, e.g. third party funders;
- Client medical information, including handicaps or medical conditions, and/or prescriptions in order to generate quotes and/or suggest equipment to Company clients;
- Client family member information such as name/addresses/contact info where the client is a minor or cannot manage their own affairs and, in such cases, the Company uses this information to liaise with an authorized family member/contact person on behalf of a client (see below);
- Client care facility name and/or home address if person is in a facility for delivery and contact purposes;
- Photos of client equipment and/or client residences (e.g. staircases) in order to generate quotes, and generate service and/or repair orders;
- Private client information may also be accessed during the course of an audit (e.g. billing review) by third party funders (e.g. VAC, NIHB, BC Ministry of Social Development & Poverty Reduction, BC Ministry of Children & Family Development, Pacific Blue Cross, etc.);
Generally speaking, the Company will obtain your consent to the collection, use and disclosure to others of your personal information, subject only to exceptions permitted or required by law. In many situations, where you voluntarily provide personal information about yourself and the purpose or use of the information is obvious, providing the information constitutes sufficient consent. In other situations, the Company will either notify you of a planned use or disclosure (e.g. by a note at the bottom of a form) or seek your consent in writing, electronically or orally to the collection, use or disclosure to others of your personal information.
There are circumstances permitted under applicable privacy laws where the collection, use, or disclosure of personal information may be done without consent and other situations where collection, use or disclosure is required by other legislation. Such situations include:
- Where disclosure of information is required by applicable legislation or by order of an authorized court, tribunal, or regulatory or law-enforcement agency;
- Where the Company believes, on reasonable grounds that it is necessary to protect the health or safety of you or another;
- Where it is necessary to collect monies owing to the Company or respond to proceedings against the Company; and
- as part of an investigation into possible breach of an individual’s obligations to the Company or proceeding involving the Company.
You may, on reasonable advance notice in writing to the appropriate Company manager, withdraw consent to any collection, use or disclosure of personal information and we will comply with your request, except where such withdrawal would frustrate a legal obligation e.g. to maintain records to comply with record-keeping requirements of tax legislation. You should also appreciate that withdrawal of such consent may deprive you of benefits or other advantages from the Company or others.
Disclosure of Personal Information
The Company does not sell, trade, barter or exchange for consideration any personal information it has obtained. When using services of contractual service providers who may receive personal information collected by the Company, the Company ensures that they agree to use such personal information solely for the purposes of providing those services and they agreed to comply with relevant portions of this policy.
In order to service Company clients and end-users, the Company transmits personal information to affiliates and external service providers. In compliance with FOIPPA, the Company stores all personal information in Canada or in data centers located in Canada.
As set out above, there are a limited number of situations where disclosure of personal information maintained by the Company is either required by law (e.g. legislation entitling law-enforcement agencies to obtain information) or disclosure without consent is permitted by law (e.g. an emergency where your consent cannot be obtained).
Accuracy and Protection of Personal Information
The Company endeavours to ensure that all personal information in its possession is as accurate, current and complete as possible for the purposes for which it is used by the Company. You can assist us by advising us of any changes in your personal information, e.g. changes in your home address, phone number or email address.
The Company takes appropriate security measures to ensure that both paper and electronic records containing personal information are secure from loss, unauthorized use, access or copying, disclosure or modification. Security measures include locking areas containing sensitive special personal information and general security of our offices. Our computer systems include passwords to gain access to sensitive personal information. The Company also limits access to personal information to those who “need to know” to provide you with products or services.
Accessing and Updating Personal Information
The Company allows individuals to have reasonable access to their personal information and will endeavour to provide requested information within reasonable time and generally within 30 days following a written request. Individuals may request:
- Information about what types of personal information are collected, how it is used, and to whom it is disclosed; or
- To review some or all personal information about them kept by the Company.
upon written request to the appropriate manager or to the Privacy Manager identified below.
Although the Company will generally comply with such requests, the Company may decline access to personal information on grounds permitted or required under applicable legislation, including the following situations:
- Where the personal information relates to one individual and another person, even a family member, requests access and we do not have appropriate proof of authorization in place;
- Where the requested personal information does not exist, is not recorded or cannot be located;
- Where the cost of assembling, retrieving and providing access to the personal information would be disproportionate to the benefits of access;
- Where such disclosure would entail disclosing personal information about another person, e.g. a person who made a comment or observation about the individual making the access request;
Individuals may request that the Company correct records of personal information. If the Company concludes the requested change is unwarranted, it will so advise the requesting person, but will append the requested change to the record kept by the Company.
Retention and Destruction of Personal Information
The Company endeavours to only retain personal information for so long as it is either:
- required to be retained by law, e.g. Income Tax Act or Ministry of Health or funder requirements; or
- reasonably necessary for Company business needs,
subject to the requirement under privacy legislation to retain information that was used to make a decision directly affecting the individual for one year after the date of the decision. Because many of our products have a long “in service” life, and may require service, maintenance, repair or notification of product issues from the manufacturer, we generally keep information about our sales for many years.
When personal information is no longer needed, it will be destroyed in a suitably secure manner, e.g. shredding of paper records containing personal information.
Family Member/support Person Access to Personal Information
The Company cannot provide access to personal information about clients or end-users in care facilities to a client/end-user family member or other support person without consent from the client/end-user. The Company will facilitate access to personal information by family members or support persons with consent. Please ask us about how you can get written consent to accessing the client/end-users’ personal information. If you have a general power to manage the financial or health affairs of a client or end-user (e.g. a Power of Attorney, Advance Directive, Representation Agreement, or Committeeship Order), then please provide us with a copy to allow access.
Complaints or Questions
If you wish to access your personal information, you must make the request directly to the Manager whom you believe is responsible for the personal information you wish to review. Alternatively, you may contact the Privacy Manager for the Company, who may be reached at (604) 821-0075, ext 101, or firstname.lastname@example.org. The Privacy Manager is generally responsible for firm compliance with applicable privacy legislation and with the application and administration of this policy. You may contact the Privacy Manager with any questions arising out of this policy.