|
Multiple Sclerosis
Society of Canada
Privacy and Confidentiality Policy
Approved by the National Board
of Directors, May 4, 2002
The Multiple Sclerosis
Society of Canada has always been aware of its responsibilities in
safeguarding the privacy of people with MS, members, clients and donors.
Since June 1989, the Multiple Sclerosis Society of Canada Confidentiality
Policy has protected the privacy and confidentiality of people with
multiple sclerosis. This Privacy and Confidentiality Policy
supersedes the 1989 Confidentiality Policy since it both includes and
extends those requirements.
PIPEDA and the
Multiple Sclerosis Society of Canada
This policy is based on
the 10 principles of the federal Personal Information Protection and
Electronics Documents Act (PIPEDA) that guide how organizations collect
and use personal information. These principles are:
- Identifying
Purposes
- Accuracy
- Accountability
- Safeguards
- Consent
- Openness
- Limiting
Collection
- Individual
Access
- Limiting Use,
Disclosure & Retention
- Challenging
Compliance
In addition, the Multiple
Sclerosis Society of Canada has developed its own policies and regulations
about the collection, use and disclosure of information which in most
instances are more restrictive than those of PIPEDA and/or
provincial/territorial legislation. The Opal Information System Data
Sharing Principles (approved by the National Board of Directors, June 9,
2001) secure Multiple Sclerosis Society of Canada information to
authorized users only and further restrict access to individual health
information only to authorized Individual and Family Services staff and
volunteers or their designates. The Opal IS Data Sharing Principles also
stipulate that Multiple Sclerosis Society of Canada members will not be
solicited (approached for donations and/or participation in other fund
raising activities) on the basis of their memberships without their
express prior consent. (See Appendix
I for the full text of the Opal IS Data Sharing
Principles.)
Phase I of the federal Personal Information Protection
and Electronics Documents Act (PIPEDA) came into force January 1, 2001.
This phase covers the exchange of personal information as a commercial
activity by federal works, undertakings or businesses and the disclosure
of personal information as a commercial activity across provincial or
national borders. Phase II came into effect January 1, 2002 and adds the
exchange of personal health information as a commercial activity to
PIPEDA. Phase III comes into effect January 1, 2004 and will extend the
act to all commercial activities within all provinces and territories
unless there is substantially similar provincial or territorial privacy
legislation in force.
An activity that is
included in the definition of “commercial activities” in PIPEDA is “the
selling, bartering or leasing of donor, membership or other fund raising
lists”. The act does not regulate non-commercial activities even in the
area of health information. However, since those activities are currently
or probably will be regulated by various provincial or territorial
legislation in the future, the Multiple Sclerosis Society of Canada
considers PIPEDA the standard by which personal and health information
should be protected. In provinces and/or territories with more stringent
privacy policies, Multiple Sclerosis Society of Canada activities within
those jurisdictions should meet the requirements of both the
provincial/territorial legislation and PIPEDA.
Definitions:
Multiple Sclerosis
Society of Canada – The Society is defined as including all levels of the
organization, its national office, divisions, chapters and units and
volunteers acting in a staff capacity.
Personal
information – Under PIPEDA, personal information is defined as
information about an identifiable individual, but does not include the
name, title or business address or telephone number of an employee of an
organization. The history of an individual’s donations to the Multiple
Sclerosis Society of Canada is personal information.
Personal health
information – Under PIPEDA, personal health information is
defined to mean, with respect to an individual, whether living or
deceased:
| a) |
Information concerning the physical or mental health of the
individual; |
| b) |
Information
concerning any health service provided to the
individual; |
| c) |
Information
concerning the donation by the individual of any body part or any
bodily substance of the individual or information derived from the
testing or examination of a body part or bodily substance of an
individual; |
| d) |
Information that
is collected in the course or providing health services to the
individual; or |
| e) |
Information that
is collected incidentally to the provision of health services to the
individual. |
The Multiple Sclerosis
Society of Canada considers information about whether a person has
multiple sclerosis to be personal health information.
Usage in this Policy – As
used in this Privacy and Confidentiality Policy, the term personal
information is inclusive of personal health
information unless the latter term is used exclusively. In that
case, it applies only to personal health information.
Multiple
Sclerosis Society of Canada Property
Any and all records
referred to in the document as being personal information or personal
health information are and will remain the property of the Multiple
Sclerosis Society of Canada. Volunteers and staff are required to maintain
the privacy and confidentiality of all records in any and all formats both
while acting as an active volunteer or staff member and after they leave
the Multiple Sclerosis Society of Canada.
Privacy and
Confidentiality Principles
Principle 1 --
Accountability
The Multiple Sclerosis Society of Canada is
responsible for personal information under its control and will designate
an individual or individuals to ensure the Society is in compliance with
the Privacy and Confidentiality Policy and PIPEDA principles. The
individual designated within the Multiple Sclerosis Society of Canada is
the Vice-President, Communications. In addition, within each division, the
chief staff person (president or executive director) will be accountable
for compliance within his/her respective division in consultation with the
Vice-President, Communications. Chapters/units will designate an
individual to be accountable for compliance in consultation with their
division chief staff person. Divisions have an obligation to oversee how
chapters/units carry out the Privacy and Confidentiality
Policy.
| 1.1 |
|
The
Multiple Sclerosis Society of Canada will implement practices and
procedures to carry out the policy, including: |
| |
a) |
Implementing
procedures to protect personal information; |
| |
b) |
Establishing
procedures to receive and respond to complaints and inquiries from
individuals regarding their personal information; |
| |
c) |
Training
volunteers and staff and communicating to volunteers and staff
information about the Multiple Sclerosis Society of Canada's Privacy
and Confidentiality Policy and practices; and |
| |
d) |
Developing
information to explain the Multiple Sclerosis Society of Canada's
Privacy and Confidentiality and
practices. |
Principle 2 –
Identifying Purposes
The Multiple Sclerosis Society of Canada,
at or before the time information is collected, will identify the purposes
for which personal information is collected. The identified purposes will
be specified at or before the time of collection to the individual from
whom the personal information is collected. When personal information that
has been collected is to be used for a purpose not previously identified,
the Multiple Sclerosis Society of Canada is obligated to communicate the
new purpose to each individual and obtain his/her consent to use the
information.
Principle 3 –
Consent
The knowledge and consent of the individual are
required for the collection, use, or disclosure of personal information,
except where inappropriate. It is anticipated that instances in which
knowledge and consent of the individual would not be required would be
extremely rare and would include legal, medical or security reasons which
would have to be fully documented.
| 3.1. |
Typically, the Multiple Sclerosis Society of Canada will seek
consent for the use or disclosure of the information at the time of
collection. The form of the consent sought by the Multiple Sclerosis
Society of Canada may be either express or
implied, depending upon the circumstances and the
sensitive nature of the personal information. |
| 3.2. |
Express consent is required from an
individual before the Multiple Sclerosis Society of Canada will
disclose personal health information about that individual to an
external organization or individual. |
| 3.3. |
Implied consent is considered to be
sufficient for fund raising purposes to allow the trade of limited
personal information (name and home address only) about a donor to
another charitable organization if the individual has been informed
that his/her personal information might be used in this manner and
he/she has been given an opportunity in a clear and meaningful way
to opt out. |
Principle 4 –
Limiting Collection
The collection of personal information
will be limited to that which is necessary for the purposes identified by
the Multiple Sclerosis Society of Canada. Information will be collected by
fair and lawful means.
Principle 5 –
Limiting Use, Disclosure and Retention
Personal information
will not be used or disclosed for purposes other than those for which it
was collected, except with the consent of the individual or as required by
law. Personal information will be retained only as long as necessary for
the fulfillment of those purposes.
Principle 6 –
Accuracy
Personal information will be as accurate, complete,
and up-to-date as is necessary for the purposes for which it is to be
used. Personal information that is used on an ongoing basis, including
information that is disclosed to third parties, will generally be accurate
and up-to-date, unless limits to the requirement for accuracy are clearly
set out. Individuals will always have the opportunity to contact the
Multiple Sclerosis Society of Canada to update their personal
information.
Principle 7 –
Safeguards
Security safeguards appropriate to the sensitivity
of the information will protect personal information. The security
safeguards will protect personal information against loss or theft, as
well as unauthorized access, disclosure, copying, use, or modification.
The Multiple Sclerosis Society of Canada will protect personal information
regardless of the format in which it is held.
Principle 8 –
Openness
The Multiple Sclerosis Society of Canada will make
readily available to individuals specific information about its policies
and practices relating to the management of personal
information.
| 8.1 |
|
The
information made available will include: |
| |
a) |
The name or title,
and the address, of the person who is accountable for the Multiple
Sclerosis Society of Canada's policies and practices and to whom
complaints or inquiries can be forwarded; |
| |
b) |
The means of
gaining access to personal information held by the Multiple
Sclerosis Society of Canada; |
| |
c) |
A description of
the type of personal information held by the Multiple Sclerosis
Society of Canada, including a general account of its use;
and |
| |
d) |
A copy of any
brochures or other information that explain the Multiple Sclerosis
Society of Canada's policies, standards, or
codes. |
Principle 9 –
Individual Access
If an individual requests, the Multiple
Sclerosis Society of Canada will inform him/her of the existence, use, and
disclosure of his or her personal information. The individual will be
given access to that information and be able to challenge the accuracy and
completeness of the information and have it amended as appropriate.
In certain situations,
the Multiple Sclerosis Society of Canada may not be able to provide access
to all the personal information it holds about an individual. Exceptions
to the access requirement will be limited and specific. The reasons for
denying access will be provided to the individual upon request. Exceptions
may include information that is prohibitively costly to provide,
information that contains references to other individuals, information
that cannot be disclosed for legal, security, or commercial proprietary
reasons, and information that is subject to solicitor-client or litigation
privilege.
Principle 10 –
Challenging Compliance
An individual will be able to address
a challenge concerning the Multiple Sclerosis Society of Canada’s
compliance with its own Privacy and Confidentiality Policy and the 10
PIPEDA privacy principles to the designated individual or individuals
accountable for the Multiple Sclerosis Society of Canada's
compliance.
Implementation
The Multiple Sclerosis Society
of Canada will develop detailed guidelines to assist volunteers and staff
in carrying out the Privacy and Confidentiality Policy.
| Appendix I |
Approved by the National Board
of Directors, June 9,
2001 |
Opal Information
System Data Sharing Principles
Opal Project
Objective
To provide an integrated
customer relationship management system throughout the Multiple Sclerosis
Society of Canada to enable a high degree of collaboration amongst
volunteers and staff and thereby increase our capacity to find a cure for
MS and to enable people affected by MS to enhance their quality of
life.
Opal Data Sharing
Principles
- Opal will adhere to
all legislated privacy regulations and will respect the rights of
individuals to be removed from the database upon their request.
- In addition to
limiting access to information to authorized users only, Opal will
provide further security over individual health information and restrict
access to this data to authorized IFS users.
- Members of the
Multiple Sclerosis Society of Canada within the Opal system will not be
solicited solely on the basis of their membership without their
expressed prior consent.
- Within Opal,
individuals will be able to self-determine their desired level of
interaction with the Multiple Sclerosis Society of Canada.
- Opal will provide
equal access to local and organization-wide statistical data on an
aggregate basis.
back
to top
Multiple Sclerosis Society of
Canada
175 Bloor Street East, Suite 700, North Tower
Toronto,
Ontario M4W 3R8
Telephone: (416) 922-6065
Fax: (416) 922-7538
Toll free to reach nearest division
office: 1 800 268-7582
Email: info@mssociety.ca
(Please provide your town and province in your
e-mail)
© 2004 Multiple Sclerosis Society of
Canada
|