Privacy Policy

Personal Health Information

Personal health information includes oral or written information that relates to:

  • an individual’s physical or mental health, including family health history;
  • the provision of health care including the identification of persons providing care;
  • the plan of service for individuals requiring long or short term care;
  • payment or eligibility for health benefits;
  • any other information about an individual that is included in a record containing personal health information.
 
Collection of Personal Health Information

We collect, use, retain and disclose personal health information in a fair and lawful manner limited to that which is necessary for the provision of our services. Consent of the individual is obtained by the individual’s “Plan Member Statement” with their insurance company or the employee authorization form with their employer.  When medical history is being obtained for an assessment directly by CompreMed from physicians, the individual’s free and specific consent is required.

Protecting Personal Health Information

CompreMed Canada assumes responsibility for the security of personal health information throughout its lifecycle and has developed reasonable safeguards for the physical, technical and administrative protection of it. Our policies, which govern access, handling and protection, include but are not limited to:

  • Paper information is stored either under supervision or secured in a locked area.
  • Electronic information is password protected, under supervision or secured in a locked area
  • Paper information is transmitted through a direct fax line or a sealed, addressed envelope or box marked “Private and Confidential” by reputable courier companies.
  • Electronic information is transmitted either through a direct fax line or through a secure, on-line booking web environment (HTTPS Protocol with 128 bit encryption).
  • Employees are trained to collect, use and disclose personal information only as necessary to fulfill their duties and in accordance with our privacy policy. Employees have access to personal information on a “need to know” basis only.

 

 

Retention and Destruction of Personal Information

Personal health information is retained only as long as necessary to fulfill the stated purpose and is then securely destroyed. We do not want to keep personal health information too long in order to protect your privacy.

We retain electronic personal information for a period of seven years. Non-electronic personal health information is retained for a period of twelve months. Paper files containing personal health information are destroyed by a bonded shredding company and is performed on-site. We destroy electronic information by removing identity information after the seven year period has lapsed, and/or deleting it, and/or destroying the media on which it is contained.