Information Box Group
Employee Health Services (“EHS”) manages the disability benefits, the return to work process and employment accommodation needs of employees of McMaster University (the “University”). In order to provide these services to you, EHS collects, uses, maintains and, in some cases, discloses certain personal health information.
You have the right to know how EHS collects, uses, maintains and discloses the personal health information in our possession. Personal health information includes identifying information about you relating to your physical or mental health, including your medical history, the provision of health care to you, and payments or eligibility for health care. You have a right to expect that, to the best of our ability, the personal health information held by us remains confidential and secure.
This document informs you of our ongoing commitment to privacy and tells you the ways we ensure that the privacy of your personal health information is protected. Our ongoing commitment to the protection of your personal health information is reflected in the following ten principles.
EHS is committed to maintaining the confidentiality and security of your personal health information. Every employee of EHS is bound by a duty of confidentiality and must abide by that duty in the handling of your personal health information. The duty to maintain confidentiality applies to the duration of employment with EHS and continues indefinitely after employment with EHS has ceased.
2. The Purposes of Information Collection
EHS collects, maintains, uses and discloses information about you and your health. This information is collected to help administer disability benefits, initiate return to work processes and implement the employment accommodation needs of employees. These services include:
- direction and guidance on policies and procedures before, during and after an injury or illness;
- safe, timely and appropriate return to work plans and programs following an injury or illness;
- the management of University disability benefits (e.g. Salary Continuance benefits), and
- implementation and management of measures related to workplace accommodation of an injury or illness.
We obtain most of our information directly from you, or from other health practitioners whom you have seen and authorized to disclose information to us. We will limit the information we collect to what we need for those purposes, and we will use it only for those purposes.
3. Informed Consent
You have the right to know and to determine how your personal health information is used and disclosed. We will always obtain your express consent where legally required to do so.
If you provide consent to let a family member or your legal representative, including a trade union, see your personal health information, then the family member or legal representative may be allowed access to the part(s) of the personal health information that you have consented to let them see. Subject to certain conditions, you have the right to withdraw or change the conditions of your consent.
4. Limiting Collection
We collect information by fair and lawful means and collect only that information which may be necessary for purposes related to the provision of our services to you. These services are related to management of disability benefits, return to work processes and employment accommodation needs of employees of the University.
5. Limiting Use, Disclosure and Retention
The information we request from you is used for the purposes defined. We will seek your consent before using the information beyond the purposes for which we have obtained it. Non-identifying information related to the services EHS provides may be used for administration, management, strategic planning, decision-making, research and allocation of the University’s resources.
We will make every effort to ensure that all decisions involving your personal health information are based upon accurate and timely information. In turn, we rely on you to disclose accurate and material information on a timely basis and to inform us of any relevant changes.
7. Protecting Your Information
EHS is committed to maintaining the confidentiality and security of personal health information and has a number of practices in place to protect the privacy of your personal health information. For example, personal health information that is collected by EHS is maintained in a secured file in a location at our office that has restricted access. Some older records may be kept at a secure location off-site. All personal health information is kept in an area separate from all other human resources files. Our computer systems are password-secured, encrypted and constructed in such a way that only authorized individuals can access secure systems and databases.
Only those individuals who are directly involved in providing EHS services or those who have a legal right to see your records are permitted access to your personal health information. Specifically, access is limited to you and the Offices of the Occupational Health Nurse and Occupational Physician who have legitimate reason to maintain and access your personal health information. Access to any other individuals will only be provided with your prior express written consent.
Access to other non-health related personal information is limited to authorized individuals who have a legitimate reason to access such information. For example, with respect to non-health related return to work information, EHS may be required to supply this information to administer the disability insurance program or to the Workplace Safety and Insurance Board (WSIB). Access to any other individuals will only be provided with your prior express written consent.
8. How We Keep You Informed
EHS has prepared these plain-language principles to keep you informed. You may ask to receive a copy of this document from any EHS staff member. If you have any additional questions or concerns about privacy of your personal health information, we invite you to contact us (see info below) and we will address your concerns to the best of our ability.
9. Access and Correction
With limited exceptions, we will give you access to the information we retain about you within a reasonable time, upon presentation of a written request and satisfactory identification.
We may charge a fee for photocopying services and if so, we will give you notice in advance of processing your request.
If you find errors of fact in your personal health information, please notify us as soon as possible and we will make the appropriate corrections. We will not amend information provided by third parties or information relating to clinical observations or opinions made in good faith. You have a right to append a short statement of disagreement to your record if we refuse to make a requested change.
If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and you may then challenge the decision.
10. Challenging Compliance
We encourage you to contact us with any questions or concerns you might have about your privacy.
If you send us an e-mail message that includes personal information, such as your name included in the “address”, we may use that information to respond to your inquiry. If your communication involves personal health information, you should not send it electronically.
In the event that you have concerns, we will endeavour to review and respond to your concerns about any aspect of our handling of your personal health information. In most cases, an issue is resolved simply by telling us about it and discussing it. We invite you to contact us – see below.