Home > Web Site Privacy Policy

Privacy Policy

THIS POLICY (THE "PRIVACY POLICY") DESCRIBES HOW PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION ABOUT YOU MAY BE COLLECTED, USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO, AND/OR CORRECT THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

The Privacy Policy applies to ExamOne Canada, Inc. and all of its affiliate Canadian organizations, including LabOne Canada, Inc. (collectively referred to as “we”, "us" or "our").

I. YOUR PRIVACY RIGHTS

We recognizethe importance of privacy and the sensitivity of personal information and personal health information. We are committed to protecting any personal information and personal health information we collect, use disclose and/or hold. For these reasons we have created this Privacy Policy which outlines how we manage your personal information, your personal health information and safeguard your privacy.  We have trained our employees about our policies and practices.

From January 1, 2004, all businesses that collect, use or disclose personal information in the course of commercial activities must comply with the Personal Information Protection and Electronic Documents Act ("PIPEDA") which gives you rights concerning the privacy of your personal information.

In Ontario, from November 1, 2004, all "health information custodians" (including doctors, hospitals, health care clinics and laboratories) that collect, use or disclose personal health information must comply with the Personal Health Information Protection Act ("PHIPA") which gives you rights concerning the privacy of your personal health information.

***

II. WHAT IS PERSONAL INFORMATION and PERSONAL HEALTH INFORMATION

"Personal Information" ("PI") is defined as any information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. For example, your PI includes information that relates to your race, origin, color, religion, age, marital status, education, criminal or employment history, information relating to financial transactions, identifying number, an unlisted address or unlisted telephone number, fingerprints, among others. In addition, some information that is otherwise publicly available is not protected by PIPEDA.

"Personal Health Information" ("PHI") is defined as identifying information about an individual that (i) relates to the physical or mental health of an individual, including information concerning family health history, (ii) relates to the providing of health care to an individual, payments or eligibility for health care, including an OHIP number, (iii)  relates to the donation by an individual of any body part or bodily substance, or is derived from testing of such body part or substance, or (iv) identifies an individual’s substitute decision-maker.

***

III. HOW WE COLLECT, USE AND DISCLOSE YOUR PI AND PHI.

We collect, use and disclose personal information for many different reasons. Below, we describe the different categories of our uses and disclosure as well as give you some examples of each category. 

A.        Collection, Use, Disclosure, and Retention of PI and/or PHI

1.         We will not collect any PI or PHI about you unless it relates directly to the insurance underwriting activities our organization performs. We will obtain your consent before or at the time the information about you is collected, with very few exceptions. Normally, we ask for your consent in writing, but in some circumstances, we may accept your oral consent. Sometimes, your consent may be implied through your conduct with us or we may not ask for your specific consent in a case of urgency or where we believe you would consent if asked and it is impractical to obtain your consent.  However, we will obtain your express consent if your PHI will be disclosed to any party that is not a health information custodian or for purposes unrelated to providing of health care.   Any information previously collected about you will not be re-collected. In order for us to continue to use the previously collected information, we need your consent. You may also withdraw your consent in writing, to stop any future uses or disclosure (to the extent we have not taken any action relying on that consent). Your withdrawal will not have an effect on the use or disclosure occurring prior to our receipt of your withdrawal.We do not use your Social Insurance Number as a way of identifying or organizing the information we hold about you.

2.         We will notify you about the purpose for which information about you is requested at or before the information about you is collected. This notification may be provided orally or in writing. In the event we wish to use your information for a new purpose, you will be notified, and have an opportunity to provide or refuse your consent.

3.         After obtaining your consent, we may only use or disclose your PI or PHI for the purpose for which the information was collected, or for a use consistent with that purpose. For example, we may use information we obtain throughout the underwriting process, and disclose it to the company from which you are applying for insurance. We will use or disclose such information only for the purpose for which it was collected, unless we have your consent, or unless the use or disclosure fits into one of the exceptions listed below. When information is to be used or disclosed for a purpose not previously identified to you, such new purpose will be identified for you prior to use or disclosure, and your consent will be requested.

4.         Whenever possible, we will collect PI or PHI directly from you, unless you have authorized otherwise. We collect information only by lawful and fair means and not in an unreasonably intrusive way.

5.         We will take reasonable steps to ensure that your PI and/or PHI is accurate, up-to-date, and as complete as possible. If we hold information about you and you can establish that it is not accurate, up-to-date and complete, we will take reasonable steps to correct it. If any of your information changes, please inform us so that we can make any necessary changes.

6.         We retain PI and/or PHI for only as long as we need it to effectively provide our services and for a reasonable length of time thereafter in case we need to meet any potential obligations or legal or government requirements. We destroy paper files containing PI and/or PHI by shredding. We destroy electronic information by deleting it, and when the hardware is discarded, we ensure that the hard drive is physically destroyed. Clinical specimens, including blood, urine, and saliva, are disposed of according to applicable Canadian or United States laws, as the case may be. 

7.         Some of the PI and/or PHI that we collect may be processed and stored by LabOne, Inc., our parent company in the United States and a subsidiary of Quest Diagnostics Incorporated, where the United States government and its agencies may be able to apply to a court in the United States for an order to obtain disclosure of it.  Such PI and/or PHI, when processed and stored in Canada may also be subject to disclosure to foreign governments, pursuant to the laws and treaties of Canada.

8.         In certain limited circumstances, we may use PI and/or PHI in order to conduct or support statistical, scholarly study, or research activities, all in accordance with PIPEDA and PHIPA. In this case, we will obtain your express consent and we must notify the Privacy Commissioner of Canada with respect to PI and/or the Office of Information and Privacy Commissioner of Ontario with respect to PHI, prior to use.

B.        Exceptions to Consent

Under certain circumstances we may use and/or disclose your PI and/or PHI without your consent or knowledge. For example:

1.         When disclosure is authorized, or required by any applicable law. For example, we will disclose PI and/or PHI when a law, court order or a subpoena requires that we disclose information. We will also make disclosures when the Attorney General of Canada requires it for proceedings involving the Crown in right of Canada or the Canadian Government or when a foreign government through a treaty with Canada has requested it.  In the event your PI and/or PHI collected by us is processed and stored in the United States, that information may also be subject to the laws of the United States.

2.         For governmental investigation activities. For example, we will provide information to assist the government when it conducts an investigation, audit or inspection of an organization or other person based upon breach of an agreement or a contravention of federal or provincial law, or if the information relates to national security, the defence of Canada or the conduct of international affairs.

3.         In emergency situations. We may disclose PI or PHI because of an emergency that threatens the life, health or security of an individual.  In this case, we will inform you in writing of the disclosure.  

4.         We may collect PHI directly from you, even if you are incapable of consenting, if the collection is reasonably necessary for the provision of health care and it is not reasonably possible to obtain your consent in a timely manner.

5.         For legal activities. We may provide your PI or PHI to a lawyer who is representing us.

6.         For debt collection. We may disclose your PI for the purpose of collecting a debt owed by you to us, if any.

C.        Security Safeguards

We take all reasonable precautions to ensure that your PI and/or PHI is kept safe from loss, unauthorized access, modification or disclosure.

Among the steps taken to protect your information are:

  • premises security such as supervised or locked cabinet storage;
  • restricted file access to PI and/or PHI;
  • deploying technological safeguards like passwords, security software and firewalls to prevent hacking or unauthorized computer access;
  • paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies;
  • electronic information is transmitted either through a direct line or is anonymized or encrypted;
  • internal password and security policies.

We use a number of consultants and agencies that may, in the course of their duties, have limited access to PI and/or PHI we hold. These include computer consultants, office security and maintenance, bookkeepers and accountants, a file storage company, temporary workers to cover holidays and illness, credit card companies, website managers, cleaners and our landlord. We restrict their access to any PI and/or PHI we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles and where appropriate or required, have contractual provisions to ensure that your PI and PHI is properly safeguarded.  However, please note that no contract or contractual provision can override any laws applicable in Canada or any other jurisdiction.

If your PI or PHI is stolen, lost, or accessed by unauthorized persons, we will notify you at first reasonable opportunity. 

***

IV. YOUR RIGHTS ASSOCIATED WITH YOUR PI and PHI

You have the following rights with respect to your PI and PHI:

A.        The Right to Access Your PI and PHI

In most cases, you have the right to look at or get copies of your PI or PHI that we have, but you must make the request in writing. However, we reserve the right to confirm the identity of the person seeking access to this information at or before complying with any access requests. Summary information is available upon request. More detailed requests which require archive or other retrieval costs may be subject to a reasonable fee. In certain situations, we may deny your request for access. If we do, we shall explain why. Your rights to access your PI or PHI are not absolute.

We may deny access to your PI when:

  • denial of access is required or authorized by law;
  • we have disclosed information to a government institution for law enforcement or national security reasons;
  • information relates to existing or anticipated legal proceedings against you;
  • when granting you access would have an unreasonable impact on other people's privacy;
  • when granting access could harm an individual's life or security;
  • to protect our organization's rights and property; or
    where the request is frivolous or vexatious.

We may deny access to your PHI when:

  • granting access would be reasonably expected to result in a risk of serious harm to the treatment or recovery of another person or yourself, or lead to the identification of a person who was required by law to provide the information;
  • PHI is in our custody as a result of a test required by your health care practitioner (if you have the right of access to your PHI through your health care practitioner).

           

B.        The Right to Receive an Accounting of Uses and Disclosures

You have a right to request and receive a list of instances in which we have disclosed your PI or PHI to third parties. We will attempt to be as specific as possible in identifying the organizations to which we have disclosed your PI or PHI. At a minimum, we will provide you a list of organizations to which we may have disclosed your PI or PHI.

C.        The Right to Correct or Update Your PI or PHI.

If you believe that there is an error or omission in your PI or PHI, you have the right to request that we correct the error or omission. You must provide the request and your reason for the request in writing. If you can establish that the information we hold is inaccurate, we will take reasonable steps to correct it. We will also take reasonable steps to advise any third parties to whom we have disclosed your PI or PHI of the correction. If we refuse your request to correct information, we shall explain why.

***

V. COMMUNICATING WITH US

E-mail is not a 100% secure medium, and you should be aware of this when contacting us to send personal or confidential information.

***

VI. CHANGES TO PRIVACY POLICY

We reserve the right to change the terms of this Privacy Policy at any time. Any changes to our Privacy Policy will apply to the PI and PHI we already have in our possession, or information we may collect in the future. When we make an important change to our Privacy Policy, we will publish the new policy.

***

VII. REQUEST FOR ACCESS/CORRECTION

If you have any questions about this Privacy Policy, or if you wish to correct or access your PI or PHI, please contact our Chief Privacy Officer at:

http://www.questdiagnostics.com/online_privacy.html

If you are not satisfied with our response with respect to your PI, the Privacy Commissioner of Canada can be reached at:

112 Kent Street
Ottawa, Ontario
K1A 1H3

Tel: 1-800-282-1376
Web site: www.privcom.gc.ca

If you are not satisfied with our response with respect to your PHI, the Office of the Information and Privacy Commissioner of Ontario can be reached at:

2 Bloor Street East, Suite 1400
Toronto, Ontario
M4W 1A8

Tel: 1-800-387-0073
Web site: www.ipc.on.ca

***

VIII. EMPLOYMENT INQUIRIES

If you apply to us for a job, we need to consider your personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained in accordance with our privacy procedures for employee records.

***

IX. WEB SITE

Our web site contains links to other web sites that are provided and maintained exclusively by third parties. Web sites provided and maintained by third parties are not subject to this Privacy Policy. Please review the privacy policies on those web sites to determine their information handling practices.

On our web site, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimize our web service. We may provide aggregated information to third parties, but these statistics do not include any identifiable PI.

***

X. EFFECTIVE DATE OF THIS POLICY

This policy went into effect on January 1, 2004 with respect to PI and on November 1, 2004 with respect to PHI.