Privacy Policy

Foreword

The College of Physicians and Surgeons of Nova Scotia (the “College”) is committed to maintaining the confidentiality and security of personal information. We are responsible for all personal information, including personal health information, that is entrusted to us.

The College collects, uses and discloses personal information in accordance with the ten fair information principles of the Canadian Standards Association Model for the Protection of Personal Information¹(the “CSA Model Code”). This Privacy Policy outlines the standards and guidelines by which the College adheres with respect to the personal information of its members.

This Privacy Policy does not apply to the personal information of employees of the College.

What is Personal Information?

Personal information is any information about an identifiable individual, or information that when combined with other, readily available information, may identify an individual. Personal information that the College collects, uses or discloses may include member names, addresses, telephone numbers, e-mail addresses, credit card information, or other contact information and personally identifiable data, date of birth, social insurance number, age, marital and financial status, race, national or ethnic origin, and religion. It also includes opinions about that individual.

What is Personal Health Information?

Personal health information for the purpose of this policy is identifying information about a patient or a physician and includes demographic information (name, address, date of birth), health card number and information related to a patient or physician’s physical and mental health care. Personal health information can be documented and undocumented and continues to be protected after a patient or physician is deceased. Information that identifies a person who provided healthcare to a patient is that patient’s personal health information.

In this policy, any reference to personal information includes personal health information.

The ten principles of the CSA Model Code as applied by the College

1. Accountability:

The College is accountable for all personal information under its control, including information which it may transfer to a third party. The College collects, uses and discloses information in accordance with its obligations under the Nova Scotia Medical Act ³and the CSA Model Code. College staff are trained in standards and guidelines with respect to privacy and confidentiality.

To fulfill this purpose, the College has designated an individual as a Privacy Officer who is responsible for everyday operation and control of personal information as well as the College’s compliance with this Policy.

2. Identifying Purposes:

The College is required, pursuant to the Nova Scotia Medical Act³, to regulate the practice of medicine in the province with due regard to the public interest. The College uses personal information of its members and patients to carry out this function. The purposes for which the College collects, uses and discloses personal information include:

Membership application
All regulatory purposes
Registration and licensing
Credentials verification and assessment
Incorporation membership
Record of membership and licensees / member status
Administration of the Physician Health Program
Providing information to other entities, including Nova Scotia Health, the IWK, Dalhousie University, or any other entity through which physicians in Nova Scotia may operate, to address issues of physician health and wellness or other issues that need to be addressed in fulfillment of the College’s objects
Peer Review
Complaints and investigations (policies and practices related to confidentiality of the complainant and the physician as set out in the College’s publication policies)
Assessment of competence and/or performance
Communication with members
Publication
Establishing and maintaining updated physician listings to publish on the College website and make available to inquirers
Administering and facilitating members’ affiliations with the Canadian Medical Association, Dalhousie University, relevant Nova Scotia government departments and health authorities, the Medical Services Insurance Program (MSI), Doctors Nova Scotia, the Medical Identification Number for Canada (MINC), other medical regulatory authorities and any other entities with which a member has or seeks to have an affiliation.
Demographics: research, analysis, and planning
Providing information and documents to third parties as needed to fulfill the College’s objects
Providing information to other regulatory bodies
Compiling Statistics
Payment of annual fee
Surveys

If the College wishes to use personal information for a purpose not identified, the new purpose will be identified and the College will seek consent of the individual prior to use, unless required or permitted by law.

3. Consent:

a) Members’ Personal Information

The College is dedicated to making members aware of the purposes for which their personal information is gathered, the use of the information and reasons for disclosure. Unless required or permitted by the Medical Act or other applicable law, the College obtains consent from members for the collection, use and disclosure of personal information. In certain circumstances, the consent for the individual can be obtained after collection of the information, but before use and disclosure.

The College will not, as a condition of the supply of goods or services, require that an individual consent to the collection, use, or disclosure of information beyond what is required for legitimate and communicated purposes. Some information related to licensing, competence and professional development must be provided as a condition of obtaining and maintaining one’s professional status.

There may be circumstances where consent may be implied by the circumstances. In such cases, the purpose for the collection and use of personal information must be apparent and the College may only use the personal information for the apparent purpose. In such a case, the College will not use that information for any other purpose.

The law provides certain exceptions to the usual requirement to obtain an individual’s consent. For example, an organization may collect and use personal information in circumstances where the collection and/or use of such information is clearly in the interests of the individual and consent cannot be obtained in a timely way. Similarly, personal information may be collected and used without the consent of the individual if the information is reasonably required to investigate a breach of an agreement, a violation of the law or investigations related to professional discipline and there is reason to believe that obtaining consent may compromise the availability or accuracy of such information.

Members can withdraw consent anytime for the retention and use of personal information, but only to the extent that such consent withdrawal does not affect the ability of the College to carry out its statutory functions. The College will inform the member of the implications of such withdrawal.

b) Personal Health Information

Regulatory bodies like the College are not custodians of personal health information under the Personal Health Information Act (PHIA). This means that even though the College may collect and use personal health information about individuals, it is not governed by PHIA, as it does not collect personal health information for the purpose of health care or the planning and management of the health system.²The College does not need to obtain consent from patients for the College’s collection, use and disclosure of their personal information relating to an investigation of a complaint, subject to the statements below.

Where a complainant is not the patient, the College will obtain consent of the patient to share relevant records with the complainant.

Further, when the complainant is not the patient and the patient is deceased or does not have capacity to consent, the College seeks the consent from the legally authorized representative of the patient to share the patient’s personal health information with the complainant. If the consent is not forthcoming, the personal health information will not be shared with the complainant.

4. Limiting Collection:

The College collects personal information and personal health information only to the extent necessary for the purposes identified. Personal information is collected in a fair and lawful manner.

5. Limiting Use, Disclosure and Retention:

a) Members’ Personal Information

The College does not sell or trade member personal information to third parties. Personal information is only used or disclosed for the purpose for which it was collected with the consent of the member, or as required or permitted by law.

The personal information of the member is retained as long as it is considered necessary according to the College’s Document Retention policy.

b) Patients’ Personal Health Information

As per Section 45 of the Personal Health Information Act⁶ an (organization) that is not a custodian is authorized to collect the personal health information that a custodian may disclose to it, but that (organization) does not become a custodian merely by virtue of its collection of the personal health information that the custodian has disclosed to it.

The College will not disclose personal health information for any purpose other than the purpose for which it was authorized to disclose the information. In addition, the College will not use or disclose more of the information than is reasonably necessary to meet the purpose of the use or disclosure, unless the disclosure is required by law.

6. Accuracy:

The College is dedicated to maintaining personal information in a form that is accurate, complete and current as is necessary for the fulfillment of the College’s purposes. Members are encouraged to contact the College and update any changes in their personal information. The College will correct or amend personal information that is shown to be incomplete or inaccurate.

7. Safeguards:

The College takes reasonable steps to protect personal information against loss, unauthorized access, use, disclosure and alteration, no matter what form the information is in (for example, electronic version or physical copies).

The safeguards used by the College include:

The College collects and stores personal patient and or complainant information on the website. This information is manually purged on a weekly basis and has security processes in place regarding data collection and removal from the system.
Physical Measures: Locked filing cabinets, keypads or locks to restricted areas, alarm system in the office.
Organizational Measures: Employees’ training, confidentiality agreements, limited access on “need to know” basis.
Technological Measures: Use of security software, password, firewall and encryption.
Destruction Measures: Records and documents of the members are destroyed in a confidential manner (e.g., shredding of paper records, wiped clean/deleting of discs and physical destruction of hard drives).
Third party obligations: Contractual privacy agreement with third parties. To ensure the protection of your personal information, third parties enter into a legal contract and confidentiality agreement before the College uses their services.

8. Openness:

The College is open about its policies and procedures and will provide members with specific information relating to the maintenance of personal information. These policies are available by contacting the College’s Privacy Officer.

9. Individual Access:

Members may contact the Privacy Officer at any time to discuss access to their own personal information. Upon written request, access will be provided, except as outlined below. A small fee may be applied to cover the cost of administration. Where legal or regulatory requirements prevent allowing access to personal information, the College will provide you with the reasons for denial of access.

10. Challenging Compliance:

The College’s Privacy Officer is responsible for overseeing compliance with this privacy policy. Any questions can be directed to the Privacy Officer who will respond to any concerns. We will investigate all complaints and will take appropriate action to resolve the issue. We also welcome your comments and suggestions regarding this Privacy Policy.

Website Visitors

If you visit our website (https://cpsns.ns.ca/) certain information is collected from you automatically, as described below.

1. IP Address:

Web servers automatically collect certain information when you visit a website, including your Internet Protocol (IP) address. IP addresses are unique numbers Internet Service Providers (ISP) assign to all devices accessing the Internet. The IP address, on its own, may not identify you as an individual. However, in certain circumstances, such as with the co-operation of an ISP for example, it can identify an individual. For this reason, the College considers IP address as personal information, particularly when combined with other data automatically collected such as the page or pages visited, date and time of the visit, etc.

2. Cookies:

The College analyzes website traffic data and uses cookies to improve our services. A “cookie” is a piece of text that the College’s web server can store on your computer. The cookies the College uses log your progress through the site and record how you accessed the site. The information collected by the College is limited and cannot identify specific users. Any information collected is only used to improve our website and the user experience. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our website.

3. Web analytics:

Web analytics is the collection, analysis, measurement, and reporting of data about web traffic and visits for purposes of understanding and optimizing web usage.

When your computer requests a College web page, we collect the following types of information for web analytics using digital markers:

the originating IP address
the date and time of the request
the type of browser used
the page(s) visited

Information we collect and use for the purpose of web analytics is in accordance with our mandate under the Health Professions Act. We may use such data to improve the College’s website as well as for communications and information technology statistical purposes, audit, evaluation, research, planning and reporting.

We do not disclose this information to any external third-party service providers.

4. Links to other websites

Our website may include links to websites managed by other organizations. The College of Physicians and Surgeons of Nova Scotia is not responsible for the protection of any information you give to these websites or the content on these websites. Please ensure you read the privacy policy of any other website you link to, to understand how your personal information is collected, used, and disclosed on such sites.

For more information on the College’s Privacy Policy:

Ms. Tricia Crease, Privacy Officer
College of Physicians and Surgeons of Nova Scotia
400-175 Western Parkway Bedford, NS B4B 0V1
Phone: (902) 421-2200, Fax: (902) 422-5035
tcrease@cpsns.ns.ca

Revision to the Privacy policy

This version of the Privacy Policy is effective December 2, 2022.

Due to changes in technology and legal requirements, the College reserves the right to revise its Privacy Policy from time to time. Any revised version of this Privacy Policy will be posted on the College website.