The Public Service Health Care Plan Privacy Statement is also posted on the website of the Treasury Board of Canada.
Definitions
The following definitions are for roles and terms used in the Public Service Health Care Plan Privacy Statement. For additional definitions such as Dependant, Member, Administrator, and Participant, refer to the PSHCP Plan Directive.
Federal Public Service Health Care Plan Administration Authority
Is the arms-length organization that oversees the administration of the PSHCP on behalf of the Government of Canada. www.pshcp.ca
Personal Information
As defined in section 3 of the Privacy Act, means information about an identifiable individual that is recorded in any form. A list of the elements of personal information collected to administer the PSHCP and deliver benefits and services to Plan Members can be found in section 4 of this Statement under “Collection of Personal Information”.
Treasury Board of Canada Secretariat
Is the administrative arm of the Treasury Board (TB) responsible for developing and overseeing the Policy Framework for the Management of public service employee benefits, including the PSHCP.
Introduction
The Public Service Health Care Plan
The Public Service Health Care Plan (PSHCP) is a private health benefits plan designed to reimburse Members for all or part of costs they incur for eligible services and products.
The Treasury Board of Canada Secretariat (TBS) is accountable to Parliament and the Canadian electorate for the PSHCP’s performance and for the benefits Canada derives from the investment of public funds in the Plan. However, certain responsibilities have been assigned to two governance bodies comprised of individuals appointed by the Treasury Board, the public service bargaining agents, and the National Association of Federal Retirees (representing pensioner members), so that the PSHCP may be managed collaboratively by these parties. These governance bodies are the PSHCP Partners Committee, which focuses on Plan design and policy, and the Federal PSHCP Administration Authority, a without share capital corporation which has responsibilities for contract management and overseeing the day-to-day administration of the Plan by the Plan Administrator.
For additional information on PSHCP benefits, please go to the following URLs:
The Public Service Health Care Plan Privacy Statement
The objective of the PSHCP Privacy Statement is to inform individuals who are covered under the PSHCP about who is collecting their personal information; what personal information is being collected and for what purposes; when the information will be disposed of; how to get access to their personal information on file, and, if required, how to correct it. This is consistent with provisions in the Privacy Act.
The Statement applies to the vast majority of the employers participating in the PSHCP (Participating Employers) who are subject to the Privacy Act [1]. They include the Treasury Board Secretariat, departments, agencies, separate agencies, special operating agencies, and boards and commissions.
The Statement does not apply to a small number of Participating Employers that are not subject to the Privacy Act. These entities may have their own statements in accordance with privacy legislation to which they are subject
The contracted Administrator, which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), or in some cases to applicable provincial/territorial legislation in jurisdictions where it operates, makes available to the public its Privacy Policy and Privacy guidelines. They describe the contracted Administrator’s commitment to privacy in the daily management of the personal information of its customers including the participants of the benefits plans it administers.
The purpose of this Privacy Statement is to describe for Plan Members the privacy practices of Participating Employers that are required to handle their personal information and that of their eligible dependants pursuant to requirements under the Privacy Act.
Nevertheless, information about the responsibilities of the contracted Administrator and those Employers not subject to the Privacy Act is referenced in sections 1, 3 and 7, in order to provide a comprehensive picture of the roles and responsibilities of all parties handling personal information in the course of administering the PSHCP and delivering benefits and services to Plan Members.
The Privacy Landscape in Canada
The Office of the Privacy Commissioner of Canada provides a large inventory of facts sheets and links regarding Privacy in Canada that can be helpful in understanding applicable privacy legislation. This information is available at the following links:
- Summary of privacy laws in Canada – Office of the Privacy Commissioner of Canada
- Accessing your personal information
1. Responsibilities
Participating Employers
Participating Employers subject to the Privacy Act:
- Collect personal information in order to fulfill their respective mandate;
- Are responsible for the protection of personal information they collect for the purposes described in section 3 of this Statement and to ensure that employees involved in the collection and management of this information comply with privacy policies in the day-to-day management of such information. The Government of Canada has a Policy on Privacy Protection ; and,
- Have a designated Access to Information and Privacy Coordinator responsible for ensuring compliance with the Privacy Act and Access to Information Act.
Participating Employers that are not subject to the Privacy Act:
- Are responsible for the protection of personal information they collect for the purposes of administering the PSHCP. They may or may not be subject to other federal, provincial or territorial privacy legislation. In those cases, Members are encouraged to contact the person within their organization responsible for their employers’ privacy practices and to access additional information describing the Summary of privacy laws in Canada – Office of the Privacy Commissioner of Canada
Employees
- All employees working for an Employer that is subject to the Privacy Act and involved in the collection of personal information for the administration of PSHCP are responsible to comply with procedures that are in place for the confidential and secure handling of personal information.
Contracted Administrator
The contracted Administrator is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and to applicable provincial/territorial legislation in the jurisdictions where it does business on behalf of the PSHCP. To this end, the contracted Administrator employs privacy professionals who continually review new and existing legislation, incorporating requirements into their internal practices.
2. Collection of Personal Information
The collection of personal information under the PSHCP is limited to what is required for the purposes described in section 3 of this Statement.
3. Purposes of Collection
Participating Employers subject to the Privacy Act and that have entered into an agreement with Public Services and Procurement Canada (PSPC) for payroll services, collect personal information from Members under the PSHCP for the purposes of:
- Certifying eligibility for coverage
- Registering Members
- Determining and amending status and coverage
- Obtaining authorization for payment deductions
Pursuant to an agreement between the parties for payroll services, PSPC’s Superannuation, Pension Transition and Client Services collects personal information from Participating Employers and from pensioners for the purposes of:
- Certifying eligibility for coverage (pensioners)
- Registering Members (pensioners)
- Determining and amending status and coverage (pensioners)
- Obtaining authorization for payment deductions (pensioners)
- Providing eligibility data to the contracted Administrator (employees and pensioners)
- Applying pay deductions (employees and pensioners)
In the case of those Participating Employers that are subject to the Privacy Act and have not entered into an agreement with PWGSC for payroll services, personal information is collected by these employers under the PSHCP for the purposes of:
- Certifying eligibility for coverage
- Registering Members
- Determining and amending status and coverage
- Obtaining authorization for pay deductions
- Providing eligibility data to the contracted Administrator
- Applying pay deductions
The Federal PSHCP Administration Authority collects personal information under the PSHCP for the purposes of:
- Hearing Plan Member appeals, overseeing claims adjudication and plan administration [2]
- Communicating with Plan Members
- Auditing the Plan Administrator regarding the payments of benefits
The contracted Administrator collects personal information under the PSHCP for the purposes of:
- Administering the benefits
- Adjudicating claims
- Coordinating benefits with other public or private insurance plans
- Communication with Members
4. Notification and Consent
At the time of their application to the PSHCP, Members are informed by their compensation advisors or pension office of the purposes for the collection of personal information. The Member provides express consent for use and disclosure by the contracted Administrator of the Member’s personal information and that of eligible Dependants by signing each benefits claim form and completing positive enrolment with the contracted Administrator.
5. Use and Disclosure
Personal information under the PSHCP is used and disclosed solely for the purposes for which it was collected and identified in section 3 of this Statement.
In the event of an overpayment where the Member fails to comply with the contracted Administrator on a repayment schedule, the known details of the overpayment situation will be disclosed to the appropriate government institution for the purpose of recovering the overpayment.
Participating Employers ensure that policies and procedures are in place to address any improper or unauthorized disclosure of personal information.
6. Accuracy
Participating Employers that are subject to the Privacy Act and their employees administering personal information under the PSHCP, ensure completeness and accuracy of the personal information by having procedures in place that:
- Regularly update the personal information;
- Keep a record of the source of the information used to make the changes;
- Ensure notification of the changes to other parties to whom the information was disclosed; and,
- Ensure that participants are able to access, and request correction of their personal information.
7. Retention
Personal information concerning an individual that has been used by a Participating Employer subject to the Privacy Act for an administrative purpose shall be retained by the Employer
(a) for a minimum of two years following the last time the personal information was used for an administrative purpose unless the individual consents to its earlier disposal; and
(b) where a request for access to the information has been received, until such time as the individual has had the opportunity to exercise all his or her rights under the Act.
Other than the required minimum 2 years under the Privacy Act, the retention period may vary by Participating Employer.
Retention Periods for the contracted Administrator
The contracted Administrator retention period for the PSHCP is as follows:
- Records and Documentation to support Plan provisions (e.g. maximums) for the period of the Contract;
- Eligibility and Member information for the period of the Contract;
- Provider information for the period of the Contract;
- Claims history for the most recent 10 Calendar Years;
- Member website history for the most recent 10 Calendar Years;
- Member Annual Claim Statements for the most recent 10 Calendar Years;
- Recorded calls and call logs for the most recent 3 Calendar Years;
- Real time chat transcripts for the most recent 3 Calendar Years;
- Email inquiry responses for the most recent 3 Calendar Years; and
- Other Records and Documentation for the most recent 10 Calendar Years.
This ensures compliance with the Canada Revenue Agency and the Privacy Act.
8. Access to Personal Information
Plan Participants are informed and will, consistent with the Access to Information and Privacy Acts, be given access, upon their request, to their personal information used and disclosed by the Participating Employer. Plan Participants are able to challenge the accuracy and completeness of the information and request correction, by contacting the designated privacy officers listed in section 9 of this Statement.
There exist several reference tools to assist members of the public in exercising their rights under the Access to Information Act and the Privacy Act.
One of these reference tools is called “Info Source”. It is a series of publications containing information about the Government of Canada, its organization and information holdings. It supports the government’s policy to explain and promote open and accessible information regarding its activities. Info Source is available at the following URL:
- Info Source – Canada.ca
- Other reference tools can be found at:
9. Right of Complaint
Plan Participants can address any questions and/or complaints regarding compliance with the above sections using the following contacts:
Treasury Board of Canada Secretariat
Director, Access to Information and Privacy
Ottawa, Ontario K1A 0R5
Telephone: 1-866-312-1511
Email: atip.aiprp@tbs-sct.gc.ca
Participating Employers Subject to the Privacy and Access to Information Acts
Access to Information and Privacy Coordinators (list of)
Participating Employers that are not subject to the Privacy Act
Participants can address their questions and/or complaints to their respective organization.
Public Services and Procurement Canada (PSPC)
Access to Information and Privacy Director
Telephone: 873-469-3721
Email: AIPRP.ATIP@tpsgc-pwgsc.gc.ca
Federal Public Service Health Care Plan Administration Authority
Access to Information and Privacy Coordinator
Email: atip-aiprp@pshcp.ca
[1] Federal organizations and their affiliation to the Privacy Act are identified in the “Population Affiliation Report (collectionscanada.gc.ca)“. Click on the type of organization in the diagram under “Overview”, and then look under “AIPA”.
[2] This may require the Administration Authority to discuss a Members’ personal information with service providers and other stakeholders.