Approved by Board: March 13, 2012
Updated by Board: September 11, 2012
The Saskatchewan HIPA (Health Information Privacy Act) does not apply to the Foundation, since it applies to “personal health information”. “Personal health information” is defined as information about an individual’s physical or mental health and/or information gathered in the course of providing a health service. The Foundation does not have access to such information and therefore the Foundation is not defined as a “trustee” under HIPA.
The federal PIPEDA (Personal Information Protection and Personal Electronic Documents Act) – which is also based on the Canadian Standards Association model- also does not apply to the Foundation since it specifically applies only to provincial organizations involved in “commercial activities”. The Foundation is only deemed to be involved in commercial activities if it trades, rents or sells personal information (such as donor lists). The Foundation does not trade, rent or sell personal information.
The Royal University Hospital Foundation (the “Foundation”) is committed to protecting the privacy of the personal information of its constituents (donors, volunteers, employees, and other stakeholders). The Foundation has taken the necessary actions to ensure that information in any format (paper or electronic) is protected so that the relationship of trust between the constituent and the Foundation is upheld. The Foundation recognizes, and adheres to, the Saskatoon Health Region (“SHR”) Privacy and Confidentiality, and Information Technology Policies.
“Personal information” for this purpose is defined as being any information that can be used to distinguish, identify, or contact a specific individual. Business contact information and certain publicly available information (such as names, addresses and telephone numbers as published in telephone directories- including on-line public databases) are not considered personal information.
1. Accountability for Personal Information.
The Foundation and the Saskatoon Regional Health Authority (governing Board of SHR) have signed a Memorandum of Understanding which articulates mutual accountabilities. However, SHRA does not share data related to patient records or patient information with the Foundation.
2. Identifying Purposes for the Collection of Personal Information.
When the Foundation collects personal information directly from its constituents, the Foundation will identify the purposes for which personal information is collected at or before the time of collection. These purposes include: donor, employee or volunteer recruitment and engagement; that which is necessary for the administration of the interests of a donor, employee or volunteer; and compliance with legal and regulatory requirements.
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.
The knowledge and consent of a person is required for the direct collection, use or disclosure of personal information except where mandated by law.
This consent may be either express or implied. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
At any time, an individual may opt out of receiving communications (printed and/or electronic) from our Foundation. To opt out the individual must contact the Foundation. The Foundation can be reached by telephone at (306) 655-1984, firstname.lastname@example.org or Royal University Hospital Foundation Inc., 103 Hospital Drive, Saskatoon, SK S7N 0W8.
4. Limiting Collection of Personal Information.
The Foundation will limit the collection of personal information to that which is necessary for the purposes identified. Information will be collected by fair and lawful means. The Foundation does not collect any personal health information, other than that which is volunteered directly by the constituent to the Foundation.
5. Limiting Use, Disclosure, and Retention of Personal Information.
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes. The Foundation does not trade, rent or sell any personal information to third parties.
6. Ensuring Accuracy of Personal Information.
The Foundation ensures personal information is accurate, complete and as up-to-date as necessary for the purposes for which it is to be used. We encourage individuals to review, correct and update personal information previously provided to the Foundation, by contacting us at (306) 655-1984, email@example.com or Royal University Hospital Foundation Inc., 103 Hospital Drive, Saskatoon, SK S7N 0W8.
Donors who request that their name and/or amount of the gift not be publicly released shall remain anonymous.
7. Ensuring Safeguards for Personal Information.
Personal information is protected with security safeguards appropriate to the sensitivity of the information. All Foundation employees, volunteers, and directors must sign a Confidentiality Agreement. In addition, all independent contractors, or vendors that have a working relationship with the Foundation’s proprietary database, must sign a Confidentiality Agreement.
All Foundation employees receive mandatory Privacy Training.
8. Openness Concerning Policies and Practices.
9. Access to Personal Information.
Upon request, a person will be informed of the existence, use, and disclosure of personal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate. Please contact the Foundation at (306) 655-1984, firstname.lastname@example.org or Royal University Hospital Foundation Inc., 103 Hospital Drive, Saskatoon, SK S7N 0W8.
10. Challenging Compliance.
A challenge concerning compliance with the above principles should be made to the Privacy Officer at: email@example.com.
If your concerns are not properly addressed, please contact the Foundation’s CEO at: firstname.lastname@example.org.
If you still do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact the Saskatchewan Privacy Commissioner’s Office at toll free 1-877-748-2298, email@example.com or 503 1801 Hamilton Street, Regina, SK S4P 4B4 (www.oipc.sk.ca).
Approved by Board: March 12, 2013
Scope and Objectives
This policy is meant to apply to complaints from the Foundation’s public stakeholders, such as donors and volunteers, who have complaints that the Foundation is not complying with its policies and procedures, including matters addressed in the Imagine Canada’s Standard Program for Charities and Nonprofits.
This policy is not meant to apply to complaints from the Foundation’s internal staff. Concerns and complaints from staff should be reported through management.
Royal University Hospital Foundation (the “Foundation”) is a registered charity that is committed to high standards of conduct. We recognize that from time to time there may be concerns or complaints and we wish to ensure that all public stakeholders have an opportunity to share those with us. This feedback is important as an opportunity for continuous improvement.
The Foundation believes that the process for resolving concerns and complaints should be timely, fair, and respectful.
The Foundation will keep a log of any reported complaints, whether received by email, telephone, or mail. This log will be maintained by the front‐office administrative assistant, since most complaints would initially be received by that position. Any complaints not received through the front desk will be reported back there, for purposes of maintaining the log.
Any complaints that can not be dealt with immediately by the receiving person will be referred to the appropriate person within the Foundation (or, rarely, the Board). That person will respond to the complaint, to acknowledge receipt, within 2 days. If a resolution within that time frame is not possible, the complainant will be made aware that their concern is being investigated and a response will be forthcoming as soon as possible.
The CEO of the Foundation will report to the Board annually in March as to the number, type, and disposition of complaints received. If a complaint is of a serious nature, the CEO will make the Executive Committee of the Board aware of the situation as it is being investigated.
- Complaints will be logged, with the nature of the complaint, date received, name and contact information of the complainant, and person within the Foundation to whom the complaint was referred.
- The complaint will be investigated by the Foundation.
- The complainant will be made aware of the results of the investigation. If the complaint can not immediately be resolved, the complainant will be contacted to acknowledge receipt of the complaint, and then contacted later when the complaint has been investigated.
- The Foundation will take corrective or disciplinary action, as appropriate and as required.
- The complaints log will be updated to give a brief description of the results of the review and any action taken.
- The CEO will review the log periodically to determine whether there are frequently recurring complaints of a similar type. (If so, this may point to systemic process issues within the Foundation that need to be addressed).
- The CEO will report to the Board annually as to the number, type, and disposition of complaints received.
Your Community. Your Health. Help us make a difference.