CMPA and privacy
At the Canadian Medical Protective Association (CMPA) we understand the importance of privacy and the protection of personal information. The CMPA and its subsidiaries1 place the highest value on ensuring the privacy and confidentiality of personal information entrusted to us and strive to comply with all legal and regulatory requirements.
This policy also complies with the requirements of Canada's Anti-Spam Legislation (CASL) to ensure that appropriate consent has been obtained prior to sending electronic communications subject to CASL and that required unsubscribe mechanisms are readily available.
Collection and use of personal information
The CMPA collects personal information to fulfill the mandate of the CMPA, which includes:
- processing applications and confirming eligibility for CMPA membership
- communicating with members
- responding to requests for assistance from members
- delivering assistance to members, including assistance with medical-legal matters and providing risk management/reduction advice and other practice solutions
- registering members for CMPA sponsored educational events
- developing and delivering practice related solutions and risk analytics
- providing support to members with provincial or territorial reimbursement programs, third party payer groups (e.g. groups who pay membership fees on a member’s behalf), and provincial or territorial medical regulatory authorities (Colleges)
- facilitating the use of the national physician identification system known as the Medical Identification Number for Canada (MINC)
- conducting service related surveys, providing educational programs, risk management/reduction and other practice solutions
- providing information about the services offered by CMPA and its subsidiary companies, as well as other service providers
- responding to inquiries received from individuals who are not members of the CMPA
- meeting legal or regulatory requirements
Personal information is generally collected from the individual directly. The CMPA's use of personal information is limited to these purposes or is consistent with them.
To the extent that any communication from the CMPA or its subsidiaries qualifies as a "commercial electronic message" under CASL, the message will only be sent if appropriate consent has been obtained and a required unsubscribe mechanism is readily available. The term "commercial electronic message" is defined under CASL and includes an electronic message (e.g., email, instant messaging, text messaging) that offers to purchase, sell, barter or lease a product, good, or service; provide a business opportunity; or advertise or promote any of these items. You are free at any time to unsubscribe from receiving any future commercial electronic messages that may be sent by the CMPA or its subsidiaries.
Disclosure of your personal information
The CMPA may disclose personal information to confirm or support your membership with third parties, including:
- medical associations and provincial or territorial governments responsible for administering CMPA fee reimbursement programs
- Colleges with whom you have registration
- hospitals, universities, clinics, and third party payer groups (e.g. groups who pay membership fees on a member's behalf) with whom you work
- the Medical Identification Number for Canada (MINC)
At your direction and with consent, the CMPA will also provide information to other organizations with whom you interact in the course of your practice that have a legitimate interest in confirming your CMPA membership. When the CMPA confirms or supports membership with third parties, medical-legal information will not be released. A list of medical associations, provincial or territorial governments, and Colleges with whom the CMPA exchanges personal information may be obtained from the CMPA website or by contacting the CMPA. The CMPA will only disclose personal information to organizations where the organization agrees to use such personal information solely for the purposes for which it was provided and only as long as necessary for the purpose of the collection and to protect the information using appropriate means of security.
Sharing information with CMPA subsidiaries
The CMPA may share personal information with its subsidiaries, such as your mailing address, contact and demographic information, for the purposes of offering particular services that may be of benefit to you. The CMPA may also share information with its subsidiaries to confirm membership with the CMPA or to update any contact information. For example, if you are a CMPA member and a client of a CMPA subsidiary, when you inform us of an address change, this information will be changed for both organizations. The CMPA will not share members' personal medical-legal information with its subsidiaries without explicit permission.
Disclosing information without consent
There are some circumstances where the CMPA may disclose personal information without consent. Such circumstances include where the CMPA:
- is permitted or required by law, or by order of a court or tribunal
- believes, upon reasonable grounds, that it is necessary to protect the safety of an identifiable person or group
- believes it is necessary to establish or collect fees
- believes it necessary to permit us to provide approved services, pursue or investigate available remedies (including legal remedies through a civil or criminal court process), or limit any damages that we may have or are likely to sustain
- believes the information is public
Where obliged or permitted to disclose information without consent, the CMPA will not disclose more information than is required.
Accuracy and retention
The CMPA endeavours to ensure that any personal information in its possession is accurate, current and complete. Information contained in files that have been closed is not actively updated or maintained. The CMPA generally retains personal information as long as the CMPA believes it is necessary to fulfil the purpose for which it was collected. Once this purpose has been fulfilled, the CMPA destroys the information in a secure manner that protects the privacy of the individual to which the information relates. The CMPA's retention policy is reviewed and updated regularly.
Protection of personal information
The CMPA endeavours to maintain adequate physical, procedural, and technical security with respect to its offices and information storage capabilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of personal information. This commitment also applies to the disposal or destruction of personal information.
As part of those precautions, we restrict access to personal information to those employees and, under appropriate confidentiality agreements, external service providers we determine need to know that information in order that the CMPA may provide its services. The CMPA treats employee misuse of personal information as a serious offence for which disciplinary action may be taken. The CMPA is also prepared to take all appropriate steps to enforce the provisions of confidentiality agreements with external parties.
The CMPA may rely on external service providers who are located in the United States and other countries. Some personal information collected by the CMPA may therefore be retained in countries other than Canada where privacy laws may offer different levels of protection from those in Canada, and personal information may be subject to access by and disclosure to law enforcement agencies in those jurisdictions.
We audit our procedures and security measures, as appropriate, to ensure that they remain effective and reasonable. We take reasonable steps to confirm service providers adhere to accepted standards of information security.
Access to your personal information
The CMPA strives to provide access to personal information in keeping with all applicable legislation. The CMPA may decline to provide access to personal information in accordance with existing legislation. We will provide information from our records in a form that is easy to understand, and will also endeavour to provide explanations for any abbreviations or codes used. When possible, the CMPA will also provide a list of organizations that may have received such information.
We may charge a reasonable cost (e.g. photocopying, mail charges) to the individual making the request.
The CMPA reserves the right to decline to provide access to personal information where the information requested:
- would disclose personal information about a third party
- would reveal confidential commercial information
- could reasonably result in serious harm to an individual
- may harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by law to perform such functions
- was generated in the course of a formal dispute resolution process
- is subject to solicitor-client or litigation privilege, or a professional privilege or obligation
- is not readily retrievable and the burden or cost of providing would be disproportionate to the nature or value of the information
- does not exist, is not held, or cannot be found by the CMPA
- any other grounds under applicable legislation
Where information will not or cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.
The CMPA will not respond to repetitive or vexatious requests for access and, in doing so, will consider such factors as the frequency with which information is updated, the purpose for which the information is used, and the nature of the information. To guard against fraudulent requests for access, the CMPA may require sufficient information to allow it to confirm the identity of the person making the request before granting access or making corrections.
Resolving your privacy concerns
In the event of questions about the collection, use, disclosure of or access to your personal information by the CMPA, or the CMPA's CASL procedures, visit our website or contact us:
Phone: 1-800-267-6522 or 1-613-725-2000
Online: Contact us
Address: P.O. Box 8225, Station T, Ottawa ON K1G 3H7
- Unless otherwise stated, any reference to the CMPA, includes both the Association and its subsidiaries.