Message d'état

  • Key:
  • value:
  • Plan Group: {"138722":"550","205042":"350","275151":"350","275165":"350","275177":"350","275186":"350","304084":"562","307826":"562","307833":"562","307953":"561"}
  • The optgroup_plan_select says:10

Privacy Policy






PRIVACY POLICY

The following summarizes the policy and procedures, effective January 01, 2016, of Prudent Benefits Administration Services Inc. (“PBAS”) and, therefrom, those persons or organizations serving PBAS, for the collection, use, storage and disclosure of personal information.

The records of PBAS include details that are deemed personal in nature (over and above a person’s name, business address and telephone number) such as the Member’s age, marital status, social insurance number, the identity and dates of birth for the spouse and dependent children.  These details may be augmented with medical/dental records, and other employment related details, as well as benefit entitlements and payments.  None of that information has been gathered, previously, unless it was germane to the plan’s operation.  The same principle will continue to apply.

Limiting Use, Disclosure, Retention Of Information And Safeguards

Access to personal information is, and will continue to be, limited to only those people who have a need to know.  It is filed electronically, with access limitations related to the specific activities of the administrative staff within PBAS. Hard-copy information is either destroyed after it is recreated in electronic form, or it is kept in locked files to which only authorized staff members have access.  There are a limited number of instances wherein the personal information, held in the files, is disclosed to third parties.  The most prevalent, of those, involves medical practitioners concerned with the process of claims adjudication.  They are bound by their professional standards.  Otherwise, there may be third parties who determine reserve requirements and other projected costs, lawyers who perform family and estate settlements, and auditors who assess recording-accuracy.  In each of those cases, we require formal commitments of confidentiality.

Except for the revocation of a Member’s consent (to hold and use personal information) there are long-term requirements for the retention of personal information.  As a rule of thumb, records should be held for at least seven years (or a shorter period of time, if reasonable) after the Member’s termination from the plan.  In the latter case, files are purged, periodically, and destroyed.  Electronic destruction is performed by the IT staff of PBAS.  Hard-copy files are shredded, on site, by reputable contractors, who certify the completion of each job. 

Security

With the few exceptions (noted above) where hard-copy files are kept, the personal information held by PBAS is stored on an IBM i5 520 Midrange System. It is downloaded, to the microcomputers of the staff members with clearance to do so.  Both facilities are protected by encryption, firewalls, anti-virus programs, and physical intrusion detection that are regularly upgraded.

All databanks and systems are duplicated, for disaster-recovery purposes, at an IBM facility.  

Physical admittance to the IT department of PBAS has always been controlled with locks and select access codes.  Only a limited number of staff members may enter those premises without close supervision.

A complaint related to personal information, may be addressed to PBAS' Privacy Officer. If further action is required, a Member may contact the Office of the Privacy Commissioner of Canada or an applicable Provincial Commissioner.