Protection of Personal Information
At the Canadian Post-M.D. Education Registry (CAPER), we take physician privacy very seriously. It is a long-established policy of CAPER and the Association of Faculties of Medicine of Canada (AFMC), of which Association CAPER is a component division, to deal with all physician information in a sensitive manner, in order to ensure that our collections, uses, disclosures, retention and disposals of physician information are carried out in accordance with best privacy practices.
- our accountability for our privacy practices;
- the purposes for which we collect physician information and the sorts of physician information that we collect;
- the manner in which consent is obtained for our dealings with physician information;
- the manner in which we use physician information;
- our security, retention and disposal processes relating to physician information;
- accuracy: ensuring data are sufficiently accurate to achieve our purposes;
- a physician's right to access his or her own information and to request corrections of same;
- "Collect" or "Collection" means the act of gathering, acquiring or obtaining physician information from physicians or from third parties (the data providers as defined below), by any lawful means.
- "Consent" means voluntary agreement with what is being done or proposed. Consent can be either express or implied. Consent must always be informed. Express consent is given explicitly, in writing. In appropriate circumstances, consent may be implied from an individual's conduct such as the return of a completed questionnaire.
- "Data Provider" means a Canadian organization which collects information from physicians in the course of processing applications for membership, assessment, training or licensure. Data Providers include the provincial/territorial medical regulatory authorities, the Medical Council of Canada (MCC), the International Medical Graduates assessment centres, the Canadian Medical Association and the 17 Canadian faculties of medicine.
- "Disclose" or "Disclosure" means providing identifiable physician information to anyone other than to the physician who is the subject of that information, and to the data provider.
- "Physician Information" means information about an identifiable physician, other than his or her name, title, business address or business telephone number.
- "Use" means the treatment and handling of physician information.
4. Privacy Principles
4.1 Principle 1 - Accountability
Canadian Post-M.D. Education Registry
c/o Association of Faculties of Medicine of Canada
2733 Lancaster Road, Suite 100
Ottawa ON K1B 0A9
Telephone: (613) 730-1204
Fax: (613) 730-1196
4.1.2 We are responsible for the physician information under our control.
4.1.3 We have implemented policies and practices to give effect to our privacy commitment to physicians, including:
- physician information security processes (see Principle 4.7 below);
- enquiry and complaint procedures (see Principles 4.9 and 4.10 below);
- staff training regarding physician privacy; and
4.2 Principle 2 - Identifying Purposes
4.2.1 We may collect some or all of the following information about physicians:
- identifier information (name, date of birth): this is used for matching records from multiple sources and will not remain on the file as described in section 4.5.3
- demographic information : gender, legal status, country of citizenship
- M.D. degree: university, country and date awarded
- post-M.D. training outside Canada: training field
- medical practice outside Canada : country - whether passed the MCC evaluating examination for graduates of foreign medical schools; whether passed the MCC qualifying examinations (LMCC I and II)
- post-M.D. training in Canada: faculty, field, rank level, source of funding
- licensure in Canada: data, category, province
- practice location in Canada: postal code of physicians' practice location
- practice activity in Canada: practice specialty, academic affiliation, activity level (hrs. worked/wk) and practice type (group, clinic, solo, etc)
4.2.3 We make every reasonable effort to ensure that any Data Provider that collects physician information on our behalf is able to adequately explain to physicians the purposes for which their information is collected.
4.3 Principle 3 - Consent
4.3.1 Subject to all applicable legal rights and obligations, Data Providers will obtain physicians' consent (express or implied as appropriate) for the collections and uses of physician information identified in Principle 4.2 above prior to disclosing physician information to us.
4.4 Principle 4 - Limiting Collection
4.5 Principle 5 - Limiting Use, Disclosure and Retention
4.5.2 CAPER does not disclose identifiable physician information to third parties.
4.5.3 We retain and dispose of physician information in accordance with our physician information retention and disposal policy. Physician information that is no longer required in order to meet our identified purposes will be destroyed, erased or otherwise rendered anonymous.
4.6 Principle 6 - Accuracy
4.7 Principle 7 - Safeguards
4.7.1 We protect physician information under our control with safeguards that are appropriate to the sensitivity of that information. These safeguards are designed to protect physician information in all formats against loss or theft, as well as against unauthorized access, disclosure, copying, use or modification.
4.8 Principle 8 - Openness
4.8.1 Additional information about our privacy-related policies and procedures is available upon request and on our website.
4.9 Principle 9 - Individual Access
4.9.1 Subject to our legal rights and obligations, we will, upon receipt by our Manager of a written request for access, inform a requesting physician about our possession and use of his or her information, if any, and permit the physician to access his or her information if it is held or controlled by us. If a physician requests such information or access, the physician must provide sufficient information with his or her request to permit us to provide an account of the existence and use of his or her information. Any physician information provided by us to a physician as a result of a request for access shall be in a generally understandable form.
4.9.2 We will respond to a request within a reasonable time and in any event within thirty (30) days of receipt of the request. We may extend this response deadline for up to an additional thirty (30) days if replying within thirty (30) days would unreasonably interfere with our operations, or if the time required to undertake any consultations necessary to respond to the request would make it impractical to meet that time limit. We will provide written notice to a requesting physician of any response period extension within thirty (30) days of his or her request.
4.9.3 If a physician demonstrates to our satisfaction that any of his or her information that is held or controlled by us is inaccurate or incomplete, we will make appropriate amendments. These amendments may involve the correction, deletion, or addition of physician information.
4.10 Principle 10 - Challenging Compliance