Public Service Health Care Plan privacy statement

From: Treasury Board of Canada Secretariat

2009

Definitions

The following definitions are for roles and terms used in the Public Service Health Care Plan Privacy Statement:

Federal Public Service Health Care Plan Administration Authority

Is the without share capital corporation charged with the administration of the Public Service Health Care Plan (PSHCP). Its role is to ensure that benefits and services to plan members and their covered dependants are delivered in a manner that ensures the effective and efficient administration of the Plan. Its responsibilities are set out in its Letters Patent, and include hearing Members' appeals and conducting audits of the payment of benefits by the Plan Administrator. In fulfilling these responsibilities, the Administration Authority may collect the Member's personal information. The Administration Authority is managed by a Board of ten Directors.

Member

Means:

  1. An employee or a pensioner who has applied for and has been granted coverage under the Public Service Health Care Plan (PSHCP) by a designated officer; or
  2. A member of the Canadian Forces (CF) or the Royal Canadian Mounted Police (RCMP) who has applied for and has been granted coverage for their dependants under the PSHCP; or
  3. An individual who is a member of the Veterans Affairs Canada (VAC) client group as defined in Schedule III who has applied for and has been granted coverage under the PSHCP.

(For a complete definition please refer to the PSHCP Plan Directive)

Personal Information

As defined in section 3 of the Privacy Act means information about an identifiable individual that is recorded in any form. A list of the elements of personal information collected to administer the Public Service Health Care Plan (PSHCP) and deliver benefits and services to plan members can be found in section 2 of this Statement under "Collection of Personal Information".

Plan Administrator

Means the organisation under contract responsible to adjudicate and pay claims in accordance with the Public Service Health Care Plan (PSHCP) Directive and direction from the Federal PSHCP Administration Authority.

Plan Participant

Is a person covered under the Public Service Health Care Plan (PSHCP) and includes the Member and/or his or her eligible dependant.

(For a complete definition please refer to the PSHCP Plan Directive)

Treasury Board Secretariat

Is the administrative arm of the Treasury Board (TB) responsible for developing and overseeing the Policy Framework for the Management of pensions and employee benefits, including the Public Service Health Care Plan (PSHCP).

Introduction

The Public Service Health Care Plan

The Public Service Health Care Plan (PSHCP) is a private health benefits plan designed to reimburse Members for all or part of costs they incur for eligible services and products. The PSHCP covers public servants and other members of the federal public administration, parliamentarians, federal judges, dependants of members of the Canadian Forces and the Royal Canadian Mounted Police, those receiving a pension based on service in one of these categories, members of the Veterans Affairs Canada client group defined in Schedule III of the PSHCP Plan Directive, and the dependants of eligible Members.

The Treasury Board of Canada is accountable to Parliament and the Canadian electorate for the PSHCP's performance and for the benefits Canada derives from the investment of public funds in the Plan. However, certain responsibilities have been assigned to two governance bodies comprised of individuals appointed by the Treasury Board, the public service bargaining agents, and the National Association of Federal Retirees (representing pensioner members), so that the PSHCP may be managed collaboratively by these parties. These governance bodies are the PSHCP Partners Committee, which focuses on Plan design and policy, and the Federal PSHCP Administration Authority, a without share capital corporation which has responsibilities for contract management and overseeing the day-to-day administration of the Plan by the Plan Administrator.

For additional information on PSHCP benefits, please go:

The Public Service Health Care Plan Privacy Statement

The objective of the Public Service Health Care Plan (PSHCP) Privacy Statement is to inform individuals who are covered under the PSHCP about who is collecting their personal information; what personal information is being collected and for what purposes; when the information will be disposed of; how to get access to their personal information on file, and, if required, how to correct it. This is consistent with provisions in the Privacy Act.

The Statement applies to the vast majority of the employers participating in the PSHCP (Participating Employers) who are subject to the Privacy Act. They include the Treasury Board Secretariat, departments, agencies, separate agencies, special operating agencies, and boards and commissions.

The Statement does not apply to a small number of Participating Employers that are not subject to the Privacy ActFootnote 1, or the Plan Administrator (Sun Life Assurance Company of Canada). These entities may have their own statements in accordance with privacy legislation to which they are subject.  For example, Sun Life, which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), or in some cases to applicable provincial/territorial legislation in jurisdictions where it operates, makes available to the public its Privacy Policy and Privacy Code. They describe the company's commitment to privacy in the daily management of the personal information of its customers including the participants of the benefits plans it administers. They are available in a section entitled "Respecting Your Privacy" on their Website.

The purpose of this Statement is to describe for plan members the privacy practices of Participating Employers that are required to handle their personal information and that of their eligible dependants pursuant to requirements under the Privacy Act.

Nevertheless information about the responsibilities of Sun Life and those Employers not subject to the Privacy Act is referenced in sections 1, 2 and 3, in order to provide a comprehensive picture of the roles and responsibilities of all parties handling personal information in the course of administering the PSHCP and delivering benefits and services to plan members.

The Privacy landscape in Canada

The Office of the Privacy Commissioner of Canada provides a large inventory of facts sheets and links regarding Privacy in Canada that can be helpful in understanding applicable privacy legislation. This information is available at the following links:

1. Responsibilities

Participating Employers

Participating Employers subject to the Privacy Act:

  • Collect personal information in order to fulfill their respective mandate;
  • Are responsible for the protection of personal information they collect for the purposes described in section 3 of this Statement and to ensure that employees involved in the collection and management of this information comply with privacy policies in the day-to-day management of such information. The government of Canada has a policy on privacy protection; and,
  • Have a designated Access to Information and Privacy Coordinator responsible for ensuring compliance with the Privacy Act and Access to Information Act.

Participating Employers that are not subject to the Privacy Act:

  • Are responsible for the protection of personal information they collect for the purposes of administering the Public Service Health Care Plan (PSHCP). They may or may not be subject to other federal, provincial or territorial privacy legislation. In those cases, Members are encouraged to contact the person within their organization responsible for their employers' privacy practices and to access additional information describing the varied privacy legislation in Canada.

Employees

  • All employees working for an Employer that is subject to the Privacy Act and involved in the collection of personal information for the administration of Public Service Health Care Plan (PSHCP) are responsible to comply with procedures that are in place for the confidential and secure handling of personal information.

Plan Administrator

Sun Life, as the Plan Administrator, is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and to applicable provincial/territorial legislation in the jurisdictions where it does business on behalf of the Public Service Health Care Plan (PSHCP). To this end, Sun Life employs privacy professionals who continually review new and existing legislation, incorporating requirements into Sun Life's internal practices.

2. Collection of Personal Information

The collection of personal information under the Public Service Health Care Plan (PSHCP) is limited to what is required for the purposes described in section 3 of this Statement.

The personal information collected under the PSHCP includes the following:

  • Members' data: last name, given name, date of birth, gender, employee, service, pension number, marital status, contact information, details on other health coverage.
  • Dependant personal information: last name, given name, date of birth, gender, relationship to Member, details on spouse/common-law partner's other health coverage, status of dependant child over age 20 and under age 25,
  • Details of Claim: certificate number, detailed receipts for eligible expenses (e.g. prescription drugs, other medical expenses such as chiropractor or vision care), physician's prescription, diagnostics and treatment plan, medical reports.

3. Purposes of Collection

Participating Employers subject to the Privacy Act and that have entered into an agreement with Public Works and Government Services Canada (PWGSC) for payroll services, collect personal information from Members under the Public Service Health Care Plan (PSHCP) for the purposes of:

  • Certifying eligibility for coverage
  • Registering Members
  • Determining and amending status and coverage
  • Obtaining authorization for payment deductions

Pursuant to an agreement between the parties for payroll services, PWGSC's Superannuation, Pension Transition and Client Services collects personal information from Participating Employers and from pensioners for the purposes of:

  • Certifying eligibility for coverage (pensioners)
  • Registering Members (pensioners)
  • Determining and amending status and coverage (pensioners)
  • Obtaining authorization for payment deductions (pensioners)
  • Providing eligibility data to the Plan Administrator (employees and pensioners)
  • Applying pay deductions (employees and pensioners)

In the case of those Participating Employers that are subject to the Privacy Act and have not entered into an agreement with PWGSC for payroll services, personal information is collected by these employers under the PSHCP for the purposes of:

  • Certifying eligibility for coverage
  • Registering Members
  • Determining and amending status and coverage
  • Obtaining authorization for pay deductions
  • Providing eligibility data to the Plan Administrator
  • Applying pay deductions

The Administration Authority collects personal information under the PSHCP for the purposes of:

  • Hearing plan member appeals, overseeing claims adjudication and plan administrationFootnote 2
  • Communicating with Plan Participants
  • Auditing the Plan Administrator regarding the payments of benefits

Sun Life collects personal information under the PSHCP for the purposes of:

  • Administering the benefits
  • Adjudicating claims
  • Coordinating benefits with other public or private insurance plans

4. Notification and Consent

At the time of their application to the Public Service Health Care Plan (PSHCP), Members are informed by their compensation advisors or pension office of the purposes for the collection of personal information. The Member provides express consent for use and disclosure by the Plan Administrator of the Member's personal information and that of eligible dependants by signing each benefits claim form.

5. Use and Disclosure

Personal information under the Public Service Health Care Plan (PSHCP) is used and disclosed solely for the purposes for which it was collected and identified in section 3 of this Statement.

Participating Employers ensure that policies and procedures are in place to address any improper or unauthorized disclosure of personal information.

6. Accuracy

Participating Employers that are subject to the Privacy Act and their employees administering personal information under the Public Service Health Care Plan (PSHCP), ensure completeness and accuracy of the personal information by having procedures in place that:

  • Regularly update the personal information;
  • Keep a record of the source of the information used to make the changes;
  • Ensure notification of the changes to other parties to whom the information was disclosed; and,
  • Ensure that participants are able to access, and request correction of their personal information.

7. Retention

Personal information concerning an individual that has been used by a Participating Employer subject to the Privacy Act for an administrative purpose shall be retained by the Employer

  • or a minimum of two years following the last time the personal information was used for an administrative purpose unless the individual consents to its earlier disposal; and
  • where a request for access to the information has been received, until such time as the individual has had the opportunity to exercise all his or her rights under the Act.

Other than the required minimum 2 years under the Privacy Act, the retention period may vary by Participating Employer.

8. Access to Personal Information

Plan Participants are informed and will, consistent with the Access to Information and Privacy Acts, be given access, upon their request, to their personal information used and disclosed by the Participating Employer. Plan Participants are able to challenge the accuracy and completeness of the information and request correction, by contacting the designated privacy officers listed in section 9 of this Statement.

There exist several reference tools to assist members of the public in exercising their rights under the Access to Information Act and the Privacy Act.

One of these reference tools is called "Info Source". It is a series of publications containing information about the Government of Canada, its organization and information holdings. It supports the government's policy to explain and promote open and accessible information regarding its activities. Info Source is available at the following URL:

9. Right of Complaint

Plan Participants can address any questions and/or complaints regarding compliance with the above sections using the following contacts:

Treasury Board of Canada Secretariat
Access to Information and Privacy Coordinator
Telephone: 613-957-7154
Email: Brennan Denise

Participating Employers subject to the Privacy and Access to Information Acts
Access to Information and Privacy Coordinators (list of)

Participating Employers that are not subject to the Privacy Act
Participants can address their questions and/or complaints to their respective organization.

Public Works and Government Services Canada (PWGSC)
Access to Information and Privacy Coordinator
Telephone: 819-956-2133
Email: Rachelle Delage

Federal Public Service Health Care Plan (PSHCP) Administration Authority
Access to Information and Privacy Coordinator
613-565-1762   Ext. 242
Email: Access to Information and Privacy mailbox

Sun Life Assurance Company of Canada
Privacy Officer
Telephone: (416) 408-8850
Email: Privacy Officer

2023

Definitions

The following definitions are for roles and terms used in the Public Service Health Care Plan Privacy Statement. For additional definitions such as Dependant, Member, Administrator, and Participant, refer to the PSHCP Plan Directive.

Federal Public Service Health Care Plan Administration Authority
Is the arms-length organization that oversees the administration of the PSHCP on behalf of the Government of Canada.
Personal Information
As defined in section 3 of the Privacy Act means information about an identifiable individual that is recorded in any form. A list of the elements of personal information collected to administer the PSHCP and deliver benefits and services to plan members can be found in section 4 of this Statement under "Collection of Personal Information".
Treasury Board of Canada Secretariat
Is the administrative arm of the Treasury Board (TB) responsible for developing and overseeing the Policy Framework for the Management of public service employee benefits, including the PSHCP.

Introduction

The Public Service Health Care Plan

The PSHCP is a private health benefits plan designed to reimburse Members for all or part of costs they incur for eligible services and products.

The Treasury Board of Canada Secretariat (TBS) is accountable to Parliament and the Canadian electorate for the PSHCP's performance and for the benefits Canada derives from the investment of public funds in the Plan. However, certain responsibilities have been assigned to two governance bodies comprised of individuals appointed by the Treasury Board, the public service bargaining agents, and the National Association of Federal Retirees (representing pensioner members), so that the PSHCP may be managed collaboratively by these parties. These governance bodies are the PSHCP Partners Committee, which focuses on Plan design and policy, and the Federal PSHCP Administration Authority, a without share capital corporation which has responsibilities for contract management and overseeing the day-to-day administration of the PSHCP by the Administrator.

For additional information on PSHCP benefits, please go:

The Public Service Health Care Plan Privacy Statement

The objective of the PSHCP Privacy Statement is to inform individuals who are covered under the PSHCP about who is collecting their personal information; what personal information is being collected and for what purposes; when the information will be disposed of; how to get access to their personal information on file, and, if required, how to correct it. This is consistent with provisions in the Privacy Act.

The Statement applies to the employers participating in the PSHCP (Participating Employers) who are subject to the Privacy Act. They include TBS, departments, agencies, separate agencies, special operating agencies, and boards and commissions.

The Statement does not apply to a small number of Participating Employers that are not subject to the Privacy ActFootnote 1, or the Administrator.  These entities may have their own statements in accordance with privacy legislation to which they are subject.  For example, the Administrator, which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), or in some cases to applicable provincial/territorial legislation in jurisdictions where it operates, makes available to the public its Privacy Policy and Privacy Code. They describe the Administrator’s commitment to privacy in the daily management of the personal information of its customers including the participants of the benefits plans it administers.

The purpose of this Privacy Statement is to describe for plan members the privacy practices of Participating Employers that are required to handle their personal information and that of their eligible Dependants pursuant to requirements under the Privacy Act.

Nevertheless information about the responsibilities of the Administrator and those Employers not subject to the Privacy Act is referenced in sections 1, 2 and 3, in order to provide a comprehensive picture of the roles and responsibilities of all parties handling personal information in the course of administering the PSHCP and delivering benefits and services to plan members.

The Privacy landscape in Canada

The Office of the Privacy Commissioner of Canada provides a large inventory of facts sheets and links regarding Privacy in Canada that can be helpful in understanding applicable privacy legislation. This information is available at the following links:

1. Responsibilities

Participating Employers

Participating Employers subject to the Privacy Act:

  • Collect personal information in order to fulfill their respective mandate;
  • Are responsible for the protection of personal information they collect for the purposes described in section 3 of this Statement and to ensure that employees involved in the collection and management of this information comply with privacy policies in the day-to-day management of such information. The Government of Canada has a Policy on Privacy Protection; and,
  • Have a designated Access to Information and Privacy Coordinator responsible for ensuring compliance with the Privacy Act and Access to Information Act.

Participating Employers that are not subject to the Privacy Act

  • Are responsible for the protection of personal information they collect for the purposes of administering the PSHCP. They may or may not be subject to other federal, provincial or territorial privacy legislation. In those cases, Members are encouraged to contact the person within their organization responsible for their employers' privacy practices and to access additional information describing the Summary of privacy laws in Canada - Office of the Privacy Commissioner of Canada

Employees

  • All employees working for an Employer that is subject to the Privacy Act and involved in the collection of personal information for the administration of PSHCP are responsible to comply with procedures that are in place for the confidential and secure handling of personal information.

Administrator

The Administrator is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) and to applicable provincial/territorial legislation in the jurisdictions where it does business on behalf of the PSHCP. To this end, the Administrator employs privacy professionals who continually review new and existing legislation, incorporating requirements into the Administrator internal practices.

2. Collection of Personal Information

The collection of personal information under the PSHCP is limited to what is required for the purposes described in section 3 of this Statement.

3. Purposes of Collection

Participating Employers subject to the Privacy Act and that have entered into an agreement with Public Services and Procurement Canada (PSPC) for payroll services, collect personal information from Members under the PSHCP for the purposes of:

  • Certifying eligibility for coverage
  • Registering Members
  • Determining and amending status and coverage
  • Obtaining authorization for payment deductions

Pursuant to an agreement between the parties for payroll services, PSPC’s Superannuation, Pension Transition and Client Services collects personal information from Participating Employers and from pensioners for the purposes of:

  • Certifying eligibility for coverage (pensioners)
  • Registering Members (pensioners)
  • Determining and amending status and coverage (pensioners)
  • Obtaining authorization for payment deductions (pensioners)
  • Providing eligibility data to the Administrator (employees and pensioners)
  • Applying pay deductions (employees and pensioners)

In the case of those Participating Employers that are subject to the Privacy Act and have not entered into an agreement with PSPC for payroll services, personal information is collected by these employers under the PSHCP for the purposes of:

  • Certifying eligibility for coverage
  • Registering Members
  • Determining and amending status and coverage
  • Obtaining authorization for pay deductions
  • Providing eligibility data to the Administrator
  • Applying pay deductions

The Federal PSHCP Administration Authority collects personal information under the PSHCP for the purposes of:

  • Hearing plan member appeals, overseeing claims adjudication and plan administrationFootnote 2
  • Communicating with Plan Members
  • Auditing the Administrator regarding the payments of benefits

The Administrator collects personal information under the PSHCP for the purposes of:

  • Administering the benefits
  • Adjudicating claims
  • Coordinating benefits with other public or private insurance plans
  • Communication with Members

4. Notification and Consent

At the time of their application to the PSHCP, Members are informed by their compensation advisors or pension office of the purposes for the collection of personal information. The Member provides expressed consent for use and disclosure by the Administrator of the Member's personal information and that of eligible Dependants by signing each benefits claim form and completing positive enrolment with the Administrator.

5. Use and Disclosure

Personal information under the PSHCP is used and disclosed solely for the purposes for which it was collected and identified in section 3 of this Statement.

In the event of an overpayment where the Member fails to comply with the Administrator on a repayment schedule, the known details of the overpayment situation will be disclosed to the appropriate government institution for the purpose of obtaining consent on the recovery of the overpayment.

Participating Employers ensure that policies and procedures are in place to address any improper or unauthorized disclosure of personal information.

6. Accuracy

Participating Employers that are subject to the Privacy Act and their employees administering personal information under the PSHCP, ensure completeness and accuracy of the personal information by having procedures in place that:

  • Regularly update the personal information;
  • Keep a record of the source of the information used to make the changes;
  • Ensure notification of the changes to other parties to whom the information was disclosed; and,
  • Ensure that participants are able to access, and request correction of their personal information.

7. Retention

Personal information concerning an individual that has been used by a Participating Employer subject to the Privacy Act for an administrative purpose shall be retained by the Employer

  • or a minimum of two years following the last time the personal information was used for an administrative purpose unless the individual consents to its earlier disposal; and
  • where a request for access to the information has been received, until such time as the individual has had the opportunity to exercise all his or her rights under the Act.

Other than the required minimum 2 years under the Privacy Act, the retention period may vary by Participating Employer.

Retention Periods for the Administrator

The Administrator retention period for the PSHCP is 10 years.  This ensures compliance with the Canada Revenue Agency and the Privacy Act.

8. Access to Personal Information

Plan Participants are informed and will, consistent with the Access to Information and Privacy Acts, be given access, upon their request, to their personal information used and disclosed by the Participating Employer. Plan Participants are able to challenge the accuracy and completeness of the information and request correction, by contacting the designated privacy officers listed in section 9 of this Statement.

There exist several reference tools to assist members of the public in exercising their rights under the Access to Information Act and the Privacy Act.

One of these reference tools is called "Info Source". It is a series of publications containing information about the Government of Canada, its organization and information holdings. It supports the government's policy to explain and promote open and accessible information regarding its activities. Info Source is available at the following URL:

9. Right of Complaint

Plan Participants can address any questions and/or complaints regarding compliance with the above sections using the following contacts:

Treasury Board of Canada Secretariat
Director, Access to Information and Privacy
Ottawa, Ontario K1A 0R5
Telephone: 1-866-312-1511
Email:  atip.aiprp@tbs-sct.gc.ca

Participating Employers subject to the Privacy and Access to Information Acts
Access to Information and Privacy Coordinators (list of)

Participating Employers that are not subject to the Privacy Act
Participants can address their questions and/or complaints to their respective organization.

Public Services and Procurement Canada (PSPC)
Access to Information and Privacy Director
Telephone: 873-469-3721
Email: AIPRP.ATIP@tpsgc-pwgsc.gc.ca

Federal Public Service Health Care Plan (PSHCP) Administration Authority
Access to Information and Privacy Coordinator
Email: atip-aiprp@pshcp.ca  

Page details

Date modified: