RCM is responsible for all personal information under our control.
Contact information for our Chief Privacy Officer is set out below:
Chief Privacy Officer
RCM Health Consultancy Inc.
1006 Avenue Road
RCM is responsible for personal information in our possession or custody, including information that has been transferred to third parties for processing. We use contractual and other means to ensure that third parties to whom we disclose personal information for processing provide a comparable level of protection with respect to personal information in their possession or control.
We will clearly identify and document the purposes for which we collect, use or disclose personal information at or before the time of collection. As part of our business operations, we may collect and use certain personal information strictly for the following purposes:
In addition, in the unlikely event that RCM sells all or substantially all of its assets, collected personal information will, of course, be one of the transferred assets.
Although RCM will use information collected to create statistics about RCM, such statistics will not contain any information that can personally identify individuals.
The specific uses of personal information in connection with the foregoing purposes will be limited to what a reasonable person would consider appropriate in the circumstances.
If we plan to use personal information we have collected for a purpose not previously identified, we will identify and document the purpose before such additional use. We will state the identified purposes in such a manner that you can reasonably understand how your personal information will be used or disclosed.
We will collect, use and disclose personal information only with the knowledge and consent of the individual, except where inappropriate.
We will use reasonable efforts to seek your express consent for the collection, use or disclosure of your personal information at the time of collection. In some circumstances, such as where we want to use personal information for a purpose that was not previously identified, we may have to seek your consent after your personal information has been collected but before our use for that purpose.
We will not, as a condition of supplying our services to you, require you to consent to the collection, use or disclosure of personal information beyond that which is absolutely necessary.
In certain limited circumstances, as permitted or required by law, we may collect, use or disclose personal information without the knowledge or consent of the individual. Although the following list is not exhaustive, these circumstance include: (i) personal information which is publicly available as defined by regulation; (ii) circumstances where collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely fashion; (iii) to investigate a breach of an agreement or a contravention of a law; (iv) to act in respect of an emergency that threatens the life, health or security of an individual; (v) for debt collection; or (vi) to comply with a subpoena, warrant or court order.
You may withdraw your consent with respect to a particular use or disclosure of your personal information at any time (subject to legal or contractual restrictions) by sending written instructions to our Chief Privacy Officer at the address set out above.
We will limit the amount and type of personal information collected to that which is necessary for our identified purposes and we will only collect personal information by fair and lawful means. We collect the following types of personal information from our clients:
RCM does not use or disclose clients’ personal information to a third party for purposes other than those for which it is collected, except with the express consent of the individual or as required by law.
RCM will retain personal information only for as long as is necessary for the fulfillment of those purposes, subject to legal requirements. Currently, our policy is to maintain personal information provided by our clients for as long as the client uses our services, plus a period of 2 years from the most recent acquisition of information. After such period, our records are amended so that names are removed and the information can no longer be identified with an individual.
We protect personal information with safeguards appropriate to the sensitivity of the information. We employ appropriate safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. We make our employees and business partners aware of the importance of maintaining the confidentiality of personal information, and we will exercise appropriate care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
Our methods of protection include physical measures (for example, locked filing cabinets and restricted access to offices), organization measures (for example, limiting access on a ‘need to know’ basis), and technological measures (for example, the use of passwords and encryption, firewalls, backups).
We will make specific information about our policies readily available, except to the extent that it is confidential commercial information.
Upon written request addressed to our Chief Privacy Officer, we will inform an individual of the existence, use and disclosure of his or her personal information and we will give the individual access to that personal information. An individual can challenge the accuracy and completeness of his or her personal information under our control and have it amended as appropriate.
We will respond to an individual’s written request within a reasonable time (generally within 30 days) and we will assist any individual who informs us that they need assisting in preparing a request. We may require an individual to provide sufficient information to permit us to provide an account of the existence, use and disclosure of personal information. While our response will typically be provided at no cost to the individual, depending on the nature of the request and the amount of information involved, we reserve the right to impose a reasonable cost. In these circumstances, we will inform the individual of the approximate cost to provide the response and proceed upon payment by the individual of the cost. Requested information will be provided or made available in a form that is understandable. Where possible, we will indicate the source of the information.
If you feel that the personal information we hold is inaccurate or incomplete you are invited to advise our Chief Privacy Officer of such inaccuracies and ask that we amend the personal information. Any such request must be in writing.
In providing an account of third parties to which we may have disclosed personal information about an individual, we will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which we have actually disclosed personal information, we will provide a list of organizations to which we may have disclosed the personal information.
If an individual successfully demonstrates an inaccuracy or incompleteness of his or her personal information under our control, we will amend the personal information as appropriate. If a challenge is not resolved to the satisfaction of the individual, we will record the substance of the unresolved challenge. Where appropriate, the amended information or the existence of the unresolved challenge, as the case may be, will be transmitted to third parties having access to the information in question.
In certain situations, we may refuse a request or not be able to provide access to all the personal information we hold about an individual. Exceptions to the access requirement will be limited and specific, as permitted or required by law. Where permitted, the reasons for denying access will be provided to the individual upon request. Although the following list is not exhaustive, exceptions may include: (i) information that contains references to other individuals or contains confidential commercial information, where such information cannot be severed from the record; (ii) information collected in the course of investigating a breach of an agreement or in the course of a formal dispute resolution process; and (iii) information that is subject to solicitor-client privilege.
If for any reason you are not satisfied with the results of our investigation of and responses to your complaint, you may file a complaint with the Office of the Federal Privacy Commissioner:
Federal Privacy Commissioner
112 Kent Street,