External Privacy Policy

Healthserv collects Personal Information including:
(a) Personal history information including date of birth and home address;
(b) Medical history and records including illness, injury, surgical, diagnostic and laboratory reports;
(c) Functional information including activities of daily living, job demands, physical limitations and required accommodations;
(d) Employment records including employment history, job type, performance and discipline records; and
(e) Lifestyle information including diet, weight, alcohol or drug consumption, smoking status and activity levels.

Healthserv discloses Personal Information of Employees to Clients, treating medical practitioners and specialists, third-party service providers and in all cases, disclosure will be limited to the terms upon which consent of the individual was provided subject to those situations where PIPA or other applicable laws provide that consent for disclosure is not required.
Healthserv will never sell an individual’s Personal Information to a third party.

Healthserv will obtain an individual’s consent to collect, use or disclose their Personal Information except where Healthserv is permitted to do so without consent by law or where consent is implied.
Healthserv will obtain express consent either orally, in writing or electronically, as appropriate, depending on the sensitivity of the Personal Information in question. In some cases consent will be implied where the purpose for collecting, using or disclosing the Personal Information is obvious and an individual voluntarily provides their Personal Information to Healthserv for that purpose.
Consent may be withdrawn, in whole, or in part, at any time. However, consent may not be withdrawn if doing so would frustrate a legal obligation. When consent is withdrawn it may frustrate or restrict Healthserv’s ability to provide a particular service or product. In such circumstances, Healthserv will explain the consequences of withdrawal to the individual in order to assist him or her in making a decision.
Healthserv does not require the consent of an individual to collect, use or disclose Personal Information where such collection, use or disclosure without consent is authorized by law, including when:
(a) There is an emergency that threatens an individual’s life, health or personal security;
(b) Where the Personal Information is available from a public source identified in the applicable regulations, such as a telephone directory;
(c) Where a disclosure is to Healthserv’s legal counsel;
(d) Where the collection, use or disclosure is for the purposes of collecting a debt or protecting Healthserv from fraud; or
(e) To investigate the breach of an agreement or contravention of a law.

If Healthserv uses an individual’s Personal Information to make a decision that directly affects that individual, Healthserv will retain his or her Personal Information for at least seven years so that the individual has a reasonable opportunity to request access to it.
Healthserv will otherwise retain Personal Information for as long as necessary to fulfill identified purposes or to fulfill legal or business purposes. Personal Information that is no longer retained will be destroyed in a secure manner, including physically by shredding documents and by deleting digital or electronically stored information.

Healthserv will make reasonable efforts to ensure that Personal Information collected, used, disclosed or retained by Healthserv is accurate and complete.
Individuals may request correction to their Personal Information in order to ensure its accuracy and completeness. A request to correct Personal Information must be made in writing and must provide sufficient detail to identify the Personal Information and the correction being sought.
If the Personal Information in question is inaccurate or incomplete, Healthserv will correct the information as required and will send the corrected information to any organization to which it disclosed the Personal Information in the previous year. If the correction is not made, Healthserv will note the correction request in the file.

Healthserv is committed to ensuring the security of Personal Information collected pursuant to this Privacy Policy in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
Healthserv implements organizational and technological controls to protect Personal Information in its custody or control, including:
(a) the use of locked filing cabinets; locked server stacks
(b) User IDs, passwords, encryption and firewalls;
(c) restricting employee access on a “need to know” basis;
(d) Physically securing offices where any Personal Information is stored; and
(e) Requiring third party service providers to use security measures at least comparable to those implemented by Healthserv.
Healthserv will continually review and update its security policies and controls as technology changes to ensure ongoing Personal Information security.

Individuals have a right to access their Personal Information, subject to come exceptions. For example, an individual may not access their Personal Information where such information is covered by solicitor-client privilege, or where disclosure to the individual would reveal Personal Information about another individual, or would give rise to health or safety concerns.
Requests for access to Personal Information must be made in writing, and must provide sufficient detail to identify the Personal Information being sought. Individuals may also request information regarding how Healthserv has used their Personal Information and to whom their Personal Information has been disclosed.
Healthserv will have thirty (30) days to respond to a request for access to Personal Information, and, if necessary, may require up to a thirty (30) day extension in which case it will advise the applicant in writing. Healthserv may charge a minimal fee for access to Personal Information. In the event a fee is required, applicants will be advised of the fee upfront before the request is processed and will be given an opportunity to abandon all or part of a request.
Healthserv will respond to all access requests in writing. If refused, Healthserv will provide the reasons for the refusal and any recourse available to the Individual with respect to the refusal.

Healthserv’s President/CEO or his or her designate is Healthserv’s Privacy Officer and is responsible for ensuring Healthserv’s compliance with this Privacy Policy and the provisions of PIPA.
Any individual with questions, complaints or concerns regarding this Privacy Policy or Healthserv’s compliance should direct his or her questions in writing to Healthserv’s Privacy Officer at: info@healthserv.com
Any individual who is not satisfied with the response of Healthserv’s Privacy Officer may file a complaint with OPIC.