GMS: Committed to Protecting Privacy
Collecting and using personal information is necessary for GMS to provide products and services. We commit to use this information only in a responsible manner, and take accountability for our role in protecting it.
We take a principles-based approach to protect personal information and to respect the privacy rights of our customers. GMS complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) for our business in Canada, and with any international privacy regulations to the extent that they apply and do not restrict our ability to comply with PIPEDA. We do not store or transfer personally identifiable information (including personal health information) outside of Canada.
GMS has a Chief Privacy Officer who is responsible to manage our privacy practices, monitor compliance with this Policy, and oversee employee privacy training. Our Chief Privacy Officer is accountable to the GMS Board of Directors to report on privacy protection practices and issues.
Clearly Identified Purpose for Collection
Personal information may be used by GMS for the following purposes:
- maintaining our relationship with you, including verifying your identity and the accuracy of your information;
- communicating with you, including to understand your needs, preferences, and satisfaction with our products and services;
- evaluating applications, determining eligibility, assessing risk, processing claims and payments and administering our products and services;
- complying with legal and regulatory requirements;
- protecting you and us from errors, misrepresentations, fraud and/or illegal activity;
- analysis of data to determine premiums, to understand utilization of benefits and to develop new or improved products and services; and
- providing you with offers for additional products or services in which you may be interested.
We may analyze how you use our products and services, including through our websites and other electronic means. This might include your preferences for certain products, demographics, interests and lifestyle activities. If we know this information, we can offer products and services that are more relevant to you.
Note that phone calls with a GMS representative may be recorded or monitored to:
- create a record of the information and instructions you provide;
- maintain quality service levels; and
- help with staff training.
Informed Consent and Limited Collection
GMS only collects and uses information where we have your permission to do so and when you understand the reasons why the information is being collected and how it may be used or disclosed. In certain exceptional circumstances we may not seek your consent to disclose personal information. The exceptions are determined by law and can include times where legal, medical, or security reasons make it impossible or impractical to seek consent.
You can give consent in writing, as well as verbally, electronically, or through authorized representatives. In certain circumstances, consent is also implied through your actions. For example, paying for a prescription drug using a pay direct card implies consent for the pharmacy to share your personal information with us.
Consent is requested at the time of collection, as well as when a new use of personal information is identified. We will not collect more information than we need to provide you the product or service being offered. You may withdraw consent for personal information to be collected or used at any time, but this may prevent us from continuing to provide you with products or services. For example, withdrawing consent could prevent us from adjudicating or paying claims on your policy.
GMS collects information in the following ways:
- directly from forms and applications you send us;
- through interactions with you or your authorized representatives over the phone, in person or through email or other electronic means;
- from third parties we work with to provide products and services;
- from third parties you have consented to share information with us. These may include:
- other insurance companies or benefit carriers;
- your current or former employers;
- your travel suppliers; and/or
- hospitals, doctors or health practitioners.
- from public sources including government agencies and provincial health authorities.
Limited Use, Disclosure and Retention
GMS only uses and discloses personal information for the purpose for which it was collected. Any other purposes require your consent, unless required or permitted by law. Depending on the circumstances, we may disclose your personal information to:
- third parties we work with in order to provide products and services. We use service providers for printing, mail distribution, payments, software and data storage, market research, administration, claims processing and investigation, reinsurance and other services.
- employees, agents and representatives who need the information to perform their duties;
- your broker and their employees;
- any person or organization to whom you grant consent (for example, by signing a power of attorney);
- people or organizations that work to prevent and investigate suspected fraud as engaged by GMS; and
- other benefit carriers for the purpose of coordination of benefits.
We keep your information as long as we need to provide products and services to you, or as long as required by law, whichever is longer. When we no longer require your information, it is permanently destroyed, erased, or made anonymous. We have a Records Retention and Destruction Policy which outlines the period of time we retain different kinds of records.
Protection Through Appropriate Safeguards
We have procedures designed to protect your personal information from loss and unauthorized access, use, disclosure or modification. We provide regular privacy training to all employees.
We also require all of our employees to attest to compliance with our policies annually.
We have an Information Security Policy which outlines the measures we take to protect your personal information. We use a combination of physical, organizational and technological safeguards that are appropriate for sensitivity of the information and continuously scan and respond to vulnerabilities and new threats.
When we share personal information with our service providers, they are required to protect it in ways that are consistent with our privacy policies and practices.
GMS takes privacy breaches seriously, and has procedures in place to respond to them quickly and completely. We will notify you at the earliest opportunity if your personal information may have been exposed, and take immediate steps to limit the harm done by the breach. We keep detailed records of all privacy breaches in order to adapt and prevent future incidents. When a real risk of significant harm exists (as defined in PIPEDA), we will notify the Office of the Privacy Commissioner that such a breach has occurred.
Access and Transparency
As our customer, you have a right to access and verify the personal information that GMS maintains about you. Depending on the circumstances we cannot always give you access to all the information. As well, a small charge may apply for the fulfillment of a request.
We strive to keep personal information as current and accurate as possible for the purpose it is used. We appreciate timely and accurate notification of changes to personal information. GMS will correct or amend any information if it is found to be inaccurate or incomplete at no charge to you. We will also correct that information if it has been shared by us with a third party.
Inquiries and Concerns
GMS is committed to protect your private personal information and to treating you with the highest level of courtesy and respect. If you have questions about how we approach privacy or any concerns about how a request for personal information was handled, please contact:
Chief Privacy Officer
Group Medical Services
2055 Albert Street
PO Box 1949
Regina, SK S4P 0E3
Or by email: PrivacyOfficer@gms.ca
This policy was last updated in May 2021