Last updated: December 15, 2020
Our privacy commitment to you
The privacy of member (“you” and “your”) information is of the utmost importance to us at Saskatchewan Blue Cross and its subsidiaries (“we”, “us” and “our”). As a business that operates in Canada and collects and uses personal information, we are held to the Personal Information Protection and Electronic Documents Act (PIPEDA). Our Privacy Code reflects the requirements and privacy protection measures of PIPEDA.
We respect the trust you place in us when you provide us with your personal information, and we take our responsibility to you very seriously. We have always been, and will continue to be, committed to protecting your privacy and ensuring personal information remains confidential. Respecting our members’ privacy and the confidentiality of their personal information is fundamental to the way we do business.
Our Privacy Code (“Code”) explains how we collect, manage, and protect your privacy and safeguard your personal information. This Code applies to all aspects of managing your personal information in any form, whether oral, electronic or written, and to all of your interactions with us whether in person, via our website, our online member portal, or through our Contact Centre.
Each Saskatchewan Blue Cross employee plays a role in ensuring that personal information is respected and protected within their control. We promote good privacy practices by providing ongoing training and education to employees and authorized contractors to ensure their continued awareness of and compliance with privacy laws and our policies.
What is personal information
Some examples of personal information include your name, address, birthdate, identifying numbers, employment information, medical records and financial information. Personal information does not include business contact information, anonymous information or de-identified information that is not associated with a particular individual.
Why we collect, use and disclose your information
Generally, we need to collect your personal information for the following reasons:
A. To provide products and services
- To confirm your identity and the accuracy of your information.
- To determine your eligibility for coverage for a product or service.
- To process registrations and transactions with us.
- To evaluate applications and underwrite the products you apply for.
- To adjudicate and process your claims.
- To fulfill your product and service requests and inquiries.
B. To communicate and maintain a relationship with you
- To provide you with notices about your account, including expiration and renewal notices and payment details.
- To provide you with information and updates about products and services you are enrolled in.
- To maintain and manage our relationship with you.
- To contact you for marketing purposes; for example, sending you occasional email messages on products which may be of interest to you, promotions, contests, news and community support.
- To respond to your questions.
- To ask for your feedback.
C. To manage and develop our business
- To detect and protect you and us from errors, misrepresentations, fraud, or contravention of laws or criminal activity.
- To maintain the security of our employees, members, and property (for example, through the use of video surveillance).
- To assess and respond to a complaint you might make relating to our products and services.
- To determine and offer other products or services you may be interested in.
- To plan benefit enhancements and sound financial management.
- To analyze data to help us make decisions and improve the products and services we offer, including through our website and other electronic means.
- For quality assurance or training.
D. To meet legal and regulatory requirements
- To comply with any court order, law or legal process, including responding to any government or regulatory requests. For example, to satisfy a request for information from a regulator about a customer complaint and how it was resolved.
- To carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection.
- To fulfil statutory requirements, including tax reporting obligations.
If we want to use your personal information for a purpose other than those stated at the time of collection, that new purpose will be documented and if required, we will obtain your consent.
What do we collect
The type of personal information collected depends on the type of product or service involved. For example, we may collect:
- Information that identifies you or your named dependents, such as: your name, address, telephone number, email address, marital and dependent status, date of birth, Saskatchewan Health Card number and other personal identification information to identify you, set you up in our system or communicate with you.
- If you apply for individual or group benefits, we may collect health or lifestyle-related information, such as your medical information, occupation, place of employment and annual income.
- Information you provide to us relating to insurance claims that you make, such as healthcare providers, treatments or services received, or drug expenses.
- Banking or credit card information to set up payments for your claims or to collect payment from you.
- We may record or monitor incoming and outgoing calls for quality assurance and training purposes, or to create a record of the information you provided and your instructions. You will always be informed that your call is being recorded and why.
How we collect your personal information
A. We collect your personal information directly from you:
- When you complete paper or web-based applications and forms.
- Through our interactions with you in person, by telephone, by email, through our website, member portal, or other methods.
B. We may receive personal information about you from third parties that may include:
- Your employer or third-party administrator if you apply for group benefits.
- Third parties we work with to issue and manage our products and services, whether now or in the future.
- Third parties you allow to disclose information to us.
- Public sources, such as government agencies.
- With your consent, we may verify or gather personal information from your physician(s) and health care provider(s), other health and life insurers and reinsurers to confirm or obtain additional information about you.
In these cases, we take steps to ensure the individual providing the personal information understands their obligations regarding the collection, use, and disclosure of that personal information. We receive your personal information from these other sources with your consent, or if the law requires or permits us to do so.
C. Through technologies
- We may collect personal information through various technologies used at our offices. These include point of sale systems, video surveillance, and other similar types of technologies which we may use from time to time. For example, we use video surveillance in areas surrounding our offices for security purposes, to protect against theft, to prevent damage to our properties, and to prevent fraud.
D. Through our website and member portal
Your consent is important to us
A. Directly from you
- When we collect personal information directly from you, we may obtain your consent in writing, as well as verbally, electronically, or through authorized representatives.
B. Implied consent
- When we can reasonably conclude that you have given permission by some action you take. For example, by presenting your benefits card, you give consent for your health service provider to disclose your personal information to us. Or when you use our Contact Centre service and continue the conversation after hearing that your call may be recorded.
How you can withdraw your consent
- You may withdraw your consent to receive electronic or printed documents from us by contacting our Contact Centre or controlling your preferences online through our member portal.
- If you do not want your calls recorded, you have other options for conducting business with us; for example, by visiting one of our in person locations, or by writing to us, or using our member portal.
- If at any time after you have consented to us using your information for marketing purposes you wish to stop receiving this information, you may ask us not to contact you by telephone, mail or email. Simply modify your communication preference settings by contacting our Contact Centre or by adjusting them online using our member portal. When you opt out of marketing promotions, you may still receive information from us relating to the products and services you hold with us, including renewal notices, payment details, service notices or updates, and information which allows you to make informed decisions about the continued suitability of our products and services to you.
When we share your personal information
A. Service Providers
- When you give us your consent to discuss your personal information with a specific person or organization.
- To third-party service providers to manage your benefits with us. For example, our 24/7 travel assistance and claims management provider.
- To other insurers to determine eligibility for benefits or to coordinate benefits.
- To financial institutions to set-up payments for your claims or your plan.
- To third-party auditors, consultants, or administrators to fulfill the terms of your benefit plan.
We attempt to limit the number of service providers we use outside of Canada. However, some providers may be located outside of Canada.
- We may transfer personal information to these service providers for specific services in accordance with the purposes set out in this Code.
- When we engage a service provider outside of Canada, we require that they are contractually obligated to keep personal information confidential, to use the personal information only for the purpose we disclose it to them for, and to process the personal information with the same standards as set out in this Code.
- Personal information outside of Canada is subject to the laws in the foreign country that may allow law enforcement, courts, and regulatory agencies to access the personal information.
- If you would like more information on our use of service providers outside of Canada, please contact our Chief Privacy Officer.
B. Other Permitted Purposes
- We may share your personal information to enforce our agreements with you or your employer, or to investigate and defend ourselves against any third-party claims or allegations. This includes exchanging information with other companies or organizations for the purposes of fraud protection.
- We may share your personal information with law enforcement or other government agencies if we are required to do so to meet legal and regulatory requirements. For example, when we are required to provide records in response to a valid court order.
If we need to share your personal information for additional purposes, we will obtain your consent where required by law.
How you can access your personal information
Depending on the information you are requesting, you may be able to receive the information via telephone inquiry, online through our member portal, or in person. For example, checking to see what address or telephone number we have recorded. Requests for more substantial amounts of personal information should be made in writing. We will respond to such a request within a reasonable timeframe in compliance with applicable law.
In certain circumstances, we may not be able to provide you with all your personal information, as access may be limited or prohibited by privacy legislation. For example, if the release of the information would reveal personal information about another individual.
If we cannot provide you with all or part of your personal information, we will inform you of the reason why and provide you with a contact to answer your questions. When information is not easily accessible, there may be a charge for the personal information you request. If this happens, we will let you know. Please contact the Chief Privacy Officer at the address below for more information.
How you can correct your personal information
You can contact us via telephone, the member site, or in person to update your personal information. If you have a group plan, ensure your employer or third-party administrator has your updated personal information as well.
If we are unable to update your personal information, we will explain why, and we will make note of your requested correction(s). We will also provide you with a contact to answer your questions, and information on how you can request a review of our decision.
How we secure your personal information
Your personal information may be stored electronically, in paper format or in telephone recordings and may only be accessed by people with the proper authority. We use security safeguards that match the sensitivity level of the information, including but not limited to:
A. Physical safeguards such as our building security measures and restricted access to offices.
B. Organizational safeguards through our policies, practices, and access levels, including:
- We take privacy and security training and awareness seriously. We educate employees as to their obligations with regard to your personal information, including confidentiality agreements.
- Conducting strict identification checks on all people requesting access to personal information.
- Limiting access to personal information to those employees, contractors, and third parties on a need to know basis and who require the information for one of the identified purposes.
- Making reasonable efforts to ensure third-party service providers have appropriate security to protect your personal information.
C. Technical safeguards by using various methods including:
- A robust information security program that makes use of firewalls, intrusion detection systems and virus scanning tools to protect against unauthorized persons and viruses from entering our systems.
- Password protection. If you use a password to access our web services, including our member portal, you are responsible for choosing a strong password that is difficult for others to guess, and keeping the password confidential to prevent unauthorized access, disclosure, copying, use and modification through the web service.
- Anonymization, which is the process of altering your personal information so that it can no longer be used to identify you (See 'Combining data').
- Masking, which is the process of modifying your personal information so that the structure remains the same, but the content is no longer identifiable.
- Encryption, which is the process of obscuring your information to make it unreadable without the use of a code or a key.
How long we keep your personal information
We may combine anonymous information to create a collection of data that may be used or disclosed in the following ways:
- To understand overall user needs and design new products and services.
- To perform research and studies aimed at improving our products, services and technologies.
- For market research, education and other related projects.
- Where you are part of a group health benefits program, for your employer to gauge the health of their organization and identify areas for health and wellness improvements.
Your privacy and the internet
Our website and online services
- The number of users who visit the website.
- The browser and device you are using.
- The date and time of your visit, and the pages you visit within our websites and member portal.
- The number of times you visit our websites, member portal.
- Your geolocation and IP address, which is provided by your device.
- How long you stay on our websites, member portal, and at what point you exit.
This information is only viewed in the aggregate and on its own does not identify an individual. We will only collect information that is required for, or related to providing products and services, conducting business, understanding member needs, and analyzing and improving our website quality and performance.
Our websites and electronic communications assign each electronic device with a different cookie for select purposes. For example:
- To assist us in authenticating you and your device.
- To collect anonymous statistical information to help us understand the website and member portal use.
- To remember and honour your preferences and settings to speed-up load time of our pages.
- To enhance the security features.
- To improve and provide better service.
- To help develop interest-based advertising.
- To show us how many people opened a link in an email.
You can control cookies by setting your preferences on your browser. We suggest using the help button on your computer or web browser to find out more on how to set the browser to notify you about cookies. You may opt out of the analytics we collect at any time by adjusting your settings.
Our web pages may also contain electronic images known as web beacons. These are clear GIF images or action tags embedded in a web page or an email and usually invisible to the individual. Web beacons are used for many of the same purposes as cookies. They allow us to compile aggregate statistics about website usage patterns, such as how many times a link or an area on a website is clicked or whether or not an email is opened.
Links to other sites
Electronic communication preferences
Changes to our Privacy Code
Contacting our Chief Privacy Officer
If you have any questions or would like further information about our privacy and information handling practices, please contact us at:
Saskatchewan Blue Cross Chief Privacy Officer:
Note: Email is not a 100% secure medium. Please consider the type of personal information you are sending to us when contacting us via email.
PO Box 4030, 516 2nd Avenue North
How to make a privacy complaint
We realize that even in the best-run organizations, things can go wrong. If you are unhappy with, or should have a privacy complaint, please notify us as it gives us the opportunity to fix the problem. We have a defined resolution process that will ensure your privacy concerns are fully investigated and responded to, and that any identified issues are addressed.
The Chief Privacy Officer will acknowledge your formal written concern by contacting you within a reasonable timeframe. You will be informed of the process we will follow to address your concerns and determine the outcome.
If the identified privacy issue is not resolved to your satisfaction, you may file a complaint in writing to:
Office of the Privacy Commissioner of Canada
1st Floor, 30 Victoria Street