Privacy of personal information is an important principle for the Ontario Chiropractic Association (OCA). We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the appropriate provision of the products and services we provide to our members in our role as a professional association. We also try to be open and transparent as to how we handle personal information. The following describes our privacy policies.
1 – What is personal information?
Personal information is information about an identifiable individual, including that which relates to their personal characteristics (i.e. gender, age, income, home address or phone number, ethnic background, family status), their health (i.e. health history, health conditions, health services received by them), or their activities or views (i.e. religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Personal information is not to be confused with business information (i.e. an individual’s business address and telephone number), which is not protected by the Personal Information Protection and Electronic Documents Act (PIPEDA), an act of the federal government.
2 – Who we are
In existence since 1929, OCA is a voluntary, not-for-profit professional association, representing chiropractors in Ontario. Our mission is to serve our members and the public by advancing the understanding and use of chiropractic care.
3 – The personal information we collect and how we use it
Like all professional associations, we collect, use and sometimes disclose personal information in order to serve our members. At no time do we rent, sell, barter, exchange or distribute our membership list to any third-party for commercial purposes.
3.1 Registration and Renewal Data
We collect personal information from potential members upon registration and annual renewal including, but not limited to, name, contact information, demographic identifiers (e.g.: age and gender), graduation year and institution, CCO registration number, and liability insurance provider.
The purpose of this collection is to ensure our members qualify for membership within the provincial and national association and that, once established as members in good standing, we can provide general membership services and exclusive membership benefits and that we can communicate appropriately with them. The OCA, in specific situations, posts this information to our website with the consent of the member. These uses include our Chiropractor Locator tool, member microsites, and annual award recipients.
3.2 Payment Information
The OCA invoices members for annual dues, including fees related to the use of OCA software — OCA Aspire – integrated EHR and practice management solution, Patient Management Program (PMP) and ChiroWrite. In addition, the OCA collects registration fees for conferences and events and for sales of classified advertisements, products and materials.
Personal information collected (that is not already collected as part of the registration and renewal data):
- Payment details: cash / personal or business cheque or credit card / debit card account number and authorization. All credit card information is collected and sent to our payment partner for use in payment approval and processing only. The OCA does not retain your credit card information. If you elect to provide your bank account information to us for the purposes of payments by to pre-authorized EFT withdrawal, we must retain this information on file.
- Names of additional Doctors of Chiropractic (DCs) and non-DC users of its PMP.
- Names, event choices and dietary preferences of guests registering to attend events with OCA members.
3.3 Program Participation
The OCA hosts multiple in person and virtual events throughout the year and maintains a database of registrants and attendees for internal performance metrics, general communication, and future event coordination and planning purposes.
3.4 Member Surveys
The OCA conducts member surveys on a variety of topics gathering general information and opinions. This data is saved on password protected hard drives and cloud-based storage.
3.5 Patient Information
As a provider of cloud-based practice management solution software, the OCA, through the third-party host KAI Innovations, securely collects and stores patient information for OCA Aspire licence holders. The personal information collected is that which is collected and used by the health care practitioners to deliver health services in their practices, including demographic information (e.g.: age, gender, occupation, etc.), insurance plan, diagnosis, and treatment.
The OCA performs statistical research with the data available through its membership database, the OCA Aspire practice management solution software, and voluntarily submitted annual statistics reports generated within PMP. This data is used by academic researchers in Ontario to identify trends in health care. Researchers adhere to strict privacy and confidentiality principles. This research is used in the OCA’s advocacy efforts.
3.7 Technical Support
A key service provided to OCA’s PMP users is extensive and on-going technical support / troubleshooting. OCA’s PMP Support Representatives collect and use general and technical information provided by users calling for Technical Support. This includes:
- Names and types of DC and non-DC users
- PMP user number
- Names of office staff
- Computer system specs
- Network drive information, for mapping
In addition, each technical support call is logged. Information collected includes:
- Name of caller and best time to return calls
- Alternate phone number
- Type of problem with details
- OCA response / fix
This information enables the OCA to understand the type and frequency of problems encountered by users. This feedback, which has been maintained since the inception of the Support Line, is then used to improve the program, training sessions, user manual and user communications.
In the event of a catastrophic system failure or severe usage problem, PMP users may be asked to forward to the OCA office a copy of their most recent backup files (which contain private patient information). A standard feature of PMP is that patient information is automatically encrypted as part of the daily backup process.
Backup files may be used to attempt to recover a failed system. Once recovered and stabilized (within 30 days) private patient files transferred to the OCA office are destroyed (hard copies shredded and electronic versions permanently deleted from discs or hard drive).
4 – Data Security
In the event a PMP user must upload their patient data to the OCA for repair, the upload is encrypted and transmitted via the Dropsecure service. The PMP Utilities program automatically decrypts the data and replaces it in the Patient Management Program.
The OCA’s membership database is hosted by SalesForce on secure servers located in Canada and secured to multiple international standards.
5 – Disclosure of data
The OCA collects data on behalf of the Canadian Chiropractic Association (CCA) during registration and renewal. Only this information is shared with the CCA.
The Canadian Chiropractic Protection Agency (CCPA), the primary chiropractic practice insurance provider in Canada, requires clients to be members of both the national and provincial associations where they practice. The OCA discloses registration information with the CCPA to confirm this requirement.
The OCA provides members with hosted micro-sites. The personal and business information displayed on the micro-sites is provided by the members directly and is not managed by the OCA. The OCA’s website also contains a list of annual award recipients and a Chiropractor Locator tool for public use. This information is displayed with consent from the member.
Basic member information (e.g.: name and contact information) may be shared with volunteers or other members during OCA programs such as mentoring or award committees. Where feasible, consent is obtained from members participating in the programs and all volunteers with the OCA sign a non-disclosure agreement prior to starting their volunteer work. They are prohibited from using your personal information for any purposes other than those they have been assigned to perform and required to maintain your confidentiality.
The OCA partners with third-party contractors on occasion. When such contractors will have access to member data they are required to sign a non-disclosure agreement prior to starting their work with the OCA and maintain your confidentiality. They are prohibited from using your personal information for any purposes other than those they were contracted to perform.
6 – External Regulation
Various government agencies (Canada Revenue Agency, Office of the Privacy Commissioner of Canada, Human Rights Commission, Ontario Ministry of Finance, Ontario Ministry of Labour, etc.) have the authority to review our files and interview our staff as part of their mandates. External regulators have their own strict privacy obligations.
7 – Your data, your rights
With only a few exceptions, OCA members and former members have the right to see what personal information we hold. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.
We may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days, if at all possible, and explain the reasons.
If you believe there is a mistake in the personal information we maintain in our files, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation to support your request. Where we agree that we have made a mistake, we will make the correction and notify anyone to whom we have sent this information. If we do not agree that we have made a mistake, we will still agree to include in our records a brief statement from you on the point and we will forward that statement to anyone else who received the earlier information.
8 – Internet privacy
- Links: Some of our websites, including member micro-sites, link to other sites that were not created and are not maintained by the OCA. When you link to an outside website, you are leaving the OCA site and our information management policies no longer apply.
- Please note that the OCA does not warrant that functions available on www.chiropractic.on.ca will be uninterrupted or error free, that defects will be corrected or that www.chiropractic.on.ca or the server that makes it available are free of viruses or bugs. You acknowledge that it is your responsibility to implement sufficient procedures and virus checks (including anti-virus and other security checks) to satisfy your particular requirements for the accuracy of data input and output.
- Content, including the information, names, images, pictures, logos and icons regarding or relating to the OCA, its products and services (or to third-party products and services) is provided “as is” and on an “as available” basis. To the extent permitted by law, the OCA excludes all representations and warranties (whether express or implied by law), including implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy. The OCA does not guarantee the timeliness, completeness or performance of the website or any of the content. While we try to ensure that all content provided by the OCA is correct at the time of publication, no responsibility is accepted by or on behalf of the OCA for any errors, omissions or inaccurate content on the website.
9 – Do you have any questions or concerns?
If you have any questions or concerns you may contact:
Dr. Benjamin Xafflorey, Ontario Chiropractic Association, Manager of the Privacy Office
416-860-7187, 201-70 University Avenue, Toronto, Ontario, M5C 2N8
If you wish to make a formal complaint about our privacy practices, you may do so in writing to our Privacy Officer. They will acknowledge receipt of your complaint, ensure that it is investigated promptly, and provide with a response in writing.
For general enquiries and in the absence of any applicable provincial legislation, the Office of the Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as an Ombudsman for privacy disputes. The Office of the Privacy Commissioner can be contacted at:
Privacy Commissioner of Canada
30, Victoria Street
(819) 994-5444/ 1-800-282-1376 / www.priv.gc.ca