Alberta Pilot Project for the Occupational Health and Safety Branch, RCMP

Privacy Impact Assessment

Executive Summary

This Report is a Privacy Impact Assessment (PIA) for the Alberta Pilot Project for the Occupational Health and Safety Branch (OHSB), Royal Canadian Mounted Police (RCMP). The objectives of this PIA Report are to determine if there are privacy risks associated with the Alberta Pilot Project, and if so, to provide recommendations on the mitigation or elimination of the risks.

The scope of this PIA Report covers the Alberta Pilot Project as it applies to the collection, use and disclosure of personal information by the RCMP and the public accounting firm acting on behalf of the RCMP.

The RCMP has chosen to exclude RCMP members from the Canada Health Act in order to ensure consistent health care across Canada, and to meet operational and national security requirements. The Commissioner of the RCMP has the delegated authority to make sure that regular members have access to three levels of health care coverage: Basic, Supplemental and Occupational. Basic health care is similar to the provincial health care system for citizens.

Currently the processing of medical claims is carried out by a combination of RCMP Health Office staff and external health care providers. In 1999, the RCMP entered into a partnership with Veterans Affairs Canada (VAC) for the processing of health claims. This partnership was established via a Memorandum of Understanding (MOU) between VAC, as the managing partner, and the RCMP. The processing of health claims is provided through a third-party contractor, Medavie Blue Cross. Under the contract, Medavie Blue Cross is billed directly for the goods and services provided to the members. Medavie Blue Cross in turn pays the supplier on behalf of, and on the basis of the RCMP-negotiated fee schedule, called the benefit grid.

The Alberta Pilot Project is an initiative that RCMP 'K' division wishes to undertake with the provincial Ministry of Alberta Health and Wellness (AHW), to process the basic healthcare claims of RCMP members living and working in the province of Alberta. AHW is the Provincial Ministry in Alberta that manages the delivery of health care services in the province. The claims would be processed through the province's health care claims billing system rather than using the current health care claims administrator Medavie Blue Cross.

When providers of basic health services submit health claims in the same manner and at the same rates as if the RCMP members were eligible for benefits under the Alberta Healthcare Insurance Act, AHW will administer and pay the health claims as though it were doing so pursuant to the Alberta Healthcare Insurance Act and regulations. AHW will provide a monthly statement that will include health claims diagnostic codes and invoice itemizing amounts payable by the RCMP to AHW. All billing information AHW provides to the RCMP will be aggregate and without personal identifiers.

Currently the RCMP Regular Members’ medical treatment claims billings are captured on a paper form (2135) that contains layered copies. The forms, at times, contain notations from the physician on the reason for the visit and the prescribed treatment. These copies are distributed by mail to the Division Health Services Office to and Medavie Blue Cross for processing and payment back to the physician. At times the content of these forms is reviewed by VAC to resolve billing issues. This results in the potential for personal health information being handled by other employees at the RCMP, VAC and Medavie Blue Cross before payment is made.

The RCMP is charged an administrative fee for the manual inputting of data from the form into the Medavie Blue Cross database. This Pilot will eliminated these $1.20 “per line” fees. Physicians also charge a ten dollar fee for completing the paper form. This fee will also be eliminated through the Alberta Pilot. A Harmonized Tax is charged by Medavie Blue Cross and VAC whenever an administrative service is completed by them as their offices are located in the Maritimes. This additional tax will be eliminated during the Pilot.

The Pilot will demonstrate that all “K” Division RCMP member’s medical billing information is transferred in a secure electronic environment from their physician’s office directly to AHW. Only medical billing codes are used to identify the payment sought for the visit. This will eliminate the possibility of the RCMP employee’s personal medical information being viewed by anyone other then the treating physician, which is currently not the case. The billing information is maintained within a secure database at AHW. Payment is made directly to the physician by AHW. An invoice is generated by AHW, without individual personal identifiers, and sent to the RCMP for payment on a monthly basis for RCMP medical treatment paid for by AHW.

This report identified the following privacy risks, and measures are recommended to mitigate the risks:

Top of Page

1. Program Custodian Accountability for Personal Information Undocumented

The performance requirements of the program custodian for privacy matters have not been documented for the Alberta Pilot Project nor have performance measures been developed for the requirements. Examples of performance requirements are:

• Determining what information will be made available publicly about the Alberta Pilot for a PIA Summary
• Following up on the PIA recommendations for implementation
• Following up on the results of audits
• Managing program response to a possible privacy breach.

2. Draft Agreements Lack Some Privacy Requirements

Personal information will be disclosed to AHW in order to enroll a member in the Alberta Pilot Project. The personal information disclosed to AHW will be managed within the framework of the Alberta Health Information Act (HIA). The RCMP (and an accounting firm acting on behalf of the RCMP) will collect personal information from AHW.

There are a draft MOU with AHW and a draft Statement of Work (SOW) for the accounting firm. The HIA will apply to personal information disclosed to AHW. This means that the personal information may be used by health information custodians (custodians) in the any of the circumstances enumerated in that privacy legislation. Since this is a pilot project the MOU should restrict the use and disclosure of personal information to purposes of the Alberta Pilot Project. The RCMP should provide prior approval if the personal information described in the MOU is to be used or disclosed for a purpose other than the Alberta Pilot Project. This notification for prior approval Since this is a pilot project, the RCMP should be notified if the personal information described in the MOU is used or disclosed for a purpose other than the Alberta Pilot Project. This notification would assist the RCMP at the end of the project to determine if there were any uses or disclosure of members personal information in conflict with the RCMP’s expectations of members’ privacy.

The draft SOW for the public accounting firm does not contain contractual requirements related to privacy. The TBS has published a Guidance Document: Taking Privacy into Account Before Making Contracting Decisions.

Appendix B of the TBS Guidance Document contains a Privacy Protection Checklist for contracting out. .

Because the Alberta Pilot Project is a pilot project, the personal information maintained by AHW on members should be segregated in the database from other personal information on Albertans. The Project is a limited-term project that will have an evaluation completed to determine whether or not it is made into an ongoing business process.

A review of Appendix B of the TBS Guidance Document would also be appropriate for the terms of the MOU.

Top of Page

3. Collection of Alberta Personal Health Number

An AHW-generated identification number, which will enable the RCMP member to use the RCMP health card as if it were a certificate of registration under the Health Insurance Premiums Act (Alberta), will be assigned to each member. The RCMP will collect the AHW-generated number along with the enrollment personal information of members originally disclosed to AHW. It is unclear how the RCMP will use the AHW-generated number. Because this is a pilot project, the RCMP should review and document the need for and the use of the number.

4. Security Procedures to be documented (reference 7.2)

A compact disk (CD) containing enrollment personal information will be personally transmitted periodically by an RCMP official in an agreed format to AHW. The RCMP will obtain personal information from AHW. It has not been determined by the RCMP how the personal information on the CDs will be organized and maintained by the RCMP and the uses that will be made of the personal information.

Because it was determined by Departmental Security that a Threat and Risk Assessment (TRA) was not required, it is unclear if encryption is a requirement for the Protected B information. Since this is a pilot project, it may be prudent to maintain a higher standard than might be required to protect the privacy and confidentiality of the personal information by encrypting personal information in transit.

The security procedures for the collection, transmission, storage and disposal of personal information, and access to it, for the Alberta Pilot Project have not been documented.

Top of Page

5. Management and Handling of Personal information to be documented

The MOU in Article 3.8 identifies as one of the responsibilities of the RCMP the preparation of a paper-based information package to inform the members about the Alberta Pilot Project. The MOU details certain requirements for the contents of the information package such as how the RCMP health card should be used by members. The MOU does not stipulate if members are to be informed on policies and practices relating to the management and handling of their personal information in the Alberta Pilot Project.

Top of Page

6. PIB May be required

It has not been determined if the personal information collected from AHW can fit within an existing personal information bank (PIB) published in Info Source or if a separate PIB is required. The Privacy Act states the requirement for a PIB in the following manner:

10. (1) The head of a government institution shall cause to be included in personal information banks all personal information under the control of the government institution that:

1. has been used, is being used or is available for use for an administrative purpose; or
2. is organized or intended to be retrieved by the name of an individual or by an identifying number, symbol or other particular assigned to an individual.

The Human Resources Management Information System (HRMIS) PIB was registered with TBS and was included in the RCMP Chapter of Info Source as PPU013. A draft PIB for Human Resources Management Information System (HRMIS) is with TBS for inclusion in the next edition of Info Source. It does not appear that the personal information collected by the RCMP for the Alberta Pilot would fit within the PIB. As part of the documentation, the purpose(s) for which the personal information is collected by the RCMP would be documented.

7. RDA May be required

The personal information collected for the Alberta Pilot Project might not be scheduled for retention and disposal if an existing RDA does not cover the records. Scheduling records for retention and disposal is a requirement of the TBS Policy on Information Management. In addition, the Privacy Act Regulations and Library and Archives of Canada Act require that personal information that is used for an administrative purpose (in a decision-making process about the individual) be retained for a minimum of two years. It is unclear if an existing RDA would cover the records in the Alberta Pilot Project.

Conclusion

This PIA Report identified a number of privacy risks that can easily be mitigated or eliminated. These privacy risks generally deal with the completion of documentation to comply with TBS policy requirements.

The Alberta Pilot Project will result in less RCMP members’ personal information routinely being processed within the RCMP. The reduction in the routine use of personal health-related personal information is very positive from a privacy perspective.