Royal College of
Dental Surgeons of Ontario
Contact Us info@rcdso.org RCDSO Member Login
Filter

Privacy Code

Preamble

Dentistry is a regulated profession in Ontario under the Regulated Health Professions Act, 1991 (RHPA). It is the responsibility of the Royal College of Dental Surgeons of Ontario to regulate dentists in the public’s interest.

The College was established by the Dentistry Act and has the following objects as set out in the Health Professions Procedural Code (being Schedule 2 to the RHPA) (RHPA Procedural Code):

  1. To regulate the practice of the profession and to govern the members in accordance with the Dentistry Act, this Code and the Regulated Health Professions Act, 1991 and the regulations and by-laws.
  2. To develop, establish and maintain standards of qualification for persons to be issued certificates of registration.
  3. To develop, establish and maintain programs and standards of practice to assure the quality of the practice of the profession.
  4. To develop, establish and maintain standards of knowledge and skill and programs to promote continuing evaluation, competence, and improvement among the members.
    1. To develop, in collaboration and consultation with other Colleges, standards of knowledge, skill and judgment relating to the performance of controlled acts common among health professions to enhance interprofessional collaboration, while respecting the unique character of individual health professions and their members.
  5. To develop, establish and maintain standards of professional ethics for the members.
  6. To develop, establish and maintain programs to assist individuals to exercise their rights under this Code and the Regulated Health Professions Act, 1991.
  7. To administer the Dentistry Act, this Code and the Regulated Health Professions Act, 1991 as it relates to the profession and to perform the other duties and exercise the other powers that are imposed or conferred on the College.
  8. To promote and enhance relations between the College and its members, other health profession colleges, key stakeholders, and the public.
  9. To promote inter-professional collaboration with other health profession colleges.
  10. To develop, establish, and maintain standards and programs to promote the ability of members to respond to changes in practice environments, advances in technology and other emerging issues.
  11. Any other objects relating to human health care that the Council considers desirable.

In carrying out its objects, the College has a duty to serve and protect the public’s interest.

The legal powers and duties of the College are set out in the RHPA, the RHPA Procedural Code and the Dentistry Act. The activities of the College are subject to a number of oversight mechanisms including both general and specific oversight by the Ontario Minister of Health and Long-Term Care and specific oversight by the Health Professions Appeal and Review Board, the Health Professions Regulatory Advisory Council, the Fairness Commissioner of Ontario and the Courts. The College also assists the Information and Privacy Commissioner of Ontario in its responsibilities overseeing the administration of the Personal Health information Protection Act, 2004 (PHIPA), including by helping to secure abandoned dental records.

In the course of fulfilling its mandate, the College may collect, use, disclose, retain or dispose of personal information regarding applicants for membership, members, members’ patients and persons employed, retained, elected or appointed for the purpose of the administration of the Legislation. The personal information being collected is essential to the College’s ability to effectively regulate the profession in the public’s interest.

Individuals who are employed, retained or appointed by the College as well as every member of College Council or a College committee are required by section 36 of the RHPA1 to maintain confidentiality with respect to all information that comes to their knowledge. Individuals who breach this provision face fines of up to $25,000 for a first time offence and up to $50,000 for a second or subsequent offence. In addition, personal information handled by the College is subject to the provisions of this Privacy Code.

The College’s collection, use and disclosure of personal information in the course of carrying out its regulatory activities are done for the purpose of regulating the profession in the public’s interest. These regulatory activities are not of a commercial character. Accordingly, the performance of the College of its statutory duties is not covered by the Personal Information Protection and Electronic Documents Act (PIPEDA). The College does not have custody or control of personal health information as defined for health information custodians under PHIPA. Accordingly, the College’s regulatory activities are also not normally covered by that Act. However, the College has adopted this Privacy Code voluntarily to provide a mechanism through which the College can provide appropriate privacy rights to individuals involved in the College’s activities while still enabling the College to meet its statutory mandate under the RHPA, the RHPA Procedural Code and the Dentistry Act.

Definition of Terms

The following terms used in this Privacy Code have the meanings set out below:

“Board” means the Health Professions Appeal and Review Board.

“By-laws” means the by-laws of the College passed under the authority of section 94 of the RHPA Procedural Code.

“College” means the Royal College of Dental Surgeons of Ontario.

“Discipline Committee” means the Discipline Committee of the College as required by the RHPA Procedural Code.

“Inquiries, Complaints and Reports Committee” (ICRC) means the Inquiries, Complaints and Reports Committee of the College as required by the RHPA Procedural Code.

“Legislation” means the RHPA, RHPA Procedural Code, Dentistry Act, Regulations and By-laws.

“member” means a member of the College.

“organization” includes an individual, a corporation, an association, a partnership and a trade union.

“patient” is deemed to include an individual to whom an applicant or member of the College has purported to provide professional services.

“personal information” means information about an identifiable individual but does not include the name, title or business contact information of an individual.

“Privacy Committee” means the Executive Committee acting in its capacity as the College’s Privacy Committee.

“Registration Committee” means the Registration Committee of the College as required by the RHPA Procedural Code.

“Regulations” means the regulations made under the RHPA and/or regulations made under the Dentistry Act.

“RHPA” means the Regulated Health Professions Act, 1991 as amended from time to time.

“RHPA Procedural Code” means the Health Professions Procedural Code (being Schedule 2 to the RHPA).

Principle 1 – Accountability

The Registrar is the College’s Privacy Officer. The Registrar or the Registrar’s designate is accountable for compliance with these policies and procedures. Complaints or questions regarding the manner in which personal information is being handled by the College should be directed to the Registrar who can be reached at 6 Crescent Road, Toronto, M4W 1T1, at 416 961 6555 or 1 800 565 4591 or via www.rcdso.org/privacy.

The College will provide orientation and training to all new employees and appointees as well as all members of Council, committees or working groups regarding their obligations pursuant to section 36 of the RHPA and this Privacy Code.

The College’s policies regarding privacy and information management are available on the College’s website at www.rcdso.org and on request by phone at 416 961 6555 or 1 800 565 4591 or by mail at 6 Crescent Road, Toronto, M4W 1T1.

Principle 2 – Identifying Purposes

The purpose for which the College collects, uses, discloses, retains or disposes of personal information is to administer and enforce the Legislation and to act in the public’s interest.

Information About Members

The College collects and uses personal information regarding its members for the following purposes:

  • to assess whether a member continues to meet the standards of qualification for a certificate of registration;
  • to investigate whether a member has committed an act of professional misconduct or is incompetent and to resolve such matters as allowed by the Legislation;
  • to hold a hearing of specified allegations of a member’s professional misconduct or incompetence or of allegations that a member is incapacitated;
  • to approve and monitor a member’s practice with respect to dental CT scans and equipment and/or with respect to sedation and general anesthesia;
  • to carry out the quality assurance program of the College;
  • to administer the program established by the College to provide funding for therapy and counselling for persons who allege sexual abuse by a member of the College;
  • to assess whether a former member’s certificate of registration should be reinstated;
  • to provide statistical information for human resource planning and demographic and research studies for regulatory purposes including providing that information to the Ministry of Health and Long-Term Care and other appropriate agencies;
  • to administer or enforce the Legislation.

The College may collect personal information regarding a member from the member, employers and colleagues of the member, patients of the member, the Ministry of Health and Long-Term Care and other persons, for the purposes set out above.

The College discloses personal information regarding its members only as permitted by section 36 of the RHPA or as required by law or as permitted by the By-laws. For example, the College is required under the RHPA Procedural Code to maintain a register containing information about its members and to post the register on the College’s website. Such information includes, but is not restricted to: members’ qualifications and practice information; court findings of professional negligence or malpractice made against the member unless the finding is reversed on appeal; and every finding made against a member as a result of a disciplinary or incapacity proceeding. The By-laws also require that information be posted to the register about certain outcomes from ICRC proceedings, which are also indicated in the ICRC’s Risk Assessment Framework. This includes information about the use of dental CT scans and/or sedation or general anesthesia by members; any terms, conditions or limitations or restrictions on a member’s certificate of registration; allegations of professional misconduct that have been referred to the Discipline Committee or questions of incapacity that have been referred to the Fitness to Practise Committee, as well as the results of proceedings before those Committees; findings of guilt in respect of criminal offences that the Registrar believes are relevant to the member’s suitability to practice; and any restrictions on the member’s right to practise imposed by any court or other lawful authority.

Information About Employers, Colleagues and Patients

The College collects and uses personal information regarding the employers, colleagues and patients of members of the College for the following purposes:

  • to assess whether a member continues to meet the standards of qualification for a certificate of registration;
  • to investigate whether a member has committed an act of professional misconduct or is incompetent;
  • to approve and monitor a member’s practice with respect to dental CT scans and equipment and/or with respect to sedation and general anesthesia;
  • to hold a hearing of specified allegations of a member’s professional misconduct or incompetence or of allegations that a member is incapacitated;
  • to carry out the quality assurance program of the College;
  • to administer the program established by the College to provide funding for therapy and counselling for persons who allege sexual abuse by a member of the College;
  • to assess whether a former member’s certificate of registration should be reinstated;
  • to administer or enforce the Legislation.

The College discloses personal information regarding the employers, colleagues and patients of members of the College only as permitted by section 36 of the RHPA or as required by law. For example, hearings of the Discipline Committee are required, subject to certain exceptions, to be open to the public. Evidence at a hearing of the Discipline Committee may include personal information regarding the member of the College who is the subject of the allegation of professional misconduct or incompetence, as well as personal information regarding the member’s patients related to the allegations of professional misconduct or incompetence. However, patients’ personal information presented as evidence at a hearing of the Discipline Committee is routinely subject to a publication ban.

Another example of disclosure of personal information about patients of members of the College relates to complaints regarding the conduct or actions of members of the College. Where a complainant or a member does not agree with a decision of the ICRC either person can, subject to certain exceptions, request a review by the Board. When this occurs, the College discloses a record of the investigation and of the member’s prior decisions with the College to the Board in accordance with the RHPA Procedural Code. The College instructs the Board not to disclose the member’s prior decisions.

Information About Applicants For Registration and Potential Members

The College collects and uses personal information regarding potential members to assess whether a potential member meets the standards of qualification to be issued a certificate of registration and to administer or enforce the Legislation. This may include information about patients of potential members from other jurisdictions. The College discloses personal information regarding applicants and potential members, references about them and their patients only as permitted by Section 36 of the RHPA or as required by law. For example, the RHPA Procedural Code provides a procedure for an applicant who does not agree with a decision of the Registration Committee to request a review or a hearing by the Board. The RHPA Procedural Code requires that the College disclose to the Board a copy of the order and reasons of the Registration Committee and the documents and things upon which the decision was based. This disclosure of personal information to the Board is required under the RHPA Procedural Code.

Information Related to Unauthorized Practice and Holding Out

The College collects and uses personal information regarding individuals who may be practising the profession of dentistry using protected titles or holding themselves out as practising the profession and their patients to investigate whether the individual has contravened or is contravening the Legislation and to administer or enforce the Legislation. The College discloses personal information regarding such individuals as permitted by section 36 of the RHPA or as required by law, including by naming such individuals on the College’s website to ensure patient safety.

Information Related to Administering the Legislation

The College collects and uses personal information regarding individuals who are retained, elected or appointed for the purpose of the administration of the Dentistry Act including the following:

  • to review prospective candidates and retain or appoint persons for the purpose of the administration of the Act;
  • to maintain records to ensure accurate remuneration and payment of expenses, and all documentation required by law and by the various levels of government in accordance with sound accounting practices;
  • to communicate with the person (e.g., home contact information);
  • to maintain accurate and fair accounts of any disputes, possible conflicts of interest or misconduct involving a person retained or appointed for the purpose of the administration of the Act or a member of the Council or committee of the College;
  • for purpose of making payments and providing benefits.

The College discloses personal information regarding the individuals referred to above only as permitted by section 36 of the RHPA, as required by law, or as permitted by By-law.

Specifying the Identified Purpose

Where practicable, the College will make a reasonable effort to specify the identified purposes to the individual from whom the personal information is collected, either at the time of collection or after collection but before use, except where to do so would defeat the purpose of the Legislation or be inconsistent with the Legislation.

The College will state the identified purposes in such a manner that an individual can reasonably understand how the information will be used or disclosed.

Where personal information is collected for one purpose, the College has the right to use and disclose the information for another regulatory purpose where it is in the public’s interest to do so. For example, the ICRC will receive all information, documents and reports concerning a member, no matter what the originating source. Further, the ICRC is required to review and consider the prior history (i.e. previous complaints or reports), including prior decisions dismissing a complaint or concern. In certain situations, the complainant may also obtain information about the member’s prior history.

Principle 3 – Consent

The College collects personal information for purposes related to its objects (see Preamble for the College’s objects) including for the purpose of the proper administration and enforcement of the Legislation and for other related regulatory purposes. In carrying out its objects, the College has a duty to serve and protect the public’s interest.

Where practicable, the College will make a reasonable effort to specify the identified purposes to the individual from whom the personal information is collected as described in Principle 2. However, obtaining consent of the individuals would, in many cases, defeat the purposes of the College’s collecting, using and disclosing the personal information. Personal information will only be collected, used, disclosed, retained or disposed of without the knowledge and consent of the individual to the extent necessary to administer or enforce the Legislation. For example, personal information about a patient may be collected and used without the patient’s consent for the purpose of the College’s quality assurance program regarding the assessment of a member’s practice in accordance with the RHPA Procedural Code and the Regulations. Another example is that personal information about a patient may be collected and used without the patient’s consent for the purpose of an investigation of a member in accordance with the RHPA Procedural Code and the Regulations.

Principle 4 – Limiting Collection

The College collects only the personal information that is required for the purposes identified in Principle 2 of this Privacy Code. The College collects personal information using procedures that are fair and lawful.

Personal information regarding patients must be collected as part of the College’s regulatory function. This information is typically obtained by the College as part of an investigation or quality assurance program. The focus of these inquiries is the conduct, competence or capacity of the member and the protection of the public. The College only collects personal information regarding patients to satisfy this regulatory purpose.

Principle 5 – Limiting Use, Disclosure or Retention

The College uses personal information only for the purposes identified in Principle 2 and in accordance with the provisions of the Legislation. Personal information is only disclosed in accordance with the provisions of section 36 of the RHPA or as required by law.

The RHPA Procedural Code and By-laws clearly designate the information regarding members that is publicly available and the By-laws can be accessed from the College website at www.rcdso.org or by contacting the Registrar at 6 Crescent Road, Toronto, M4W 1T1, at 416 961 6555 or 1 800 565 4591 or via www.rcdso.org/privacy. In addition, under the RHPA Procedural Code, the College is required to publish certain information regarding discipline hearings conducted by the Discipline Committee.

Under the RHPA Procedural Code, discipline hearings conducted by the Discipline Committee are usually open to the public. Evidence at a discipline hearing may include personal information regarding the member and the member’s patients, employers and colleagues related to allegations of professional misconduct or incompetence. Under the RHPA Procedural Code, the panel of the Discipline Committee has discretion to close a hearing under certain prescribed circumstances and/or restrict the publication of personal information where appropriate. Under the RHPA Procedural Code, reviews of decisions of the ICRC and Registration Committee by the Board are open to the public. Similarly, the Board has discretion to restrict the disclosure of personal information in its review process. The objective of these regulatory processes is always the protection of the public.

The College maintains and regularly updates a Records Classification Scheme and Retention Schedule.

Principle 6 – Accuracy

The College uses its best efforts to ensure that the information it collects, uses, discloses, retains or disposes of is accurate.

Members are required to provide the College with current name, contact and employment information and to advise the College of changes within ten (10) days of any change. This information is updated on the Register within 24 hours of the College receiving this information and when members renew their registration with the College.

Principle 7 – Safeguards

The College ensures that personal information it holds is secure.

The College ensures that personal information is stored in electronic and physical files that are secure. The College employs multi-layer security systems to protect electronic data within the College’s infrastructure, as well as policies on security for mobile devices and email encryption. Other security measures include restricting access to personal information to authorized personnel, ensuring that physical files are under lock and key, encrypting digital files for transfer off-site, and managing Committee materials centrally. The College reviews its security measures regularly to ensure that all personal information is secure.

Employees of the College receive an orientation and ongoing training regarding the information safeguards required for personal information and their importance. Council members and committee members receive orientation as to their obligations to maintain confidentiality.

The College ensures that personal information that is no longer required to be retained is disposed of in a confidential and secure fashion.

Principle 8 – Openness

In keeping with the College’s Core Values, which include Transparency, Accountability and Responsiveness, the College’s personal information management policies and procedures are available to the public and its members via the College’s website at www.rcdso.org or can be requested by phone at 416 961 6555 or 1 800 565 4591 or by mail at 6 Crescent Road, Toronto, M4W 1T1. Inquiries concerning the College’s policies and practices for collecting, using and disclosing personal information may be directed to the Registrar at 6 Crescent Road, Toronto, M4W 1T1, at 416 961 6555 or 1 800 565 4591 or via www.rcdso.org/privacy.

Principle 9 – Individual Access

Access

Where the College holds personal information about an individual, upon written request, the College may allow access to the information to that individual, unless providing access could reasonably be expected to interfere with the administration or enforcement of the Legislation or it is impracticable or impossible for the College to retrieve the information.

Examples of situations where access may be denied include:

  • Information contains references to another individual(s) that cannot be severed;
  • Disclosure may result in significant risk of harm to the requestor or a third party;
  • Disclosure may defeat the purposes for which the information was collected;
  • Information cannot be disclosed for legal, security or commercial proprietary reasons;
  • The request is frivolous, vexatious, made in bad faith or otherwise an abuse of process.

In cases where the personal information forms part of a record created by another organization, the College may refer the individual to the health information custodian (unless it is inappropriate to do so) so that the individual may obtain access to the personal information from the custodian rather than the College.

Subject to the exceptions of the sort described above, the College will also provide a list of organizations to which the College has provided personal information when requested to do so by the individual.

While the College’s response will typically be provided at no cost or minimal cost to the individual, depending on the nature of the request and the amount of information involved, the College reserves the right to impose a cost recovery fee. In these circumstances, the College will inform the individual of the approximate cost to provide the response and proceed upon payment by the individual of the cost.

The College will make reasonable efforts to respond to the request within thirty (30) days.

Individuals should send their written request for access, with contact information and sufficient information about themselves to identify them, to the Registrar at 6 Crescent Road, Toronto, M4W 1T1, at 416 961 6555 or 1 800 565 4591 or via www.rcdso.org/privacy.

In the event the College refuses to provide access to all of the personal information it holds, then the College will provide reasons for denying access.

Challenging accuracy and completeness of personal information

An individual has the right to request a correction of what, in his or her view, is erroneous information. Where the information forms part of a record created by another organization, the College may refer the individual to the health information custodian (unless it is inappropriate to do so) so that the individual may challenge the accuracy or completeness of the information directly.

Principle 10 – Challenging compliance

Complaints or questions regarding the College’s compliance with this Privacy Code should be directed to the Registrar who can be reached at the College.

If the Registrar cannot satisfactorily resolve a complaint, the College has a formal privacy complaints procedure which includes:

  • acknowledging the complaint;
  • review of the complaint by the College’s Privacy Committee;
  • providing a written decision and reasons to the complainant; and
  • taking appropriate measures where the complaint is found to be justified.

Please note that there is a different process for handling complaints about the conduct or actions of a member of the College. Complaints can be filed through the College’s website, in writing by e-mail or surface mail, or on an audio or videotape. Alternatively, concerns about a member of the College may be reported to the Registrar at 6 Crescent Road, Toronto, M4W 1T1, at 416 961 6555 or 1 800 565 4591 or by email at ifefergrad@rcdso.org