ITRANS Privacy Statement
ITRANS Privacy Statement

Frequently asked questions

  • Who are we?CSI is a corporation incorporated under the Canada Business Corporations Act and is a wholly-owned subsidiary of the Canadian Dental Association.
  • What do we do?Under the trademark ITRANS, CSI operates an Internet-based electronic transaction and messaging system for health messages and transactions in a manner that provides state-of-the-art security and privacy features. eQualifID is a trademark owned by CSI to describe its digital trust certificate service designed to provide state-of-the-art PKI security and privacy features for the electronic transmission of health messages and transactions. Further information about CSI and its products and services are outlined on the CSI website at www.continovation.com.
  • Who is Covered by our Privacy Statement?In this document, “you” and “your” refers to the individual or corporation who is the sender or intended recipient of a health care message through ITRANST, the individual patient or client, professional regulatory and licensing authorities, professional associations, service providers, such as practice management software vendors, and organizations that facilitate the adjudication and payment of health benefit claims, including, financial institutions.The terms “we”, “us” and “our” refer to CSI and its products and services.Our Commitment to Protecting Your PrivacyCollecting personal information about you is essential to our ability to offer you a secure, efficient, high quality internet-based electronic transaction and messaging system for health messages.Your privacy is important to us. We will respect your privacy through the protection of your personal information. We take great care to keep both confidential and secure all personal information we collect and manage, using state-of-the-art PKI security and privacy systems. CSI’s computer servers are hosted in state-of-the-art secure facilities. CSI has developed both a Privacy Policy and a Privacy Code to ensure the highest standard of protection for personal information, including collection, storage, use and disclosure. These documents reflect and are consistent with the Personal Information Protection and Electronics Act, S.C. 2000, c.5 (PIPEDA).
  • What is “Personal Information”?”Personal Information” is information about an identifiable individual or corporation. In the health care context, personal information means information about an identifiable individual which includes any factual or subjective information, recorded or not, about that individual, including health-related information. It may include the name, address, telephone number and other contact information, usage requirements, aggregated usage patterns and verification information. It does not include the name, title, business address or telephone number of an employee of an organization.
  • What information are we Responsible for Protecting?CSI is responsible for protecting your personal information in our possession or custody, including personal information that has been transferred to, or received from, a third party for processing or for other purposes for which you have consented.
  • How we Protect Your Personal Information?We maintain strict security systems to safeguard your personal information from unauthorized access, disclosure or misuse.User authentication and security of health messages and transactions is enabled through CSI’s digital trust certificate services, “eQualifIDT”Digital trust certificates will be used to authenticate users and secure transmissions through the ITRANST system. Personal information can be viewed and processed only by authorized users. Each data entry is safe, secure and confidential. Further information on the protective features of these services may be found at www.continovation.com.All employees, agents and authorized service providers of CSI are required to protect the confidentiality of your personal information. Access to your personal information is restricted to those employees, agents and authorized service providers who need it to do their jobs.
    Questions and CommentsIf you have any questions about the CSI Privacy Policy and Privacy Code, please contact our Privacy Officer at: privacyofficer@continovation.com,

CSI Privacy Policy

  • Purpose and ConsentBefore collecting personal information from you we will explain to you the purpose of collecting it. Moreover, we will only collect, retain, use and disclose your personal information with your permission, except where otherwise permitted or required by law, and will do so only to the extent that this is necessary to carry out the functions of ITRANS™ and eQualifID™. Personal information not needed for the carrying out of these functions will not be collected.Consent may be either implied or explicit. Health care providers should contact their professional organization and/or your licensing and regulatory authorities regarding requirements for patient consent.The eQualifID™ and ITRANS™ enrollment process for health care providers will include a personal information consent form. A digital trust certificate will be issued to ensure a high level of security.You may withdraw your consent to collect, use and disclose your personal information at any time, subject to legal and contractual restrictions and reasonable notice. Please note, however, that withdrawing your consent will affect our ability to provide you with the benefits of the ITRANS™ service.
  • Limiting Collection of Personal InformationOur collection of personal information is limited to what is necessary and reasonable to provide an effective internet-based mode of delivery of health messages and transactions. The information will be used only for the purposes for which it is collected.
  • Limitation on how Long we Keep InformationData is retained only for the period of time necessary for performing the services offered to you by CSI, including updating the product or services as required by law, and for a reasonable length of time thereafter, in case we need to meet any potential obligations or legal or governmental requirements. When we destroy personal information, we will use safeguards to prevent unauthorized parties from gaining access to the information during the process.
  • Use of Personal InformationWe will collect your personal information in order to expedite the processing of health messages and transactions through our superior internet-based transaction and messaging system.In order to ensure prompt and accurate transmission of information between patients, health care providers and health benefit adjudicators/payors, CSI will check claim messages received from participating health practitioner offices for completeness of data and appropriate formatting. This may involve opening the message file for the purposes of editing, data “scrubbing” or reconfiguration.
  • Disclosure of Personal InformationInformation will be shared among users and with third party service providers associated with the ITRANS™ network only on an “as needed” basis. Any information shared with service providers will be done so on the condition that they will use and retain such information only for the specific purpose for which they are engaged by CSI. Service Providers are required to protect the confidentiality of your personal information in a manner consistent with our own internal measures, or as required by law.For example, banking information of patients and health care providers may need to be shared in order to enable payment of benefits by way of electronic funds transfer. Information about prospective health care providers may need to be shared with professional and regulatory organizations in order to validate credentials.We will not sell your personal information. We will not disclose it to third parties without your knowledge or permission, except in special circumstances, such as during a fraud investigation or in situations otherwise permitted by law. With the consent of the patient, the health care provider and the benefit provider, depersonalized “data extracts” of claim information may be produced for the health care provider’s professional association for research purposes. Neither the individual patient, health care provider nor the benefit provider will be able to be identified from a data extract.
  • Accuracy of Personal InformationWe will strive to ensure that the personal information we have on file for you is accurate and up-to-date as is necessary for the purposes for which it is to be used. If any information needs to be updated or amended, we will make every effort to change our records, and will endeavour to advise other parties having access to the information in question.
  • Access to Your Personal InformationYou have the right to ask whether we hold any personal information about you and to see that information, as provided by law. If you believe any of the information we have collected about you is incorrect or incomplete, you have the right to ask us to change it. Where we have obtained medical information about you from a third party, we will release this information only through your health care provider.Please make your request to CSI’s Privacy Officer, stating as specifically as possible which personal information you are requesting. We will try to respond to your request as soon as possible and will advise you if for some reason we cannot respond right away. Under certain circumstances, we have the right to refuse your request for access to personal information.
  • How to Register ComplaintsYou may register a privacy-related complaint by contacting CSI’s Privacy Officer. We will explain our complaints process to you and will investigate all complaints. If a complaint is justified, we will take all necessary steps to set the situation right, including changing our policies and practices if necessary. We will also let you know what other complaint procedures may be available to you.

CSI Privacy Code

  • Principle 1 – AccountabilityEach employee or agent of CSI is responsible for maintaining and protecting all personal information under their control. CSI has designated an individual to oversee our compliance with the PIPEDA and our Privacy Policy.
  • Principle 2 – Identifying PurposesWe will identify the purposes for which personal information is collected, either before or at the time of collection.
  • Principle 3 – ConsentWe will only collect, use and disclose your personal information with your knowledge and consent, except where otherwise permitted or required by law.
  • Principle 4 – Limiting CollectionOur collection of personal information is limited to what is reasonable and necessary for the purposes identified. Personal information shall be collected by fair and lawful means.
  • Principle 5 – Limiting Use, Disclosure and RetentionYour personal information will only be used, disclosed or retained for the purposes for which it was collected, unless you have otherwise consented, or when it is required or permitted by law. We will only retain your personal information for the period of time required to fulfill the purposes for which it was collected.
  • Principle 6 – AccuracyWe will keep personal information we collect as accurate, complete and up-to-date as necessary to fulfill the purposes for which it was collected.
  • Principle 7 – SafeguardsWe will protect the personal information we collect with security safeguards appropriate to the sensitivity of the information.
  • Principle 8 – OpennessInformation about our policies and practices relating to the management of personal information will be made readily available to you.
  • Principle 9 – AccessYou may request access to your personal information at any time to review its content and accuracy. Upon request, you will be informed of the use and disclosure of your personal information. You are entitled to challenge the accuracy and completeness of the information and to have it amended as necessary.
  • Principle 10 – Complaints and SuggestionsYou may contact us with any questions, complaints or suggestions with respect to our Privacy Policy and Privacy Code.
News