Skip to main content

Privacy

Updated June 9, 2017

Priv​​acy

Our c​ommitment to you

The College is committed to protecting your privacy. We seek to use best practices in holding any personal information we collect. We collect, use and disclose personal information in accordance with our province's Health Professions Act (HPA), Freedom of Information and Protection of Privacy Act (FIPPA) and other applicable legislation.

Some of the information on our Register is publicly available under Section 22(1) of the HPA and section 3.05 of the College Bylaws, some of which can be viewed through our Nurse Verification Service. This Privacy Statement does not cover that information.

Accoun​​tability

We have people who are responsible for making sure we comply with privacy legislation. Our Registrar/Chief Executive Officer is ultimately accountable for the College's compliance with FIPPA.

If you have questions about our privacy practices, please contact our Privacy Officer​.

back to top

Identifying p​​urposes

We collect personal information, and where applicable use or disclose that personal information, from our registrants (or “nurses”), people who apply for registration as a nurse (or “applicants”), and other individuals who interact with the College, to:

  • Meet our duty to serve and protect the public under section 16 of the HPA.
  • Perform criminal record checks on nurses and applicants as required by section 13 of the BC Criminal Records Review Act.
  • Consider and assess applications for registration under section 20 of the HPA and Part 4 of the College Bylaws, which may include making referrals to the Nursing Community Assessment Service (“NCAS”) when we require an applicant for RN registration to undergo a competency assessment, or in the case of an applicant for NP registration, requiring the applicant to undergo a Competency Assessment Process (“CAP”).
  • Maintain our Register as required by section 21(2) of the HPA.
  • Manage and protect the College's systems, as well as provide system support for nurses, applicants and other users of the College’s systems (learn more about this below under System activity records).
  • Act as authorized or required by applicable law, including the Health P​rofessions Act (e.g. sections 16(2), 39.3 (which requires public notification of some matters) and 53), FIPPA (e.g. sections 26(b) and (c) and 30) and Part 3 of the College Bylaws.
  • Administer and implement the College's quality assurance program under sections 26.1 and 26.2 of the HPA and Part 5 of the College Bylaws.
  • Investigate and dispose of complaints against registrants under Part 3 of the HPA and Part 6 of the College Bylaws.
  • Comply with the procedures and requirements of the Health Professions Review Board, and participate in proceedings before the Review Board, under Part 4.2 of the HPA
  • Contact nurses about our programs or activities, and to obtain nurses' feedback on them.

  • Obtain opinions and feedback from nurses on nursing regulatory issues

  • Obtain information on the effectiveness of our communications to nurses and other stakeholders (e.g. date and time our electronic communications are opened or links within messages are opened) in order to tailor and adapt our communication messages and approaches.
  • Send invitations to participate in third-party research, to those nurses who have asked to receive those invitations.

In the course of College operation and administration, we share personal information with these organizations for the following purposes:

1.    The B.C. Ministry of Health for the BC Provider Registry System, who uses nurses' information:

  • to identify and authenticate nurses, and to confirm the registration status of nurses;
  • to obtain the contact information of nurses;
  • to administer and deliver health programs (for example, the Medical Services Plan, PharmaCare and BC Hospital Programs);
  • for health resource planning;
  • for the purposes specified in section 5 or 18 of the BC E-Health (Personal Health Information Access and Protection of Privacy) Act;
  • for disclosure to healthcare providers such as health authorities, health care bodies, health professionals using electronic medical record systems or other persons as authorized by law; and
  • for other purposes required or authorized by law.

2.    A nurse's employer, where required by Part 4 of the BC Criminal Records Review Act.

3.    The Canadian Institute for Health Information (CIHI), who use nurses' information:

  • for health system uses, including statistical analysis and reporting; and
  • to support the management, evaluation or monitoring of the allocation of resources to, or planning for, the health care system in Canada, including support for the improvement of the overall health of Canadians.

4.    Other health profession regulators who refer their applicants to NCAS when they require an applicant to undergo a competency assessment.

5.   Third party assessors, employers or educational institutions, when we require an applicant for NP registration to undergo CAP

6. Service providers and contractors contracted to provide services to the College that require them to handle personal information (including service providers for NCAS and CAP). These service providers and contractors agree in writing to protect personal information and comply with FIPPA. The College's contract language is based on language provided by B.C.'s Office of the Chief Information Officer.

Furthermore, we will also share a nurse’s contact information with the following organizations for those nurses who give their consent:

1.    the Association of Registered Nurses of British Columbia (ARNBC), for the purpose of receiving newsletters and other communications from them; and

2.    the Canadian Nurses Association (CNA) for the purpose of receiving newsletters and other communications (such as Canadian Nurse Magazine) from them.

We share the following information with the Canadian Nurses Protective Society​ (CNPS), for the purpose of the administration of CNPS’ professional liability protection program; such sharing is authorized by sections 21 and 22 of the Health Professions Act and sections 33.1(1)(c) and (l) of FIPPA: registrant name, identification number, professional designation, business address, business telephone number and registration status dates.

We do not share registrant e-mail addresses with CNPS unless registrants give their consent for this (for the purpose of receiving information about upcoming CNPS risk management webinars, presentations or workshops and for the purpose of the administration of CNPS’ professional liability protection program).

We also collect information from non-registrants. We explain the reasons when we collect the information. 

back to top

Cons​ent

We only collect personal information from nurses and others when allowed to by law, or with the person's consent.

When we need to collect personal information about someone, we usually get the information directly from that person.  We will collect personal information from another source when we:

Limiting collect​ion, use, disclosure and retention

We only collect and use personal information that is needed to meet the purposes described above.

For credit and debit card payments made to CRNBC, we designed our systems so that credit and debit card information is collected directly on our behalf by our payment processor, Moneris Solutions. We do not collect or store any credit or debit card information ourselves. Any credit or debit card information that CRNBC receives by mail, email or fax will be destroyed without being processed.

We only share nurses' and applicants' personal information with the organizations listed above, unless authorized or required by law or court order, or with the individuals' consent. When we send invitations to participate in third-party research or surveys, we do not share any personal information with that outside organization.

We keep personal information used to make a decision about an individual for a minimum of one year. Other personal information may be kept for longer, for example if required by law for financial records.

The personal information we collect and use is generally stored only in Canada.  We however may occasionally use US-based systems and service providers as permitted under section 33.1(1)(l) of FIPPA.  Personal Information stored outside Canada may be accessible to authorities in those jurisdictions according to the law of those jurisdictions.

When personal information no longer needs to be retained, it is destroyed or deleted.  Paper containing personal information is shredded on-site by a service provider that provides a certificate of destruction.  Personal information in online electronic form is deleted from our information systems.

The CRNBC website uses "cookies", which is an Internet-wide protocol used on almost every website.  Cookies are files containing an identifier that are sent by our web server to your web browser, stored in your browser, and returned to us each time your browser requests a page from our server.  This identifier does not contain personal information.  We use temporary session cookies where registrants need to log into our website.  We use Google Analytics for public portions of our website, which uses long-term (persistent) cookies to create reports about the use of our website.

back to top

Accuracy and individ​ual access

We make every reasonable effort to ensure that personal information is accurate and complete. We may contact you for an update if we become aware that your information is inaccurate.

It is your responsibility to contact us if your information needs to be updated. Nurses are required by section 17 of the BC Criminal Records Review Act to report any new charges and convictions to the College that are relevant to their registration.

To update or access your personal information or request a correction of an error or omission:

  • If you are a nurse, you can login to your account or contact our Registration Program Manager at 604.736.7331 or 1.800.565.6505.

Members of the pub​​lic 

Safegu​​ards

We are using reasonable security measures to protect the personal information we have collected, such as but not limited to physical and logical access controls, regular application of vendor-issued system updates, and regular monitoring of personal information access logs.  These measures are intended to prevent:

  • an unauthorized person from accessing the information, or

  • someone from collecting, using, sharing or disposing of personal information when they are not supposed to

System activity records (metadata) and system backups

When you connect and interact with CRNBC’s online services (such as the My Professional Plan web app), our IT systems automatically create, collect and record some technical information about those activities. These activity records, also known as metadata, are a necessary and critical element in managing and maintaining the security and integrity of all modern IT systems used by organizations such as CRNBC. For example, an email address you use to connect and interact with our o​​nline services may be one piece of information recorded in metadata. This technical information allows CRNBC to, for example, keep track of which connections made it through our system firewall and identify whether a connection was allowed somewhere it was not supposed to be allowed. This helps us meet our obligations to protect the personal information of all of our system users, whether or not you are a CRNBC registrant.

All information provided to CRNBC by registrants or other individuals may be stored temporarily in our system backups, for the purposes of business continuity and disaster recovery. Our system backups are permanently and securely deleted on a regular basis.

Access to the activity records stored in our systems and to our system backups is restricted. Staff of CRNBC program departments are not authorized to have access to system activity records or system backups. Access is available to CRNBC’s legal advisors, Privacy Officer and authorized IT staff and IT providers only, on a need-to-know basis, as necessary to provide you with user support or for purposes related to matters such as: installing, implementing, maintaining, repairing, trouble shooting or upgrading our IT system or system equipment; data or operational recovery following a system or equipment failure; or, other matters related to maintaining information secu​​​​rity and confidentiality in our systems and networks or continuity of our business operations. CRNBC’s legal advisors, Privacy Officer, IT staff and IT providers are bound by their legal obligations to maintain the confidentiality of information in CRNBC’s systems, in accordance with applicable laws and CRNBC’s information management and security policies in force from time to time. However, despite these security and confidentiality arrangements, it is possible that CRNBC and its IT service providers may from time to time be compelled to disclose system activity records or system backups, by court order or as otherwise required in accordance with applicable laws.

back to top

Changes to this privacy notice

We may update this notice from time to time to reflect changes to our information practices. We'll post any changes to this page and, if the changes are significant, we will provide a more prominent notice (including email notification if appropriate). We'll also keep prior versions of this Privacy Notice in an archive for your review.

We encourage you to periodically review our Privacy Notice for the latest information on our privacy practices and to contact us if you have any questions or concerns.​

Questions and complaints

You may send your privacy-related questions, concerns or complaints to our Privacy Officer.

  • Privacy Officer
  • 2855 Arbutus Street, Vancouver, BC, Canada V6J 3Y8
  • Email: privacy@crnbc.ca

If our Privacy Officer​ is unable to resolve the concern, you may also write to the Information and Privacy Commissioner of British Columbia.​

back to top

Home > Privacy