Privacy

​Nov. 18, 2022

This Privacy Notice applies to the personal information of nurses and midwives (“registrants"), people who apply for registration as a nurse or midwife (“applicants"), and other individuals who interact with the college.

• The college's commitment to you​
  
• Accountability
• Identifying purposes
• Limiting collection, use and disclosure
• Storage and retention
• Cookies
• Accuracy and individual access
• Safeguards 
• System activity records (metadata) and system backups
• Changes to the privacy notice
• Questions and​ complaints

The college's commitment to you​

The college is committed to protecting your privacy. The college collects, uses and discloses personal information in accordance with British Columbia's Health Professions Act (“HPA"), Freedom of Information and Protection of Privacy Act (“FIPPA") and other applicable legislation.

The college has personnel who are responsible for making sure the college complies with applicable privacy legislation. The college's Registrar/Chief Executive Officer is ultimately accountable for the college's compliance with FIPPA.

back to top

​Identifying purposes

The college collects personal information for various reasons from registrants, applicants, and other individuals who interact with the college, including to:

• meet the college's duty to serve and protect the public under section 16 of the HPA.

• perform criminal rec​​​ord checks on registrants and applicants as required by section 13 of the British Columbia Criminal Records Review Act (“CRRA").

• consider and assess applications for registration under section 20 of the HPA and the college bylaws, which may include making referrals to the Nursing Community Assessment Service (“NCAS") when the college requires an applicant for Registered Nurse, Licensed Practical Nurse or Registered Psychiatric N​​urse registration to undergo a competency assessment, or in the case of an applicant for Nurse Practitioner registration, requiring the applicant to undergo a Competency Assessment Process (“CAP").

• maintain the college's register as required by section 21(2) of the HPA.

• manage and protect the college's systems, as well as provide system support for registrants, applicants and other users of the college's systems.

• act as authorized or required by applicable law, including the HPA,  FIPPA and the college bylaws.

• administer and implement the college's quality assurance program under sections 26.1 and 26.2 of the HPA and the college bylaws.

• investigate and dispose of complaints against registrants under Part 3 of the HPA and the  college bylaws.

• comply with the procedures and requirements of the Health Professions Review Board, and participate in proceedings before the Health Professions Review B​​oard, under Part 4.2 of the HPA. 

• contact registrants about the college's programs or activities, and to obtain registrant feedback on them.

• obtain opinions and fe​edback from registrants on nursing and midwifery regulatory issues.

• obtain information on the effectiveness of the college's communications to registrants and other stakeholders (e.g. date and time the college's electronic comm​​unications are opened or links within messages are opened) in order to tailor and adapt the college's communication messages and approaches.

• send invitations to participate i​​n third-party research and surveys, to those registrants who have agreed to receive those invitations.

In the course of college operation and administration, the college discloses personal information to the following organizations for the purposes listed:

1. The B.C. Ministry of Health for the BC Provider and Location Registry System, who uses registrants' information:

• to identify and authenticate registrants, and to confirm registration status;

• to obtain the contact information of registrants;

• to administer and deliver health programs (for example, the Medical Services Plan, PharmaCare and BC Hospital Programs);

• for health resource planning;
  

• for the purposes specified in section 5 or 18 of the British Columbia E-Health (Personal Health Information Access and Protection of Privacy) Act;

• for disclosure to healthcare providers such as health authorities, health care bodies, health professionals using electronic medical record systems or other persons as auth​​orized by law; and

• for other purposes required or authorized by law.

2. A registrant's employer, where required by Part 4 of CRRA.

3. The Canadian Institute for Health Information (CIHI), who uses registrant information:

• for health system uses, including statistical analysis and reporting; and

• to support the management, evaluation or monit​​​oring of the allocation of resources to, or planning for, the health care system in Canada, including support for the improvement of the overall health of Canadians.

4. Other health profession regulators who refer their applicants to NCAS when they require an applicant to undergo a competency assessment.

5. Other health profession regulators, including through the Nursys in Canada system, to track the registration, license and/or discipline history of registrants and applicants.  

6. Third party assessors, employers or educational institutions, when the college requires an applicant for a Nurse Practitioner registration to undergo CAP. 

7. Service providers and contractors contracted to provide services to the college that require them to handle personal information.

8. With a registrant's consent, the college shares the registrant's contact information with the following organizations for the purpose of delivering newsletters and other communications to them.

• the Nurse and Nurse Pracitioners of British Columbia (“NNPBC");
• the Midwives Association of British Columbia (“MABC");

• the Canadian Association of Midwives (“CAM"); and ​the Canadian Nurses Association (“CNA").9. The college shares the following information with the Canadian Nurses Protective Society  (“CNPS"), for the purpose of admi​​nistering CNPS' professional liability protection program; such sharing is authorized by sections 33(2)(d) and 33(2)(q) of FIPPA: registrant name, identification number, professional designation, business address, business telephone number and registration status dates.

  The college does not share registrant e-mail addresses with CNPS unless registrants give the college their consent to do so (e.g. for the purpose of receiving in​​formation about upcoming CNPS risk management webinars, presentations or workshops and for the purpose of the administration of CNPS' professional liability protection program).
  

  The college also ​collects personal information from non-registrants. The college explains the reasons upon collecting the personal information. 

  
  
  back to t​op

Limiting collection, use and disclosure

The college collects, uses and discloses personal information from registrants, applicants and others only as permitted by law.

When the college needs to collect your personal information, the college usually gets the information directly from you. The college will collect personal information from another source when the college:

• assesses the competency of a person applying to register as a nurse or midwife in British Columbia, and confirms that applicant's past
  em​​ployment;

• receives exam results and other information from the National Council of ​State Boards of Nursing ("NCSBN") for the National Council Licensure Examination for Registered Nurses ("NCLEX-RN");

• receives exam results fr​​om the Canadian Midwifery Regulators Council ("CMRC") for the Canadian Midwifery Registration Exam ("CMRE");

• receives information on an internationally educated nurse from the National Nursing Assessment Service ("NNAS");
• performs a criminal record check of a registrant or applicant under Part 4 of the CRRA;
• investigates a concern or a complaint about a registrant;

• obtains information about a registrant​​ from colleagues invited by the registrant to participate in the multi-source feedback component of the college's quality assurance program; or  

• is otherwise authorized or required by law.

Credit and debit card payments: Credit and debit card information for payments to the college are collected directly from individuals on behalf of the college by its payment processor, Moneris Solutions. The college does not collect or store any credit or debit card information. Any credit or debit card information that the college receives by mail, email or fax will be destroyed without being processed.

Service improvements: Where the college collects personal inform​ation for the purposes of improving its services for registrants and other stakeholders, develop programs or gather feedback on its operations, the college does so under the legal authority of FIPPA, the HPA and the college bylaws.

The college only shares registrants' and applicants' personal information as described in this Privacy Notice, unless authorized or required by law, or with the individuals' consent.

Register: Some information about registrants is publicly available on the college's register under section 21(2) of the HPA and the college bylaws. Some of this information can be viewed through the Nurse Verification Service and the Midwife Register​.

Third party research or surveys: When the college sends invitations to participate in third-party research or surveys, the college does not share any personal information with that outside organization. Participation in research and surveys is voluntary and the decision to participate or decline will not affect any current or future involvement with the college.

Ministry of Health: From time to time, the college will compile and disclose personal information to the Ministry of Health, health care employers, registrants, other interested stakeholders or the public, including aggregate information or data obtained through the college's continuing competence and quality assurance programs and relating to registrants' learning needs, strengths, drug prescribing practices and perceptions of their practice environment. This aggregate information or data will not include personally identifiable information concerning any particular registrant, client or other identifiable individual.

Storage and retention

The college keeps personal information used to make a decision about an individual for a minimum of one year. Personal information may be kept for longer, for example if required by law, as is the case for financial records.

The personal information the college collects and uses is generally stored only in Canada.  The college, however, may occasionally use US-based systems and service providers as permitted by FIPPA. 

When personal information no longer needs to be retained, it is destroyed or deleted.  Paper containing personal information is destroyed securely on-site by a service provider that provides a certificate of destruction.  Personal information in electronic form is deleted from the college's information systems where appropriate.

Cookies

The college  website uses “cookies", which is an Internet-wide protocol used on almost every website.  Cookies are files containing an identifier that are sent by the college's web server to your web browser, stored in your browser, and returned to the college each time your browser requests a page from the college's server.  This identifier does not contain personal information.  The college uses temporary session cookies where registrants need to log into the college's website.  The college uses Google Analytics for public portions of the college's website, which uses long-term (persistent) cookies to create reports about the use of the college's website.

back to top

Accuracy and individual access

The college makes every reasonable effort to ensure that personal information is accurate and complete. The college may contact you for an update if it becomes aware that your information is inaccurate.

You are also responsible for contacting the college if you know your information needs to be updated. Registrants are required by section 17 of the CRRA to report any new charges and convictions to the college that are relevant to their registration.

To update or access your personal information or request a correction of an error or omission:

• If you are a registrant or an applicant, you can sign in to your account or contact the college's Registration Department at 604.742.6200 or toll-free 1.866.880.​​​7101.

• If you are a member of the public, please contact the college's Privacy Officer .

Safeguards

The college is using reasonable security measures to protect the personal information it has collected, such as, but not limited to, physical and logical access controls, regular application of vendor-issued system updates, and regular monitoring of personal information access logs.  These measures are intended to prevent:

• an unauthorized person from accessing the information, or

• someone from collecting, using, sharing​ or disposing of personal information when they are not supposed to.

System activity records (metadata) and system backups

When you connect and interact with the college's online services (such as the My Professional Plan web application), the college's IT systems automatically create, collect and record some technical information about those activities. These activity records, also known as metadata, are a necessary and critical element in managing and maintaining the security and integrity of all modern IT systems used by organizations such as the college. For example, an email address you use to connect and interact with the college's o nline services may be one piece of information recorded in metadata. In this case, the technical information allows the college to  keep track of which connections made it through the college's system firewall and to identify whether an unauthorized connection was allowed. This helps the college meet its obligations to protect the personal information of the college's system users, whether college registrants or not.

Information provided to the college by registrants, applicants or other individuals may be stored temporarily in the college's system backups, for the purposes of business continuity and disaster recovery. The college's system backups are permanently and securely deleted on a regular basis.

Access to the activity records stored in the college's systems and to the system backups is restricted. Access is available to authorized staff and service providers only, on a need-to-know basis, as necessary to provide user support or for purposes related to matters such as: installing, implementing, maintaining, repairing, trouble shooting or upgrading the college's IT system or system equipment; data or operational recovery following a system or equipment failure; or, other matters related to maintaining information secu rity and confidentiality in the college's systems and networks or continuity of the college's business operations. The college's staff and service providers are bound by legal obligations to maintain the confidentiality of information in the college's systems, in accordance with applicable laws and the college's information management and security policies in force. However, despite these security and confidentiality arrangements, it is possible that the college and its service providers may from time to time be compelled to disclose system activity records or system backups, by court order or as otherwise required in accordance with applicable laws.

​​back to top

Changes to this privacy notice

The college may update this notice from time to time to reflect changes to the college's information practices. The college will post any changes to this page, and will also keep prior versions of this Privacy Notice in an archive for your review.

The college encourages you to periodically review the college's Privacy Notice for the latest information on the college's privacy practices and to contact the college if you have any questions or concerns.

Questions and complaints

You may send your privacy-related questions, concerns or complaints to the college's Privacy Officer.

• Privacy Officer
  
• 900 – 200 Granville Street, Vancouver, BC, Canada V6C 1S4
  
• email privacy@bccnm.ca​
  

If the college's Privacy Officer is unable to resolve your concern, you may also write to the Information and Privacy Commissioner of British Columbia.
back t​o top


​​​​​​