SUBMIT A REQUEST
  1. TELUS Health One
  2. Terms and Conditions
  3. Records Management

Records Management Policy for TELUS Health One

Policy

The records and documents created, used, and stored by TELUS Health, its subsidiaries, and its affiliates (“TELUS Health” or the “Company”) are among the Company’s most important assets. This includes all Company documents and records in any format or medium, whether hard copy or electronic, including memos, correspondence, reports, working papers, presentations, and emails (“Record” or “Records”).

The purpose of this Records Management Policy (“Policy”) is to define and establish requirements for the creation and management of authentic, reliable, enduring, and useable Records in support of the business functions and activities of the Company. The Policy is designed to ensure the Company complies with laws and regulations, meets legal/contractual recordkeeping requirements, operates effectively, preserves Records relating to legal and other proceedings and destroys Records when appropriate to do so. 

Application

This Policy applies to all areas of the Company (“Programme Area”) and to all Records irrespective of format (e.g., records sent or received by email accounts, electronic records, paper records, etc.). Every director, officer, employee, and contractor of the Company (collectively “Company Personnel”) is responsible for ensuring that they understand and comply with this Policy.

In addition to complying with this Policy, Company Personnel must also comply with the Company’s Confidential Information Policy, the Company’s Data & Record Classification Policy, the Company’s Privacy Policy, all security policies, applicable privacy legislation, and the terms of any other agreements with the Company or between the Company, its partners, and its clients. The use of the term “Record” in this Policy has the same meaning as the term “Data” in the Company’s Data & Record Classification Policy.

Mandatory Requirements

Creation, Management and Disposition of Records

Every Programme Area must, in accordance with the requirements and guidelines established under this Policy, create, manage, and dispose of Records to ensure programme accountability and support the Programme Area’s business needs. Every Programme Area must also ensure that the integrity, reliability and retrievability of Records for ongoing legal, financial, or other business purposes.

Accountability for the creation, management and disposition of Records resides with the business owner in the Programme Area.

Classification of Records

Records must be classified according to the business functions and activities of each Programme Area in a manner that:

  • allows complete Records relating to business decisions or transaction to be readily located and retrieved;
  • minimises duplicate storage of Records;
  • enables user permissions and privacy and security protections to be applied consistently and appropriately; and
  • permits retention requirements to be applied accurately.

In classifying Records, Company Personnel are required to abide by the Company’s Data & Record Classification Policy and Information Security Policy and Standards. 

Storage and Management of Records

Records must be stored in shared repositories and managed by each Programme Area in a manner such that:

  • they can be efficiently located, identified and retrieved for as long as they are needed;
  • consistent and comprehensive application of security rules regarding access, modification and disposal are applied;
  • unnecessary duplication is eliminated; and
  • efficient disposition, including transfer to archives and storage, in accordance with retention requirements is enabled.

Retention and Disposition of Records

Company Personnel must keep Records within a Programme Area for as long as is necessary to meet a legitimate business or legal purpose, considering applicable legislative and regulatory requirements, and the terms of any agreements with the Company or between the Company, its partners, and its clients.

Business owners must ensure that the Records in their Programme Areas are managed, stored and disposed of in accordance with the requirements of the applicable Records Retention Schedule (“Schedule”).

The retention requirements for Records, as stipulated in the applicable Schedule, are determined in consultation with subject matter experts in each Programme Areas based on:

  • business needs;
  • legal and regulatory requirements specific to the Records;
  • contractual commitments;
  • the need to ensure accountability for the activities and decisions documented by the Records; and
  • the rights and interests of other stakeholders in the preservation of the Records’ contents.

Records in the possession of the Company including relevant Programme Areas may be subject to the following:

  • Legal proceedings; and
  • Access requests made pursuant to applicable legislative and regulatory requirements and the terms of any other agreements with the Company or between the Company, its partners, and its clients.

When a request is received pursuant to any of the above, Company Personnel must preserve and produce all relevant Records and follow the requirements set out in the Legal Hold section of this Policy.

Email Retention

Records created, sent, or received using email accounts, including emails themselves, are subject this Policy.

Before an email account is disabled or deleted, the Records created, sent, or received using the email account must be managed in accordance with the requirements set out above.

These types of Records must not be stored in the hard drive of an individual’s computer, on portal devices or removable media, on an individual’s personal network drive or electronic workspace, in email accounts, or in the case of hardcopy records, in an individual’s physical file storage. 

Record Archiving and Storage

Hard copies of Records that no longer require immediate access as an active record but must still be maintained for the remainder of their designated retention period, should be archived. Company Personnel should contact the Corporate Services Department or regional office management to arrange for Record archiving at a Company-approved offsite storage facility. When arranging for off-site storage, Company Personnel will need to identify a Record destruction date for destruction purposes.

Legal Hold

Records relating to any pending or anticipated legal proceeding, audit or investigation must be preserved. A “Legal Hold” may be placed on any Record regardless of whether the record is the final, official version of the Record. Company Personnel who receive a notice from the Legal, Risk and Privacy Department or through another source that certain Records are subject to a Legal Hold must immediately ensure that all Records subject to the Legal Hold are secure and retained, as described in the Legal Hold notice. If Company Personnel become aware of a pending or anticipated legal proceeding, audit or investigation, or subpoena, they must secure and retain all Records that might be pertinent, and notify the Legal, Risk and Privacy Department.

Under no circumstances should Company Personnel alter, destroy, or conceal any Records related to a pending or anticipated legal proceeding, audit, or investigation. Any such action could have a material adverse effect on the legal proceeding, audit, or investigation. Unauthorised alteration, destruction or concealment of Records may subject Company Personnel to disciplinary action, up to and including termination, as well as to legal liability.

Annual Records Review

Company Personnel must review all Company Records, including emails, in their possession on a regular basis and at a minimum, once a year. In doing so, Company Personnel should identify for destruction any Records that are beyond their designated retention period but retain those that are subject to a Legal Hold or involve an investigation or audit. 

Destruction of Records

Records are to be destroyed upon satisfaction of all the following criteria:

  • the Records have served their intended purpose; and
  • the applicable retention period has expired; and
  • Company Personnel handling the Records has written confirmation that such Records are not subject to a Legal Hold.

Questions and Compliance

Any questions about the retention of Records that are not addressed in this Policy should be directed to the Legal, Risk and Privacy Department, who will provide direction in consultation with subject matter experts in the Programme Area to which the Record relates.

Any questions about the archiving and destruction of hard-copy Records (i.e., paper) should be directed to the Corporate Services Department or regional office management.

This Policy will be reviewed periodically and amended as necessary by the Legal, Risk and Privacy Department to reflect any changes in laws, regulations, or business requirements.