by MD Financial Management
© onboardMD

Privacy Policy


Protecting our clients’ personal information is fundamental to the way we do business. This Privacy Policy (the “Policy”) describes MD Financial Management’s1 current information management practices and confirms our commitment to comply with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and any applicable provincial/territorial legislation, in order to meet your specific needs and expectations as one of our clients. This Policy is consistent with and is a subset of, the MD Financial Management Privacy Code.

MD Financial Management has an unrivalled understanding of the unique financial needs of Canadian physicians. MD Financial Management delivers expert, best-in-class advice and solutions to help you meet your total wealth management needs. We make every effort to protect the information we collect while delivering insightful, relevant and integrated solutions in ways that advance your financial and personal success.

1 MD Financial Management includes MD Financial Management Inc. and its subsidiaries and affiliates


This Policy applies to MD Financial Management. This Policy governs the management of all personal information, including personal health information that has been and will be collected, maintained, used and disclosed by MD Financial Management in accordance with this Policy.

Our privacy documentation can be found on our website (see footer “Privacy”). In addition to this Policy, we may also make available Privacy Statements that provide further detail about our information handling practices with respect to specific products and services that we offer, as well as websites and any applications that we own and operate.


“Personal information” is information that refers to a specific individual (“you”, “your”) and that reveals a distinctive trait or traits about you that may help others identify you; for example, your date of birth or social insurance number. This definition does not encompass public information such as business contact information (for example, your business address and telephone number) including information found on professional directories. However, all publicly available personal information linked to confidential or other personal information is considered personal information for the purposes of this Policy. This would include such things as lists of clients and screenshots or other extracts from our internal applications.

“Personal health information” is information that refers to diagnostic, treatment and care information relating to a specific individual and any other information about an individual. Personal Health Information is a subset of Personal Information and is consequently defined by provincial health sector privacy legislation. Where we refer to Personal Information we may, given the context, also mean Personal Health Information.


We only collect your personal information with your consent. Depending on the situation and the sensitivity of the information, you grant us consent in two different ways: your consent is express when you actively say yes, such as when you sign a form permitting the collection; or your consent is implied when it is inferred by the use of a product or service, such as when you use our websites.

We collect information in a variety of ways, such as;

From You – on forms

Most of the personal information we collect is provided to us directly from you. The most common way we gather information about you is through the completion of forms when opening an account (for instance, on an insurance policy application or to open an investment account) or when signing an agreement to access a particular product or service.

From You – over the phone

When you call us we will gather the information needed to process your request. In certain circumstances, such as when you contact the MD Trade Centre Hotline with a general inquiry, or when you contact a customer support line for assistance with a particular product or service, we may record calls. You will be notified prior to connecting with a representative if the call will be recorded. If you do not wish to have your call recorded you can transact business by mail, face to face with your MD advisor or through one of our electronic channels.

From You – electronically

When you deal with us in an online environment we collect certain information, such as your log-in information. For more information about how we deal with your information online please see the MDFM Online Privacy Policy available on all of our websites. MDFM may collect demographic and profile data (e.g. age, gender, profession, etc.) in connection with the websites, as well as publicly available information (e.g. public directories and regulatory websites).

If you are a client that uses our billing software,, we collect personal information that includes name, address and banking information as part of the intended use. We would also collect personal health information of your patients through the course of business operations for the sole purpose of processing payment for health care services on your behalf.

From our corporate affiliates

Parts of our infrastructure are shared among corporate affiliates (i.e certain staff, physical office space and electronic systems). This results in information being shared. For example your name and business address will be shared. We may also share your information where we believe doing so will increase our efficiency or improve our ability to provide you with products or services.


We collect personal information to provide you with the products and services you request; for example, when you open an account, apply for insurance, register to attend an educational seminar, become a billing client or have a product support request. Providing us with your personal information is always your choice. When you request products and services, we will ask you to provide the personal information that enables us to complete your request or to provide you with better service.

The personal information we may ask you to provide depends on the nature of your request. Personal information that is essential for us to fulfill your product and service requests typically includes your full name, residential mailing address, e-mail address, phone number(s), financial information, and Social Insurance Number (for the production of tax receipts for your investment products). Some information we will collect is required to satisfy regulatory bodies. For example, the regulators enforcing the federal Proceeds of Crime (Money Laundering) and Terrorist Financing Act require the companies they govern to obtain comprehensive “Know Your Client” information. In the case of insurance products and services, we may also request health information about you, where the law permits.

We may request additional personal information to help us provide you with financial advice as well as information about other products and services we believe would interest you. For example, knowing more about the assets you hold elsewhere, your financial goals, retirement plans, tax situation, trusts, will and estate plans ensures we thoroughly understand your goals and objectives.


We use your personal information, and in certain cases that of your patients, to process account or insurance applications, process payment for goods and services, to activate contractual relationships, respond to support desk calls, notify you about upcoming events, authenticate your identity, to keep you informed about your investment activities, send you important notices, to respond to special needs or inquiries and to communicate with you in general in order to effectively provide you with the products and services you request.

We may also use your personal information for marketing and research purposes to improve our products and services. We are committed to the ethical use of your personal information and we will not use your information for analytical research insight in a way that excludes you from access to our products or services or has any other impact that is adverse to your interests.

We only use your personal information for the purposes that we have disclosed to you. If for any reason your personal information is required to fulfill a different purpose, we will notify you and ask you for your consent before we proceed.

We may send you information about other products and services we offer, which we believe would interest you. If you would prefer not to receive this information please refer to the Our “Opt-Out” Policy section of this Policy.


We do not sell, lease, or trade client lists or personal information to others, nor will MDFM make its data set available for public use. However, we may release your personal information to parties outside MD Financial Management in certain circumstances, which include:

…When authorized by you

We may share your personal information as described in this Policy and when you specifically request it.

…When required or permitted by law or applicable regulators

We must disclose certain information for regulatory purposes, in response to a search warrant, or other legally valid inquiry or order. Only the information specifically requested is disclosed to the parties named and in the manner prescribed. We take precautions to satisfy ourselves that the authorities making the request have legitimate grounds to do so. For instance, if you invest in products which results in income taxable in the United States we may be required to send certain limited information such as your name, address and account number to the Internal Revenue Service; or, if you hold mutual funds through MD Management that are manufactured by a third party we are required to provide them with this same information.

If we receive a court order to produce statements of your account information, we will take the necessary precautions to not disclose the personal information of a joint account-holder that is not involved in the proceedings (or not otherwise specified in the order) without the consent of the joint account-holder.

…To third party service providers

We may contract with third party service providers to perform specialized services for us. When we contract with a service provider, they are given only the information necessary to fulfill their contractual obligations. In all such arrangements we ensure that the third party service provider provides assurances of confidentiality and has measures in place to protect your personal information with security safeguards appropriate to its sensitivity.

With the exception of all personal health information received through our billing agency which is always stored and processed in Canada, we may, in certain instances, contract with a third party service provider located in other countries such as the United States. Your information may be processed and stored in these countries and their governments, courts or law enforcement or regulatory agencies may be able to obtain disclosure of your information under a lawful order made in that country.

If you would like more information about the jurisdictions in which we our service providers may operate please contact us as noted in the Addressing Your Concerns section of this Policy.

…To our corporate affiliates

Your information may be shared among our affiliates as noted above in the “How we collect” section of the Policy. You may receive information about other products and services we offer, which we believe would interest you. We will respect your wishes if you would prefer not to receive this information. Please refer to the Our “Opt-Out” Policy section of this Policy.


8.1 Technical, physical and administrative solutions are in place to ensure your information is protected.

We use technical safeguards such as data encryption, two-factor authentication on desktop and laptop computers, de-identification and anonymisation techniques to protect against unauthorized access, disclosure and inappropriate alteration or misuse.

Physical safeguards include storage of paper-based files in locked file rooms and cabinets to which access is restricted. Paper files are securely shredded when no longer needed. Access to computer servers is restricted.

Administratively, our Privacy Policy forms a part of our Code of Conduct. Each employee is required to annually state their continued awareness of our Code of Conduct and their agreement to abide by it. Unauthorized access to, use or disclosure of clients’ personal information by an employee is strictly prohibited. All employees are expected to maintain the confidentiality of client information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

We retain your personal information only as long as it is required for the reasons it was collected or as required by law. The length of time we retain the information varies depending on the product or service and the nature of the personal information.

8.2 How we safeguard family member and household accounts?

In situations where you maintain an account with another family member(s), we implement appropriate safeguards to protect your personal information.


You have the right to access and verify any of your personal information whenever you wish. Please submit a request in writing to the Chief Privacy Officer as noted in the Addressing Your Concerns section of this Policy. We will advise you in advance if there will be a cost, for example, for requests that require archival or other retrieval costs. We will respond to your request within thirty days.

If we are unable to provide access to certain information, we will inform you of the reasons for the decision if we are permitted to do so by law. If you wish further clarification, you may contact our Chief Privacy Officer.


Having accurate information about you enables us to give you the best possible service and minimize the possibility that inaccurate information is used to make a decision which impacts you. To help us keep your personal information up-to-date, we encourage you to amend inaccuracies and make corrections as necessary.

Should you identify any incorrect or out-of-date personal information, we will make the appropriate change in accordance with your instructions. Where appropriate, including where required by law, we will communicate these changes to other parties who may have incorrect information about you.

We are only able to update an individual’s personal information where we are in direct contact with that person. In general, we cannot amend personal information of family members or others unless they contact us directly. Please refer to the “Addressing Your Concerns” section of this Policy for a list of contacts.

If we are unable to change your personal information and you disagree with our decision we will note your opinion in your account file.


We value your relationship and believe how you deal with us is your choice. By sharing your information with us as described in this Policy, we can provide you with a broad selection of products and services. You may at any time, subject to restrictions required by law, object to MDFMI’s collection, use and disclosure of personal information.

However, your decision not to provide your personal information that we request may limit the services we are able to provide you and make it more difficult for us to advise you. If we are unable to accommodate your request for services based on the personal information you provide, we may ask for additional details in order to identify other ways to be of assistance. Where personal information is not provided, this may prevent us from fulfilling our commitment to you and, in certain circumstances, we may not be able to provide you with a particular product or service.

Please speak with your MD advisor if you have an opt-out request or send an email to


In keeping with the principles of the MDFM Privacy Policy, individuals can request access to all personally identifiable information that MDFM holds about him/her. You may direct any questions or inquiries you have with respect to this Policy by contacting:

  1. Your MD advisor,
  2. Our toll-free attendant in Ottawa at 1-800-267-4022 and asking to speak with an MD Management TradeCentre representative,
  3. Our Chief Privacy Officer at or 1870 Alta Vista Dr., Ottawa, ON, K1G 6R7

For more information about your personal privacy rights, you might contact the Privacy Commissioner of Canada at the web site or the Privacy Commissioner in your province or territory.

Summary of Changes

Section IDChange made
Changes since 2016
ScopeUpdated to clarify data science research conducted at MD
All sectionsChanges have been made to clarify MD’s activities in the area of data science research and the collection of publicly available information.

Section IDChange made
Changes since August 2015
ScopeUpdated to clarify scope
All sectionsChanges have been made to remove references of EMR, update company scope, to clarify what is considered business information from the perspective of personal information, added section 8.2. No major changes.

Section IDChange made
Changes since June 24, 2009
ScopeUpdated to reflect changes in corporate structure
Changes since November 2008
All sectionsThe CMA Holdings Policy was converted two policies: one for MD Financial and one for Practice Solutions Ltd. (and subsidiaries) Policy to ensure practices are clearly articulated for the two branches of businesses.
All sectionsClarified certain of our practices.
How we collect your personal informationSection added, current industry practice to explain generally where the information comes from.

Section IDChange made
Changes as of October 2007
TitleChanged to include “Client” for clarification
Footnote 2Updated to include new acquisition.
Our opt-out…Removed special CMA member section and added CMA to the final proviso of that section. Reversed the order of the first and second paragraphs
Changes as of September 2007
When personal information…Removed the “valid demand” qualification as it did not add precision. Added “or client status” to section about CMA sharing, for clarity.
Changes as of August 2007
Why we collect…3rd para: Added clarification of SIN and financial information to ensure PSG was included. 4th para: Updated “additional information” paragraph to more clearly include PSG. 6th para: Removed “need” statement as it was inaccurate. Clarified “choice”, removed vague “suggest appropriate alternatives” added “for services.”
How we use…Added information to ensure PSG is included
When personal information…“when authorized by you” included line on form of consent we may use. Third party service provider section amended to add clarification of terms enforced and the fact that we sometimes use US service providers. Changed MD Financial Group to MD Financial.
How we safeguard…Paper-based files sentence clarified and shredding reference added. Code of Conduct reference simplified.
Accessing your…Italicized section removed and replaced by section that was in the “addressing your concerns” section as it was more appropriate. Clarified that request must be in writing. Clarified why we might charge a fee.
Our opt-out…In “CMA membership” section removed reference to prerequisite as this is not the case for PSG
Addressing your …Removed italicized section as it did not actually address this section of the policy. Simplified introductory sentence to the list of contacts
Section IDChange made

Changes as of March 9, 2006
Section IDChange made
Why We Collect Your Personal InformationChange from: “it may not be possible for us to continue our client relationship with you” to: we may not be able to provide you with a particular product or service
Our “Opt-Out” PolicyLanguage changed to soften and make more specific
Changes as of November 15, 2005