Introduction

HealthCare 365 Inc. (in this Privacy Policy referred to as "HealthCare 365", "HC365" or "we", "our" and "us") places the highest value on the privacy, confidentiality and security of the personal health information we hold on behalf of our clients. We take all appropriate and reasonable measures to safeguard the personal health information that is under our control in order to maintain the confidence and trust of our clients.

HealthCare 365 has established this Privacy Policy in accordance with the requirements of the Personal Health Information Protection Act, 2004 (Ontario), the principles set out in Schedule 1 of the Personal Information Protection and Electronic Documents Act (Canada) and all other applicable personal information protection and privacy legislation.

Consent for Collection, Use and Disclosure of Personal Health Information

By becoming a client of HealthCare 365 and through the continued use of the Service, the Client (in this Privacy Policy also referred to as "you" and "your") consents to the collection, use, and disclosure of their personal health information in accordance with the terms and conditions found in this Privacy Policy.

Accountability

HealthCare 365 is responsible for all the personal health information of our clients (in this Privacy Policy referred to as "clients") that is under our control. Accountability for our compliance with this privacy policy ultimately rests with our Chief Privacy Officer.

Contact information for our Chief Privacy Officer is set out below:

Chief Privacy Officer

HealthCare 365 Inc.

1867 Yonge Street, Suite 905 Toronto, ON M4S 1Y5

Tel: 647-880-5578 Email: privacy@healthcare365.org

HealthCare 365 is responsible for personal health information in our possession or custody, including information that has been transferred to third parties for processing. We use contractual and other means to ensure that third parties to whom we disclose personal health information for processing provide a comparable level of protection with respect to their use and disclosure of personal information in their possession or control.

How HC365 Collects Personal Health Information About You

We collect personal health information about you directly from you or from person(s) acting on your behalf. We collect personal health information about you through a variety of channels of communication, including, but not limited to, in person, on the phone, through email, and via information exchange on our website, www.healthcare365.org. Information will always be collected by fair and lawful means.

We will collect, use and disclose personal health information only with your knowledge and consent to this Privacy Policy, by virtue of your membership at HealthCare 365. In some instances, we may collect information about you from other sources if we have obtained your consent to do so or the law permits. We limit the collection of personal health information by ensuring that you are only asked for information that is reasonably necessary for providing you with our service.

The Purposes HC365 Uses and Discloses Personal Health Information About You

The following sections describe different ways that we may use and disclose your personal health information.

Use

We may use your personal health information to:

  • provide, coordinate, and manage your health care by one or more health care providers,
  • treat and care for you and advise you of treatment options,
  • contact you by phone, SMS, fax, e-mail, online messaging, and/or other secure messaging to book and confirm appointments, distribute health strategies, plans, medication information, reminders and notifications,
  • populate your medical profile and share such information with other health care providers and organizations as reasonably required to deliver our services,
  • track and monitor your ongoing care,
  • plan, administer and manage our programs and services contracted by you or on your behalf,
  • provide you information about services you receive through our offices,
  • provide you with notices of health screenings, special events, or other wellness activities,
  • conduct quality improvement, risk management and error management activities,
  • provide training and/or teaching or other pedagogic services,
  • conduct basic or applied medical or other research. Medical data may be aggregated and analyzed for the purposes of study and research. Client confidentiality of specific medical information will be protected in all such cases,
  • compile statistics including providing personal health information to an organization or government body for the purpose of health system planning,
  • obtain payment for your treatment and care, or
  • comply with applicable legal and regulatory requirements.

Disclosure

If information is shared outside of HealthCare 365, it is considered disclosure. We may disclose your personal health information to communicate with our own and other health care providers including specialists, primary care and non-primary care professionals, health care facilities, and other health information custodians involved in your care, unless instructed otherwise by you.

We may also disclose your personal information in the following circumstances:

  • to affiliates or associates or certain service providers of or to HealthCare 365 for the purposes of delivering the service to you,
  • to affiliates or associates or certain service providers of or to HealthCare 365 for administrative purposes such as accounting or legal functions,
  • to update and/or inform a relative, friend or potential substitute decision maker if they have been indicated as included in your circle of care,
  • to contact a relative, friend or potential substitute decision maker if you are injured, incapacitated or ill and unable to consent personally,
  • in response to a court decision or order, or
  • as may be required by law (such as reporting the potential abuse of persons, infectious diseases and other dangers to public health).

Any other uses and disclosures other than the above will be made only with your express consent or as required or permitted by law.

Subject to legal, regulatory and contractual requirements, you have the right to withdraw your consent to the above uses and disclosures by writing to our Chief Privacy Officer at HealthCare 365 at the address set out below. Depending on the circumstances, however, you acknowledge that withdrawal of your consent may impact on our ability to provide you or continue to provide you with some services or information that may be of value to you.

We are required to abide by your request, except for actions that we have already taken relying on your consent. We will act on your instructions as quickly as possible but there may be certain uses of your information that we may not be able to stop immediately.

You cannot refuse our collection, use and disclosure of information where such is required by law or by professional or industry regulators, including self-regulatory organizations.

In the event of the sale of HealthCare 365, we may release the information we hold about you to the prospective purchaser only insofar as the prospective purchaser agrees to protect the information provided and to use it in a manner that is consistent with our privacy policies and practices.

Limiting Collection, Use, Disclosure, and Retention

We limit the collection of personal health information by ensuring that you are only asked for information that is reasonably necessary for providing you our service.

Personal health information will not be used or disclosed for purposes other than that for which it was collected, except with your consent, or as required by law. We may keep and use information about you in our records for as long as it is needed for the purposes described in this Privacy Policy and as may be required by law or a relevant industry association, even if you cease to be a client.

Accuracy

We will ensure that your personal health information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. This minimizes the possibility of incomplete or incorrect information being used to make treatment decisions about you. You agree to cooperate with us towards this end as much as reasonably possible. All information which you give us must, and you hereby represent and covenant that it will, at all relevant times, be true and complete. If any personal health information changes or becomes inaccurate or out of date, you are required to and will advise us on a timely basis so we can update our records. You hereby indemnify HealthCare 365 for any losses that result from incomplete or incorrect information on your medical profile.

Safeguards

We have appropriate security measures and safeguards in place to protect your personal health information in accordance with the sensitivity of the information. We have company-wide policies and procedures in place to protect against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. We ensure all our employees and business partners are aware of the importance of maintaining the confidentiality of your personal health information, and we will exercise appropriate care in the disposal and/or destruction of personal health information to prevent unauthorized parties from gaining access to the information.

Our methods of protection include, but are not limited to, the following:

Physical safeguards and procedures, for example:

  • locked premises with 24 hour security,
  • restricted access to our offices, and restricted areas within each office, and
  • a no-movement policy for all hardware.

Organizational safeguards and procedures, for example:

  • utilizing access controls and limiting access to a 'need to know' basis,
  • minimizing all paper-based and hardware-based information, and
  • not storing personal health information or other sensitive data on removable media, such as CDs, USB drivers or diskettes.

Technological measures, for example:

  • SSL certificates,
  • firewalls,
  • the use of passwords and encryption,
  • automatic timeouts on all sensitive access areas online, and
  • ensuring operating system patches and anti-virus software are up-to-date on all computers used to access personal health information.

Openness

Our Privacy Policy and complaint processes are posted on our website at www.healthcare365.org. This information can also be obtained by contacting our Chief Privacy Officer.

Client Access and Correction to Personal Health Information

At any time that your personal health information is under our control, you have the right to:

  • request access to your personal health information,
  • request a correction to your personal health information if you believe it is inaccurate or incorrect and provide satisfactory proof to correct it, or
  • complain to the Information and Privacy Commissioner/Ontario at their address set out below if you think we have violated your rights.

Upon written request addressed to our Chief Privacy Officer, we will inform you, as best we can, using reasonable efforts, of the existence, use and disclosure of your personal health information and we will give you access to that information, within a reasonable period of time (within 60 days). We will be glad to assist you in preparing a request if you inform us that you require such assistance.

Important Information About Our Information Practices

  • We take reasonable and appropriate steps to protect your personal health information from theft, loss, and unauthorized access, copying, modification, use, disclosure, and disposal.
  • We require that everyone who performs services for us meets our privacy standards.
  • We will post our Privacy Policy on our website. You may also receive a written copy of our revised Privacy Policy by contacting our Chief Privacy Officer at the address and telephone number indicated below.
  • We will inform you as soon as we reasonably can if there is any unauthorized access to your personal health information.

Medical Profile

As part of HealthCare 365's service offering, we securely upload and store parts of your personal health information in our Patient Relationship Management system, which provides our care team with your medical profile and you with secure access online. Your personal health information will not remain exclusively within Canada and may cross into the United States and other countries as the nature of accessing information online creates this inevitable possibility when accessing information outside of a virtual private network. By becoming a member of HealthCare 365, you are consenting to HealthCare 365 transferring parts of your personal health information onto a secure server that you will have access to online. If you have any reservation about this action, we would prefer you inform us so we can avoid placing your personal health information into this system.

Challenging Compliance

We will thoroughly investigate all written complaints addressed to our Chief Privacy Officer. If we find a written complaint to be justified, we will take all appropriate and reasonable measures, including, if necessary, amending our policies and practices.

Who to Contact for More Information and Concerns

Andrew Clarfield Chief Privacy Officer: HealthCare 365 Inc.

1867 Yonge Street, Suite 905 Toronto, ON M4S 1Y5

Tel: 647-880-5578 Email: privacy@healthcare365.org

Information Privacy Commissioner/Ontario:

2 Bloor Street East Toronto, Ontario M4W 1A8

Email: commissioner@ipc.on.ca Tel: (416) 326-3333 or 1 800 387-0073 Fax: (416) 325-9195

IPC Web: www.ipc.on.ca

Consent to This Privacy Policy

Your knowledge of and consent to this Privacy Policy is evidenced by virtue of your membership with HealthCare 365. If you are not completely satisfied with this Privacy Policy, we kindly request that you please submit or discuss with us your comments and concerns regarding this Privacy Policy. We would prefer to understand and address your concerns due to the sensitive nature of your personal health information.