MedChart privacy policy

Last Updated: November 16, 2016

We are committed to your privacy.

Introduction

MedChart Inc. ("MedChart") is an information technology service provider that enables you to use electronic means to collect and access your personal health information. MedChart respects your privacy and is committed to keeping your personal information accurate, confidential, and secure. We collect, use, and disclose your personal information only with your consent. We always ask for your permission before we share or use your information for a purpose other than to what you have consented.This privacy policy is based on the principles set out in the Personal Information Protection and Electronic Documents Act (PIPEDA), the Ontario Personal Health Information Protection Act (PHIPA), and the Canadian Standards Association Model Code for the Protection of Personal Information.

The Scope of This Privacy Policy

This Privacy Policy describes the principles MedChart will use to protect the privacy of personal information in its possession or control, in accordance with the law and MedChart's own policies.

Changes to this Privacy Policy

In order to ensure that this Privacy Policy is kept up to date, we reserve the right to change this Privacy Policy from time to time. Any changes will be effective 30 days following MedChart providing you with notice. Notice of changes to the Privacy Policy may be distributed through MedChart newsletters and/or posted on the MedChart web site. If you access or choose to continue to be serviced by MedChart after the effective date of the change, you automatically accept the change.Please check this page regularly. The date last updated will be posted at the top of this page.

Definition of Terms Used in this Privacy Policy

Privacy

Privacy is an individual's right to retain control over the collection, use and disclosure of her/his personal information.

Personal Health Information

Personal health information means identifying information about an individual in oral or recorded form if the information relates to the physical or mental health of the individual, including information that consists of the medical history of the individual's family, and is consistent with the definition as set out in relevant privacy and health privacy legislation.Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered personal information.

Capacity and Substitute Decision-Making

An individual is capable of providing us consent to the collection, use or disclosure of personal health information if the individual is able to understand the relevant information and the consequences of giving or withholding consent. MedChart presumes the individual is capable, unless there are reasonable grounds to believe that the individual is incapable of consenting.

An individual who is capable may authorize another person to act on her or his behalf. If the individual is incapable, an authorized substitute decision-maker may consent on her or his behalf. If the individual is deceased, the estate trustee or person who is responsible for administration of the deceased's estate may provide consent. A person who is authorized or required by law to act on behalf of the individual, may provide consent.

Substitute Decision-Maker

A substitute decision-maker, in relation to an individual, means, unless the context requires otherwise, a person who is authorized by law to consent on behalf of the individual to the collection, use or disclosure of personal health information about the individual.

Privacy Principles

Accountability

MedChart is an information technology service provider that allows users to control and access their consolidated Personal Health Information and medical records from Health Information Custodians from various Healthcare Professionals using electronic means. MedChart has established policies and procedures to comply with this Privacy Policy, and has designated a Chief Privacy Officer (CPO) as the contact person who is accountable for our compliance. The CPO's information is contained at the end of this document.

Obtaining Consent

MedChart will obtain consent before or when it collects, uses or discloses personal information about an individual, except where otherwise required by law. An individual can provide consent to the collection, use and disclosure of personal information about them expressly, implicitly, or through an authorized representative. Individuals who sign up for MedChart's services provide express consent during the account creation process. An individual can withdraw consent at any time, with certain exceptions.

Identifying purposes of collecting personal information

MedChart will identify the purposes for which personal information is collected at or before the time the information is collected. If MedChart intends to use your personal information for any other purpose, we will seek your consent.

How MedChart uses your Personal Information

With your consent, MedChart helps you consolidate and access your health information on a secure online account. Specifically, we: collect copies of your official medical records from your healthcare providers;if necessary, convert your paper records into an electronic format, and promptly and securely dispose of the paper copy; upload the electronic copy of your records onto a secure, encrypted online database;allow you to access these records on your personal password-protected Portal on our website; and allow you to authorize other users (such as your healthcare provider or family member) to securely access your records.

Limits for collecting Personal Information

MedChart collects personal health information about you only by fair and lawful means, either from you directly or from the Health Information Custodians that you have visited. This information may include your name, date of birth, address, contact information, health history, records of your visits to medical service providers, and details of the care that you received. Upon enrolling in MedChart's services you agree and understand that the collection of Personal Information and/or Personal Health Information is for your personal record keeping purposes.

Limits for using, disclosing and keeping personal information

MedChart will use personal information only for the reasons it was collected, unless an individual gives consent to use or disclose it for another reason. MedChart will keep personal information only as long as necessary for the identified purposes. MedChart may share your Personal Information with our affiliates and service providers who may be involved in delivering MedChart's services, providing customer support, and conducting customer research or satisfaction surveys. These service providers are obligated to protect your Personal Information, and they are only given the information necessary to perform their designated functions. MedChart does not authorize any service providers to use or disclose your Personal Information for their own marketing or other purposes. We may also share your Personal Information with our financial, insurance, legal, accounting or other advisors that provide such professional services to us.

Your Personal Information may be processed and/or stored outside of Canada. While we undertake measures to protect your Personal Information, when it is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for Personal Information that is available in Canada. If your Personal Information is transferred outside of Canada, it may be available to the foreign government of the country in which the information or entity controlling it is situated under a lawful order made in that country and used for purposes other than those described herein. By providing us with your information, you are allowing your Personal Information to be transferred outside of Canada.

Keeping Personal Information Accurate

MedChart will keep the Personal Information and Personal Health Information in its possession or control accurate, complete, current and relevant, based on the most recent information available to MedChart. Individuals are responsible for notifying MedChart about the accuracy and completeness of their personal information and may have it amended as appropriate.

Safeguarding Personal Information

The safety and privacy of your information is our top priority. Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored. We strive to protect your personal information from theft, loss, and unauthorized access, copying, modification, use, disclosure and disposal. We conduct audits and complete investigations to monitor and manage our privacy compliance. We ensure that all of our officers, employees and agents protect your privacy and only use your personal health information for the purposes you have consented to.

MedChart operates with several safeguards to ensure the privacy of your personal information, including administrative, physical and technical safeguards: MedChart's Privacy Policy governs the way in which all employees manage client information. Concern for your privacy is our top priority and is engrained in the company culture. In addition, all MedChart employees must sign a confidentiality agreement as a condition of employment. MedChart implements facility access controls and workstation security to protect client information.

MedChart uses the industry-leading encryption technologies used by the major banks to secure your information, and continuously monitors and upgrades our systems on new developments. We have role-based access controls to ensure employees only manage information if and when necessary.

Access to your online profile and medical records is protected by your personal login details. An optional 2-factor authentication system (a verification code sent to your registered cell phone or email at time of login) minimizes the chances of unauthorized access in case your login details have been lost or stolen.

Making Information about Policies and Procedures Available

We will make readily available to individuals specific information about our policies and practices related to the management of personal information. Individuals will have access to information about these procedures through this Privacy Policy or by contacting our Chief Privacy Officer. The information will be available in a format that is easy to understand.

Providing Access to Personal Information

Except as restricted by law, upon written request by the individual or substitute decision maker, an individual will be informed of the existence, use and disclosure of her or his personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended.

Handling complaints and questions

For more information about our privacy protection practices, or to raise a concern you may have about our practices, please contact:

James Bateman
Chief Privacy Officer, MedChart Inc.

460 Richmond Street West 
Suite 503 
Toronto, ON, Canada
M5V 1Y1

Email: contact@medchart.ca 

Toll-free: 1-888-399-7789
Fax: 1-888-720-2212

You also have the right to complain to the Privacy Commissioner of Canada if you think we have violated your rights. The Commissioner can be reached as follows:Office of the Privacy Commissioner of Canada

30 Victoria Street
Gatineau, Quebec, K1A 1H3

Toll-free: 1-800-282-1376
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591

Website: www.priv.qc.ca