January 2, 2019
We are committed to your privacy.Introduction
(PIPEDA), the Ontario Personal Health Information Protection Act
Privacy is an individual's right to retain control over the collection, use and disclosure of her/his personal information.Personal Health Information
Personal health information means identifying information about an individual in oral or recorded form if the information relates to the physical or mental health of the individual, including information that consists of the medical history of the individual's family, and is consistent with the definition as set out in relevant privacy and health privacy legislation.Any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered personal information.Capacity and Substitute Decision-Making
An individual is capable of providing us consent to the collection, use or disclosure of personal health information if the individual is able to understand the relevant information and the consequences of giving or withholding consent. MedChart presumes the individual is capable, unless there are reasonable grounds to believe that the individual is incapable of consenting.
An individual who is capable may authorize another person to act on her or his behalf. If the individual is incapable, an authorized substitute decision-maker may consent on her or his behalf. If the individual is deceased, the estate trustee or person who is responsible for administration of the deceased's estate may provide consent. A person who is authorized or required by law to act on behalf of the individual, may provide consent.Substitute Decision-Maker
A substitute decision-maker, in relation to an individual, means, unless the context requires otherwise, a person who is authorized by law to consent on behalf of the individual to the collection, use or disclosure of personal health information about the individual.Privacy Principles Accountability
MedChart will obtain consent before or when it collects, uses or discloses personal information about an individual, except where otherwise required by law. An individual can provide consent to the collection, use and disclosure of personal information about them expressly, implicitly, or through an authorized representative. Individuals who sign up for MedChart's services provide express consent during the account creation process. An individual can withdraw consent at any time, with certain exceptions.Identifying purposes of collecting personal information
MedChart will identify the purposes for which personal information is collected at or before the time the information is collected. If MedChart intends to use your personal information for any other purpose, we will seek your consent.How MedChart uses your Personal Information
With your consent, MedChart helps you consolidate and access your health information on a secure online account. Specifically, we: collect copies of your official medical records from your healthcare providers;if necessary, convert your paper records into an electronic format, and promptly and securely dispose of the paper copy; upload the electronic copy of your records onto a secure, encrypted online database;allow you to access these records on your personal password-protected Portal on our website; and allow you to authorize other users (such as your healthcare provider or family member) to securely access your records.Limits for collecting Personal Information
MedChart collects personal health information about you only by fair and lawful means, either from you directly or from the Health Information Custodians that you have visited. This information may include your name, date of birth, address, contact information, health history, records of your visits to medical service providers, and details of the care that you received. Upon enrolling in MedChart's services you agree and understand that the collection of Personal Information and/or Personal Health Information is for your personal record keeping purposes.Limits for using, disclosing and keeping personal information
MedChart will use personal information only for the reasons it was collected, unless an individual gives consent to use or disclose it for another reason. MedChart will keep personal information only as long as necessary for the identified purposes. MedChart may share your Personal Information with our affiliates and service providers who may be involved in delivering MedChart's services, providing customer support, and conducting customer research or satisfaction surveys. These service providers are obligated to protect your Personal Information, and they are only given the information necessary to perform their designated functions. MedChart does not authorize any service providers to use or disclose your Personal Information for their own marketing or other purposes. We may also share your Personal Information with our financial, insurance, legal, accounting or other advisors that provide such professional services to us.
Your Personal Information may be processed and/or stored outside of Canada. While we undertake measures to protect your Personal Information, when it is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for Personal Information that is available in Canada. If your Personal Information is transferred outside of Canada, it may be available to the foreign government of the country in which the information or entity controlling it is situated under a lawful order made in that country and used for purposes other than those described herein. By providing us with your information, you are allowing your Personal Information to be transferred outside of Canada.Keeping Personal Information Accurate
MedChart will keep the Personal Information and Personal Health Information in its possession or control accurate, complete, current and relevant, based on the most recent information available to MedChart. Individuals are responsible for notifying MedChart about the accuracy and completeness of their personal information and may have it amended as appropriate.Safeguarding Personal Information
The safety and privacy of your information is our top priority. Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored. We strive to protect your personal information from theft, loss, and unauthorized access, copying, modification, use, disclosure and disposal. We conduct audits and complete investigations to monitor and manage our privacy compliance. We ensure that all of our officers, employees and agents protect your privacy and only use your personal health information for the purposes you have consented to.
MedChart uses the industry-leading encryption technologies used by the major banks to secure your information, and continuously monitors and upgrades our systems on new developments. We have role-based access controls to ensure employees only manage information if and when necessary.
Access to your online profile and medical records is protected by your personal login details. An optional 2-factor authentication system (a verification code sent to your registered cell phone or email at time of login) minimizes the chances of unauthorized access in case your login details have been lost or stolen.Making Information about Policies and Procedures Available
Except as restricted by law, upon written request by the individual or substitute decision maker, an individual will be informed of the existence, use and disclosure of her or his personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended. Handling complaints and questions
For more information about our privacy protection practices, or to raise a concern you may have about our practices, please contact:
Chief Privacy Officer, MedChart Inc.
460 Richmond Street West
Toronto, ON, Canada
You also have the right to complain to the Privacy Commissioner of Canada if you think we have violated your rights. The Commissioner can be reached as follows:Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec, K1A 1H3
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591