Medisys virtual care privacy statement
Effective October, 2019
WELCOME TO Medisys on-Demand!
This Privacy Statement (the “Privacy Statement”) governs how Medisys Health Group Inc. (“Medisys,” “us”, “we”, or “our”) and its third party virtual care provider, Right Health Inc. (“Platform Partner”) collects, uses, discloses and otherwise manages your Personal Information and your Personal Health Information (collectively, “Information”) when you use our Medisys On-Demand online platform including through the Medisys On-Demand mobile application (the “App”) (collectively, the “Platform”). For the purposes of this Privacy Statement, “Personal Information” includes your name, phone number, email address, gender, birth date and payment information (including your credit card number and its expiration date), but excludes Personal Health Information; “Personal Health Information” means information that is collected or created by our healthcare team in the course of providing healthcare services to you, including information concerning your physical or mental health history, health status, symptoms, diagnosis, laboratory testing results and diagnostic images, your health insurance plan number, information concerning any healthcare service and advice provided to you by us, including referrals, recommended follow up or next steps, and other health-related information.
COLLECTION AND USE OF INFORMATION
The Platform provides individuals with access to healthcare professionals, which may include nurse practitioners, nurses, mental health therapists, dietitians, naturopaths and physicians (“Health Care Practitioners”) and personal health assistants (“PHAs”) by secure text, video and audio chat for virtual care consultations (“Health Services”), and related healthcare and administrative support services (“Administrative Services”) (together referred to as “Services”). We collect and use your Information for the purposes of: (A) providing the Services, (B) complying with applicable law, (C) reasonable audit and data retention policies, and (D) to the extent that the data is anonymous and non-identifiable, for research and analytical purposes and to operate and expand our business opportunities.
Registration on the Platform: In order to use the Platform to receive Services, you will need to register to create a secure User Account and provide your name, contact information and a password that you select (“User Account”). You will also need to disclose information about your current health condition and health history to Health Care Practitioners and PHAs in order to enable them to provide you with appropriate Services and to complete and update online profiles and personal health histories maintained in your User Account. Individuals under the age of majority in their jurisdiction may access Services at the discretion of Health Care Practitioners and PHAs, and in collaboration with a parent or legal guardian of the individual, as appropriate.
Purchase a Paid Service: If you choose to purchase Services from us, we may collect your payment information such as your name, address, phone number, email address, billing address, and payment method. This information is used to process your payments and, if you purchase a recurring Service, to renew your subscription. We use a third party service provider who is PCI DSS compliant to facilitate secure payment processing and your Personal Information (but not your Personal Health Information) may be stored, accessed and/or viewed outside of Canada.
DISCLOSURE OF YOUR INFORMATION
We will not rent, exchange or sell your Information.
We may transfer or disclose your Information as follows:
Circle of Care: If you receive Services through the Platform, we may disclose your Information to and among Health Care Practitioners and PHAs for the purpose of providing or assisting in the provision of Services to you. We may disclose your Information to third parties such as other health professionals, specialists, pharmacists, pharmacies and laboratories for the purpose of providing or assisting in the provision of Services to you – this includes, but is not limited to, providing medically appropriate referrals, prescriptions, or lab and imaging requisitions to you. Your Personal Health Information can only be shared with third parties outside of your circle of care with your express consent.
Employers/Benefits Providers: If your access to the Platform was facilitated through your employer or benefits provider, we may provide general information about the status of your account to them. For example, we may disclose to your employer or benefits provider whether you activated your account, what email address you provided and when you last accessed your account. We will not disclose any Personal Health Information to your employer or benefits provider. Non-identifiable information may be shared with your employer at an aggregated level.
Service Provider Arrangements: In connection with the Platform and/or Services provided by Medisys, your Information may transit through third parties, including but not limited to the Platform Partner, who provide services on our behalf. For example, we may use service providers to provide specialized health related support and care, process payments, host our website and store information on our behalf. Our service providers are given only the Information they need to perform their designated functions.
Sale of Business: We may transfer Information as an asset in connection with a proposed or completed merger or sale (including transfers made as part of insolvency or bankruptcy proceeding) involving all or part of Medisys, or its Platform Partner, or as part of a corporate reorganization or other change in corporate control.
Legal: Medisys and its service providers may disclose Information to third parties where required or permitted by applicable law (which may include access by courts, law enforcement and national security authorities in Canada).
INFORMATION ABOUT THE PLATFORM
As you use the Platform, certain Personal Information may be passively collected by Cookies (defined below), navigational data like Uniform Resource Locators (URLs) and third party tracking services, including:
- App Activity Information:We may keep track of some of the actions you take on the Platform, such as the content of searches you perform on the App. We use this information in order to improve the products and services and to protect your data from unauthorized access.
- Access Device and Browser Information:When you access the App from a computer or other device, we may collect information from that device, such as your Internet protocol address (IP address), browser type, connection speed and access times (collectively, “Usage Information”). We use Usage Information in order to improve the products and services and to protect your data from unauthorized access.
- Device and Usage Information:We may also collect device-related information from your mobile device or computer. This information is used to help us authenticate you, deliver content appropriate for your device’s capabilities, and to deliver push notifications to notify about activity on your account, such as messages from our Health Care Practitioners. Examples of information that may be collected and used include your device’s unique identifier, manufacturer, model, and operating system version. In addition, in the event our application(s) crash(es) on your mobile device we may receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our application(s).
- Real-Time Location:Certain features of the App request your permission to use GPS technology to collect real-time information about the location of your device so that the App can connect you to a Health Care Practitioner who is licensed or authorized to provide services in the area where you are located.
- Real-Time Video and Audio Conversations:You may be required to connect with Health Care Practitioners and PHAs through a real-time video and audio call to receive certain Health Services and to verify your identity. All video and audio calls conducted through the Platform are confidential and end-to-end encrypted and accessible only to you and the Health Care Practitioners and PHAs responsible for your care. These calls are never recorded or stored and cannot be accessed at a later date.
- Text-based Chat:Many of the Services are accessed primarily through text-based chat. The contents of your chat conversations are stored as part of your health record and are protected in the same way as all other Personal Health Information in our custody.
SECURITY OF INFORMATION
We understands that data security is a critical issue for users and we are committed to safeguarding the Information in our custody and control.
We have implemented a comprehensive information security program that includes written policies and procedures, and security controls, as well as, reasonable administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, loss, modification and disclosure, of Information in our custody and control. Medisys also ensures that the security policies, procedures, and controls of its Platform Partner are tested and audited by a third party on an ongoing basis, using industry-standard practices such as SOC 2 reporting and penetration testing.
Our privacy practices are intended to comply with applicable privacy laws and we will maintain the privacy and security of your Information as required by applicable privacy laws. Your Personal Health Information will be stored on servers physically located in Canada (but may be temporarily viewed, accessed, used or transferred outside of Canada as necessary for installing, implementing, maintaining, repairing, trouble shooting or upgrading the Platform). Personal Information (but not Personal Health Information) may be stored outside of Canada.
It is your responsibility to play an active role in the protection and safeguarding of your Information. We encourage you to take the following steps when creating your User Account, accessing the Platform and/or using the Services:
- Create a strong and unique password that you do not share with anyone;
- Have a strong password on your computer and device that is used to access the Platform and Services;
- Fully sign-out of your User Account and close the App when you have finished using it; and
- Ensure that you are receiving Health Services from a private and undisturbed location.
ACCESS TO INFORMATION
Medisys takes reasonable steps to ensure your Information is accurate, complete, and up to date. If you become aware that any Information in our possession about you is not correct, please contact customer support. Contact information may be found under the heading “Contact Us”.
You are entitled to a copy of the Information that we have in our possession or under our control; if you would like a copy of such Information, please contact us. We will take reasonable steps to verify your identity before granting access or making corrections. In addition, your right to access or correct your Information is subject to certain legal restrictions.
We may use non-identifiable information created by us from your Information in order to (i) better understand and improve the Platform and our service offerings; (ii) for research and analytical purposes; and/or (iii) to operate and expand our business opportunities.
This Privacy Statement does not cover any information (including when created by us from you Information), recorded in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred from the information (“Aggregated Information”). Medisys retains the right to use Aggregated Information in any way that it determines appropriate and reasonable.
RETAINING YOUR INFORMATION
We will retain any and all Information that we are required to retain under any applicable laws and regulations for the full duration of time required under those laws and regulations. We may also retain non-identifiable information, and continue to use this information in accordance with this Policy.
You may request that we delete the Information that we maintain about you, but please note that we may be required to maintain certain Information in order to meet our legal obligations (in which case we will comply with your deletion request only after we have fulfilled such obligations). When we delete Information, it will be deleted from the active database, but may remain in our archives and we may also retain Usage Information. After we delete Information, we may retain non-identifiable information, and will continue to use such information as permitted under this Privacy Statement.
You should report any privacy or security violations, including any suspected or actual unauthorized access, use or loss, of Information, to us by sending an email to firstname.lastname@example.org.
CHANGES TO THIS PRIVACY STATEMENT
This Privacy Statement may be updated periodically to reflect changes to our practices. Any notices regarding modifications to this Privacy Statement, will be in a written form and given: (i) by Medisys via email (in each case to the address that you provide); or (ii) via the Platform.
Please contact us at the address set out below if:
- you have any questions or comments about this Privacy Statement;
- you wish to access, update, and/or correct inaccuracies in your Information; or
- you otherwise have a question or complaint about the manner in which we or our service providers treat your Information.
Medisys Health Group
c/o Privacy Officer
600 De Maisonneuve Blvd.
This Privacy Statement was last updated October 2019.