IF THIS IS A MEDICAL EMERGENCY, PLEASE IMMEDIATELY CALL EMERGENCY PERSONNEL (911) FOR PROMPT MEDICAL ATTENTION.
Chin Executive Health Group Inc. (“us,” “we,” “our”, or “EHC”) is a recognized global expert in the field of personalized medicine, focusing on a holistic approach to managing and optimizing well-being. EHC is responsible for the personal and health information we collect and hold. We are a Health Information Custodian as defined in the Personal Health Information Protection Act, 2004 (“PHIPA”). You can find our general Privacy Statement regarding EHC’s information practices here.
“Account” means the account used by Users to sign into and use the Portal.
“Client(s)” means those Clients of EHC who are initially registered by EHC to access the Portal.
“Healthcare Provider(s)” means employees of EHC registered to be Portal users in order to access Healthcare Provider and Client content through the Portal. Healthcare Providers will interact through secure messaging on the Portal and will access the Electronic Medical Records (EMR) system for adding clinical notes and reports.
“Portal” means the secure Portal called My Wellness File, an online platform where Clients will access their health information starting with registering a new Account. Clients will be able to enter their own health information, track their progress on an action plan and access lab results through this Portal. Clients and Healthcare Providers will collaborate on this Portal to maintain and manage Client health in a secure and confidential environment.
“User(s)” means Clients, Healthcare Providers, Agents, and Website visitors.
3. Services Overview
Global experts in the field of personalized medicine, EHC leverages digital health technologies and will collect information about our Clients to help them manage their health and wellbeing more precisely and by effectively leveraging precision medicine, the digitizing of medical data and the power of predictive analytics. Such programs and services include: health program analysis and evaluation conducted by EHC and health-related research conducted by EHC. Our information management eco-system involves the collection, use and disclosure of Client information from the point of engagement, health assessments, care management, as well as communication with other Healthcare Providers.
4. Website Data Collected
We may track and collect the following categories of information when a User visits our Website: (1) IP (which stands for Internet Protocol) addresses; (2) domain servers; (3) types of computers accessing the Website; (4) types of web browsers used to access the Website; (5) referring source which may have sent you to the Website; and (6) other information associated with the interaction between a User’s browser and the Website (collectively, the “Website Data”).
5. Personal Information Collected
In providing the innovative care services by leveraging precision diagnostics through personalized medicine techniques with coaching on all of aspects of a Client’s health action plan, EHC will collect certain information from Users. In order for Users to access Services, we require Users to provide us with certain personal information that identifies the User, or from which a User’s identity could be deduced (“Personal Information”). Personal Information includes: (1) Contact Data (defined as a User’s e-mail address, Account password, and related information); (2) Demographic Data (defined as a User’s gender, age, nationality, address information, and related information); and (3) Personal Health Information (as defined in PHIPA), which includes, but is not limited to: hospital and doctor visit records, medication, immunization records, lab results, data originating from wearable technologies (such as pedometers, blood glucose monitors, blood pressure monitors) or external monitoring devices (such as chronic management applications, fitness training applications, weight loss applications, blood pressure applications) and much more.
A User may choose not to provide us with any Personal Information. In such an event, a User can still access and use much of the Services; however, a User will not be able to access and use those portions of the Services that require Personal Information.
If A User accesses any Services requiring a username and password, the User is solely responsible for keeping such items strictly confidential.
6. Website Tools
We also collect other information, which may include Personal Information that a User voluntarily provides to us when the User uses some of the Website’s interactive tools and services (the “Website Tools”). We also collect information the User provides voluntarily through the Website and through responses to questionnaires and surveys.
“Cookies” are computer files that are placed on a User’s computer by a Website. In these files various pieces of information can be stored, from user identification and preferences to activities conducted while browsing the Website. A User may block cookies or delete cookies from the User’s computer if the User wishes but must do so at his or her own cost and responsibility. If a User does block or disable cookies, the User may not have access to the entire set of features of our Website.
Generally, we use “cookies” to customize a User’s experience on our Website and to store a User’s password so they do not have to re-enter it each time the User visits the Website.
We do not link the information stored in these cookies directly to any Personal Information submitted while on the Website.
8. Storage of Information
We store all Website Data indefinitely, even after it is deleted, and may retain such information elsewhere. Upon a User’s written request, we will use commercially reasonable efforts to delete a User’s Personal Information.
9. EHC’S Use of Personal Information
The purpose of collecting Personal Information is to provide health services to our Clients and to promote health, prevent disease, and process payment for Services. We and our Agents plan, deliver, track, and evaluate care and service for Clients. Personal Information is also used to make decisions about the types of services required and to communicate with other Healthcare Providers involved in that person’s care. When necessary, Personal Information may be used to investigate and manage potential risks for others who may be affected by a health risk.
10. Information Sharing
12. Controlling and Correcting Personal Information
Since we use Personal Information to provide Services to Users, it is important that a User’s Personal Information be accurate and up-to-date. If any Personal Information changes, a User should advise us so that we can make any necessary changes (a User can either write to us directly or, if a User is a registered user of our Services, they can modify some of their Personal Information they have included in their profile). A User can request that we modify his or her contact information at any time.
We make every effort to ensure that all User information is recorded accurately and is current. If we hold Personal Information about a User and the User can establish that it is not accurate, complete, and/or current , we will take reasonable steps to correct it. EHC will correct such information unless to do so will interfere with the administration or enforcement of the law. Any deletions performed by the EHC systems as “soft” deletes and while no longer viewable on the front end, will be retained in the system in the back-end of the Portal and Website.
13. Access to Personal Information
A User may ask for access to any Personal Information we hold about the User. Summary information is available on request. More detailed requests that require archive or other retrieval costs may be subject to our normal professional and disbursement fees.
A User’s rights to access Personal Information are not absolute. We may deny access when:
• Denial of access is required or authorized by law;
• Information relates to existing or anticipated legal proceedings against the User;
• When granting you access would have an unreasonable impact on other people’s privacy;
• When to do so would prejudice negotiations with the User;
• To protect our rights and property; and
• Where the request is frivolous or vexatious.
If we deny a User’s request for access to, or refuse a request to correct a User’s Personal Information, we shall explain why.
14. Healthcare Providers
The security of a User’s Personal Information is important to us. Our Services are governed by physical and administrative technical security measures in place to protect against the loss, misuse, unauthorized access, and alteration of Personal Information under our direct control. We take reasonable precautions to ensure that Personal Information is kept safe from loss, unauthorized access, modification, or disclosure. Among the steps taken to protect Personal Information are:
• Premises security;
• Restricted file access to Personal Information;
• Deploying technological safeguards like encryption and security software and firewalls to prevent hacking or unauthorized computer access; and
• Internal password and security policies.
“Phishing” is a fraudulent practice designed to steal Personal Information. If a User receives an e-mail that looks like it is from us asking for Personal Information, the User should not respond. We will never request password, user name, credit card information, or other Personal Information through e-mail.
EHC takes reasonable commercial steps to transfer, retain, and destroy Personal Information securely. These include an encrypted file transfer system that protects both inbound and outbound electronic files, and a prohibition against transferring paper with Personal Information.
16. Lost or Stolen Information
A User must promptly notify us if Contact Data is lost, stolen, or used without the User’s permission. In such an event, we will remove that Contact Data from the User’s account and update our records accordingly.
17. Links to Other Websites
Users should be aware that e-mail is not an entirely secure medium. Users should be aware of this when using e-mail to send or receive personal or confidential information
20. Limitation of Liability
We make no guarantee as to security, integrity, or confidentiality of any information transmitted to or from our Website, or stored within our Website. Beyond our reasonable care to safeguard User information while in transit, EHC does not guarantee the absolute security of electronic communications or transmissions since any transmission made over the internet by anyone individual runs the risk of interception.
A User assumes the sole risk of transmitting Personal Information as it relates to the use of our Services, and for any data corruptions, intentional interceptions, intrusions or unauthorized access to Personal Information, or of any delays, interruptions to or failures preventing the use our Services. In no event shall we be liable for any direct, indirect, special, consequential or monetary damages, including fees and penalties in connection with a User’s use of the Services provided by our Website or connectivity to or from this Website to any other website.
EHC GENERAL PRIVACY STATEMENT
We will protect the privacy of all the information you give us
In providing the innovative care services by leveraging precision diagnostics through personalized medicine techniques with coaching on all of aspects of your health action plan, EHC shall collect, use and can disclose personal information. This can be identification and contact details as well as personal health information (PHI) such as hospital and doctor visit records, medication, immunization records, lab results, data originating from wearable technologies (such as pedometers, blood glucose monitors, blood pressure monitors) or external monitoring devices (such as chronic management applications, fitness training applications, weight loss applications, blood pressure applications) and much more.
We are committed to protecting your privacy. This privacy statement applies to personal information (including personal health information) collected by EHC agents orally, electronically or in writing.
EHC’s policies and procedures align with the Personal Health Information and Protection Act, SO 2004, c.3, Sch A. (PHIPA); The Personal Information Protection of Electronic Documents Act, SC 2000, c.5; and the Freedom of Information and Protection of Privacy Act, 1990 (FIPPA).
How we protect your information
By virtue of seeking care from us, your consent is implied for your information to be used by this office to provide care and share with other providers in your circle of care.
Once you have agreed to become a client of EHC you will have the opportunity to use the client portal and will be asked to sign the privacy consent on the portal for portal use. Then you will be provided with account credentials for creating your secure account for logging onto the EHC client portal. If you do require medical information beyond what will be provided to the portal you have the right to request this in writing. You also have the right to withdraw consent.
Clients of EHC will have the opportunity to securely log onto the EHC systems to maintain their accounts and collaborate about their care with EHC staff.
The EHC portal allows you to be in contact with multiple care providers in your circle of care.
The EHC systems will be use your personal information to register your account, contact you via phone or email, and to provide EHC’s unique health care services including research using non-personal information for measurements and analysis in an effort to administer care.
As we have implemented new technologies to manage care, we have conducted a Privacy Impact Assessment on our client portal. The assessment has ensured that the system adheres to the ten internationally recognized privacy principles.
EHC has developed a set of policies and procedures around these principles specifically built to protect personal health information and all staff have been trained appropriately.
EHC Policies and Procedures
We take full responsibility for personal information under our custody and we have designated Dr. Elaine Chin as the Privacy Officer to be accountable for compliance and oversight.
As a client of EHC we will never use your personal information in a manner not otherwise provided for on the consent form outlining the purpose of collecting your information to provide innovative care. In the event that we do require any other use, you will be required to provide authorization through forms provided by our organization and for the explicit purpose and personnel who will use this information.
We rely on implied consent, where appropriate, or obtain express consent from the individual (patients, employees, volunteers, affiliates, the public, etc.) when collecting, using or disclosing personal health information and/or personal information, unless otherwise exempted by PHIPA or FIPPA.
All healthcare providers of EHC are considered to be covered under PHIPA and are provided access to your personal health information have been subject to background checks as well as the privacy policies from their professional discipline. Our providers will not copy, change, use, share or discard your information unless allowed.
Detailed policies and procedures have been communicated to all staff and they attend such training prior to start. Periodical privacy audits and refreshers ensure that all staff align with these policies. Specifically in the event of exceptions or breaches, staff have procedures to follow that align with PHIPA.
We make every effort to ensure that all of your information is recorded accurately and is up-to-date. As our client, you have the right to request changes to your personal health information, if you provide reliable evidence of an error. EHC will correct such information unless to do so will interfere with the administration or enforcement of the law. Any deletions performed by the EHC systems as “soft” deletes and while no longer viewable on the front end, will be retained in the system in the back-end. You can request that we modify your contact information at any time.
Your record will be retained as necessary for the purpose outlined in this statement as long as you remain an active client of EHC and governed by the laws of Ontario.
Our services are governed by physical, administrative, technical security measures in place to protect against the loss, misuse, unauthorized access and alteration of PHI under our direct control.
Unique usernames and passwords are required and must be entered each time staff or clients log in.
Data is encrypted on all systems and any data in transit is also encrypted. All information systems maintain audits of all PHI access and disclosures.
Chin Executive Health Centre Group Inc.
o/a Executive Health Centre
Yonge Corporate Centre
Suite 306, 4120 Yonge Street, Toronto, Ontario, M2P 2B8, Canada
Attention: Dr. Elaine Chin
If you are not satisfied with our response, the Provincial Privacy Commissioner can be reached at:
Phone: 416.326.3984, fax 416.325.9195,
Mail to: Information and Privacy Commissioner/Ontario,
Suite 1400, 2 Bloor St East, Toronto, Ontario, M4W 1A8, Canada