Privacy Policy

EXECUTIVE HEALTH CENTRE PRIVACY POLICY
IF THIS IS A MEDICAL EMERGENCY, PLEASE IMMEDIATELY CALL EMERGENCY PERSONNEL (911) FOR PROMPT MEDICAL ATTENTION.

1. Privacy

Chin Executive Health Group Inc. (“us,” “we,” “our”, or “EHC”) is a recognized global expert in the field of personalized medicine, focusing on a holistic approach to managing and optimizing well-being. EHC is responsible for the personal and health information we collect and hold. We are a Health Information Custodian as defined in the Personal Health Information Protection Act, 2004 (“PHIPA”). You can find our general Privacy Statement regarding EHC’s information practices here.

To ensure we comply with our privacy obligations, we have developed this privacy policy governing our online Services (“Privacy Policy”). EHC respects, and is committed to protecting, the privacy rights of our Clients (as defined below), visitors, and users of our website (https://executivehealthcentre.com/) (the “Website”), Portal (as defined below), and related services (collectively, the “Services”) provided through our Website and any application software for any platform (iPhone, Blackberry, Android, etc.) that you may download.

Our Website contains links to other sites. Those sites are not governed by this Privacy Policy. A User’s use of the Services is governed by this Privacy Policy and the End User Service Agreement (click to view our End User Service Agreement). By using the Services, you, as User, consent to the collection, use, and disclosure by us and our Agents of Personal Information as described in this Policy.

2. Definitions

“Account” means the account used by Users to sign into and use the Portal.

“Client(s)” means those Clients of EHC who are initially registered by EHC to access the Portal.

“Healthcare Provider(s)” means employees of EHC registered to be Portal users in order to access Healthcare Provider and Client content through the Portal. Healthcare Providers will interact through secure messaging on the Portal and will access the Electronic Medical Records (EMR) system for adding clinical notes and reports.

“Portal” means the secure Portal called My Wellness File, an online platform where Clients will access their health information starting with registering a new Account. Clients will be able to enter their own health information, track their progress on an action plan and access lab results through this Portal. Clients and Healthcare Providers will collaborate on this Portal to maintain and manage Client health in a secure and confidential environment.

“User(s)” means Clients, Healthcare Providers, Agents, and Website visitors.

3. Services Overview

Global experts in the field of personalized medicine, EHC leverages digital health technologies and will collect information about our Clients to help them manage their health and wellbeing more precisely and by effectively leveraging precision medicine, the digitizing of medical data and the power of predictive analytics. Such programs and services include: health program analysis and evaluation conducted by EHC and health-related research conducted by EHC. Our information management eco-system involves the collection, use and disclosure of Client information from the point of engagement, health assessments, care management, as well as communication with other Healthcare Providers.

4. Website Data Collected

We may track and collect the following categories of information when a User visits our Website: (1) IP (which stands for Internet Protocol) addresses; (2) domain servers; (3) types of computers accessing the Website; (4) types of web browsers used to access the Website; (5) referring source which may have sent you to the Website; and (6) other information associated with the interaction between a User’s browser and the Website (collectively, the “Website Data”).

5. Personal Information Collected

In providing the innovative care services by leveraging precision diagnostics through personalized medicine techniques with coaching on all of aspects of a Client’s health action plan, EHC will collect certain information from Users. In order for Users to access Services, we require Users to provide us with certain personal information that identifies the User, or from which a User’s identity could be deduced (“Personal Information”). Personal Information includes: (1) Contact Data (defined as a User’s e-mail address, Account password, and related information); (2) Demographic Data (defined as a User’s gender, age, nationality, address information, and related information); and (3) Personal Health Information (as defined in PHIPA), which includes, but is not limited to: hospital and doctor visit records, medication, immunization records, lab results, data originating from wearable technologies (such as pedometers, blood glucose monitors, blood pressure monitors) or external monitoring devices (such as chronic management applications, fitness training applications, weight loss applications, blood pressure applications) and much more.
A User may choose not to provide us with any Personal Information. In such an event, a User can still access and use much of the Services; however, a User will not be able to access and use those portions of the Services that require Personal Information.

If A User accesses any Services requiring a username and password, the User is solely responsible for keeping such items strictly confidential.

6. Website Tools

We also collect other information, which may include Personal Information that a User voluntarily provides to us when the User uses some of the Website’s interactive tools and services (the “Website Tools”). We also collect information the User provides voluntarily through the Website and through responses to questionnaires and surveys.

7. Cookies

“Cookies” are computer files that are placed on a User’s computer by a Website. In these files various pieces of information can be stored, from user identification and preferences to activities conducted while browsing the Website. A User may block cookies or delete cookies from the User’s computer if the User wishes but must do so at his or her own cost and responsibility. If a User does block or disable cookies, the User may not have access to the entire set of features of our Website.

Generally, we use “cookies” to customize a User’s experience on our Website and to store a User’s password so they do not have to re-enter it each time the User visits the Website.

We do not link the information stored in these cookies directly to any Personal Information submitted while on the Website.

8. Storage of Information

We store all Website Data indefinitely, even after it is deleted, and may retain such information elsewhere. Upon a User’s written request, we will use commercially reasonable efforts to delete a User’s Personal Information.

9. EHC’S Use of Personal Information

The purpose of collecting Personal Information is to provide health services to our Clients and to promote health, prevent disease, and process payment for Services. We and our Agents plan, deliver, track, and evaluate care and service for Clients. Personal Information is also used to make decisions about the types of services required and to communicate with other Healthcare Providers involved in that person’s care. When necessary, Personal Information may be used to investigate and manage potential risks for others who may be affected by a health risk.

10. Information Sharing

We share certain categories of information we collect from Users in the ways described in this Privacy Policy. We may also share Contact Data, Demographic Data, and Personal Health Information of Clients with Healthcare Providers. We also share Personal Information with our business partners who assist us by performing core services related to our operation of the Website, Portal, and/or by making certain Website Tools available to our Users. Those business partners shall be bound to uphold the same standards of security and confidentiality that we have promised to you in this Privacy Policy, and they will only use Personal Information to carry out their specific business obligations to EHC and to provide requested medical care and services. We may also transfer information about Users to third parties in connection with a merger, sale, or acquisition by or of EHC. EHC does not provide Personal Information to any third parties for their promotional purposes. Only de-identified, anonymized and aggregated data will be extracted from the systems for the purposes of evaluation of the performance of our programs. We may also use de-identified, anonymized and aggregated data for the purposes of promotion of EHC and our Services. Should a research study be initiated and should a Client consent to participate in such a study, identifiable information will be removed and assignment of a confidential identifier or code will be implemented in the case where Client data is required for a research project.

11. Confidentiality

Except as otherwise provided in this Privacy Policy, we will keep a User’s Personal Information private and will not share it with third parties, unless we believe in good faith that disclosure of Personal Information or any other information we collect is necessary to: (1) comply with a court order or other legal process; (2) protect the rights, property or safety of EHC or another party; (3) enforce our End User Service Agreement; or (4) respond to claims that any posting or other content violates the rights of third-parties.

12. Controlling and Correcting Personal Information

Since we use Personal Information to provide Services to Users, it is important that a User’s Personal Information be accurate and up-to-date. If any Personal Information changes, a User should advise us so that we can make any necessary changes (a User can either write to us directly or, if a User is a registered user of our Services, they can modify some of their Personal Information they have included in their profile). A User can request that we modify his or her contact information at any time.
We make every effort to ensure that all User information is recorded accurately and is current. If we hold Personal Information about a User and the User can establish that it is not accurate, complete, and/or current , we will take reasonable steps to correct it. EHC will correct such information unless to do so will interfere with the administration or enforcement of the law. Any deletions performed by the EHC systems as “soft” deletes and while no longer viewable on the front end, will be retained in the system in the back-end of the Portal and Website.

13. Access to Personal Information

A User may ask for access to any Personal Information we hold about the User. Summary information is available on request. More detailed requests that require archive or other retrieval costs may be subject to our normal professional and disbursement fees.

A User’s rights to access Personal Information are not absolute. We may deny access when:
• Denial of access is required or authorized by law;
• Information relates to existing or anticipated legal proceedings against the User;
• When granting you access would have an unreasonable impact on other people’s privacy;
• When to do so would prejudice negotiations with the User;
• To protect our rights and property; and
• Where the request is frivolous or vexatious.

If we deny a User’s request for access to, or refuse a request to correct a User’s Personal Information, we shall explain why.
14. Healthcare Providers

Healthcare Providers, their employees, and their agents are responsible for being aware of all of their legal and ethical obligations of Client confidentiality, both in communicating with EHC and in responding to a review of their services posted on our Website. EHC does not have, and will not accept, any obligations of confidentiality with respect to any communications other than those expressly stated in this Privacy Policy and our End User Service Agreement.

15. Security

The security of a User’s Personal Information is important to us. Our Services are governed by physical and administrative technical security measures in place to protect against the loss, misuse, unauthorized access, and alteration of Personal Information under our direct control. We take reasonable precautions to ensure that Personal Information is kept safe from loss, unauthorized access, modification, or disclosure. Among the steps taken to protect Personal Information are:
• Premises security;
• Restricted file access to Personal Information;
• Deploying technological safeguards like encryption and security software and firewalls to prevent hacking or unauthorized computer access; and
• Internal password and security policies.
“Phishing” is a fraudulent practice designed to steal Personal Information. If a User receives an e-mail that looks like it is from us asking for Personal Information, the User should not respond. We will never request password, user name, credit card information, or other Personal Information through e-mail.
The Website cannot be completely absolutely protected against intentional or malicious intrusion attempts. Further, we do not control the devices or computers or the internet over which a User may choose to send Personal Information and cannot, therefore, prevent such interceptions of compromises to Personal Information while in transit to us. If we learn that a User’s Personal Information has been disclosed in a manner that is not in accordance with this Privacy Policy, we will use reasonable efforts to advise the User of the disclosure as soon as reasonably possible.
EHC takes reasonable commercial steps to transfer, retain, and destroy Personal Information securely. These include an encrypted file transfer system that protects both inbound and outbound electronic files, and a prohibition against transferring paper with Personal Information.

16. Lost or Stolen Information

A User must promptly notify us if Contact Data is lost, stolen, or used without the User’s permission. In such an event, we will remove that Contact Data from the User’s account and update our records accordingly.

17. Links to Other Websites

Website contains links to third party websites to which EHC has no affiliation. We do not share Personal Information with those websites and we are not responsible for their privacy practices. Some websites may be similar to our Website. Users should be cautious that they may be on a different site and that this Privacy Policy only covers our Website. Should a User decide to visit one of these third party websites, we recommend that the User read its privacy policy.

18. Updates and Changes to Privacy Policy

Since we regularly review all of our policies and procedures, we may change our Privacy Policy from time to time. All changes will be posted on our Website. In all cases, use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.
19. E-mail

Users should be aware that e-mail is not an entirely secure medium. Users should be aware of this when using e-mail to send or receive personal or confidential information

20. Limitation of Liability
We make no guarantee as to security, integrity, or confidentiality of any information transmitted to or from our Website, or stored within our Website. Beyond our reasonable care to safeguard User information while in transit, EHC does not guarantee the absolute security of electronic communications or transmissions since any transmission made over the internet by anyone individual runs the risk of interception.
A User assumes the sole risk of transmitting Personal Information as it relates to the use of our Services, and for any data corruptions, intentional interceptions, intrusions or unauthorized access to Personal Information, or of any delays, interruptions to or failures preventing the use our Services. In no event shall we be liable for any direct, indirect, special, consequential or monetary damages, including fees and penalties in connection with a User’s use of the Services provided by our Website or connectivity to or from this Website to any other website.
BY USING OUR SERVICES, YOU ACCEPT THE TERMS OF THIS PRIVACY POLICY IN ITS ENTIRETY WITHOUT ANY MODIFICATION.
EHC GENERAL PRIVACY STATEMENT

We will protect the privacy of all the information you give us
In providing the innovative care services by leveraging precision diagnostics through personalized medicine techniques with coaching on all of aspects of your health action plan, EHC shall collect, use and can disclose personal information. This can be identification and contact details as well as personal health information (PHI) such as hospital and doctor visit records, medication, immunization records, lab results, data originating from wearable technologies (such as pedometers, blood glucose monitors, blood pressure monitors) or external monitoring devices (such as chronic management applications, fitness training applications, weight loss applications, blood pressure applications) and much more.
We are committed to protecting your privacy. This privacy statement applies to personal information (including personal health information) collected by EHC agents orally, electronically or in writing.
EHC’s policies and procedures align with the Personal Health Information and Protection Act, SO 2004, c.3, Sch A. (PHIPA); The Personal Information Protection of Electronic Documents Act, SC 2000, c.5; and the Freedom of Information and Protection of Privacy Act, 1990 (FIPPA).
How we protect your information
By virtue of seeking care from us, your consent is implied for your information to be used by this office to provide care and share with other providers in your circle of care.
Once you have agreed to become a client of EHC you will have the opportunity to use the client portal and will be asked to sign the privacy consent on the portal for portal use. Then you will be provided with account credentials for creating your secure account for logging onto the EHC client portal. If you do require medical information beyond what will be provided to the portal you have the right to request this in writing. You also have the right to withdraw consent.
Clients of EHC will have the opportunity to securely log onto the EHC systems to maintain their accounts and collaborate about their care with EHC staff.
The EHC portal allows you to be in contact with multiple care providers in your circle of care.
The EHC systems will be use your personal information to register your account, contact you via phone or email, and to provide EHC’s unique health care services including research using non-personal information for measurements and analysis in an effort to administer care.
As we have implemented new technologies to manage care, we have conducted a Privacy Impact Assessment on our client portal. The assessment has ensured that the system adheres to the ten internationally recognized privacy principles.
EHC has developed a set of policies and procedures around these principles specifically built to protect personal health information and all staff have been trained appropriately.
EHC Policies and Procedures
We take full responsibility for personal information under our custody and we have designated Dr. Elaine Chin as the Privacy Officer to be accountable for compliance and oversight.
As a client of EHC we will never use your personal information in a manner not otherwise provided for on the consent form outlining the purpose of collecting your information to provide innovative care. In the event that we do require any other use, you will be required to provide authorization through forms provided by our organization and for the explicit purpose and personnel who will use this information.
We rely on implied consent, where appropriate, or obtain express consent from the individual (patients, employees, volunteers, affiliates, the public, etc.) when collecting, using or disclosing personal health information and/or personal information, unless otherwise exempted by PHIPA or FIPPA.
All healthcare providers of EHC are considered to be covered under PHIPA and are provided access to your personal health information have been subject to background checks as well as the privacy policies from their professional discipline. Our providers will not copy, change, use, share or discard your information unless allowed.
Detailed policies and procedures have been communicated to all staff and they attend such training prior to start. Periodical privacy audits and refreshers ensure that all staff align with these policies. Specifically in the event of exceptions or breaches, staff have procedures to follow that align with PHIPA.
We make every effort to ensure that all of your information is recorded accurately and is up-to-date. As our client, you have the right to request changes to your personal health information, if you provide reliable evidence of an error. EHC will correct such information unless to do so will interfere with the administration or enforcement of the law. Any deletions performed by the EHC systems as “soft” deletes and while no longer viewable on the front end, will be retained in the system in the back-end. You can request that we modify your contact information at any time.
Your record will be retained as necessary for the purpose outlined in this statement as long as you remain an active client of EHC and governed by the laws of Ontario.
Our services are governed by physical, administrative, technical security measures in place to protect against the loss, misuse, unauthorized access and alteration of PHI under our direct control.
Unique usernames and passwords are required and must be entered each time staff or clients log in.
Data is encrypted on all systems and any data in transit is also encrypted. All information systems maintain audits of all PHI access and disclosures.

CONTACT
If you have any questions concerning our Privacy Policy or Privacy Statement, or wish to access your Personal Information, please write to our Privacy Officer at:
Chin Executive Health Centre Group Inc.
o/a Executive Health Centre
Yonge Corporate Centre
Suite 306, 4120 Yonge Street, Toronto, Ontario, M2P 2B8, Canada
Attention: Dr. Elaine Chin
Email: elaine.chin@executivehealthcentre.com
www.executivehealthcentre.com

If you are not satisfied with our response, the Provincial Privacy Commissioner can be reached at:
Phone: 416.326.3984, fax 416.325.9195,
Email: commissioner@ipc.on.ca
Mail to: Information and Privacy Commissioner/Ontario,
Suite 1400, 2 Bloor St East, Toronto, Ontario, M4W 1A8, Canada