Privacy Policy

NP HEALTH CLINIC INC. PRIVACY POLICY

Last Modified: March 26, 2024

INTRODUCTION

At NP Health Clinic Inc., ("we" or “us” or “our”) we are committed to protecting your privacy. We take our responsibility to safeguard our patient's personal information and personal health information (collectively, “Personal Information”) very seriously. We value the trust placed in us by our patients and their families, and we are dedicated to maintaining that trust through our commitment to privacy and security.

This Privacy Policy (the “Policy”) outlines how we collect, use, disclose, and protect your Personal Information in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Personal Health Information Protection Act (“PHIPA”), when using our website www.nphealthclinic.ca (the “Website”) or when interacting with us offline. 

Please read this Policy carefully. If you do not agree with our policies and practices, please do not use our Website or interact with us offline. By accessing or using our Website, or interacting with us offline, you indicate that you understand, accept, and consent to our practices described in this Policy. 

2.WHAT IS PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION

Under PIPEDA, "personal information" refers to any information about an identifiable individual, including information that can be used to distinguish, identify, or contact a specific individual.

Under PHIPA,  "personal health information" refers to information in any form that identifies you and that relates to your health and health care including, health history, health care programs and services, health care providers, substitute decision-makers, health card number, and other personal identification numbers. 

2. PERSONAL INFORMATION WE COLLECT ABOUT YOU

We collect several types of Personal Information to provide our comprehensive healthcare services, which include virtual consultations, primary healthcare, specialized medical services, health and wellness treatments, and access to educational resources (the “Services”). The Personal Information we collect includes but is not limited to:

• Your name, address, telephone number, email address, and health card number;
• Your age, gender, date of birth, and medical history;
• Health-related information relevant to your care, such as medical conditions, medications, and treatment preferences;
• Information regarding your substitute decision-maker and, if applicable;
• Information regarding your emergency contact;
• Preferences related to healthcare services and communication methods; and,
• Communication records, such as call logs, email correspondence, and digital consent forms.

3.HOW WE COLLECT YOUR PERSONAL INFORMATION

We use different channels and methods to collect Personal Information, including:

• Our online consent forms;
• Phone calls and email correspondences;
• In-person appointments;
• Virtual appointments; 
• Third-party referral sources, such as other healthcare professionals or providers, who may provide us with your contact information, a brief summary of your healthcare needs, and other relevant details through verbal communications, email referrals, or electronic health record systems;
• Questionnaires or surveys related to healthcare services, treatment preferences, or health-related needs.

4. USE OF PERSONAL INFORMATION

We use the Personal Information we collect about you or that you provide to us in the following ways: 

• To communicate with you about our Services;
• To provide our Services and maintain a record of Services provided to you; 
• To manage and schedule appointments through our Electronic Medical Records (“EMR”) system, Accuro, which includes the telemedicine application, Medeo;
• To receive payment from you for our Services (from you directly, OHIP, WSIB, or others)
• To maintain compliance with the College of Nurses of Ontario  (“CNO”), our governing body;
• To maintain a record of the Services provided to you;
• To improve our Website;
• To improve our customer service, which may include utilizing third-party tools or services to facilitate communication and interactions with you; 
• In any other way we may describe when you provide the information;
• For any other purpose with your consent;

5. DISCLOSURE OF PERSONAL INFORMATION

We maintain a strict policy regarding the disclosure of your Personal Information. We may disclose Personal Information that we collect or you provide as described in this privacy policy:

• Referrals to other healthcare providers, or when ordering testing, blood work, or providing prescriptions;
• Compliance with legal processes or regulatory requirements, particularly those set forth by CNO;
• With your family members or authorized representatives, if you have provided explicit consent for us to do so, or via a Power of Attorney, or in emergencies where your health, safety, or welfare is at risk;
• ​​For follow-ups and to enquire about your satisfaction with our Services.
• To comply with legal and regulatory requirements; 
• To fulfill the purpose for which you provide it; 
• For any other purpose disclosed by us when you provide the information; 
• To our subsidiaries and affiliates; and,
• With your consent. We may also disclose your Personal Information:
• To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable law.
  
• To contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Website improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this Policy
  
• To enforce or apply our Website Terms & Conditions of Use and other agreements, including for billing and collection purposes;
  
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, our patients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

6.SECURITY OF PERSONAL INFORMATION

The security of your Personal Information is very important to us. We use physical, electronic, and administrative measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure, including but not limited to: 

• Secure storage of electronic records within our EMR system and Medeo, which is backed up at Accuro head office and supported by our IT management team; 
• Encryption on all emails that contain any patient data, utilizing Hush Mail, our PHIPA & PIPEDA compliant email platform;
• Applying two-factor authentication whenever possible;
• Secure digital forms that patients fill out prior to their appointments, ensuring the protection of submitted information;
• Utilizing VPNs for additional security;
• Employee training on privacy and security policies; and
• Use of secure communication channels when transmitting Personal Information.

Unfortunately, the transmission of information via the Internet and other communication channels is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Website or through any means. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website or in our communication systems.

7. RETENTION OF PERSONAL INFORMATION

Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

Our general retention practices are as follows:

• Personal Information is kept for the duration of the patient's care and up to five (5) years thereafter, after which it is securely deleted from our systems and backups.
• Our records are mainly digital and are maintained through our EMR, Accuro, and our secure email provider, HushMail. Paper documents, if any, are digitized and securely shredded.

Under some circumstances, we may anonymize your Personal Information so that it can no longer be associated with or identify you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

8.LINKS TO OTHER WEBSITES

The Website may include links to third-party websites, plug-ins, services, social networks, or applications. Clicking on those links or enabling those connections may allow the third-party to collect or share data about you. If you follow a link to a third-party website or engage a third-party plugin, please note that these third-parties have their own privacy policies and we do not accept any responsibility or liability for these policies. We do not control these third-party websites, and as such, we encourage you to read the privacy policy of every website you visit.

9.THIRD-PARTY USE OF COOKIES

Some content or applications on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third-parties may use cookies to collect information about you when you use our Website. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioural) advertising or other targeted content. We do not control these third-parties’ tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. 

You can opt-out of several third-party ad servers’ and networks’ cookies simultaneously by using an opt-out tool created by the Digital Advertising Alliance of Canada and/or an opt-out tool created by the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.

10. ACCESS AND CORRECTION 

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes. 

If you want to review, verify, correct, or withdraw consent to the use of your Personal Information please contact our Privacy Officer, whose contact details are outlined in Section 14 of this Policy. 

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

We may request specific information from you to help us confirm your identity and your right to access the Personal Information that we hold about you or to make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your Personal Information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

11. WITHDRAWING YOUR CONSENT

Where you have provided your consent to the collecting, use, and disclosure of your Personal Information, you have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, please contact our Privacy Officer, whose contact details are outlined in Section 14 of this Policy. Please note that if you withdraw your consent we may not be able to provide you with a particular Service. We will explain the impact to you at the time to help you with your decision.

12 CHANGES TO OUR POLICY

This Policy may change from time to time. It is our policy to post any changes we make to our Policy on this page with a notice that the Policy has been updated on the Website home page. 

We will notify you in advance of any material changes to this Policy and obtain your consent to any new ways that we collect, use, disclose, and store your Personal Information. Please check the Policy periodically for updates, as your continued use of this Website after we make changes indicates that you accept and consent to those changes. 

13.PRIVACY OFFICER

We welcome your questions, comments, and requests regarding this Policy and our privacy practices. Please contact our Privacy Officer at:

Privacy Officer: Sean McDonald

NP Health Clinic Inc.

65 Baldwin St

Whitby, ON, L1M 1A3

sean@nphealthclinic.ca

We are committed to addressing any concerns you may have and will respond to your inquiry within a reasonable time.



14. COMPLAINTS

If you are not satisfied with our response to your privacy-related inquiry, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario, as applicable.

Office of the Privacy Commissioner of Canada

30 Victoria Street

Gatineau, Quebec K1A 1H3

Toll-free: 1-800-282-1376

Website: www.priv.gc.ca

Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Toll-free: 1-800-387-0073

Website: www.ipc.on.ca

By using our Services, you acknowledge and agree to the terms of this Policy. 

We appreciate your trust in us and will continue to work diligently to protect your Personal Information and provide you with the best possible service.