Privacy Policy
Members Health Inc provides its users the capability to engage in secure video consultations with health care providers from the privacy and convenience of a location they choose as secure and appropriate. This means personal information and personal health information is collected by Members Health Inc. This information is highly-sensitive and protected by the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all applicable provincial personal health information protection legislation throughout Canada.
Members Health Inc is committed to safeguard this information at the corresponding level. This Privacy Policy describes the physical, technological and administrative measures we implement to safeguard personal and personal health information. We comply with privacy law and we honour the trust of our users by taking the necessary measures to protect personal and personal health information.
By law, personal information is that which relates to an identifiable individual, to the exclusion of business contact information (name, title, work address, work phone number or work email address). Personal health information includes information that relates to an identifiable individual’s health, physical and/or mental health history, including family health history, and/or medical treatment.
Read on to learn more, and if you have questions, feel free to contact our Designated Privacy Contact, Chief Privacy and Security Officer at support@membershealth.ca. If we update this Privacy Policy, we will notify you.
Our commitment
Members Health Inc will never collect, use or disclose personal or personal health information without the consent of the individual to which it relates.
Members Health Inc safeguards personal and personal health information on the basis of risk assessments and industry standards regarding physical security, technological security and administrative policies and processes, as detailed below.
Members Health Inc complies with all applicable personal health information legislation where it operates.
Information we collect
From patients:
When consulting a health care provider registered with Members Health Inc, we collect: Name, date of birth, email and phone number of the patient, date and time of the appointment, confirm address info and health card details, together with any written instructions the provider has added to the "notes for patient" after the appointment, and files attached by the provider or patient during or after the appointment inside the platform, usually as PDF or Word documents. Additional information may also include medical history, record of visits, test results and diagnoses.
From health care providers:
We collect name, business contact information, availability and specialization details. How we protect the information we collect:
Members Health Inc protects personal and personal health information through integrated physical, technological and administrative safeguards:
Physical safeguards:
Members Health Inc premises do not house any of the electronic equipment upon which personal health information is permanently stored, this information is stored directly on Telus supplied and managed Secure Servers inside highly secure Telus Facilities, none of which can be accessed without Telus authorization and protocols being followed. Access is controlled by digital tokens, codes and monitored in a manner that keeps all personal and personal health information secure from unauthorized access. Members Health Inc electronic equipment does include portable equipment; however these devices do not locally store personal or personal health information, they are merely the conduits to secure cloud based data. All necessary backups are safely locked away, offsite, by third parties.
Members Health Inc does not keep personal or personal health information on paper.
Technological safeguards:
Members Health Inc stores personal and personal health information on:
· Telus on Telus Secure Servers based in Toronto, and, also with a third party in Montreal, Canada, with Amazon Web Services Secure Cloud (AWS).
· The Members Health Inc app resides on servers managed by Healthfully and hosted via Amazon Web Services (AWS) North-East Region, (North Virginia) data center located in the United States. These servers are protected by industry-standard security measures, including encryption, access controls, and regular audits to ensure your information is secure.
· AWS is certified as compliant with ISO/IEC Standard 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. In addition to the independent certification process under ISO/IEC 27018:2014, this Standard also includes the right to audit AWS for compliance.
Storage and Processing of Personal Information
Your personal information, including health-related data, may be stored and processed outside of Canada, including in the United States, where our third-party technology providers operate. While we employ security measures in line with Canadian standards, including encryption and access controls, your personal information may be subject to U.S. laws.
In certain cases, these laws may allow U.S. authorities to access your personal information. By using our services, you acknowledge and consent to the transfer, storage, and processing of your data outside of Canada.
Informed Consent for Cross-Border Data
As required by Canadian privacy laws, we are committed to informing you of where your personal information may be transferred and stored. By agreeing to this Privacy Policy and using our services, you consent to the collection, use, disclosure, and storage of your personal information in countries outside Canada, including the United States. You understand that privacy protections available in these countries may differ from those in Canada, and you accept the risks associated with such transfers.
Administrative measures:
Members Health Inc has appointed a Designated Privacy Contact, who acts as Chief Privacy and Security Officer (CPSO) Support@membershealth.ca, responsible for information systems monitoring and information security policy and procedure management.
The CPSO is responsible for compliance with Members Health Inc’s privacy program including:
• Undertaking threat and risk assessments on a regular basis and as systems are approved • Adopting policies and procedures on the basis of threat and risk assessments to mitigate all identified risks, and updating these policies and procedures as necessary.
Members Health Inc users may access their personal information whenever they wish, by contacting our CPSO, Upon the express request of a user, Members Health Inc will immediately close the user’s account and destroy or anonymize all personal information related to that account.
Members Health Inc trains, supports and supervises all its employees on its Privacy Policy and procedures. Contractors are held to the same high level of protection of personal and personal health information as Members Health Inc through contractual agreements, including audits, based on Members Health Inc’s Privacy Policy and procedures.
Members Health Inc senior management receives regular reports on privacy compliance and, in turn, reports to the Board for oversight.
Members Health Inc uses external services for the provision of data storage and these parties are regularly audited by a third party to ensure they meet our privacy obligations. This is part of a process for Members Health Inc to reassess all policies and procedures on an ongoing basis to ensure that legal requirements are met and personal and personal health information is highly secure.
How we use the information we collect
Members Health Inc will never use personal or personal health information for purposes other than those for which it is provided – with express consent – and those necessary to deliver the service requested by our users.
Members Health Inc will never sell the personal information or personal health information it collects, nor otherwise make any such information available to a third party in exchange for remuneration.
Members Health Inc will never disclose personal or personal health information, except as required by law and upon demonstrated lawful authority, as determined by our Corporate Legal Counsel.
Should Members Health Inc conduct market or product research, it will never use personal nor personal health information, which is traceable to any individual; rather, it will fully anonymize information, meaning the risk of this information being traced back to a given individual is reduced to the greatest extent possible.
Breach response
There is no total guarantee against data breaches. However, as described above, Members Health Inc has taken all steps it believes reasonable as measures to prevent breaches.
Furthermore, in the event of a breach, Members Health Inc would immediately mitigate its impact by:
• Notifying users at the first reasonable opportunity, namely as soon as we identify the breach
• Applying remedial measures immediately.
Ensuring patients’ meaningful consent
To ensure Members Health Inc users meaningful consent, Members Health Inc provides relevant information in this Privacy Policy, as well as through the availability of our Designated Privacy Contact at support@membershealth.ca.
Patient Consent Agreement
for Data Storage in the United States
PURPOSE OF CONSENT
This consent form authorizes Members Health Inc to collect, use, and store your personal health information (PHI) for the purpose of providing healthcare services and managing your health records. Your information will be stored electronically in data centers located in the United States.
KEY INFORMATION ABOUT YOUR DATA
Type of Information Collected:
The following types of personal health information may be collected and stored:
• Medical history
• Test results
• Diagnoses
• Treatment plans
• Contact information
Where your Data is Stored:
Your personal health information will be stored on servers managed by Healthfully and is hosted via Amazon Web Services (AWS) North-East Region, (North Virginia) data center located in the United States. These servers are protected by industry-standard security measures, including encryption, access controls, and regular audits to ensure your information is secure.
ACCESS TO YOUR INFORMATION
While your data is stored in the U.S., it may be subject to U.S. laws, including the USA PATRIOT Act, which allows U.S. government authorities to access information under certain circumstances. However, [Healthcare Provider/Software Vendor] takes steps to minimize these risks by implementing strict data security measures.
Risks of Cross Boarder Storage
Storing data in the United States means that your personal information is subject to U.S. legal requirements, which may differ from Canadian privacy laws. Your information may be accessed by U.S. authorities if required by law. We have ensured that all third parties involved in managing your data comply with relevant Canadian privacy regulations, including PIPEDA (Personal Information Protection and Electronic Documents Act).
YOUR RIGHTS
Rights to Withdraw Consent
You may withdraw your consent to have your personal health information stored in the U.S. at any time by contacting Member Health Chief Privacy and Security Officer at support@membershealth.ca. Upon withdrawal of consent, we will work to ensure your data is removed from U.S.-based systems and stored only in compliance with Canadian laws.
Rights to Access and Correction
You have the right to request access to your personal health information, and to correct any inaccuracies. Requests can be made in writing to Member Health Chief Privacy and Security Officer at support@membershealth.ca.
HOW TO CONTACT US
Attn: Chief Privacy and Security Officer
Members Health Inc.
200 Ronson Drive, Suite 305,
Etobicoke, ON, M9W 5Z9, Canada
MY CONSENT
I, have read and understood the information provided above regarding the storage of my personal health information in the United States. I acknowledge the potential risks and agree to allow [Healthcare Provider Name] to collect, use, and store my information as described.
I understand that my personal health information will be stored on servers located in the United States.
I understand that my data may be subject to U.S. laws. I understand that I can withdraw my consent at any time.
By clicking below and enabling a digital signature, I give my explicit consent for the storage and processing of my personal health information in the United States.
Electronic Signature: