Constant Health is considered an organization (“Organization”) under Canada’s federal privacy legislation, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in respect of the User personal information collected and handled by Constant Health.
Each Dietitian registered in Ontario who provides health care to Users registered through CH with an Ontario address, is a health information custodian (“Health Information Custodians”) under Ontario’s health privacy legislation, the Personal Health Information Protection Act, 2004 (“PHIPA”). Dietitians registered to practice dietetics in a Canadian province or territory other than Ontario may be governed by that particular province or territory’s health privacy legislation, or if none, by the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).
In this Policy, “we” and “our”refers to CH and to the Dietitians and Coaches employed or engaged by CH, in respect of privacy-related matters. CH has a variety of roles, including acting as privacy officer for each of the Dietitians and Coaches, and for running the overall privacy program on their behalf. CH is responsible for privacy training for its employees and agents, including its Dietitians and Coaches in relation to their work through CH.
Accountability for Personal Information and Personal Health Information
If you have questions about this policy, please contact the Constant Health privacy officer:
Constant Health Inc.
575 West Hunt Club, Unit 100
Ottawa, ON Canada
Privacy Officer contact email: firstname.lastname@example.org or 1-833-596-1460
Purposes for Collecting Personal Information and Personal Health Information
CH and its Dietitians and Coaches collect personal information and personal health information for purposes related tot he Services including the provision to You of dietetic care, weight management and related issues which may include but are not necessarily limited to one or more of comorbid disease management, diabetes and pre-diabetes targeted behavioural therapy disease monitoring,messaging and related administrative and quality purposes. In particular,personal information and personal health information may be collected for the following purposes and using the following services:
1. Providing you with the Services, which may include health care comprised of dietetic care (if you choose to use a Dietitian);
2. If applicable, communicating with and disclosing Your personal information and personal health information to your referring regulated health provider, if any, and for collecting, using and disclosing your personal information and personal health information from your referring regulated health provider, if any, about your condition and progress throughout the CH program.
3. For quality purposes, which may include but are not limited to one or more of evaluating, measuring and analyzing whether CH is meeting its standards in providing the Services.
4. For risk management, error management or for the purpose of activities to improve or maintain the quality of care or to improve or maintain the quality of any related programs or Services.
5. for the purpose of disposing of the information or modifying the information in order to conceal the identity of the individual;
6. To determine eligibility for insurance coverage and payment, if you provide such information to CH.
7. To handle payments.
8. For marketing purposes.
9. To train dietitians, coaches, staff and contractors of CH.
10. To keep in touch with you.
11. For administrative purposes related to any of the above purposes.
12. For the purposes described herein and for all the functions reasonably necessary for carrying out these purposes.
The App collects, uses and discloses your personal information for the following additional purposes, using the following systems:
- The Zoom SDK included in our app uses TrueDepth APIs to collect the camera intrinsic matrix, facial expressions, orientation and location of the head, and camera position info. This information is used for a feature that allows users to speak with others using a virtual avatar instead of their real face during a video conference. To do this, an accurate representation of a user’s facial expression in required so that the avatar can be animated and rendered correctly.
- The data used is not shared with third parties and is not stored or sent anywhere.
Consent for the Collection, Use and Disclosure of Personal Information and Personal Health Information
Under PHIPA and PIPEDA, Health Information Custodians and Organizations, respectively, require consent in order to collect, use, or disclose personal health information (“PHI”) and personal information, as PHI and personal information are defined in each Act, respectively. By using one or more of the Website, Content, User Account and App You consent to Constant Health collecting, using and disclosing your personal information for the purposes listed in this policy. By using one or more of the Website, Content, User Account and App, and Services, and choosing treatment with a Dietitian, You consent to the Dietitian collecting and using the PHI that you provide to the Dietitian(s)through Your use of one or more of the App, Website, User Account and Content; further, you consent to the Dietitian disclosing such PHI to CH and to other CH Dietitians as may be necessary to provide the Services, for communicating with CH about your condition and progress through the CH program and for the purposes identified in this policy. You also consent to CH collecting and using your personal information and PHI to provide you with the Services. You consent to CH and your referring health care provider, if any, sharing and discussing your personal information and PHI for the purpose of CH providing you with any one or more of the App, Website, Content, User Account and the Services. Further, if you are referred to CH by a regulated health care provider (for example, your family physician or nurse practitioner) you consent to CH disclosing your personal health information collected and used by CH (and its Dietitians and Coaches) back to your referring provider. In most cases, CH will ask for your consent to share your PHI with your referring provider.
There are some cases where CH may collect, use or disclose this information without Your consent, but such cases are limited to those permitted or required by law.
If You, as a User, wish Your lawyer, insurance company, family member, employer, landlord or other third-party individuals or agencies (non-health care providers) to have access to Your record held by Constant Health, You must give Constant Health written consent to this effect by contacting the Constant Health Privacy Officer.
Implied consent (Disclosures to other health care providers for healthcare purposes) – Circle of Care
User information may also be released by a Dietitian to a User’s other health care providers for health care purposes (within the “circle of care”) without the express written or verbal consent of the User as long as it is reasonable in the circumstances to believe that the User wants the information shared with the other health care providers. No User information will be released to other health care providers if a User has stated that the User does not want the information shared (for instance, by way of the placement of a “lockbox” on the User’s health records). Please note that if you lock sharing of your personal health information, the lock operates on a go-forward basis only and does not operate retrospectively; any personal health information shared prior to imposition of the lockbox is not locked.
A User’s request for treatment by a Dietitian constitutes implied consent for the Dietitian to use and disclose the User’s personal health information for health care purposes, unless the User expressly instructs otherwise.
There are certain activities for which consent is not required to use or disclose personal information or personal health information. These activities are permitted or required by law. For example, CH, Dietitians and Coaches do not need consent from Users to (this is not an exhaustive list):
•Plan, administer and manage our internal operations, the App, the Website, programs and Services
•Engage in quality improvement,error management, and risk management activities
•Participate in the analysis, administration and management of the health care system
•Engage in research (subject to certain rules)
•Train our employees, agents and others
•Compile statistics for internal or mandatory external reporting
•Respond to legal proceedings
•Comply with mandatory reporting obligations
If Users have questions about using and disclosing personal information and personal health information without consent, please contact the Privacy Officer identified herein.
Withholding or Withdrawal of Consent
If consent is sought, a User may choose not to give consent (“withholding consent”). If consent is given, a User may withdraw consent at any time,but the withdrawal must be recorded and communicated to CH, a Dietitian or Coach and is not retroactive. This means that information already communicated to CH will have been collected with consent but going forward, no further collection will occur. The withdrawal may also be subject to legal or contractual restrictions and reasonable notice. If You withdraw or withhold Your consent you cannot continue Your Use of the App, Content, User Account and Website.
Limiting Collection of Personal Information and Personal Health Information
The amount and type of personal information and personal health information collected by the Dietitians and Coaches through CH, or by CH directly from the User is limited to that which is necessary to fulfill the purposes identified. Information is collected directly from the User, unless PHIPA, PIPEDA, or another law permits or requires collection from third parties. Personal information and personal health information are only collected as needed to fulfill the Services.
Limiting Use, Disclosure and Retention of Personal Information and Personal Health Information
Personal information and personal health information are not used for purposes other than those for which such information was collected, except with the consent of the User or as permitted or required by law. CH, the Dietitians and Coaches use the information within the limits of their individual roles. They do not read, look at,receive or otherwise use personal information or personal health information unless they have a legitimate “need to know” as part of their role. If the agent is uncertain, the Privacy Officer will assist.
Personal information and personal health information are not disclosed for purposes other than those for which such information was collected, except with the consent of the User or as permitted or required by law. Personal information and personal health information may only be disclosed within the limits of each individual’s role. The limitation described above relating to each agent’s role applies.
Personal information and personal health information are retained as required by law and professional regulations and to fulfill the purposes for which the information is collected. Information that is no longer required to fulfill the identified purposes is securely destroyed, erased, or made anonymous.
Accuracy of Personal Information and Personal Health Information
We will take reasonable steps to ensure that information we hold is as accurate, complete,and up to date as is necessary to minimize the possibility that inappropriate or inaccurate information may be used to make a decision about a User.
Safeguards for Personal Information and Personal Health Information
We have put in place safeguards for the personal information and personal health information we hold, which include:
•Physical safeguards (such as locked doors and cabinets and restricted access to servers)
•Organizational safeguards (such as permitting access to information by staff on a "need-to-know" basis only, confidentiality agreements and privacy training); and
•Technological safeguards (such as the use of passwords, encryption,and audits)
We take steps to ensure that the personal information and personal health information we hold are protected against theft, loss and unauthorized use or disclosure. We require anyone who collects, uses or discloses personal information and personal health information on our behalf to be aware of the importance of maintaining the confidentiality of the information. This is done through the signing of confidentiality agreements, privacy training, and contractual means. Care is used in the secure disposal or destruction of personal information and personal health information, to prevent unauthorized parties from gaining access to the information.
Openness about Personal Information and Personal Health Information
Information about our policies and practices relating to our management of personal information and personal health information are available to the public, including:
•Contact information for our Privacy Officer, to whom complaints or inquiries can be made;
•The process for obtaining access to personal information and personal health information we hold, and making requests for its correction;
• A description of the type of personal information and personal health information we hold, including a general account of our uses and disclosures; and
•A description of how a User may make a complaint about the CH privacy practices, to CH, or to the Information and Privacy Commissioner of Ontario or the Privacy Commissioner of Canada.
User Access to Personal Information and Personal Health Information
Users may make written requests to have access to their records of personal information and personal health information. CH will respond to a User’s request for access within reasonable timelines and costs to the User, as governed by law. We will take reasonable steps to ensure that the requested information is made available in a format that is understandable. Users who successfully demonstrate the inaccuracy or incompleteness of their information may request that we amend their information. In some cases, instead of making a correction, Users may ask to append a statement of disagreement to their file.
Please Note: In certain situations, we may not be able to provide access to all of the personal information and personal health information we hold about a User, such as where the access could reasonably be expected to result in a risk of serious harm or the information is subject to legal privilege, or in other situations as permitted by law and described below (See Denying User Access to Records).
With limited exceptions, we are required by law to respond within 30 days to Users who make written requests to access their records of personal information and personal health information (subject to a time extension of up to an additional 30 days if necessary and with notice to the person making the request). If you make a request to access your information, please write to or email the Constant Health Privacy Officer at the address below and you will receive a detailed description of the process.
Correction of Records
We have an obligation to correct personal information and personal health information if it is inaccurate or incomplete for the purposes it is to be used or disclosed. Users may request that the information be corrected if it is inaccurate or incomplete. Such requests must be made in writing to the Constant Health Privacy Officer at the address specified below and must explain what information is to be corrected and why. If you make a request for correction of records you will receive a description of the process we follow.
Denying Access to Records. Users must be told if they are being denied access to their own health records. In such cases, Users have a right to complain to the Privacy Commissioner of Canada, and must be told of this right and how to reach the respective Commissioner’s office.
E-Mail and Text Communication Policy
Constant Health and its dietitians and coaches have offered to communicate via e-mail and text messaging (including instant messaging) (the “Services”) with clients, for limited purposes.
If you require immediate medical assistance, or if your condition appears serious or rapidly worsens, you should not rely on the Services. Instead, call 9-1-1, go to the nearest Emergency Department or urgent care clinic, or immediately contact your Primary Care Practitioner.
Challenging Compliance with CH’s Privacy Policies and Practices
Any person may ask questions or challenge our compliance with this policy or with PHIPA or PIPEDA by contacting our Privacy Officer or the Dietitian or Coach that provided the Services to you. We will receive and respond to complaints or inquiries about ourpolicies and practices relating to the handling of personal information and personal health information. We will inform Users who make inquiries or lodge complaints of other available complaint procedures. We will investigate all complaints. If a complaint is found to be justified, we will take appropriate measures to respond.
The Information and Privacy Commissioner of Ontario oversees compliance with privacy rules and PHIPA, and the Privacy Commissioner of Canada oversees compliance with privacy rules and PIPEDA. Any individual can make an inquiry or complaint directly to the respective Commissioner by writing or calling:
Office of the Information and Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8 Canada
Phone: 1 (800) 387-0073 (or (416) 326-3333 in Toronto)
Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec K1A 1H3 Canada
Phone: (819) 994-5444
TTY: (819) 994-6591
Risks of Using E-Mail Communication
The dietitians and coaches and Constant Health will use reasonable means to protect the security and confidentiality of information sent and received email. However, because of the risks outlined below, the Dietitians and coaches and Constant Health cannot guarantee the security and confidentiality of e-mail and communication:
• Use of e-mail communications to discuss sensitive information can increase the risk of such information being disclosed to third parties.
• Despite reasonable efforts to protect the privacy and security of e-mail it is not possible to completely secure the information.
• Employers and online services may have a legal right to inspect and keep e-mail communications that pass through their system.
• E-mail can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.
• E-mail communications can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the dietitians and coaches or the client.
• Even after the sender and recipient have deleted copies of e-mail communications, back-up copies may exist on a computer system.
• E-mail communication may be disclosed in accordance with a duty to report or a court order.
• Email can more easily be misdirected, resulting in increased risk of being received by unintended and unknown recipients.
• Email and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender, or to ensure that only the recipient can read the message once it has been sent.
Conditions of Using the Service
• While the dietitians and coaches and Constant Health will attempt to review and respond in a timely fashion to your e-mail and text message communication, the dietitians and coaches or Constant Health cannot guarantee that all e-mail and text message communications will be reviewed and responded to within any specific period of time. Text and email will not be used for medical emergencies or other time-sensitive matters.
• If your e-mail and text message communication requires or invites a response from the dietitians and coaches or Constant Health and you have not received a response within a reasonable time period, it is your responsibility to follow up to determine whether the intended recipient received the e-mail and text message communication and when the recipient will respond.
• E-mail and text message communication is not an appropriate substitute for in-person or over-the-telephone communication or clinical examinations, where appropriate, or for attending the Emergency Department when needed. You are responsible for following up on the dietitians and coaches’ or Constant Health’s e-mail and text message communication and for scheduling appointments where warranted.
• E-mail and text message communications concerning diagnosis or treatment may be printed or transcribed in full and made part of your client record. Other individuals authorized to access the record, such as staff and billing personnel, may have access to those communications.
• The dietitians and coaches or Constant Health may forward e-mail and text message communications to staff and those involved in the delivery and administration of your care. The dietitians and coaches or Constant Health might use one or more of e-mail and text message to communicate with those involved in your care. The dietitians and coaches or Constant Health will not forward e-mail and text message communications to third parties, including family members, without your prior written consent, except as authorized or required by law.
• You agree to inform the dietitians and coaches or Constant Health of any types of information you do not want sent via e-mail and text messages. You can add to or modify the above list at any time by notifying the dietitians and coaches or Constant Health in writing.
• Some e-mail and text messages might not be used for therapeutic purposes or to communicate clinical information. Where applicable, the use of e-mail and text message will be limited to education, information, and administrative purposes.
• The dietitians and coaches or Constant Health is not responsible for information loss due to technical failures associated with your software or internet service provider.
• To communicate using e-mail and text message, you must:
o Reasonably limit or avoid using an employer’s or other third party’s computer.
o Inform the dietitians and coaches or Constant Health of any changes in the client’s email address, mobile phone number, or other account information necessary to communicate via –mail and text message.
o Include in the message’s subject line an appropriate description of the nature of the communication (e.g. “prescription renewal”), and your full name in the body of the message.
o Review all e-mail and text message communications to ensure they are clear and that all relevant information is provided before sending to the dietitians and coaches or Constant Health
o Ensure the dietitians and coaches and Constant Health are aware when you receive an e-mail and text message communication from the dietitians and coaches, such as by a reply message or allowing “read receipts” to be sent.
o Take precautions to preserve the confidentiality of e-mail and text message communications, such as using screen savers and safeguarding computer passwords.
o Withdraw consent only by email or written communication to the dietitians and coaches or Constant Health.