HealthCasa agrees to respect and observe the provisions set forth in the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any other relevant privacy legislation, including, without limitation, the Personal Health Information Privacy Act (“PHIPA”). We consider your Personal Information to be very important and should be protected. HealthCasa will not disclose or share your Personal Information to unauthorized third parties except as allowed by Canadian law and described herein.
Personal and Personal Health Information
HealthCasa collects information that personally identifies the user, such as the user’s name, address, mobile telephone number, e-mail addresses, medical history and other information that the user provides to HealthCasa. Personal Information may be collected in a number of ways, including: in person, over the phone, by mail, over the Internet, and from third parties who you have authorized to disclose Personal Information to us. We make every reasonable effort to keep your Personal Information as accurate, complete and up-to-date as necessary. If you would like to know what information is held in our records or wish to have any of the information updated or modified, please contact us at firstname.lastname@example.org
Some of your Personal and Personal Health Information may be disclosed to your Physician(s) if you give us permission to do so, as well as HealthCasa Practitioners, and HealthCasa administrative and technology staff. Access to private, sensitive and confidential information, including your Personal and Personal Health Information, is restricted to authorized employees with legitimate business reasons. All HealthCasa employees are required to abide by HealthCasa’s privacy standards and agree to a confidentiality agreement that prohibits the disclosure of any Personal and Personal Health Information to unauthorized parties.
HealthCasa currently uses a third-party service provider, Medstack to host servers in Canada, within a Amazon Web Services Secure Cloud. (AWS). Medstack is a high security environment making use of industry-standard open source software to establish, maintain and monitor security and compliance. All Personal and Personal Health Information remains in Canada. AWS is certified as compliant with ISO Standard 27018 Code of Practice for Personal Identifiable Information (PII) protection in public clouds acting as PII processors. In addition to the independent certification process under ISO27018, the Standard also includes the right to audit AWS for compliance. These third-party service providers may have access to Personal Information as an incidental result of the services provided by such third parties to HealthCasa, but the access of such third parties to such information is strictly controlled.
You as the user, also play an important role in protecting your privacy and the confidentiality of your Personal Information. You are required to use a valid email address as your user name and a secure password, in order to access your account. The user must keep their password and username safe and not share it with any third party . Users must contact HealthCasa immediately if the user believes their password has been compromised or misused. You are responsible for maintaining the confidentiality of your account credentials and for all activity linked to your account. You must activate a timed screen lock with a pattern or passcode on any personal device used to access your HealthCasa Account, as well as logout of the HealthCasa Website or App when not using it. You acknowledge that if you choose to keep any HealthCasa data or information on your device, HealthCasa is not and cannot be responsible for the security of that data or information. HealthCasa will not be responsible for any unauthorized use of your account by a third party. You agree to notify HealthCasa immediately of any unauthorized use of your account by third parties or any other breach of security.
Disclosure of Personal and Personal Health Information
The type of information we are legally required to disclose may relate to criminal investigations or government tax reporting requirements. In some instances, such as a legal proceeding or court order, we may also be required to disclose your Personal Information to authorities. Only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the disclosure request have legitimate grounds to do so. If required to do so, we will make every effort to notify the relevant parties about the proceedings.
Usage and Aggregate Data
HealthCasa collects usage information from users to our services. The purpose of this collection is to understand how users access and use the services in order to enhance and optimize our services. Usage information and data could include but is not limited to the user’s device type, device identifier, IP address, browser type, operating system, duration of use, number of messages sent or received, and times at which the application was accessed and used. In addition, HealthCasa will collect aggregate data about a group or category of services or users. This information, as well as the Personal Information collected, enables HealthCasa to analyze trends, administer services and products, troubleshoot, and improve services.
HealthCasa maintains the right to inform our users about any change that may affect information collected or stored.
HealthCasa reserves the right to use the contact information of users for the purposes of communications regarding any aspect of a user’s account or corresponding services and products. Users will have the option to participate or opt out of optional communications (e.g. marketing, press, events) while mandatory communications (e.g. security updates, product announcements/revisions) will go out to all active users.
Data Control and Retention
HealthCasa reserves the right to reject, suspend, alter, remove or delete data if it breaches our terms and conditions or it is necessary to protect us or others where we have reasonable grounds for believing that a criminal act has been committed, or if required to do so by law. HealthCasa processes and stores the user’s messages, logs, contact data, and other related information in order to provide HealthCasa’s services to the user. Data will be stored indefinitely in a secure and private manner or deleted as per direction from the user as allowable by relevant law. HealthCasa will take reasonable steps to protect information collected from users to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction.
HealthCasa has appointed a Designated Privacy Contact who acts as Chief Privacy and Security Officer (CPSO) responsible for information system monitoring and information security policy and procedure management. The CPSO is responsible for compliance with HealthCasa’s privacy program including:
Undertaking Privacy Impact Assessments (PIA) and Threat and Risk Assessments (TRA) on a regular basis;
Adopting policies and procedures based on the results of the Privacy Impact Assessment and Threat and Risk Assessments to mitigate all identified risks;
Conducting privacy and security training for all HealthCasa Practitioners, employees and contractors;
Creating, monitoring and updating internal privacy and security policies to guide all HealthCasa staff in day-to-day operations.
Users may contact our CPSO to make enquiries on our privacy practices, to request access to their Personal Information or to request the update, correction or deletion of such information or account should they wish to do so. Any query, comments or concerns can be sent to us by email at email@example.com or by mail at the following address:
47 Front Street East, Suite #200
Questions and Comments