Privacy Policy (1.1.000)
Date effective : Mar 18 2019
Portable EHR Inc. Inc. (“Portable EHR”,) is a mobile application ( ‘’App’’) that allows user to visualize or transmit by his own consent medical information (‘’Information’’) generated about him by a third party and recorded in his medical record (‘’Record’’). When the user reads the ‘’Information’’ on his mobile (cell phone, tablet, etc…), his ‘’Record’’ is updated to record that the ‘’Information’’ was both received and read. Moreover, the ‘’App’’ allows the user to manage personally his consent to disclosure and secure transfer of ‘’Information’’ to a third party who may need direct access to provide quality optimal care.
This privacy policy (the “Policy”) outlines how we collect, use, disclose, manage and safeguard your personal information and personal health data (“PHD”). All staff and third parties working for Portable EHR will be required to adhere to the protections described in this policy.
“Personal information” means information that may allow us to identify a specific individual. “Personal health data” or “PHD” means information about an identifiable individual that relates to the individual’s physical or psychological health, including name of patient, birthday, medical history, medical treatment, medical test results, medication list, and health number. PHD may be found in medical records, treatment and examination notes and communications between patients and their healthcare professionals.
Portable EHR will collect personal information and PHD from you when you access and use our App, the website (the “Website”) or our other software products (collectively referred to as the “Services”).By accessing or using the Services you are agreeing to the terms of the Policy.
The Policy should be read in conjunction with the EULA. We take pride in being committed to the privacy of our users. Seriously. We are committed to safeguard your personal information and PHD. If you have any questions about the Policy or our privacy practices, please contact our Designated Privacy Contact with your questions at privacy@portableehr.com.
1. Our Commitments
- Portable EHR complies with applicable privacy and personal health information legislation where it operates, including the Personal Information Protection and Electronic Documents Act, the Personal Health Information Protection Act (PHIPA), the Personal Information Protection Act (British Columbia) the Act respecting the protection of personal information in the private sector (Quebec) and the Personal Health Information Protection Act (Ontario).
- Portable EHR has implemented industry standard physical, administrative and technological safeguards to protect personal information and PHD from unauthorized access - Portable EHR will never disclose your personal information or PHD without your consent.
- Portable EHR will never rent or sell the personal information or PHD that we collect.
2. Information We Collect and Store
Portable EHR will collect the following information from you when you register for an account Portable EHR (“Account”) or use Portable EHR Services:
Registration and Health Information
To identify you properly and contact you when required, we may collect identification and contact information, such as name, email address, mailing address or other identification as well as insurance coverage data. All the personal information that are being collected retain the only purposes of patient recognition and record keeping of security incidents.
Services in development may collect personal health data such as previous medical or surgical history, allergies, recent laboratory or imaging tests and results, previous diagnosis, ongoing health issues, current medication or informations on ongoing treatments. These data may be transferred by you to a third party on a voluntary basis by using the App to grant Portable EHR consent to transmit in a encrypted way the chosen PHD to a designated third party. Such consent will always be temporary for a limited period of time and be granted by you only. This service will allow you to access and grant access to your PHD wherever you are to ensure you more appropriate medical services while out of your usual care network or in case of emergency.
Payment Information
When you make or receive a payment through our Services, we will collect and use your credit card or banking information or other financial data in order to process the payment.
Log and Website Information
When you access and use the Services, we may automatically collect certain technical information about your visit, including the date, time, browser type, your internet service provider, your IP address, device information (including device identifiers), geo-location information, computer and network performance data, the URL that you are coming from and your navigation history in order to customize and personalize your experience on the Services, improve our Services and for statistical research purposes.
3. Use and Disclosure of Your Information
Consultations and Healthcare Services
In the close future, the App on your mobile will allow you to consent for a pre-determined and limited time period to transfer your personal information and your PHD to a third party ( physician, nurse, pharmacist or any other health care provider) designated by you. In this context, Portable EHR will transfer to the designated party the PHD you consented to share. The information will be encrypted from end to end to ensure it would be available only to the designated party.
Access to your information is logged and regular audits are made in order to ensure that any access is authorized and that information is only accessed on a ‘need to know’ basis.
Third-Party Service Providers
We may transfer your personal information, including PHD to a third-party service provider for processing and storage in Canada. Whenever we engage a third-party service provider, we ensure that the information is properly safeguarded at all times at a comparable level of protection to the one we may guarantee you. Legal Issues To detect, investigate, address and prevent fraudulent or illegal activities, we may need to access your personal information. We reserve also the right to disclose your personal information if required by law, when that disclosure is necessary to comply with a judicial proceeding, court order, or any legal process requiring it.
Corporate Matters
In the perspective of exploring and/or undertaking a corporate transaction, including a merger, acquisition, IPO, reorganization or sale of Portable HER, we may have to disclose some of your personal information. Only the personal information relevant to the transaction, such as billing information, can be used and disclosed and solely for the purposes related to the transaction. Such disclosure would effectively be protected by required security safeguards.
In no circumstance, your PHD would be disclosed in such matters and it will remain strictly confidential.
4. Safeguarding Your Information
Portable EHR is committed to information security and protects personal information and PHD through integrated, physical, technological and administrative safeguards:
- Secure Storage: Portable EHR stores all personal information and PHD in an Amazon Web Services ("AWS”) data center in Canada. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
- Network Security: Portable EHR has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
- End-to-End Encryption: Portable EHR encrypts all data transmissions end-to-end .
- Privacy Policies and Training: Portable EHR has implemented written Privacy policies and procedures that specifically address PHD. Portable EHR trains its employees to safeguard personal information and mitigate operational risks. All Portable EHR employees and contractors are legally bound to the same measures of confidentiality.
5. Storing Your Information
As long as your Account remains active, we will preserve your personal information, including PHD. If you want us to permanently delete from our servers or make unavailable to a third party your personal information, including PHD, please send an email to privacy@portableehr.com. We will ensure that your information is deleted shortly after request or made unavailable to a third party. However, to conform with applicable laws, we may have to keep securely part of your information as may be required under any applicable laws for the duration of time specified by these those laws.
6. Anonymized Information
Portable EHR is continuously conducting R&D of new products or services to increase user satisfaction. To this end, we may use only anonymized, de-identified information.
7. Patient Rights
Accessing the PHD held by Portable EHR
As you own your PHD, you do have the right to access your patient record. If you request a copy of your patient record, it will be provided to you, subject to a reasonable fee. You can request access to your patient record by contacting us at privacy@portableehr.com.
Accuracy
We will use all reasonable means to ensure that the information provided in your patient record is kept accurate. If you identify any inaccuracies, you should request that a proper correction is made to ensure proper accuracy
Withdrawing Consent
You may always withdraw your consent to the further use or disclosure of your personal health information by Portable EHR, except where the use or disclosure of the information is authorized or required by law.
f you wish to withdraw your consent, you may use the ‘’deactivate’’ function located in the tools of the Patient application. In the event that you are unable to withdraw your consent using the Patient application, please print (or fill in using a PDF reader) the Consent Withdrawal Form, fill in the required details and email it to privacy@portableehr.com
8. Breach Response
There is no absolute guarantee against data breaches. However, Portable EHR takes and will take all reasonable measures to prevent itself from a data breach. In the event of a data breach, Portable EHR will:
- Notify users of the breach at the first reasonable opportunity and
- Immediately apply remedial measures.
9. Children and Minors
Persons under the age of 18 (“Minors”) are not permitted to register for an Account. However, Minors may use their parent’s or legal guardian’s Account if they are specifically authorized.
Also, persons 14 years of age and older must register for their own Account in the province of Quebec.
10. Changes To This Policy
If we make material changes to this Policy, we will notify users by placing a notice on our Website (www.portableehr.com ) and on the App. You need to periodically check the Website and the App for any significant update.
11. Contacting Us
To ensure meaningful consent by patients, Portable EHR provides information about privacy practices in this Policy.
If you believe that we have not adhered adequately to this Privacy Policy, contact our Designated Privacy Contact at privacy@portableehr.com.
If we are unable to resolve your issue to your satisfaction, you can file a complaint to the Commission d’accès à l’information or to the Office of the Privacy Commissioner of Canada.
