Last Update: Dec 18, 2022
The Health Service Provider is responsible for the privacy of Personal Information and Personal Health Information for their patients as the Health Information Custodian, as such term is defined in applicable legislation such as the Personal Health Information Protection Act (Ontario) (“PHIPA”) and any substantially similar privacy legislation. If you have an inquiry about the collection, use and disclosure of information by Health Service Providers, please contact them directly.
MAPflow will identify the purposes for which Personal Information and Personal Health Information is collected at or before the time the information is collected. If MAPflow intends to use Personal Information and Personal Health Information for any other purpose, we will seek your consent, as required by law.
MAPflow will obtain consent before or when we collect, use, or disclose Personal Information and Personal Health Information about you, except where otherwise required or permitted by applicable privacy legislations. You can provide consent to the collection, use, and disclosure of Personal Information and Personal Health Information about you expressly, implicitly, or through an authorized representative, as required by applicable law. You can withdraw consent at any time, with certain exceptions, with your Health Service Provider or by contacting us at firstname.lastname@example.org.
You may also choose not to provide us with your Personal Information or Personal Health Information. However, if you make this choice, we may not be able to provide you with the Services you request.
BY PROVIDING PERSONAL HEALTH INFORMATION TO YOUR HEALTH SERVICE PROVIDER AND CONSENTING TO THE USE OF MAPFLOW AS PART OF RECEIVING A HEALTH SERVICE FROM THEM, YOU AUTHORIZE YOUR HEALTH SERVICE PROVIDER TO USE THE MAPFLOW PLATFORM AND SITE AND UPLOAD PATIENT DATA SPECIFIC TO YOU AND YOU AGREE THAT THE HEALTH SERVICE PROVIDER AND THEIR AFFILIATE(S), INCLUDING MAPFLOW, MAY COLLECT YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION AND YOU CONSENT TO THE USE, DISCLOSURE, AND TRANSFER OF YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION TO FACILITATE RECEIVING THIS SERVICE, IN ACCORDANCE WITH THE HEALTH SERVICE PROVIDER’S PRIVACY POLICIES AND AS PERMITTED OR REQUIRED BY LAW.
MAPflow collects Personal Information, including but not limited to, the following:
MAPflow collects Personal Health Information, including but not limited to, the following:
MAPflow collects Technical Information which includes information and data that is collected when you access our Platform and Site including usage details, login information, browser types and versions, time zone setting, browser plug-in types and versions, operating system, or information about your internet connection, the equipment you use to access our Platform and Site, and usage details. Technical Information also includes non-personal details about your Site and Platform interactions such as clickstream to, through and from our Site (including date and time), pages you viewed, searches you conducted, page response times, download errors, length of visits, page interaction information (scrolling, clicks, and mouse-overs), etc.
MAPflow collects information in different ways, including:
With your consent, MAPflow uses PI and PHI for the purposes of providing you access to and enabling the use of the Platform and Site. When you voluntarily provide PI and PHI, we use this information in the following ways:
When you visit the Site, Platform, or send emails to us, you are communicating with us electronically. You consent to receive communications from us electronically. We will communicate with you by email or by posting notices on the Site. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing. It is your responsibility to ensure you provide an up-to-date and accurate email address regarding electronic communications.
If you have opted-in to receive marketing communications from us, we may send you promotional offers from time to time. You may unsubscribe at any time by clicking the unsubscribe link at the bottom of the message. This prevents any promotional emails from being sent to you unless you explicitly request that we re-add you to a promotion list.
We may share aggregate or anonymized information, including NPI, with service providers, business partners, and other third parties, to the extent permitted by applicable law, including but not limited to for the purposes of evaluating the Services, research and analytical purposes, marketing, etc. We take steps to keep NPI from being associated with you and we require our partners to do the same.
The choice to provide PI or PHI to you Health Service Provider is yours. If you do not wish for MAPflow to collect your PI or PHI through the use of the Platform or Site, you can choose not to provide it. However, your decision to limit or withhold certain details may limit the Services that MAPflow is able to provide the Health Service Provider. However, it is at all times your decision to provide, withhold, or withdraw your consent for the use of your PI or PHI.
We take steps to ensure security and limit access to PI and PHI, including contractual restrictions and training on confidentiality and privacy obligations.
Currently, MAPflow or our third-party service providers retain, and store information collected by, or provided to, us in the cloud and on secure servers in Canada. Some of our third-party service providers may retain and store limited information outside of Canada in accordance with their respective privacy policies and as permitted by applicable data protection laws. While we undertake measures to protect PI and PHI, when it is stored and/or processed in other jurisdictions, the laws of other countries may not provide the degree of protection for PI and PHI that is available in Canada. You will be made aware of when and what information they are sharing outside of Canada and have the option not to share this information and engage these services.
Generally, if you are under the age of 16, your parent, a children’s aid society, or another person who is legally entitled to give consent on your behalf, will act as your Patient Representative. That person can consent to the collection, use or disclosure of your information, except in certain circumstances.
MAPflow does not knowingly collect or use any PI or PHI from individuals under the age of 16 unless provided by the Health Service Provider with the consent of the Patient Representative in accordance with the terms of this Agreement.
If you are 16 or older and capable of consenting, only you can consent to the collection, use or disclosure of your PHI unless you have designated a Patient Representative.
Except as restricted by law, upon written request by you or an authorized representative, an individual will be informed of the existence, use, and disclosure of their PI and PHI and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended.
MAPflow will keep PI and PHI in its possession or control accurate, complete, current and relevant, based on the most recent information available to MAPflow. You are responsible for notifying MAPflow about the accuracy and completeness of your PI and PHI and may have it amended as appropriate.
The safety and privacy of PI and PHI is our top priority. PI and PHI will be protected by security safeguards appropriate to the nature and format of the information being stored through physical, electronic, and administrative measures designed to secure PI and PHI. We strive to protect PI and PHI from theft, loss, and unauthorized access, copying, modification, use, disclosure and disposal. We conduct audits and complete investigations to monitor and manage our privacy compliance. We ensure that all of our officers, directors, employees and agents protect your privacy and only use PI and PHI for the purposes to which you have consented.
There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, electronic, or administrative safeguards. We follow all privacy and security requirements as outlined in legislation. By sharing your PI and PHI with us, you acknowledge that your PI and PHI may be at risk should an external party breach our systems. As required by law, we will inform you of any breaches which would create a reasonable risk of harm to you. We will take reasonable steps to mitigate such risks and to prevent them from occurring again in the future.
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE EXPRESSLY DISCLAIM ANY GUARANTEE OF SECURITY IN CONNECTION WITH YOUR PERSONAL INFORMATION AND PERSONAL HEALTH INFORMATION.
A Data Incident involves an unauthorized access, use, or disclosure of PI or PHI, loss of PI or PHI, or other breach in the protection of your PI or PHI. In the event of a Data Incident, we will investigate to assess whether the incident poses a risk of serious injury to you. In these circumstances, you will be notified at the first reasonable opportunity.
You may contact us as follows:
If you feel we have not met our legal obligations under this policy or applicable privacy laws, please contact our Privacy Officer.
If you are not satisfied with the resolution that we have provided, the Commissioner can be reached as follows:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Phone: (819) 994-5444
Fax: (819) 994-5424
TTY: (819) 994-6591