The Personal Information Protection and Electronic Documents Act (PIPEDA) provides safeguards to protect your privacy. This introduction is an abbreviated version, however, the complete PIPEDA text is available in our offices or in the Office of the Privacy Commissioner of Canada’s website: www.priv.gc.ca.
PIPEDA states that there are rules and restrictions on who may see or be notified of your Protected Health Information (PHI). These restrictions do not include the normal interchange of information necessary to provide you with our medical services.
Your information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately. This specifically includes the sharing of information with other healthcare providers, such as your Doctor or a Licensed Producer if desired, Health Canada or related Regulatory Agencies, and health insurance payers as is necessary and appropriate for your care.
Our Electronic Medical Records (EMR) are secure and personal information is encrypted to ensure confidentiality. General information which does not include any client identifiers may be used in retrospective studies. However, studies requiring any personal identifiers will require your approval and consent.
It is the practice of Canary Rx Inc. (Canary) to occasionally remind clients of their prescription status. We may do this by telephone or e-mail or by any means convenient for the practice and/or as requested by you. We may send you other communications informing you of changes to Canary policy and regulatory changes that you might find valuable or informative.
We agree to provide clients with access to their records in accordance with provincial and federal laws. You understand and agree to inspections of Canary facilities and review of documents which may include PHI by government agencies or insurance payers in thenormal performance of their duties.
We may change, add, delete or modify any of these provisions to better serve the needs of the practice and the client. You have the right to request restrictions on the use of your protected health information as the law permits. Your confidential information will not be sold for any reason.
Canary has implemented, in our opinion, reasonable and appropriate security measures as required by PIPEDA to protect our Patient’s data. These measures include a secure connection that uses an SSL certificate as well as data encryption. The best technical security measures can be defeated, however, and we cannot guarantee that the information entered into this website will not be compromised. Continued use of this portal manifests your acknowledgment of the foregoing and your informed consent of the risks inherent in the use of electronic means to exchange information. If you prefer, you may call to manage your subscription(s) over the phone.
Your electronic signature on the Canary Rx Inc. Website Terms & Conditionswill indicate that you have read the PIPEDA information and consent to the guidelines set forth in the Act.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
We are legally required to protect the privacy of health information that may reveal your identity. This information is commonly referred to as “protected health information,” or “PHI” for short. It includes information that can be used to identify you that we have created or received about your past, present or future health or condition, the provision of health care to you, or the payment of this health care. We must provide you with this notice about our privacy practices that explains how, when and why we use and disclose your PHI.
With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this notice.
We reserve the right to change the terms of this notice and our privacy policies at any time. Any changes will apply to the PHI we already have. Before we make an important change to our policies, we will promptly change this notice and post a new notice. You can also request a copy of this notice at any time from the contact listed in Section VI below, by calling our office.
We use and disclose health information for many different reasons. For some of these uses or disclosures, we need your prior consent or specific authorization. Below we describe the different categories of our uses and disclosures and give you some examples of each category.
During your intake, prior to receiving any health care services, you will be asked to sign a statement permitting Canary and its employees to release your health information for purposes of Treatment, Payment, and Health Care Operations. A description of each of these uses is described as follows.
We may use and disclose your PHI for the following reasons:
For treatment. We may disclose your PHI to physicians, nurses, medical students, and other healthcare personnel who provide you with healthcare services or are involved in your care.
To obtain payment for treatment. We may use and disclose your PHI in order to bill and collect payment for the products and services provided to you. For example, we may provide portions of your PHI to our billing department and your health plan to get paid for the health care services we provided to you. We may also provide your PHI to our business associates, such as e-commerce services, billing companies, claims processing companies, and others that process our health care claims or provide services on our behalf, or provide services directly to you.
For health care operations. We may disclose your PHI in order to operate our health care and delivery systems. For example, we may use your PHI in order to evaluate the quality of health care services that you received or to evaluate the performance of the Canary employees or business associates who provided health care services to you. We may also provide your PHI to our accountants, attorneys, consultants and other in order to make sure we’re complying with the laws that affect us.
To the extent we are required to disclose your PHI to contractors, agents and other business associates who need the information in order to assist us with obtaining payment or carrying our out business operations, we will have a written contract to ensure that our business associate also protects the privacy of your PHI.
We may use and disclose your PHI without your consent or authorization for the following reasons:
In any situation requiring prior authorization, we will ask for your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we have not taken any actions relying on the authorization).
You have the following rights with respect to your PHI:
You have the right to ask that we limit how we use and disclose your PHI. We will consider your request, but are not legally required to accept it. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
You have the right to ask that we send information to you to an alternate address or by alternate means. We must agree to your request so long as we can easily provide it to the location and in the format you request.
In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing. If we don’t have your PHI but we know who does, we will tell you how to get it. We will respond to you within 10 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed.
If you request copies of your PHI, we may charge you a fee for each page. We will respond to your request within 30 days after receiving your written request. Instead of providing the PHI you requested, we may provide you with a summary or explanation of the PHI as long as you agree to that and to the associated cost in advance.
You have the right to get a list of instances in which we have disclosed your PHI. The list will not include pre-authorized disclosures or other uses or disclosures that you have already been informed of, such as those made for subscription, payment or health care operations. The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel.
Your request must state a time period for the disclosures you want us to include. We will respond within 60 days of receiving your request. The list we will give you will include disclosures made in the last six years (with the oldest date being January 1, 2017) unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same calendar year, we will charge you for each additional request.
If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will respond within 60 days of receiving your request. We may deny your request in writing if the PHI is (I) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and our denial be attached to all future disclosures of you PHI. If we approve your request, we will make the change to your PHI, tell you that we have done it and tell others that need to know about the change to your PHI.
You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive notice via e-mail, you also have the right to request a paper copy of this notice.
If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with the person listed in Section V below. You also may send a written complaint to the Privacy Commissioner of Canada at:
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, QuebecK1A 1H3
Telephone number:
1-800-282-1376 (toll-free)
(819) 994-5444 Telephone
(819) 994-5424 Fax
We will take no retaliatory action against you if you file a complaint about our privacy practices.
If you have any questions about this notice or any complaints about our privacy practices, or would like to know how to file a complaint with the Privacy Commissioner of Canada, please contact us.
Effective Date Of This Notice
This notice is effective as of August 25, 2016
Version 1.1 – August 25, 2016
Contact Information
If you have any questions about PIPEDA or our privacy practices, please contact:
Canary Rx Inc.
PIPEDA Compliance Officer
P.O. BOX 159
Simcoe, ON N3Y 4L1
Canada
Email: Privacy@CanaryRx.com