Effective date: September 1, 2019
ELLERCA collects information from you (or “your”) and about you, both directly from you, our nurses, and from third parties, such as your physician or your other health care providers, when you, our nurses, or such third parties use and access our applications for mobile devices (the “App”), our website http://www.ellerca.com/ https://360care.ca (the “Site”), or any of our platforms available on the App or the Site (the “Platforms”, and collectively with the App and the Site, the “Services”) or otherwise communicate with us. Personal Information (“Personal Information”) is as defined in and governed by the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”).
Personal Information includes Personal health information (“Personal Health Information”). For convenience, Personal Health Information is as defined in Ontario’s Personal Health Information Protection Act (“PHIPA”). If other applicable personal health information protection legislation in other Canadian jurisdictions provides a broader definition of personal health information than PHIPA, then that legislation applies.
Under PHIPA, an “Agent” is broadly defined as a person who, with the authorization of a Custodian, acts for or on behalf of the Custodian in respect of Personal Health Information.
Under PHIPA, a “Health Information Network Provider” is defined as a person that provides services to two or more Custodians to enable the Custodians to use electronic means to disclose Personal Health Information to one another. A Health Information Network Provider may or may not be an Agent. Please ask us for a copy of our plain-language description of the services that we provide to the Custodians, which includes a general description of the safeguards we have put in place to protect against unauthorized use and disclosure, and to protect the integrity of the Information.
ELLERCA is a Health Information Network Provider – meaning that we enable your Custodians, through the Services, to use electronic means to disclose your Personal Health Information to one another. Ellerca may also be an Agent of the Custodian nurses that we employ to provide services to you.
- what Information we collect;
- how we use that Information; and
- the choices we offer, including how to access and update Information.
“Account” means the account of a User (as defined below) who has a registered account.
“Health Care Provider” means any health care provider who provides health care services to you through the Services or who otherwise uses the Services for your diagnosis, treatment or other benefit, including our nurses.
“Non-identifying Information” means information that cannot be used to contact or identify you and is not linked to any Information that can be used to contact or identify you. It can include passively collected information about your activities and the activities of your Health Care Providers within the Services, such as usage data, but only to the extent that information is not linked to your Information.
“Patient” means a User who registers with ELLERCA with respect to receiving health care services and may therefore and for that purpose have access to the Services. You may become a Patient through your use of the Services.
“User” means an individual or other person who registers with ELLERCA and creates an Account, including any Custodians and Patients.
3. INFORMATION COLLECTED
Information is collected in three ways:
3.1 Information you provide
You provide Information to Ellerca when you register as a User, create a Patient profile, or communicate with us by email, phone, video conferencing, the App, the Site, any of the Platforms or postal mail:
- When you register as a User or create a Patient profile. In order to use the full complement of the Services, you must register with Ellerca. When you register for the Services, you become a User with an Account. Your Information is recorded through our online registration. At the time of registration, we collect Information, which may include (but not be limited to) the following:
- First and Last Name
- Email Address
- Date of Birth
- Phone Number
- Emergency Contact
- Medical diagnoses and dates of diagnoses
- Current medications and treatment plans
- Insurance information
- Names of your physicians or other health care providers, including those who you wish to designate as being in your circle of care
- Other health information that you voluntarily provide
- Once you become a Patient with an Account, additional Information that you provide (including via videoconference with a Health Care Provider) is stored as part of your profile. This may include: health insurance information, scheduled appointments, selected Health Care Providers, documents and Information that you or your selected Health Care Provider or other regulated health provider entity may upload, your medication adherence, and any other Information you or relevant third parties providing services to you choose to include.
- Otherwise through the Services. If you are not a User, we may nevertheless collect Information you provide us with through the Services, such as contact information.
3.2 Information obtained from your use of the Services
When you visit our Site, use our App or any of the Platforms, or otherwise use the Services, the following Information may also be collected:
- URL information and IP addresses. We may receive the digital address (URL) of the website that you came from when you access our Site over the internet. When you leave our Site, we may also receive the address of the website that you go to. ELLERCA may also receive the internet protocol (IP) address of your computer (or the proxy server you use to access the World Wide Web), your device operating system and type of web browser you are using, your mobile device (including your unique device identifier/UDID) and mobile operating system (if you are accessing the Services using a mobile device) as well as the name of your internet service provider or your mobile carrier. We may correlate this information with other Information we have about you.
- Log information. We may automatically collect and store certain information in server logs about your user sessions when you log-in through your Account. This may include when and how often you access the Services and what tasks were performed. This information will be used for ELLERCA’s purposes to improve the design of our Services and to help us better understand how to increase your medication adherence.
- Functional information. Technical information that we collect to ensure that our systems are working properly and collecting reliable data.
- Videoconferences. We may also record and store the videoconferences relating to any services provided by a Health Care Provider to you using the Services.
3.3 Information we get from other Users
We collect information relating to your communication with other Users or your Health Care Providers, including any documents they may upload to the Services. This includes, but is not limited to, your medical history and any other Information (including personal health information) that you disclose to a Health Care Provider (including our nurses) and medical documents containing, amongst other things, medical records relating to you (“Medical Document”). For example, if a nurse conducts a mental health assessment with you, the Information they collect will be added to your file on the Services.
4. COLLECTION OF INFORMATION FROM CHILDREN
The Services are intended for use by individuals eighteen (18) years of age or older and have the capacity to form legally binding contracts under applicable law. ELLERCA does not knowingly collect, either online or offline, Information from individuals under the age of 18. At this time, the Services are intended for residents of Canadian provinces and territories.
6. IDENTIFYING PURPOSES, CONSENT, AND LIMITING COLLECTION OF INFORMATION
ELLERCA and its Agents may use your Information for the following purposes:
- to provide Users with information about the Services, including updates and notifications;
- to maintain, administer, register and service your Account;
- for support services;
- contact you in response to your technical or general inquiries, or periodically solicit feedback and input from you;
- to generate statistics and aggregate reports to improve the Services;
- to provide services, included health care services;
- to facilitate videoconferencing;
- to improve your medication adherence;
- to communicate with you;
- to offer you tailored content;
- to improve the quality of the Services or enhance your experience with ELLERCA;
- for administrative, management and business purposes such as administration of your Account;
- to store Information; and
- verify Information you provide us as well as the representations and warranties you make to us in the Terms of Service or on Ellerca.
ELLERCA also collects, uses and discloses Information as identified at the time of collection, or as permitted or required by applicable law, including for any other purpose for which we have your consent.
ELLERCA assumes that your registration of an Account constitutes implied consent for the above purposes, all of which are of the essence of the Services, unless expressly instructed otherwise. If you do not consent, or if you withdraw your consent, the Services may not be available to you or your Health Care Providers.
The Services allows you to view manage appointments, track your medications and medication adherence, and communicate with Health Care Providers (including by videoconference), while enabling the Health Care Providers to manage the process more efficiently.
The Information we collect allows Health Care Providers to, among other things, view your health history, electronically transmit Medical Documents, and input health information in connection with the health care services they have provided to you.
You consent to our using aggregate, Non-Identifying Information collected via cookies and similar technologies to use in statistical analysis to help us track trends and analyze patterns in the use of the Services. You also consent to ELLERCA using any of your data in aggregate form for research or other purposes, including disclosure to third parties.
7. INFORMATION WE SHARE
We do not share Information with companies, organizations and individuals outside ELLERCA unless the following circumstances apply or as otherwise permitted or required by law:
- With your consent, we will share Information with companies and organizations outside ELLERCA when we have your consent to do so. We require opt-in consent for this to occur, unless the law permits or requires otherwise.
- By becoming a User of the Services, you consent to share your Information with other Users that you select or from whom you receive services, including, without limiting the foregoing, Health Care Providers within your circle of care.
- By becoming a User, you consent to the sharing of your Information with your insurance companies, to the extent necessary for ELLERCA to bill your insurance companies and provide evidence of any services provided to you.
We will disclose Information where permitted or required by law including:
- in an emergency if it is clearly in your interests or will reduce a significant risk of bodily harm to you or a third party and consent cannot be obtained in a timely way;
- in relation to any legal proceeding to protect or defend ELLERCA’s or a third party’s rights or property;
- to a public body or a law enforcement agency in Canada concerning an offence under the laws of Canada or a province (including to protect our property or the health, safety and property of our community);
- to meet any applicable law, regulation, legal process or enforceable governmental request required or permitted by PIPEDA, PHIPA or other substantially similar provincial legislation in Canada or legislation applicable to a jurisdiction where the Services are being used;
- to assist in an investigation or in the making of a decision to undertake an investigation;
- to enforce our agreement with you or other Users, including payment terms and investigation of potential violations;
- to comply with a subpoena, warrant or order issued or made by a court, person or body with jurisdiction to compel the production of Information, detect, prevent, or otherwise address fraud, security or technical issues; or
- in certain circumstances as required for the integrity and reputation of our business and ELLERCA’s technology.
We may share aggregate, Non-Identifying Information publicly and with our partners. For example, we may share Information publicly to show trends about the general use of ELLERCA’s services.
We may disclose and transfer Information in connection with a financing of our business, merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of ELLERCA or its affiliates or as part of a corporate reorganization or change in corporate control.
8. LIMITING USE, DISCLOSURE AND RETENTION
You acknowledge and agree that if you request that your Information be removed from the database created by the Services, it may not be possible to completely delete all Information due to technological and legal constraints. In addition your Health Care Providers may have retained copies of your Medical Documents and other medical information, simply by extracting them from the records in the said database in accordance with their own privacy policies and the requirements of their regulators and applicable law. ELLERCA does not have control over Health Care Providers (other than any Health Care Providers who are employees of ELLERCA) or other service providers in possession of your Information.
ELLERCA will take reasonable steps to ensure that the information about you is as accurate, complete, and up to date as is necessary to minimize the possibility that inappropriate information may be used to make a decision about you. However, we cannot be responsible for errors in the records caused by you, your Health Care Providers, or other Users you authorize to have access to your Information.
We implement commercially-reasonable administrative, technical and physical security measures to protect your Information. These include the following:
- ELLERCA uses symmetric 256-bit encryption using an RSA public-key SHA-2 algorithm and ECC public-key cryptography to secure connections between you and our servers and protect any data that is submitted to the system.
- All Patient information is stored on a separate private database server that is inaccessible to the public internet.
- All Patient and Health Care Provider’s data uses data-at-rest encryption which ensures that any underlying storage, automated backups, replicas, and snapshots of sensitive information are encrypted.
- As part of becoming registered for an Account and becoming a User, you will be asked to create a password. You should create a password (one that uses letters and numbers or symbols and is not a dictionary word or name or that includes information about you such as your date of birth or middle name). Please change your password frequently. If you access the Services from a public computer, please ensure to fully log-out of your Account and delete your browsing history and cache. If you access the Services from your own computer, ensure that your computer is password protected.
- The Information we collect will be stored on servers in Canada. Within ELLERCA, only Health Care Providers employed by ELLERCA or staff Users who require access to offer our services or maintain our services properly functioning and secure will have access to your Information. We require anyone who collects, uses or Information on our behalf to be aware of the importance of maintaining its confidentiality. This is done through the signing of confidentiality agreements, privacy training, and contractual means.
- ELLERCA also takes steps to protect Information against theft, loss and unauthorized use or disclosure. Care is used in the destruction of Information, to prevent unauthorized parties from gaining access to the Information.
Information about our policies and practices relating to the management of Information are available to the public, including:
- Contact information for our Privacy Officers, to whom complaints or inquiries can be made;
- The process for obtaining access to Information we hold about you, and making requests for its correction;
- A description of the type of Information we hold, including a general account of our uses and disclosures;
- The descriptions and documents referred to in subsection 6.(3) of Ontario Regulation 329/04 to PHIPA; and
- A description of how to make a complaint to ELLERCA or to the applicable Privacy Commissioner.
12. ACCESSING AND UPDATING YOUR INFORMATION
12.1 Accessing and Updating your Information
You may access or update your Information by logging into your Account and accessing your Account settings.
To access, change or remove Information not accessible through your Account settings or profiles, contact our User Care team at:firstname.lastname@example.org . In some cases, we may not be able to reasonably accommodate your request to remove or modify your Information, in which case we will let you know, and tell you why. For example, we cannot change the records made by Health Information Custodians because those records are subject to their own regulatory regime.
12.2 Cancelling your Account
If you have registered with ELLERCA and prior to any transactions, decide to deactivate your Account, you may contact our User Care team at email@example.com and request deactivation. Except for the retention of such information as is required by law, your Information will be removed from the Platform.
If a transaction has occurred, the history from that transaction will remain, including but not limited to medical notes or documents, communication between and among Patient, physician or other Health Care Provider, and your appointment history.
We will retain your Information if we believe it may be necessary to prevent fraud or future abuse. We may also retain your Information and Non-Identifying Information for business purposes, such as analysis in the aggregate, Account recovery, auditing our records, enforcing our rights and obligations under our agreements or if required by law. To the extent permitted by law, ELLERCA disclaims any liability in relation to the deletion or retention (subject to the terms herein) of Information or any obligation not to delete the information.
5925 Airport Road, Suite 200
Mississauga ON L4V 1W1
ELLERCA will receive and respond to complaints or inquiries about our policies and practices relating to the handling of Information, and will investigate all complaints. If a complaint is found to be justified, ELLERCA will take appropriate measures to respond. We will inform Patients who make inquiries or lodge complaints of other available complaint procedures, including to the Privacy Commissioner of Canada or the information and privacy commissioners of the Provinces in which such Patients live, as applicable.