Privacy Policy

CARE& FAMILY HEALTH — PRIVACY POLICY

Last Updated: March 1st, 2025

1. Introduction

Care& Family Health (“Care&”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal health information. This Privacy Policy describes how we collect, use, disclose, and protect your personal information in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as other applicable provincial and federal regulations.

By using our services, whether in person at our Yorkville or Lawrence Park locations or through our digital health platforms, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. We encourage you to read this document carefully to understand our practices and your rights.

This Privacy Policy applies to:

  • All healthcare services provided by Care&
  • The use of our websites, mobile applications, and patient portals
  • Communications with our administrative and clinical teams
  • Any other interactions with our organization

2. Information We Collect

2.1 Personal and Demographic Information

  • Full name, date of birth, gender identity
  • Contact information (phone, email, address)
  • Government-issued identification (health card numbers)
  • Emergency contact information
  • Payment information (credit card details, banking information)
  • Family relationships (for linked accounts, including parent-child relationships)
  • Referral information and referral codes

    • 2.2 Health Information

  • Medical history and family health history
  • Current health conditions and symptoms
  • Allergies and adverse reactions
  • Medications and treatment plans
  • Consultation notes and clinical observations
  • Diagnostic and laboratory results
  • Immunization records
  • Men’s and women’s sexual health information
  • Maternal health and lactation information
  • Mental health assessments and treatment records

    • 2.3 Technical and Usage Information

  • IP address and device information when using our digital platforms
  • Appointment scheduling history
  • Service utilization patterns
  • Mobile app and web portal usage statistics
  • Location data (limited to verifying Ontario residency for telehealth services)
  • Integration data with third-party health platforms (such as Apple Health)

    • 3. How We Collect Information

    3.1 Direct Collection

  • In-person consultations at our Yorkville and Lawrence Park locations
  • Telehealth appointments (phone or video consultations)
  • Patient registration and intake forms
  • Electronic communications (email, secure messaging)
  • Payment processing systems

    • 3.2 Indirect Collection

  • From family members or caregivers with appropriate authorization
  • From other healthcare providers with your consent
  • From third-party diagnostic and laboratory services
  • Through our mobile applications and web portal

    • 3.3 Automated Collection

  • Cookies and similar technologies on our websites
  • Usage tracking within our mobile applications
  • Technical logs and analytics tools
  • Appointment scheduling and reminder systems

    • 4. Audio Recording and Transcription Process

    Care& employs a medical scribe system that records patient-practitioner encounters to ensure accurate clinical documentation through the following process:

  • Audio Recording: With your explicit consent, clinical encounters are recorded solely for the purpose of creating accurate medical records.
  • Transcription: Audio recordings are transcribed into text format by authorized transcription services.
  • Automated Deletion: All audio recordings are automatically and permanently deleted immediately following successful transcription.
  • Transcript Retention: Transcribed text is maintained as part of your confidential medical record in accordance with regulatory requirements for health information retention.
  • Clinical Documentation: Transcripts may be processed by artificial intelligence systems to generate structured clinical documentation (e.g., SOAP notes) to be reviewed and approved by healthcare practitioners.

    • You may withdraw your consent for audio recording at any time prior to your appointment by notifying your healthcare provider, in which case alternative documentation methods will be used.

    5. How We Use Your Information

    5.1 Primary Uses

  • Providing and coordinating your healthcare services
  • Maintaining an accurate and up-to-date health record
  • Communicating with you about appointments and care plans
  • Processing payments for services rendered
  • Facilitating prescription management and medication orders
  • Enabling healthcare providers to make informed clinical decisions
  • Coordinating lab work and diagnostic services

    • 5.2 Administrative and Operational Uses

  • Scheduling and managing appointments
  • Processing billing and insurance claims
  • Verifying identity and eligibility for services
  • Maintaining and improving our operations
  • Training and quality assurance activities
  • Conducting internal audits and evaluations
  • Managing the referral program and associated credits

    • 5.3 Communications

  • Sending appointment reminders and follow-up communications
  • Distributing health education materials
  • Notifying you about service updates or changes
  • Responding to your inquiries and requests
  • Providing information about additional services that may benefit your health

    • 5.4 Mobile App and Digital Platform Uses

  • Enabling appointment booking and management
  • Facilitating prescription refills through the app
  • Providing access to health records and test results
  • Supporting secure messaging with healthcare providers
  • Managing linked accounts for family members
  • Processing referrals and referral credits

    • 6. Legal Basis for Collection and Use

    Care& collects and uses your personal health information primarily on the basis of:

  • Your explicit consent
  • Implied consent in emergency situations
  • Legal obligations under Ontario healthcare regulations
  • Legitimate interests in providing effective healthcare services

    • 7. Consent

    7.1 Express Consent

    We obtain your express consent for:

  • Initial collection of your health information
  • Audio recording of clinical encounters
  • Sharing information with third parties not directly involved in your care
  • Using your information for research or quality improvement initiatives
  • Creating linked accounts for children or dependents
  • Processing payments through our digital platforms

    • 7.2 Implied Consent

    Your consent may be implied when:

  • You seek healthcare services from Care&
  • You participate in a healthcare appointment
  • Information sharing is necessary for continuity of care
  • You use our mobile app or web portal to access services

    • 7.3 Withdrawal of Consent

    You may withdraw or limit your consent at any time by contacting our Privacy Officer, with the understanding that this may impact our ability to provide certain services.

    7.4 Consent for Minors and Dependents

  • Parents or legal guardians provide consent for the collection and use of personal health information for children under 16 years of age
  • As minors mature, we involve them in consent decisions appropriate to their capacity
  • When a minor reaches the age of majority, consent authority transfers to them
  • Special protocols are in place for shared custody situations

    • 8. Information Sharing and Disclosure

    8.1 Healthcare Team

    Your information is shared among your Care& healthcare team to facilitate comprehensive care, including:

  • Nurse Practitioners
  • Administrative staff
  • Laboratory technicians and phlebotomists
  • Other healthcare professionals within our organization

    • 8.2 External Healthcare Providers

    With your consent, we may share information with:

  • Specialists or other healthcare providers
  • Diagnostic and laboratory services
  • Pharmacies for prescription fulfillment
  • Other healthcare institutions

    • 8.3 Third-Party Service Providers

    We may disclose information to trusted service providers who assist us in:

  • Electronic health record management
  • Data storage and security
  • Payment processing
  • Transcription services
  • Technical support for our digital platforms
  • Translation services (when requested)
  • All third-party providers are bound by strict confidentiality and data protection agreements.

    • 8.4 Linked Family Accounts

    When accounts are linked (such as parent-child relationships):

  • Parents/guardians can access their children’s health information
  • Access is controlled based on legal custody arrangements
  • Special security measures protect sensitive information
  • Access permissions evolve as children mature

    • 8.5 Legal and Regulatory Disclosures

    We may disclose information when:

  • Required by law, court order, or regulatory authority
  • Necessary to prevent serious harm to you or others
  • Mandated for public health reporting
  • Required for health professional regulatory investigations

    • 9. Referral Program Privacy Protections

    Care& maintains a referral program that allows members to refer friends and earn rewards. Regarding privacy within this program:

  • Only minimal contact information is used in referral communications
  • Referral status is only shared with the referrer and referee
  • Credit tracking information is maintained securely and privately
  • Referral information is never sold or shared with external parties
  • Referral codes contain no personally identifiable information
  • Both parties must consent to participate in the referral process

    • 10. Mobile App and Digital Platform Privacy

    The Care& mobile application (iOS/Android) and web portal (app.careand.ca) implement the following privacy measures:

  • End-to-end encryption for all sensitive communications
  • Secure storage of health information on mobile devices
  • Automatic session timeouts to prevent unauthorized access
  • Biometric authentication options for enhanced security
  • Strict access controls for linked accounts
  • Transparent data synchronization with electronic health records
  • Option to control push notification privacy settings
  • Ability to manage third-party health platform integrations (e.g., Apple Health)

    • 11. Data Security

    Care& implements robust technical, administrative, and physical safeguards to protect your information, including:

  • Encryption of electronic health records and communications
  • Secure access controls and authentication procedures
  • Regular security assessments and vulnerability testing
  • Staff training on privacy and security protocols
  • Physical security measures at our Yorkville and Lawrence Park facilities
  • Secure data backup and disaster recovery protocols
  • Strict protocols for mobile device security
  • Continuous monitoring for unauthorized access attempts

    • 12. Data Retention

    We retain your health information for the period required by Ontario healthcare regulations and professional standards, typically:

  • Adult records: minimum of 10 years from last patient encounter
  • Minor records: 10 years after the patient reaches the age of majority
  • Transcripts from clinical encounters: retained as part of your permanent health record
  • Payment information: 7 years for financial record-keeping requirements
  • Audio recordings: deleted immediately after successful transcription
  • Mobile app usage data: retained for up to 2 years

    • 13. Laboratory and Diagnostic Information

    For laboratory and diagnostic services:

  • Specimen collection follows strict chain of custody procedures
  • Results are securely transmitted to our electronic health record system
  • Test requisitions contain only the minimum necessary information
  • External laboratory partners are bound by strict data protection agreements
  • Results are maintained according to our standard retention policies
  • OHIP-covered diagnostic services follow Ministry of Health privacy standards

    • 14. Telehealth Privacy Considerations

    For telehealth services (phone or video consultations):

  • Services are only available to patients physically located in Ontario
  • We use secure, encrypted telehealth platforms
  • Multiple participants may join video consultations with patient consent
  • Recording of telehealth sessions by patients is strictly prohibited
  • Sessions are conducted in private environments to protect confidentiality
  • Practitioners verify patient identity prior to each telehealth encounter
  • Special early-morning telehealth appointments (starting at 8:00am) follow the same privacy protocols

    • 15. Business Healthcare Solutions

    For our business healthcare clients:

  • Employee health information is never shared with employers without explicit consent
  • Aggregate, de-identified utilization reports may be provided to business clients
  • Strict data segregation between individual and employer-sponsored accounts
  • Workplace consultations maintain the same privacy standards as clinic visits
  • Clear boundaries between employer access and employee privacy
  • Special consent protocols for workplace health initiatives

    • 16. Your Privacy Rights

    Under PHIPA and applicable legislation, you have the right to:

  • Access your personal health information
  • Request corrections to inaccurate or incomplete information
  • Withdraw consent for certain uses and disclosures
  • Be informed about how your information is collected, used, and disclosed
  • Know who has accessed your information and why
  • File a complaint regarding privacy practices
  • Set specific restrictions on certain uses of your information
  • Receive your information in a portable format

    • 17. Language and Translation Services

    Care& primarily offers services in English but recognizes the importance of clear communication in healthcare:

  • Translation services are available upon request
  • When translation services are used, the translator is bound by confidentiality
  • Documentation indicates when translation was used during a consultation
  • Translated materials maintain the same privacy protections as English materials
  • Only qualified medical translators are used for healthcare communications
  • Family members are not used as translators for clinical discussions unless requested

    • 18. Accessing and Correcting Your Information

    To request access to or correction of your personal health information:

  • Submit a written request to our Privacy Officer
  • Provide sufficient detail to identify the information you seek
  • Specify whether you want to view the record, obtain a copy, or request corrections
  • We will respond to access requests within 30 days and correction requests within 60 days, as required by law.
  • For parents/guardians requesting access to a child’s information:
  • Verification of legal custody may be required
  • Access may be limited based on the mature minor doctrine
  • Special protocols apply in shared custody situations

    • 19. Privacy Breaches

    In the event of a privacy breach involving your personal health information, we will:

  • Contain the breach and mitigate potential harm
  • Notify affected individuals as required by law
  • Conduct a thorough investigation
  • Implement corrective measures to prevent recurrence
  • Report to the Information and Privacy Commissioner of Ontario as required

    • 20. Changes to This Privacy Policy

    Care& reserves the right to modify this Privacy Policy at any time. Any changes will be:

  • Posted on our website and mobile application
  • Available in print at our clinic locations
  • Communicated through appropriate channels when material changes occur

    • The “Last Updated” date at the top of this policy indicates when it was most recently revised.

    21. Contact Information

    For questions, concerns, or complaints regarding your privacy or this policy:

    Care& Family Health — Privacy Officer 162 Cumberland St, Suite 200 Toronto, Ontario, M5R 3N5Email: privacy@careand.ca Phone: 647-951-4770 Fax: 647-715-2335For general inquiries or to book appointments: Email: helpdesk@careand.ca Phone: 647-951-4770Lawrence Park Location: 3080 Yonge St, Suite 6010 Toronto, OntarioYou may also contact the Information and Privacy Commissioner of Ontario: 2 Bloor Street East, Suite 1400 Toronto, ON M4W 1A8 Phone: 1-800-387-0073

    22. Effective Date

    This Privacy Policy is effective as of October 5, 2024, and supersedes all previous versions.