CARE& FAMILY HEALTH — PRIVACY POLICY
Last Updated: March 1st, 2025
1. Introduction
Care& Family Health (“Care&”, “we”, “our”, or “us”) is committed to protecting the privacy and security of your personal health information. This Privacy Policy describes how we collect, use, disclose, and protect your personal information in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) and the Personal Information Protection and Electronic Documents Act (PIPEDA), as well as other applicable provincial and federal regulations.
By using our services, whether in person at our Yorkville or Lawrence Park locations or through our digital health platforms, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. We encourage you to read this document carefully to understand our practices and your rights.
This Privacy Policy applies to:
- All healthcare services provided by Care&
- The use of our websites, mobile applications, and patient portals
- Communications with our administrative and clinical teams
- Any other interactions with our organization
2. Information We Collect
2.1 Personal and Demographic Information
Full name, date of birth, gender identityContact information (phone, email, address)Government-issued identification (health card numbers)Emergency contact informationPayment information (credit card details, banking information)Family relationships (for linked accounts, including parent-child relationships)Referral information and referral codes2.2 Health Information
Medical history and family health historyCurrent health conditions and symptomsAllergies and adverse reactionsMedications and treatment plansConsultation notes and clinical observationsDiagnostic and laboratory resultsImmunization recordsMen’s and women’s sexual health informationMaternal health and lactation informationMental health assessments and treatment records2.3 Technical and Usage Information
IP address and device information when using our digital platformsAppointment scheduling historyService utilization patternsMobile app and web portal usage statisticsLocation data (limited to verifying Ontario residency for telehealth services)Integration data with third-party health platforms (such as Apple Health)3. How We Collect Information
3.1 Direct Collection
In-person consultations at our Yorkville and Lawrence Park locationsTelehealth appointments (phone or video consultations)Patient registration and intake formsElectronic communications (email, secure messaging)Payment processing systems3.2 Indirect Collection
From family members or caregivers with appropriate authorizationFrom other healthcare providers with your consentFrom third-party diagnostic and laboratory servicesThrough our mobile applications and web portal3.3 Automated Collection
Cookies and similar technologies on our websitesUsage tracking within our mobile applicationsTechnical logs and analytics toolsAppointment scheduling and reminder systems4. Audio Recording and Transcription Process
Care& employs a medical scribe system that records patient-practitioner encounters to ensure accurate clinical documentation through the following process:
Audio Recording: With your explicit consent, clinical encounters are recorded solely for the purpose of creating accurate medical records.Transcription: Audio recordings are transcribed into text format by authorized transcription services.Automated Deletion: All audio recordings are automatically and permanently deleted immediately following successful transcription.Transcript Retention: Transcribed text is maintained as part of your confidential medical record in accordance with regulatory requirements for health information retention.Clinical Documentation: Transcripts may be processed by artificial intelligence systems to generate structured clinical documentation (e.g., SOAP notes) to be reviewed and approved by healthcare practitioners.You may withdraw your consent for audio recording at any time prior to your appointment by notifying your healthcare provider, in which case alternative documentation methods will be used.
5. How We Use Your Information
5.1 Primary Uses
Providing and coordinating your healthcare servicesMaintaining an accurate and up-to-date health recordCommunicating with you about appointments and care plansProcessing payments for services renderedFacilitating prescription management and medication ordersEnabling healthcare providers to make informed clinical decisionsCoordinating lab work and diagnostic services5.2 Administrative and Operational Uses
Scheduling and managing appointmentsProcessing billing and insurance claimsVerifying identity and eligibility for servicesMaintaining and improving our operationsTraining and quality assurance activitiesConducting internal audits and evaluationsManaging the referral program and associated credits5.3 Communications
Sending appointment reminders and follow-up communicationsDistributing health education materialsNotifying you about service updates or changesResponding to your inquiries and requestsProviding information about additional services that may benefit your health5.4 Mobile App and Digital Platform Uses
Enabling appointment booking and managementFacilitating prescription refills through the appProviding access to health records and test resultsSupporting secure messaging with healthcare providersManaging linked accounts for family membersProcessing referrals and referral credits6. Legal Basis for Collection and Use
Care& collects and uses your personal health information primarily on the basis of:
Your explicit consentImplied consent in emergency situationsLegal obligations under Ontario healthcare regulationsLegitimate interests in providing effective healthcare services7. Consent
7.1 Express Consent
We obtain your express consent for:
Initial collection of your health informationAudio recording of clinical encountersSharing information with third parties not directly involved in your careUsing your information for research or quality improvement initiativesCreating linked accounts for children or dependentsProcessing payments through our digital platforms7.2 Implied Consent
Your consent may be implied when:
You seek healthcare services from Care&You participate in a healthcare appointmentInformation sharing is necessary for continuity of careYou use our mobile app or web portal to access services7.3 Withdrawal of Consent
You may withdraw or limit your consent at any time by contacting our Privacy Officer, with the understanding that this may impact our ability to provide certain services.
7.4 Consent for Minors and Dependents
Parents or legal guardians provide consent for the collection and use of personal health information for children under 16 years of ageAs minors mature, we involve them in consent decisions appropriate to their capacityWhen a minor reaches the age of majority, consent authority transfers to themSpecial protocols are in place for shared custody situations8. Information Sharing and Disclosure
8.1 Healthcare Team
Your information is shared among your Care& healthcare team to facilitate comprehensive care, including:
Nurse PractitionersAdministrative staffLaboratory technicians and phlebotomistsOther healthcare professionals within our organization8.2 External Healthcare Providers
With your consent, we may share information with:
Specialists or other healthcare providersDiagnostic and laboratory servicesPharmacies for prescription fulfillmentOther healthcare institutions8.3 Third-Party Service Providers
We may disclose information to trusted service providers who assist us in:
Electronic health record managementData storage and securityPayment processingTranscription servicesTechnical support for our digital platformsTranslation services (when requested)All third-party providers are bound by strict confidentiality and data protection agreements.8.4 Linked Family Accounts
When accounts are linked (such as parent-child relationships):
Parents/guardians can access their children’s health informationAccess is controlled based on legal custody arrangementsSpecial security measures protect sensitive informationAccess permissions evolve as children mature8.5 Legal and Regulatory Disclosures
We may disclose information when:
Required by law, court order, or regulatory authorityNecessary to prevent serious harm to you or othersMandated for public health reportingRequired for health professional regulatory investigations9. Referral Program Privacy Protections
Care& maintains a referral program that allows members to refer friends and earn rewards. Regarding privacy within this program:
Only minimal contact information is used in referral communicationsReferral status is only shared with the referrer and refereeCredit tracking information is maintained securely and privatelyReferral information is never sold or shared with external partiesReferral codes contain no personally identifiable informationBoth parties must consent to participate in the referral process10. Mobile App and Digital Platform Privacy
The Care& mobile application (iOS/Android) and web portal (app.careand.ca) implement the following privacy measures:
End-to-end encryption for all sensitive communicationsSecure storage of health information on mobile devicesAutomatic session timeouts to prevent unauthorized accessBiometric authentication options for enhanced securityStrict access controls for linked accountsTransparent data synchronization with electronic health recordsOption to control push notification privacy settingsAbility to manage third-party health platform integrations (e.g., Apple Health)11. Data Security
Care& implements robust technical, administrative, and physical safeguards to protect your information, including:
Encryption of electronic health records and communicationsSecure access controls and authentication proceduresRegular security assessments and vulnerability testingStaff training on privacy and security protocolsPhysical security measures at our Yorkville and Lawrence Park facilitiesSecure data backup and disaster recovery protocolsStrict protocols for mobile device securityContinuous monitoring for unauthorized access attempts12. Data Retention
We retain your health information for the period required by Ontario healthcare regulations and professional standards, typically:
Adult records: minimum of 10 years from last patient encounterMinor records: 10 years after the patient reaches the age of majorityTranscripts from clinical encounters: retained as part of your permanent health recordPayment information: 7 years for financial record-keeping requirementsAudio recordings: deleted immediately after successful transcriptionMobile app usage data: retained for up to 2 years13. Laboratory and Diagnostic Information
For laboratory and diagnostic services:
Specimen collection follows strict chain of custody proceduresResults are securely transmitted to our electronic health record systemTest requisitions contain only the minimum necessary informationExternal laboratory partners are bound by strict data protection agreementsResults are maintained according to our standard retention policiesOHIP-covered diagnostic services follow Ministry of Health privacy standards14. Telehealth Privacy Considerations
For telehealth services (phone or video consultations):
Services are only available to patients physically located in OntarioWe use secure, encrypted telehealth platformsMultiple participants may join video consultations with patient consentRecording of telehealth sessions by patients is strictly prohibitedSessions are conducted in private environments to protect confidentialityPractitioners verify patient identity prior to each telehealth encounterSpecial early-morning telehealth appointments (starting at 8:00am) follow the same privacy protocols15. Business Healthcare Solutions
For our business healthcare clients:
Employee health information is never shared with employers without explicit consentAggregate, de-identified utilization reports may be provided to business clientsStrict data segregation between individual and employer-sponsored accountsWorkplace consultations maintain the same privacy standards as clinic visitsClear boundaries between employer access and employee privacySpecial consent protocols for workplace health initiatives16. Your Privacy Rights
Under PHIPA and applicable legislation, you have the right to:
Access your personal health informationRequest corrections to inaccurate or incomplete informationWithdraw consent for certain uses and disclosuresBe informed about how your information is collected, used, and disclosedKnow who has accessed your information and whyFile a complaint regarding privacy practicesSet specific restrictions on certain uses of your informationReceive your information in a portable format17. Language and Translation Services
Care& primarily offers services in English but recognizes the importance of clear communication in healthcare:
Translation services are available upon requestWhen translation services are used, the translator is bound by confidentialityDocumentation indicates when translation was used during a consultationTranslated materials maintain the same privacy protections as English materialsOnly qualified medical translators are used for healthcare communicationsFamily members are not used as translators for clinical discussions unless requested18. Accessing and Correcting Your Information
To request access to or correction of your personal health information:
Submit a written request to our Privacy OfficerProvide sufficient detail to identify the information you seekSpecify whether you want to view the record, obtain a copy, or request correctionsWe will respond to access requests within 30 days and correction requests within 60 days, as required by law.For parents/guardians requesting access to a child’s information:Verification of legal custody may be requiredAccess may be limited based on the mature minor doctrineSpecial protocols apply in shared custody situations19. Privacy Breaches
In the event of a privacy breach involving your personal health information, we will:
Contain the breach and mitigate potential harmNotify affected individuals as required by lawConduct a thorough investigationImplement corrective measures to prevent recurrenceReport to the Information and Privacy Commissioner of Ontario as required20. Changes to This Privacy Policy
Care& reserves the right to modify this Privacy Policy at any time. Any changes will be:
Posted on our website and mobile applicationAvailable in print at our clinic locationsCommunicated through appropriate channels when material changes occurThe “Last Updated” date at the top of this policy indicates when it was most recently revised.
21. Contact Information
For questions, concerns, or complaints regarding your privacy or this policy:
Care& Family Health — Privacy Officer
162 Cumberland St, Suite 200
Toronto, Ontario, M5R 3N5Email: privacy@careand.ca
Phone: 647-951-4770
Fax: 647-715-2335For general inquiries or to book appointments:
Email: helpdesk@careand.ca
Phone: 647-951-4770Lawrence Park Location:
3080 Yonge St, Suite 6010
Toronto, OntarioYou may also contact the Information and Privacy Commissioner of Ontario:
2 Bloor Street East, Suite 1400
Toronto, ON M4W 1A8
Phone: 1-800-387-0073
22. Effective Date
This Privacy Policy is effective as of October 5, 2024, and supersedes all previous versions.