Privacy Policy

EHN Online Privacy Policy

EHN Online Privacy Policy

Effective date: June 23, 2021

Last Updated: June 23, 2021

 

Ehnonline.ca (the “Site”) is owned and operated by Edgewood Health Network Inc., and can be contacted at [email protected]

Purpose

The purpose of this privacy policy is to inform users of our Site of the following:

  1. Log files 
  2. Personal data collection
  3. Use of collected data
  4. Access to collected data
  5. The rights of Site users
  6. The Site’s cookie policy

Consent

By using our Site, users agree that they consent to:

  1. The conditions set out in this privacy policy and
  2. The collection, use and retention of the data listed in this privacy policy

Log Files

EHN Online follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and number of clicks. These are not linked to any information that is personally identifiable. 

The purpose of the information is for analyzing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.

Personal Data We Collect

We collect data that helps us achieve the purpose set out in this Privacy Policy. We may collect additional data beyond the data listed below in order to achieve this purpose.

Our commitment to privacy is assured by our adherence to the Personal Information Protection and Electronic Documents Act (PIPEDA) as well as substantially similar provincial legislation. Additionally, all employees are bound by a Confidentiality Agreement as a condition of employment.

Data Collected Automatically

When you visit and use the Site, EHN Online may automatically collect and store the following information:

  1. Clicked links;
  2. Content viewed; and
  3. Content interaction.

This is a non-exhaustive list, and with your knowledge, further information may be gathered in connection with the Site’s purpose. 

Data Collected Manually

We may also collect the following data when you perform certain functions on the Site:

  1. First and last name;
  2. Email address;
  3. Phone number; and
  4. Additional information related to referrals.

This data may be collected using the following methods:

  1. Filling our contact form;
  2. Booking an assessment;
  3. Taking our self-assessment quiz; and
  4. Filling out a referral form.

This is a non-exhaustive list, and with your knowledge, further information may be gathered in connection with the Site’s purpose. 

Use of Personal Data 

Data collected on our Site will only be used for the purposes specified in this Privacy Policy or indicated on the relevant pages of our Site. We will not use your data beyond what we disclose in this Privacy Policy.

Automatic data collection is used for marketing statistics and quality assurance. The data we collect when the user performs certain functions may be used for future communication purposes.

Sharing of Personal Data 

Employees

We may disclose user data to any member of our organization who reasonably needs access to user data to achieve the purposes set out in this Privacy Policy.

Other Disclosures

We will not sell or share you data with other third parties, except for in the following cases:

  1. If required by law
  2. If required for any legal proceeding and
  3. To prove or protect our legal rights

If you follow hyperlinks from our Site to another Site, please note that we are not responsible for and have no control over their privacy policies and practices.

Length of Data Storage

User data will be stored until the purpose the data was collected for has been achieved. You will be notified if your data is kept for longer than this period.

Protection of Personal Data 

In order to protect your security, we use the strongest available browser encryption and store all our data on servers in secure facilities. All data is only accessible to our employees, who are bound by strict confidentiality agreements.

Third party add-ons intended for enhanced user experience are selected based on their encryption strength and chosen with user privacy in mind.

Children

We do not knowingly collect or use personal data from children under 13 years of age. If we learn that we have collected such data, it will be deleted as soon as possible. If a child under 13 years of age has provided us with personal data their parent or guardian may contact our privacy officer.

Accessing, Modifying, Deleting or Challenging Data Collected 

To learn more about how we collect, use, or disclose your personal data, please contact us at [email protected]

Opting Out of Data Collection

Users can opt-out of the use of your personal data or marketing emails. You can opt-out of marketing emails by clicking “unsubscribe” at the bottom of any marketing email, or by not clicking any email consent boxes on the Site.

Requesting Your Information

We are required by law to disclose any information we have about you upon request and explain what your information is being used for and any other entities that the information has been disclosed to. Requests for your information can be directed to [email protected]

Cookie Policy

EHN Online uses the following types of cookies:

  1. Functional. Used to remember the selections you make on our Site so that they can be saved for your next visit.
  2. Analytical. Allows EHN Online to improve the design and functionality of our Site by collecting data on how you access our Site.
  3. Third party add-ons and applications. The Site makes use of third party add-ons for the two purposes above. These add-ons are carefully chosen with their user privacy strength in mind.

Third-Party Applications

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on EHN Online, which are sent directly to users’ browsers. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit. The Site currently allows currently for the following to function as third parties: 

  • Facebook
  • Google 
  • LinkedIn
  • CallRail
  • HubSpot
  • Clarity; and 
  • Drift. 

Visit their websites to learn more about their individual privacy policies and practices.

This is a non-exhaustive list. Further information may be gathered by new third parties introduced to the Site in connection with our purpose. 

Note that EHN Online has no access to or control over these cookies that are used by third-party advertisers.

Online Privacy Policy Only

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collected on the Site. This policy is not applicable to any information collected offline or via channels other than the Site.

Contact Information

For questions related to this privacy policy, please contact us at [email protected]

 

Office of the Privacy Commissioner of Canada

Office of the Privacy Commissioner of Canada

30, Victoria Street

Gatineau, QC

K1A AH3

 

Toll-free: 1-800-282-1376

Phone: (819) 994-5444

TTY: (819) 994-6591

 

Web Site: https://www.priv.gc.ca/

 

Provincial Privacy Commissioners

Information and Privacy Commissioner of Alberta

410, 9925 – 109 Street

Edmonton, Alberta T5K 2J8

Toll Free: 1-888-878-4044

Web Site: http://www.oipc.ab.ca

 

Information and Privacy Commissioner for British Columbia

P.O. Box 9038, Stn. Prov. Govt.

947 Fort Street, 4th Floor

Victoria, British Columbia V8W 9A4

Toll-free: 1-800-663-7867 (free within B.C.)

Web Site: http://www.oipc.bc.ca/

 

Commission d’accès à l’information du Québec

575 Saint-Amable Street, Suite 1.10

Québec, Québec G1R 2G4

Toll-free: 1-888-528-7741 (free within Québec)

Web Site: http://www.cai.gouv.qc.ca/index-en.html

EHN Outpatient Services Inc. Privacy Policy

Effective: February 7th, 2017

Last Modified Date: July 19, 2021

EHN Outpatient Services Inc.’s system consists of two parts: the Wagon app and online counselling services. The Wagon app and online counselling services can be provided to you directly through EHN Outpatient Services Inc. or through another authorized treatment facility or healthcare provider. This Privacy Policy governs how EHN Outpatient Services Inc. and the Wagon app collect, use, disclose, and otherwise manage your personal information, including personal health information, when applicable.

If you use Wagon as part of a treatment program provided by another authorized provider, please refer to that provider’s Privacy Policy in order to understand how they collect, use, disclose, and otherwise manage your personal information, including personal health information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY.  BY ACCESSING THE WAGON APP AND MAKING USE OF ITS SERVICES, YOU ACKNOWLEGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND THE TERMS OF SERVICE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE WAGON.

EHN Outpatient Services Inc. does collect information from you.

Wagon collects different information from you depending on whether you use the Wagon app, enroll in the online counselling services provided by EHN Outpatient Services Inc., or both.

The Wagon app collects your name, address, and email address when you set up your online profile and recovery plan. The Wagon app also collects information when you log your goal completions, emotions, triggers and using behaviours using the app.  EHN Outpatient Services Inc. securely transmits and stores this data, leveraging Microsoft’s Azure Cloud Computing Platform. The Wagon app also collects and compiles progress statistics on your goal completions, emotions, triggers, and other behaviour.

The Wagon app transmits your data to EHN Outpatient Services Inc. (or an authorized healthcare provider), allowing said company to provide counselling and guidance based on this data.

The Wagon app optionally provides geo-fencing in order to provide more support to app users, and indicate when they are in a location that may trigger them. The geo-tracking activity and history cannot be accessed by your counsellor.

If you enroll in the online counselling services offered and delivered by EHN Outpatient Services Inc. (online Aftercare, Group Therapy, Coaching, Individual Counselling, or our Intensive Outpatient Program), your counsellor may also collect personal information provided by you during enrollment or shared by you during your therapy sessions.  This personal information may include your home address, phone number, employer, gender, credit card information for payment; information or records regarding your medical or health history; previous treatment and counselling services; health status and laboratory testing results; current and previous medications; and other identifying and health related information. Your personal information may be contained in medical records, treatment and examination notes, and other health related records maintained by your counsellor.  All personal information collected during your enrollment or therapy sessions is stored and maintained in a secure storage system.

EHN Outpatient Services Inc. stores your information only for as long as it is necessary to provide services to you and for legal protections or as required by applicable laws and regulations.

What EHN Outpatient Services Inc. doesn’t do

The Wagon app does not collect health or medical data such as diagnosis, age, weight, medications, etc. EHN Outpatient Services Inc. collects personal health and medical information from you only if you enroll in online counselling services offered through EHN Outpatient Services Inc. or another authorized healthcare provider.

EHN Outpatient Services Inc. does not predict health outcomes such as sobriety or relapse.

The Wagon app does not act as a crisis line, and cannot be relied upon in an emergency situation.

The Wagon app does not store geographical data or send geographical data to the company or institution providing the Wagon app to the user.

EHN Outpatient Services Inc. uses information as disclosed and described below:

Neither EHN Outpatient Services Inc. nor EHN Canada counsellors uses or discloses personal information for any other purpose than to help you achieve long-term recovery.

We use information to respond to your needs, requests, or questions.  We may use your information to respond to your feedback also.

We may disclose your information among counsellors and support staff for the purposes of improving our services to you.

We also use your information to improve the Wagon app and the services we provide.  We may use your information to customize your experience with us, in an effort to provide better support for your goals.

We use information to communicate with you.  We may communicate with you about your account or in response to your progress or behaviour.  We may use push notifications in the Wagon app.  These may include tips and strategies to help you reach your goals and identify triggers and behaviours.  Your counsellor may also use the app to communicate with you.

We may use the email address or phone number you provided during enrollment to periodically response to and support your recovery progress. Your email address is not used for any other purpose and is not shared with outside parties.

We will use information as otherwise permitted by law, or as we may notify you.

EHN Outpatient Services Inc. shares some information with third parties.

We will share information with third parties who may perform services on our behalf.  For example, we may use service providers to process payments, host our website, and store information on our behalf.

As the provider of your treatment, EHN Outpatient Services Inc. will not willingly release any information concerning you outside EHN Canada’s facilities and clinics, without your written consent.

We will share information if we are required to comply with the law or to protect our company.  We will supply information if requested by court subpoena or court order; if a government or investigatory agency requests.  We may share info if we are investigating a potential fraud.

We will share information for other reasons that we may inform you about.

You have a say in how EHN Outpatient Services Inc. uses some of your information.

You can turn off push notifications for the Wagon app on your phone.  You can also decide to opt out of emails that you don’t want to receive.

While the Wagon app may use geo-fencing, you can disable this feature within the app itself.

EHN Outpatient Services Inc. uses standard security measures to protect data.

We understand that data security is a critical issue for you and we are committed to safeguarding your personal information in our custody and under our control.

EHN Outpatient Services Inc. has implemented a comprehensive information security program that includes written policies and procedures, and security controls. We have implemented reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in our custody and control.

EHN Outpatient Services Inc.adheres to the regulations and privacy practises of the province or territory in which clients resides when collecting, using, and disclosing their PI and PHI.

Our privacy practices are intended to comply with applicable privacy laws, including, without limitation, the Personal Health Information Protection Act (Ontario) (“PHIPA”), the Personal Information Protection Act (Alberta and British Columbia) (“PIPA”), the Health Information Act (Alberta) (“HIA”), the Personal Information Protection and Electronic Documents Act (Northwest Territories) (“PIPEDA”), and the Act Respecting the Protection of Personal Information in the Private Sector (Quebec). We will maintain the privacy of your personal information as required by applicable privacy laws, including without limitation, PHIPA, PIPA, HIA, and PIPEDA and the regulations under those Acts.

Complex passwords are required for all users to access the Wagon app, including developers, administrators, counsellors, and clients.

While you use the Wagon app, your data is encrypted both in transit and at rest, using AES_256 level encryption. This is a specification approved by the National Institute of Standards and Technology for symmetric key data encryption and has been adopted by the US government to replace previous methods of encryption.

In addition, EHN Outpatient Services Inc. uses HTTPS to authenticate communication between all entities within the system. HTTPS provides a reasonable guarantee that data is being transferred only between the components of EHN Outpatient Services Inc. (database, server, and app) and that the data cannot be read or forged by any third party.

Depending on the type of counselling service you register for, EHN Outpatient Services Inc. uses Zoom Video Communications Inc. (Zoom) or OnCall Health (OnCall) as the technology for providing safe and secure online therapy sessions. Zoom is compliant with the Health Insurance Portability and Accountability Act (HIPPA). For more information on how Zoom protects the privacy of your online sessions, see Zoom’s Privacy Policy. OnCall complies with the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and all equivalent personal health information protection legislation in Canada. EHN Outpatient Services Inc. also uses OnCall as a secure platform for program registration and online consultation sessions prior to placement into the appropriate treatment program. For more information about OnCall Health, refer to their Privacy Policy.

While we use all standard measures at our disposal to safeguard and protect information that is under our control from unauthorized access, use or disclosure, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We cannot guarantee its absolute security. It is up to you the user to ensure you protect yourself.  Use caution when using any app or the Internet.  Don’t allow unauthorized access to your account, protect your passwords and usernames, and limit access to your devices. Lock your mobile device when not in use, and never leave yourself logged in to a site or app.

EHN Outpatient Services Inc. stores data in Canada.

You understand and agree that we store your information or data in Canada.  This is subject to Canadian privacy laws.

EHN Outpatient Services Inc. is not responsible for third-party sites or services we do not directly control.

If you click on a link to a third-party site, be sure you are familiar with their privacy policy.  We are not responsible for those third-party sites.

You can access your information

At anytime you can request to access, update, or correct your personal information by contacting your counsellor directly. We may request certain personal information for the purposes of verifying your identity.

You can delete your information

You may request deletion of your personal information by EHN Outpatient Services Inc. , but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete personal information, it will be deleted from the active database, including from our archives. Once we disclose some of your personal information to third parties, we may not be able to access that personal information any longer as maintained by the third party and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures.

What EHN Outpatient Services Inc. will do if this policy is updated.

EHN Outpatient Services Inc. may need to amend their privacy practices from time to time.  We will always notify you as required by law, and we will always keep an updated policy accessible through the app.  Please be sure to check for updates periodically.

We want to hear from you if you have questions or concerns.

You can submit your general inquiry or concern with a detailed message to [email protected]

 

Politique de confidentialité EHN Outpatient Services Inc.

En vigueur le 7 février 2017

Date de dernière modification: 19 juillet 2021

Le système EHN Outpatient Services Inc. comprend deux parties: l’application Wagon et les services de conseil en ligne. L’application Wagon et les services de conseil en ligne peuvent vous être fournis directement par le biais de EHN Outpatient Services Inc. ou par l’intermédiaire d’un autre établissement de traitement agréé ou fournisseur de soins de santé. Cette politique de confidentialité régit la manière dont EHN Outpatient Services Inc. et l’application Wagon collectent, utilisent, divulguent et gèrent vos informations personnelles, y compris les informations de santé personnelles, le cas échéant.

Si vous utilisez Wagon dans le cadre d’un programme de traitement fourni par un autre fournisseur agréé, veuillez-vous reporter à la politique de confidentialité de ce fournisseur afin de comprendre comment il collecte, utilise, divulgue et gère vos informations personnelles, y compris les informations relatives à votre santé.

VEUILLEZ LIRE ATTENTIVEMENT CETTE POLITIQUE DE CONFIDENTIALITÉ. EN ACCÉDANT À L’APPLICATION WAGON ET EN UTILISANT SES SERVICES, VOUS RECONNAISSEZ LIRE, COMPRENDRE ET ACCEPTER D’ÊTRE LIÉ PAR CETTE POLITIQUE DE CONFIDENTIALITÉ ET LES CONDITIONS DE SERVICE. SI VOUS N’ACCEPTEZ PAS CES CONDITIONS, N’UTILISEZ PAS EHN OUTPATIENT SERVICES INC.

EHN Outpatient Services Inc. collecte des informations auprès de vous.

EHN Outpatient Services Inc. collecte différentes informations auprès de vous, que vous utilisiez l’application Wagon, vous inscriviez aux services de conseil en ligne fournis par EHN Outpatient Services Inc., ou les deux.

L’application Wagon collecte votre nom, votre adresse et votre adresse électronique lorsque vous configurez votre profil en ligne et votre plan de récupération. L’application Wagon recueille également des informations lorsque vous enregistrez vos objectifs, vos émotions, vos déclencheurs et comportements d’utilisation à l’aide de l’application. EHN Outpatient Services Inc. transmet et stocke ces données en toute sécurité, en tirant parti de la plate-forme Azure Cloud Computing de Microsoft. L’application Wagon collecte et compile également des statistiques de progression sur vos objectifs, vos émotions, vos déclencheurs et autres comportements.

L’application Wagon transmet vos données à EHN Outpatient Services Inc. (ou à un fournisseur de soins de santé agréé), ce qui permet à ladite société de fournir des conseils et une orientation en fonction de ces données.

L’application Wagon fournit éventuellement une géo-séparation afin de fournir davantage d’assistance aux utilisateurs d’applications et d’indiquer quand ils se trouvent dans un emplacement susceptible de les déclencher. L’activité et l’historique de géolocalisation ne sont pas accessibles à votre conseiller.

Si vous vous inscrivez aux services de conseil en ligne proposés et fournis par EHN Outpatient Services Inc. (suivi en ligne, thérapie de groupe, coaching, conseil individuel ou notre programme de consultation externe intensive), votre conseiller peut également collecter les informations personnelles que vous avez fournies lors de votre inscription ou partagées par vous lors de vos séances de thérapie. Ces informations personnelles peuvent inclure votre adresse personnelle, votre employeur, votre sexe, vos informations de carte de crédit pour le paiement; informations ou dossiers concernant vos antécédents médicaux ou de santé; services de traitement et de conseil antérieurs; état de santé et résultats des tests de laboratoire; médicaments actuels et antérieurs; et d’autres informations d’identification et relatives à la santé. Vos informations personnelles peuvent figurer dans des dossiers médicaux, des notes de traitement et d’examen, ainsi que dans d’autres dossiers relatifs à la santé tenus par votre conseiller. Toutes les informations personnelles collectées lors de votre inscription ou de vos séances de thérapie sont stockées et conservées dans un système de stockage sécurisé.

EHN Outpatient Services Inc. enregistre vos informations uniquement tant qu’il est nécessaire pour vous fournir des services et pour bénéficier des protections juridiques ou comme requis par les lois et réglementations en vigueur.

Ce que EHN Outpatient Services Inc. ne fait pas

L’application Wagon ne collecte pas de données médicales ou de santé telles que le diagnostic, l’âge, le poids, les médicaments, etc. EHN Outpatient Services Inc. collecte des informations personnelles sur la santé et la santé uniquement si vous vous abonnez aux services de conseil en ligne proposés par EHN Outpatient Services Inc. ou par un autre fournisseur de soins de santé agréé.

EHN Outpatient Services Inc. ne prédit pas les conséquences sur la santé telles que la sobriété ou la rechute.

EHN Outpatient Services Inc. n’agit pas comme une ligne de crise et ne peut être utilisé en cas d’urgence.

EHN Outpatient Services Inc. ne stocke pas de données géographiques ni n’envoie de données géographiques à l’entreprise ou à l’institution fournissant l’application Wagon à l’utilisateur.

EHN Outpatient Services Inc. utilise les informations telles que décrites ci-dessous:

Ni EHN Outpatient Services Inc. ni les conseillers n’utilisent ou ne divulguent des informations personnelles à des fins autres que celles visant à vous aider à vous rétablir à long terme.

Nous utilisons les informations pour répondre à vos besoins, demandes ou questions. Nous pouvons également utiliser vos informations pour répondre à vos commentaires.

Il est possible que nous divulguions vos informations à des conseillers et à du personnel d’assistance afin d’améliorer nos services.

Nous utilisons également vos informations pour améliorer l’application Wagon et les services que nous fournissons. Nous pouvons utiliser vos informations pour personnaliser votre expérience avec nous, dans le but de fournir un meilleur support pour vos objectifs.

Nous utilisons les informations pour communiquer avec vous. Nous pouvons communiquer avec vous à propos de votre compte ou en réponse à vos progrès ou à votre comportement. Nous pouvons utiliser des notifications push dans l’application Wagon. Ceux-ci peuvent inclure des conseils et des stratégies pour vous aider à atteindre vos objectifs et à identifier les déclencheurs et les comportements. Votre conseiller peut également utiliser l’application pour communiquer avec vous.

Nous pouvons utiliser l’adresse e-mail que vous avez fournie lors de votre inscription pour répondre périodiquement à votre progression et la soutenir. Votre adresse e-mail n’est utilisée à aucune autre fin et n’est pas partagée avec des tiers.

Nous utiliserons les informations dans les cas prévus par la loi ou si nous vous en informons.

EHN Outpatient Services Inc. partage certaines informations avec des tiers.

Nous partagerons les informations avec des tiers susceptibles de fournir des services en notre nom. Par exemple, nous pouvons faire appel à des fournisseurs de services pour traiter les paiements, héberger notre site Web et stocker des informations en notre nom.

En tant que fournisseur de votre traitement, EHN Outpatient Services Inc. ne divulguera pas volontairement d’informations vous concernant en dehors des installations et des cliniques EHN, sans votre consentement écrit.

Nous partagerons des informations si nous sommes tenus de respecter la loi ou de protéger notre entreprise. Nous fournirons des informations à la demande d’une assignation à comparaître ou d’une ordonnance du tribunal; si un gouvernement ou une agence d’enquête demande. Nous pouvons partager des informations si nous enquêtons sur une fraude potentielle.

Nous partagerons des informations pour d’autres raisons pour lesquelles nous pourrons vous informer.

Vous avez un mot à dire sur la façon dont EHN Outpatient Services Inc. utilise certaines de vos informations.

Vous pouvez désactiver les notifications push pour l’application Wagon sur votre téléphone. Vous pouvez également décider de vous désabonner des courriels que vous ne souhaitez pas recevoir.

Bien que EHN Outpatient Services Inc. puisse utiliser la géo-clôture, vous pouvez désactiver cette fonctionnalité dans l’application elle-même.

EHN Outpatient Services Inc. utilise des mesures de sécurité standard pour protéger les données.

Nous comprenons que la sécurité des données est une question cruciale pour vous et nous nous engageons à protéger vos informations personnelles sous notre garde et sous notre contrôle.

EHN Outpatient Services Inc. a mis en place un programme complet de sécurité des informations comprenant des règles et procédures écrites et des contrôles de sécurité. Nous avons mis en place des protections administratives, techniques et physiques raisonnables dans le but de nous protéger contre tout accès, utilisation, modification et divulgation non autorisés des informations personnelles en notre possession et sous notre contrôle.

Nos pratiques en matière de confidentialité ont pour objectif de respecter les lois applicables en matière de confidentialité, notamment la Loi sur la protection des renseignements personnels sur la santé (Ontario) (“LPRPS”) et la Loi sur la protection des renseignements personnels et les documents électroniques (Canada) (“LPRPDE”). Nous préserverons la confidentialité de vos renseignements personnels conformément aux lois applicables en matière de protection de la vie privée, y compris, sans limitation, la LPRPS et la LPRPDE, ainsi que les règlements pris en vertu de ces lois.

Des mots de passe complexes sont requis pour que tous les utilisateurs puissent accéder à EHN Outpatient Services Inc. , y compris les développeurs, les administrateurs, les conseillers et les clients.

 

Lorsque vous utilisez EHN Outpatient Services Inc. , vos données sont cryptées en transit et en attente, à l’aide du cryptage de niveau AES_256. Il s’agit d’une spécification approuvée par l’Institut national des normes et de la technologie pour le cryptage des données à clé symétrique et adoptée par le gouvernement américain pour remplacer les méthodes de cryptage antérieures.

 

De plus, EHN Outpatient Services Inc. utilise HTTPS pour authentifier la communication entre toutes les entités du système. HTTPS fournit une garantie raisonnable que les données ne sont transférées qu’entre les composants de EHN Outpatient Services Inc. (base de données, serveur et application) et que les données ne peuvent être ni lues ni falsifiées par des tiers.

EHN Outpatient Services Inc. utilise Zoom Video Communications Inc. (Zoom) comme technologie d’organisation de séances de conseil vidéo. Zoom est conforme à la loi HIPPA (Health Insurance Portability and Accountability Act), qui propose des séances de thérapie en ligne sûres et sécurisées. Les données de votre session de conseil transmises sur le réseau sont protégées à l’aide d’un système AES (Advanced Encryption Standard) unique doté d’une clé de 256 bits générée et distribuée de manière sécurisée à vous et aux autres participants au début de chaque session. L’accès à la session est protégé par email et mot de passe vérifié. Pour plus d’informations sur la manière dont Zoom protège la confidentialité de vos sessions en ligne, voir la politique de confidentialité de Zoom.

Bien que nous utilisions toutes les mesures standard à notre disposition pour protéger les informations placées sous notre contrôle contre tout accès, utilisation ou divulgation non autorisés, rappelez-vous qu’aucune méthode de transmission sur Internet, ni aucune méthode de stockage électronique, n’est sécurisée à 100%. Nous ne pouvons pas garantir sa sécurité absolue. C’est à vous, l’utilisateur, de vous protéger. Soyez prudent lorsque vous utilisez une application ou Internet. N’autorisez pas les accès non autorisés à votre compte, protégez vos mots de passe et noms d’utilisateur et ne limitez pas l’accès à vos appareils. Verrouillez votre appareil mobile lorsque vous ne l’utilisez pas et ne vous laissez jamais connecté à un site ou à une application.

EHN Outpatient Services Inc. stocke des données au Canada.

Vous comprenez et acceptez que nous stockions vos informations ou données au Canada. Ceci est soumis aux lois canadiennes sur la vie privée.

EHN Outpatient Services Inc. n’est pas responsable des sites tiers ou des services que nous ne contrôlons pas directement.

Si vous cliquez sur un lien vers un site tiers, assurez-vous de connaître leur politique de confidentialité. Nous ne sommes pas responsables de ces sites tiers.

Vous pouvez accéder à vos informations

À tout moment, vous pouvez demander l’accès, la mise à jour ou la correction de vos informations personnelles en contactant directement votre conseiller. Nous pouvons demander certaines informations personnelles aux fins de vérifier votre identité.

Vous pouvez supprimer vos informations

Vous pouvez demander la suppression de vos informations personnelles par EHN Outpatient Services Inc., mais veuillez noter que nous pouvons être tenus (de par la loi ou autrement) de conserver ces informations et de ne pas les supprimer (ou de conserver ces informations pendant un certain temps, auquel cas nous nous conformons votre demande de suppression seulement après que nous ayons rempli ces conditions). Lorsque nous supprimons des informations personnelles, elles seront supprimées de la base de données active, y compris de nos archives. Une fois que nous avons divulgué certaines de vos informations personnelles à des tiers, il se peut que nous ne puissions plus accéder à ces informations personnelles telles qu’elles sont gérées par la tierce partie et que nous ne puissions pas forcer la suppression ou la modification de telles informations par les parties auxquelles nous avons transmis ces informations.

Que fera EHN Outpatient Services Inc. si cette politique est mise à jour.

EHN Outpatient Services Inc. devra peut-être modifier ses pratiques de confidentialité de temps à autre. Nous vous informerons toujours comme l’exige la loi et nous garderons toujours une politique à jour accessible via l’application. S’il vous plaît assurez-vous de vérifier les mises à jour périodiquement.

EHN Outpatient Services Inc. veut avoir de vos nouvelles si vous avez des questions ou des inquiétudes.

Vous pouvez soumettre votre demande ou préoccupation générale avec un message détaillé à [email protected]

Privacy Impact Assessments

EHN Outpatient Services Inc. Privacy Impact Assessment Summary

Author: Samantha Campbell

Version: EHN Outpatient Services Inc. Version 1.0

Date: July 19, 2021

Executive Summary:

In accordance with Ontario Regulation 329/04 made under the Personal Health Information Protection Act , 2004 (PHIPA), EHN Outpatient Services Inc. team has completed a Privacy Impact Assessment (PIA) for EHN Outpatient Services Inc. Version 1.0. EHN Outpatient Services Inc. provides online mental health and addiction treatment, counselling, and aftercare services to individuals. EHN Outpatient Services Inc. provides both online therapy and the Wagon mobile recovery app to help individuals suffering from mental health and addiction disorders achieve long-term recovery. The Wagon app is a companion tool with a library of tools to help clients on a daily basis. The Wagon app is both a client monitoring tool for counsellors, as well as a daily recovery support tool for clients. This summary reflects the findings and recommendations from the second PIA conducted for EHN Outpatient Services Inc. Version 1.0. The PIA was conducted based on the guidelines recommended by the Office of the Privacy Commissioner of Canada, which incorporates the ten principles of the Canadian Standards Association Model Code for assessing fair information handling practices.

Privacy Principles:

The findings and recommendations relating to potential privacy risks for EHN Outpatient Services Inc. are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices.

Principle 1: Accountability

Compliance status: Full

Full Recommendations for risk mitigation: None

Principle 2: Identifying Purposes

Compliance status:Full

Recommendations for risk mitigation: None

Principle 3: Consent

Compliance status:Full

Recommendations for risk mitigation: None

Principle 4: Limiting Collection

Compliance status:Full

Recommendations for risk mitigation: None

Principle 5: Limiting Use, Disclosure,and Retention

Compliance status:Full

Recommendations for risk mitigation: None

Principle 6: Accuracy

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a policy for periodic testing of the accuracy of the transmission of client data.
  • Develop policies and procedures for monitoring and evaluating user audit logs.

Principle 7: Safeguards

Compliance status: Partial

Recommendations for risk mitigation:

  • Configure Azure to monitor and report on inappropriate system use.
  • Develop and document a policy for monitoring and responding to inappropriate system use.

Principle 8: Openness

Compliance status:Full

Recommendations for risk mitigation: None

Principle 9: Individual Access

Compliance status:Full

Recommendations for risk mitigation: None

Principle 10: Challenging Compliance

Compliance status:Full

Recommendations for risk mitigation: None

Author: Samantha Campbell  

Version:  Wagon Health Solutions Version 2.0 

Date: September 30, 2019
 

Executive Summary:

In accordance with Ontario Regulation 329/04 made under the Personal Health Information Protection Act , 2004 (PHIPA), Wagon Health Solutions team has completed a Privacy Impact Assessment (PIA) for Wagon Health Solutions Version 2.0 

Wagon Health Solutions is a sophisticated recovery management solution that helps maintain a continuous connection between counselor and patient throughout recovery. Wagon is both a patient monitoring tool for healthcare providers, as well as a daily goals-based addiction recovery support tool for patients. 

This summary reflects the findings and recommendations from the first PIA conducted for Wagon Health Solutions Version 1.0. The PIA was conducted based on the guidelines recommended by the Office of the Privacy Commissioner of Canada, which incorporates the ten principles of the Canadian Standards Association Model Code for assessing fair information handling practices.  

Privacy Principles:

The findings and recommendations relating to potential privacy risks for Wagon Health Solutions 1.0 are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices.  

Principle 1: Accountability 

Compliance status: Full 

Recommendations for risk mitigation:

  • None 

 

Principle 2: Identifying Purposes  

Compliance status: Full

Recommendations for risk mitigation:

  • None 

 

Principle 3: Consent  

Compliance status: Full 

Recommendations for risk mitigation:

  • None 

Principle 4: Limiting Collection 

Compliance status: Full

Recommendations for risk mitigation:

  • None 

 

Principle 5: Limiting Use, Disclosure, and Retention  

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a formal written retention policy and disposition schedule for client data. 

 

Principle 6: Accuracy  

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a policy for periodic testing of the accuracy of the transmission of client data. 
  • Develop policies and procedures for monitoring and evaluating Wagon user audit logs. 

 

Principle 7: Safeguards 

Compliance status: Partial

Recommendations for risk mitigation:

  • Configure Azure to monitor and report on inappropriate system use.  
  • Develop and document a policy for monitoring and responding to inappropriate system use. 

 

Principle 8: Openness  

Compliance status: Full

Recommendations for risk mitigation:

  • None 

 

Principle 9: Individual Access  

Compliance status: Full

Recommendations for risk mitigation:

  • None 

 

Principle 10: Challenging Compliance  

Compliance status: Partial

Recommendations for risk mitigation:

  • None 

Executive Summary

In accordance with Ontario Regulation 329/04 made under the Personal Health Information Protection Act , 2004 (PHIPA), Wagon Health Solutions team has completed a Privacy Impact Assessment (PIA) for Wagon Health Solutions Version 1.0. 

Wagon Health Solutions is a sophisticated recovery management solution that helps maintain a continuous connection between counsellor and patient throughout recovery. Wagon is both a patient monitoring tool for healthcare providers, as well as a daily goals-based addiction recovery support tool for patients.

This summary reflects the findings and recommendations from the first PIA conducted for Wagon Health Solutions Version 1.0. The PIA was conducted based on the guidelines recommended by the Office of the Privacy Commissioner of Canada, which incorporates the ten principles of the Canadian Standards Association Model Code for assessing fair information handling practices. 

Privacy Principles 

The findings and recommendations relating to potential privacy risks for Wagon Health Solutions 1.0 are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices. 

 

Principle 1: Accountability

Compliance status: Partial

Recommendations for risk mitigation:

  • Document the administrative structure for privacy, including who is responsible for performing privacy-related duties within the Wagon organization.
  • Determine who in the Wagon organization performs the annual PIA and who will approve each PIA.

Principle 2: Identifying Purposes 

Compliance status: Full

Recommendations for risk mitigation:

  • Remove or change the collection of Clinic Location from the information collected via the Wagon Dashboard. If changed, ensure that it provides information to counsellors that affects the patients care.

Principle 3: Consent

Compliance status: Partial

Recommendations for risk mitigation:

  • Include in the Wagon set-up email sent that is sent to patients a link to the Wagon privacy policy and disclaimer.
  • Create a formal written policy for updating the Wagon Privacy Policy, which specifies that it should be updated when a new feature is added to Wagon.

Principle 4: Limiting Collection

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 5: Limiting Use, Disclosure, and Retention 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a formal written retention policy and disposition schedule for patient data.

Principle 6: Accuracy 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a policy for periodic testing of the accuracy of the transmission of patient data.
  • Develop policies and procedures for monitoring and evaluating Wagon user audit logs.

Principle 7: Safeguards

Compliance status: Partial

Recommendations for risk mitigation:

  • Document a Threat & Risk Assessment (TRA) policy with emphasis on privacy risks and concerns and how these concerns have been addressed.
  • Configure Azure to monitor and report on inappropriate system use.
  • Develop and document a policy for monitoring and responding to inappropriate system use.
  • For internal Wagon administrators and developers, create an internal access level tracking system which logs name, role, access level and approver.

Principle 8: Openness 

Compliance status: Partial

Recommendations for risk mitigation:

  • Post Wagon’s PIA Summary report on Wagon’s website (onthewagon.ca).
  • Include a link to Wagon’s Privacy Policy within the Wagon app.
  • Designate a Privacy Officer.
  • Create and post an Outline of Procedure for data deletion and/or privacy inquiries to the FAQs at onthewagon.ca.

Principle 9: Individual Access 

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 10: Challenging Compliance 

Compliance status: Partial

Recommendations for risk mitigation:

  • Create formal written procedures for receiving and responding to privacy complaints.
  • Designate a person responsible for receiving and resolving privacy complaints.
  • Provide a mechanism for tracking and reporting privacy complaints.
  • Implement a process for conducting privacy complaints compliance audits.