TaperMD™ Privacy Policy

(Last modified February 10, 2017)

Data Based Medicine Americas Ltd. (DBM/we/us) is committed to protecting personal information and safeguarding the privacy of all users of the TaperMD™ Portal (the Portal/TaperMD), which is accessible through our website meds.tapermd.org (the Website, and collectively, with the Portal, the Services).

By using the Services you consent to the collection and use by us and our agents of your Personal Information as described in this Privacy Policy.

This Privacy Policy applies to information collected by DBM through the Services. It does not apply to information or data collected through other websites, products, or services.

Definitions

“Account” means the account used by Users to sign into and use the Portal.

“Health Care Provider” means a Practitioner, clinic, or business that subscribes to TaperMD and registers its Patients with Accounts to the Portal.

“Identifying Information” means personally identifiable information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual. This includes information such as name, address, email, and date of birth.

“Non-Personal Information” is information of an anonymous nature, such as an Internet Protocol Address (IP Address), the domain used to access the site, and the type and version of browser or operating system being used. Aggregate information, such as demographic statistics of Users (e.g., average age or geographical allocation), number of Users, which pages Users access or visit, average time spent on the Website, and information volunteered by Users, such as survey information, is also considered Non-Personal Information.

“Patient(s)” means those patients and clients of the Health Care Provider who are initially registered by the Health Care Provider with DBM to access the Portal.

“Personal Health Information” means identifying information about an individual, if the information (a) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family, or (b) relates to the provision of health care services to the individual, including the identification of a person as a provider of healthcare to the individual.

“Personal Information” in the context of this Privacy Policy, means both Identifying Information and Personal Health Information.

“Practitioner(s)” means those employees of the Health Care Provider registered to be Portal users in order to access Health Care Provider and Patient content through the Portal.

“User” means any individual with access to the Portal (whether a Health Care Provider, Practitioner, or Patient).

Collection of Personal Information

Registration

DBM collects and stores Personal Information to provide Users and Health Care Providers with services within the Portal. By consenting to this Privacy Policy, DBM will collect and retain Patients’ Personal Information as provided by the Patient and their Health Care Provider, allowing for direct and convenient access to the Patient’s Personal Health Information.

Personal Information is also collected to initiate Users’ account setup and validation. This allows expedition of Users’ enrolment and access to the Portal, and includes without limitation the User’s name and email.

Cookies

DBM uses cookies within Users’ web browsers to facilitate the sign-in process and to deliver personalized services within the Services. The cookie is a small data file that a website places on your computer’s hard disk. DBM also uses cookies to help it compile aggregate statistics about usage of the Website, such as how many Users visit the Website, how long Users spend viewing the Website, and which pages are viewed most often. This is a temporary or session cookie that uniquely identifies the User as they move from page to page on the Website. We need this information in order to operate the Services, but it does not collect Personal Information.

Use of Personal Information

We do not sell or otherwise market Personal Information to third parties. We limit the collection, use, retention, and disclosure of Personal Information to that which is reasonably necessary for the purposes outlined below. By using the Services, you consent to our collection from, verification with, and communication to the Health Care Provider, Practitioners, and any third party for the purposes set out in this Privacy Policy, by DBM and any corporation, company, or other entity effectively controlling or controlled by DBM or associated with others under common control or ownership, and includes, but is not limited to subsidiaries (Affiliates). Personal Information will not be used without your consent for any purpose other than those mentioned in this Privacy Policy.

Records

All Personal Information collected from a Patient or Health Care Provider is stored in a record (the Record), which can be accessed by the Health Care Provider and their Practitioners through the Portal, unless specifically excluded in this Privacy Policy.

Other Uses

DBM may hire other companies to provide services on its behalf (Agents). DBM gives Agents only the Personal Information they need to deliver the service. DBM requires Agents to maintain the confidentiality of the Personal Information and prohibits them from using such information for any other purpose.

DBM and its Agents may use your Personal Information for the following purposes:

  1. to provide Users with information about the Portal, including updates and notifications;
  2. to send Portal email communications;
  3. to invoice applicable service fees, if any;
  4. to maintain and administer Accounts;
  5. for support services; and
  6. to generate statistics and aggregate reports to improve the Portal.

Disclosures

We may disclose the personal information you provide:

  1. to the extent that we are required to do so by law;
  2. in connection with any legal proceedings or prospective legal proceedings;
  3. to establish, exercise, or defend our legal rights;
  4. to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

If you are Health Care Provider, Practitioner, relative, friend, or any other person who provides Personal Information about an individual while using the Services, you warrant and represent to us that you have the informed consent to do so from that individual and we shall treat that Personal Information the same as though it had been provided to us directly by that individual.

Security

DBM uses commercially reasonable efforts to ensure that your Personal Information is stored and maintained in a secure environment. We have in place physical, electronic, technological, and organizational safeguards to appropriately protect Personal Information against loss, theft, and unauthorized access, disclosure, use, or modification. We store all Personal Information on secure password-protected and firewall-protected servers. All electronic transactions you make to or receive from us are encrypted using SSL technology. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

You are responsible for keeping your password and Account details confidential. We will not ask you for your password (except when you log into the Portal). Steps you can take include:

  1. Create a strong and unique password and update it periodically.
  2. Do not share your password with anyone. We will never ask you for your password, including in any unsolicited communication from us, such as letters, phone calls, or email messages.
  3. Log out of your Account once you are finished using it, especially if you share your device or computer with anyone else.
  4. Have a strong and unique password on your device or computer.

Retention

DBM will keep your Personal Information for as long as necessary in connection with the purposes identified in this Privacy Policy or as required by law, which may extend beyond the termination of DBM’s relationship with the User, Practitioner, or Health Care Provider. You must notify DBM at privacy@tapermd.com if you no longer want your information to be retained by DBM. If you request to close your Account, DBM will delete your Record within ninety (90) days of your Account being closed. You acknowledge and agree that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all Personal Information due to technological and legal constraints. In addition your Health Care Provider and/or Practitioner may have retained copies of your Record in accordance with their own privacy policies, which DBM does not have control over.

Third-Party Websites

Through the Services you may be introduced to a variety of third parties and websites. The privacy policies of these third parties are not under the control of DBM and may differ from this Privacy Policy. The use of any information that you may provide to any third party, or the use of “cookie” technology by any third party, will be governed by the privacy policy of the operator of the website that you are visiting. If you have any doubts about the privacy of the information you are providing on another website, we recommend that you contact that website directly for more information and review its privacy policy.

Access to Personal Health Information

Users can access the Personal Health Information we hold about them by sending us an email at privacy@tapermd.com. We will advise you in advance of any charges for copies of your file. We may be unable to provide you with some information in certain circumstances, such as if the information also refers to other individuals, is subject to legal privilege, contains confidential information, cannot be retrieved using your name or account number, or as otherwise permitted or restricted by law. If you wish to notify us of any changes to your Personal Health Information, or if you believe that any information we hold about you is inaccurate or incomplete, please send us an email with the corrections to the email address noted above.

Changes to This Privacy Policy

DBM may amend and update this Privacy Policy at any time, which will be reflected by the “last modified” date above. It is highly recommended that you read over this Privacy Policy occasionally to keep informed of our commitment to the protection of your private information and any changes to this Privacy Policy.  By continuing to use the Portal, you agree to this Privacy Policy and any changes thereto.

Contact Information

Should you have any questions or concerns about this Privacy Policy, please send your correspondence to:

Chief Privacy Officer
Attn: Dr. Dee Mangin
Data Based Medicine Americas Ltd.
Department of Family Medicine
McMaster University
100 Main Street West, 3rd Floor
Hamilton ON L8P 1H6
privacy@tapermd.com

All communications relating to privacy will be considered confidential and treated as such.