TaperMD™ Privacy Policy

(Last modified September 17, 2017)

Data Based Medicine Americas Ltd. and its affiliates, licensors, and agents (“DBM”) are committed to protecting your Personal Information and safeguarding the privacy of all Users of the TaperMD™ Portal (“the Portal”), which is accessible through the website meds.tapermd.com (“the Website”).

By using the Portal and the Website (“the Services”), you consent to DBM’s collection, use and disclosure of your Personal Information for the purposes set out in this Privacy Policy.

This Privacy Policy applies to Personal Information collected by DBM through the Services. It does not apply to information or data collected through other websites, products, or services. This Privacy Policy is intended to comply with the requirements of the Personal Information Protection and Electronic Documents Act, 2000 (“PIPEDA”) and Personal Health Information Protection Act, 2004 (“PHIPA”).

Definitions

“Account(s)” means the account used by Users to sign into and use the Portal.

“Health Care Provider” means a Practitioner, clinic, or business that subscribes to the Portal and registers its Patients with Accounts to the Portal.

“Identifying Information” means personally identifiable information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual. This includes information such as name, address, email, and date of birth.

“Non-Personal Information” means information of an anonymous nature, such as an Internet Protocol Address, the domain used to access the Website, and the type and version of browser or operating system being used. Aggregate information, such as demographic statistics of Users (e.g., average age or geographical allocation), number of Users, which pages Users access or visit, average time spent on the Website, and information volunteered by Users, such as survey information, is also considered Non-Personal Information.

“Patient(s)” means those patients and clients of the Health Care Provider who are initially registered by the Health Care Provider with DBM to access the Portal.

“Personal Health Information” means identifying information about an individual, if the information (a) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family, or (b) relates to the provision of health care services to the individual, including the identification of a person as a provider of health care to the individual.

“Personal Information” means both Identifying Information and Personal Health Information.

“Practitioner(s)” means those employees and agents of the Health Care Provider registered to be Users in order to access Personal Information through the Portal.

“User(s)” means any individual with authorized access to the Portal (whether a Health Care Provider, Practitioner, or Patient).

Collection of Personal Information

Registration

DBM collects and retains a Patient’s Personal Information as provided by the Patient and/or the Patient’s Health Care Provider through the use of the Services in accordance with this Privacy Policy. If a Health Care Provider, Practitioner, relative, friend or any other person provides Personal Information about a Patient directly to DBM, such person warrants and represents to DBM that they have the express and informed consent of the Patient to do so and DBM shall treat such Personal Information as though it had been provided to it directly by the Patient.

Personal Information is also collected to initiate the Users’ account setup and validation. This allows expedition of Users’ enrolment and access to the Portal, and includes without limitation, the User’s name and email.

Cookies

DBM uses cookies within the Users’ web browsers to facilitate the sign-in process and to deliver personalized services within the Services. The cookie is a small data file that a website places on your computer’s hard disk. DBM also uses cookies to help it compile aggregate statistics about usage of the Website, such as how many Users visit the Website, how long Users spend viewing the Website, and which pages are viewed most often. This is a temporary or session cookie that uniquely identifies the User as the User moves from page to page on the Website. DBM needs such information in order to operate the Services, but it does not collect Personal Information through the use of cookies.

Use of Personal Information

DBM collects and stores Personal Information to provide Users with direct and convenient access to a Patient’s Personal Information within the Portal. The Portal is a web-based tool that allows Health Care Providers to interact online with Patients in a private and convenient environment.

DBM uses Personal Information provided for verification and communication purposes with the Health Care Provider, Practitioners, and any authorized third party. In particular, the Portal is intended only to do the following:

  1. a) Allow Patients to seek general or specific information relevant to a Patient’s medications from health care providers and practitioners.
  2. b) Allow Patients to initiate the creation of and access to a personal health record containing information about a Patient, such as health history, medications, allergies, suspected medication side effects, health priorities, and other relevant personal information in one place.
  3. c) Be used by health care providers and practitioners to review and possibly reduce the medication burden on Patients.

DBM does not sell or otherwise market Personal Information to third parties. DBM limits the collection, use, retention, and disclosure of Personal Information to that which is reasonably necessary for the purposes set out in this Privacy Policy. Personal Information will not be used without your consent for any purpose other than those mentioned in this Privacy Policy.

Records

All Personal Information collected from a Patient or Health Care Provider is stored in an electronic record (“the Record”), which can be accessed by the Health Care Provider and its Practitioners and the Patient through the Portal in accordance with this Privacy Policy.

Other Uses

DBM may use authorized agents to provide services on its behalf (“the Agents”). DBM gives the Agents only the Personal Information they need to deliver the service. DBM requires the Agents to maintain the confidentiality and privacy of the Personal Information and prohibits them from using such information for any other purpose.

DBM and the Agents may use your Personal Information for the following purposes:

  1. to provide Users with information about the Portal, including updates and notifications;
  2. to send Portal email communications;
  3. to invoice applicable service fees, if any;
  4. to maintain and administer Accounts;
  5. for support services; and
  6. to generate statistics and aggregate reports to improve the Portal.

Disclosures

DBM may disclose the Personal Information provided to it:

  1. to the extent that DBM is required to do so by law;
  2. in connection with any legal proceedings or prospective legal proceedings;
  3. to establish, exercise, or defend DBM’s legal rights;
  4. to any person who DBM reasonably believes may apply to a court or other competent authority for disclosure of that Personal Information where, in DBM’s reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Information; or
  5. any other circumstances permitted by PIPEDA or PHIPA.

Security

DBM uses commercially reasonable efforts to ensure that Personal Information is stored and maintained in a secure environment. DBM has in place physical, electronic, technological, and organizational safeguards to appropriately protect Personal Information against loss, theft, and unauthorized access, copying, disclosure, use, or modification. DBM stores all Personal Information on secure password-protected and firewall-protected servers. All electronic transactions you make to or receive from DBM are encrypted using SSL technology. However, please note that DBM cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of its physical, technical, or managerial safeguards.

You are responsible for keeping your password and Account details confidential. DBM will not ask you for your password (except when you log into the Portal). Steps you can take include:

  1. Creating a strong and unique Account password and updating it periodically.
  2. Not sharing your password with anyone. DBM will never ask you for your password, including in any unsolicited communication from DBM, such as letters, phone calls, or email messages.
  3. Logging out of your Account once you are finished using it, especially if you share your device or computer with anyone else.
  4. Having a strong and unique password on your device or computer.

Retention

DBM will keep your Personal Information for as long as necessary in connection with the purposes identified in this Privacy Policy or as required by law. In some cases, DBM may be required to maintain Personal Information beyond the termination of DBM’s relationship with the User, Practitioner, or Health Care Provider. You must notify DBM at privacy@tapermd.com if you no longer want your information to be retained by DBM. If you request to close your Account, DBM will delete your Record within ninety (90) days of your Account being closed. You acknowledge and agree that if you request that your Personal Information be removed from DBM’s databases, it may not be possible to completely delete all Personal Information due to technological and legal constraints. In addition, your Health Care Provider and/or Practitioner may have retained copies of your Record in accordance with their own privacy policies, which DBM cannot control.

Third-Party Websites

Through using the Services, you may be introduced to a variety of third parties and websites. The privacy policies of these third parties are not under the control of DBM and may differ from this Privacy Policy. The use of any information that you may provide to any third party, or the use of “cookie” technology by any third party, will be governed by the privacy policy of the operator of the website that you are visiting. If you have any doubts about the privacy of the information you are providing on another website, DBM recommends that you contact that website directly for more information and review its privacy policy.

Access to Personal Health Information

Users can access the Personal Health Information DBM holds about them by sending DBM an email at privacy@tapermd.com. DBM will advise you in advance of any charges for copies of your file. DBM may be unable to provide you with some information in certain circumstances, such as if the information also refers to other individuals, is subject to legal privilege, contains confidential information, cannot be retrieved using your name or account number, or as otherwise permitted or restricted by law. If you wish to notify DBM of any changes to your Personal Health Information, or if you believe that any information DBM holds about you is inaccurate or incomplete, please send DBM an email with the corrections to the email address noted above.

Changes to This Privacy Policy

DBM may amend and update this Privacy Policy at any time, which will be reflected by the “last modified” date above. It is highly recommended that you read over this Privacy Policy occasionally to keep informed of DBM’s commitment to the protection of your private information and any changes to this Privacy Policy.  By continuing to use the Portal, you agree to this Privacy Policy and any changes thereto.

Contact Information

Should you have any questions or concerns about this Privacy Policy, please send your correspondence to:

Chief Privacy Officer
Attn: Dr. Dee Mangin
Data Based Medicine Americas Ltd.
Department of Family Medicine
McMaster University
100 Main Street West, 5th Floor
Hamilton ON L8P 1H6
privacy@tapermd.com

All communications relating to privacy will be considered confidential and treated as such.

You have the right to complain to the Office of the Privacy Commissioner of Canada if you think DBM has violated your privacy rights for Personal Information. The Commissioner can be reached at:

  • 30 Victoria Street, Gatineau, Quebec K1A 1H3
  • Phone: (819) 994-5444 or 1-800-282-1376
  • Fax: (819) 994-5424
  • Web: www.priv.gc.ca

You have the right to complain to the Information and Privacy Commissioner of Ontario if you think DBM has violated your privacy rights for Personal Health Information. The Commissioner can be reached at:

  • 1400 – 2 Bloor Street East, Toronto, ON M4W 1A8
  • Phone: (416) 326-3333 or 1-800-387-0073
  • Fax: (416) 325-9195
  • Web: www.ipc.on.ca