Patient Privacy Notice
Intrahealth Systems Limited is committed to protecting the privacy of its users. We make every effort to ensure that our users understand the nature, purposes and consequences of the collection, use, and disclosure of their personal information, which we explain in this Privacy Notice. Please read it carefully.
If we make any material changes to this Privacy Notice, we will notify you. Still, we encourage you to consult it from time to time.
- What is “personal information”?
Personal information means any information that can be used, either alone or in combination with other information, to identify you.
- What personal information does Intrahealth collect, how and why?
We collect your name, date of birth, mobile phone number and email address to provide you easy and secure access to your medical records.
The Aero Patient App and Accession Web Portal gives you access to your clinical medical records and related data (your “Patient File”), which are maintained by your healthcare provider. We use your personal information to facilitate this process.
Your healthcare provider may give access to your personal information to another healthcare provider, as necessary to provide you healthcare. You can find out more in our Terms and Conditions, www.intrahealth.com/aero-and-accession-terms-and-conditions.
When you register to use the Aero App or Accession Web Portal, you will be directed to a form, where we will collect your name, to identify you, your date of birth to verify your identity and provide secure access to your clinical medical records using the Aero App or Accession Web Portal, as well as your mobile phone number and email address to communicate with you.
We also automatically collect certain technical information, such as your device’s IP address and device ID, which we use for security and to detect possible fraudulent use of your account.
We use your mobile phone number to send you a PIN in order to verify your account. When you use the Aero App or Accession Web Portal, we collect your personal information and convert it into a scrambled piece of text, called a “hash.” At the same time, your healthcare provider (who may also be using the Aero Provider App or Accession Provider Web Portal) creates an identical hash from the personal information you have previously provided to them. We then link the two hashes on our system, which enables us to securely validate your access to your Patient File.
- How and why does Intrahealth share my personal information?
We only share your personal information with service providers who help us provide you with the Aero App, or otherwise as required by law or in connection with the sale or our business.
We use Microsoft Azure to host, manage, and run the Central Repository and Processes to support Aero and Accession, and in the process, we share your personal information with Microsoft Azure. We only allow our Microsoft Azure (and its employees and contractors) to access or use your personal information for the purposes of carrying out these services, and our agreement with Microsoft Azure requires it to keep your information secure. Microsoft Azure stores your personal information in Canada.
We may share your personal information with government, regulatory or law enforcement agencies as requested by these agencies, if we have a good faith belief that the disclosure is required or permitted by law. We may also share your personal information in order to enforce our legal rights; to detect, prevent or address fraud or security issues; and to enforce others’ or our legal rights, property, or safety.
We may also transfer or assign your personal information to third parties because of, or in connection with a sale, merger, consolidation, change in control, transfer of assets, reorganization, or liquidation.
- How does Intrahealth keep my personal information safe?
We protect your information using industry-standard technical and administrative safeguards.
We protect your personal information from being lost or stolen using industry-standard technical safeguards, which include:
- Encrypting your password
- Hashing information when possible
- Send security messages to your email or SMS when connecting from an untrusted device or on changes of key security information
- Hosting our database with Microsoft Azure, which is certified under the ISO 27018 Standard Code of practice for protection of personally identifiable information (PII) in public clouds; and
- Using a firewall to protect our database from hackers and other malicious intruders.
In addition, we restrict access to your personal information to only those Intrahealth employees and service providers who need it for the purposes we identified above at Section 3. Anyone with this access is required to keep your information strictly confidential. However, you should be aware that no system is 100% secure, and despite our best efforts, we cannot guarantee that your information will be secure, particularly while it is in transit over the Internet.
We do not knowingly collect the personal information of individuals under the age of majority in their province or territory of residence.
- How long does Intrahealth keep my information?
We only retain your personal information for as long as you keep your account. When you delete your account, we securely destroy your personal information.
- How can I access or correct my personal information?
You may contact us using the information below to request a copy of your personal information. We will correct any inaccuracies that you bring to your attention.
- CONTACT US
If you have any questions or concerns about this Privacy Notice, you can contact Intrahealth’s Privacy Officer at:
Patient Privacy Officer
Intrahealth Systems Limited c/- Intrahealth Global Operations Limited
390, 889 Harbourside Drive
North Vancouver BC V7P3S1
If you are not satisfied with our response, you may contact the federal Office of the Privacy Commissioner. If you live in B.C., you may contact the Office of Information and Privacy Commissioner for British Columbia. If you live in Alberta, you may contact the Office of the Information and Privacy Commissioner of Alberta. If you live in Québec, you may contact the Commission d’accès à l’information.