The Canadian MPN Network
Last Updated: July 3, 2019
The Canadian MPN Network (“The Canadian MPN Network”, “us” or “we”) operate the website canadianmpnnetwork.ca (the “Site”).
At the Canadian MPN Network, we believe that all individuals should have the choice on how information that identifies them should be managed by organizations such as the Canadian MPN Network. This is particularly the case with respect to personal health information that many people consider to be the most sensitive information about them. We also believe that Patients may benefit from better healthcare when their personal health information is shared appropriately through the use of new technologies and that they will be willing to share such information when they have trust and confidence that their information will be used according to their wishes and expectations.
OBJECTIVE AND SCOPE OF THIS POLICY
“Agent” means a person who is authorized by a health information custodian to perform services or activities on the custodian’s behalf and for the purposes of that custodian; it is the definition used in the Personal Health Information Protection Act, 2004 (Ontario);
“Aggregate Data” means data that has been compiled from record-level data to a level of aggregation that ensures that the identity of the individual to whom the data relates cannot be determined by reasonably foreseeable methods;
“Anonymous Browsing Information” means information related to how an individual uses walmartwellness.ca but does not include an IP address;
“De-identified Information” means information that does not identify an individual or for which it is not reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual;
“Health Information Custodian” or “HIC” means an individual or organization who, as a result of their power or duties, has custody or control of personal health information; healthcare providers such as pharmacists, physicians and nurses are health information custodians; it is the definition used in the Personal Health Information Protection Act, 2004 (Ontario);
“Patient” means an individual who accesses the Site and who may enroll in programs offered by the Canadian MPN Network through the Site in order to seek education and support related to a personal health condition.
“Patient Registration Information” means the information required for the Patient to register for a Program and includes her or his:
- first and last name
- email address
- age when diagnosed with the specific health condition
Patient Registration Information is a component of the Patient’s Personal Health Information;
“Personal Health Information” or “PHI” means identifying information about an individual in oral or recorded form. It includes information about an individual’s health or health history and includes:
- name, address, health card number;
- physical or mental condition, including family history;
- diagnosis, treatment, and care services;
- long term care services;
- the identity of a health care provider or a substitute decision maker for the individual;
- blood or body part donations; and
- payment or eligibility for health care.
It is the definition used in the Personal Health Information Protection Act, 2004 (Ontario).
The following information about a Patient participating in a Program is therefore their PHI:
- first and last name
- email address
- postal code
- name of her or his Physician
- other health-related information that the Patient may wish to provide.
“PHIPA” means the Personal Health Information Protection Act, 2004 (Ontario);
“Personally Identifiable Information” or “PII” means information that identifies an individual that is not Personal Health Information;
“Physician” means the health information custodian who leads the Patient’s care team;
“Physician Information” means the information that the Patient may provide when using a Program and includes her or his:
- first and last name
- email address
- clinic’s address
- telephone number
- fax number
“Privacy” means the right of an individual to control access to one’s personal information, including personal health information, about oneself;
“Process”, “processing” and “processes” and grammatical variations thereof, means any use of or operation or set of operations which is performed upon or in connection with information or data, by any means and in any form or medium including without limitation collection, recording, analysis, consultation, organization, maintenance, storage, adaptation, modeling, retrieval, disclosure or otherwise making available, combination, matching, erasure or destruction;
“Program” means a digital support program offered by the Canadian MPN Network and delivered through canadianmpnnetwork.ca.
“Services Agreement” means the agreement that the Canadian MPN Network has entered into with Subcontractors to provide access to and use of a Program;
“Site” means the Canadian MPN Network website found at canadianmpnnetwork.ca; and
“Subcontractors” means any person engaged by the Canadian MPN Network for the purpose of fulfilling any obligation of the Canadian MPN Network as part of the delivery of services through its Programs and Site and includes, without limitation, the Canadian MPN Network’s agents, representatives and subcontractors, and the successors and assigns of each of the foregoing, but does not include any employee or officer of the Canadian MPN Network.
OUR PRIVACY PRINCIPLES
PRINCIPLE 1 – ACCOUNTABILITY
The Canadian MPN Network is responsible for PHI and PII that has been provided to it by all individuals who use the Site and Program. This includes information in the custody of The Canadian MPN Network, as well as that which is processed by its Subcontractors over which The Canadian MPN Network has control. The obligations of The Canadian MPN Network with respect to the appropriate management of PHI and PII are set out in the terms of PHIPA, its policies, procedures and best practices.
The Canadian MPN Network maintains its accountability for PHI and PII in the following manner:
- It has identified Cheryl Petruk as the Canadian MPN Network Privacy Officer, the individual responsible for its compliance. The Privacy Officer can be contacted at [email protected]
- It enters into agreements/contracts with Subcontractors who require access to PHI/PII to perform services for the Canadian MPN Network in the delivery and operation of the Site and Program.
- It has developed and implemented policies and procedures to give effect
- protection of PHI and PI;
- the receipt and response to complaints and inquiries;
- training of staff and communication of information about The Canadian MPN Network’s policies and procedures; and
- development of information to explain The Canadian MPN Network’s policies and procedures.
PRINCIPLE 2 – IDENTIFYING PURPOSES
The Canadian MPN Network has identified the purpose for which it receives and collects PHI and PII in order to provide Patients with access to and use of the Site and Program.
PRINCIPLE 3 – CONSENT
The Program operates on the basis of individual consent. The consent of all individuals is sought when they register to participate in a Program. The Canadian MPN Network makes a reasonable effort to explain in the consents the purposes for which PHI and PII will be used and disclosed, stating them in plain language that the individual can reasonably understand so as to be able to provide The Canadian MPN Network with a knowledgeable consent.
The Canadian MPN Network seeks the express consent of Patients before disclosing any Patient Registration Information or PHI. Patients may provide their consent to the disclosure of this information in order to participate in programs offered by The Canadian MPN Network.
An individual may withdraw their consent at any time. If consent is withdrawn, the individual may no longer be able to participate in a Program. A withdrawal of consent is not retroactive – any of the individual’s PHI and/or PII that has already been used or disclosed cannot be retracted.
PRINCIPLE 4 – LIMITING COLLECTION
The Canadian MPN Network limits the receipt of PHI and PII that it collects from Patients to that which is necessary for the purposes of a Program. It does not receive or collect more PHI and PII than is reasonably necessary for these purposes.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION
Limiting Use and Disclosure
The Canadian MPN Network does not use or disclose PHI or PII for purposes other than those for which it was collected, except with the consent of the individual or as permitted or required by law. The Canadian MPN Network will seek the consent of Patients if it wishes to use or disclose their PHI and/or PII for purposes other than those for which the individual has provided their consent when they registered for a Program. The Canadian MPN Network uses De-identified Information and uses and discloses Aggregate Data when it will serve the purpose of the use or disclosure as the case may be.
Cookies and Site Analytics
The Site may use “cookies” to help personalize and maximize a user’s online experience. Cookies are small amounts of data which often include unique, non-personal identifiers, and they enable the Site to recognize users and keep track of individual user’s preferences. Three types of cookies may be employed during a visit to the Site:
- “session” cookies, which are not permanently stored on the user’s hard drive and are permanently deleted from the user’s computer after two hours of inactivity or when the user ends her or his session, are used solely to help the user to navigate around the Site;
- “persistent” cookies, which remain on the user’s computer so that the Site can recognize the user when she or he returns; and
- third party cookies used by The Canadian MPN Network to measure the effectiveness of their education, support, or content management programs.
Cookies are not used to run programs or to deliver viruses to the user’s computer. Cookies are uniquely assigned to each user’s computer, and can only be read by a web server in the domain that issued the cookie.
While most browsers are initially set to accept cookies, users have the ability to disable cookies if she or he wishes, generally through changing the internet browser settings. It may also be possible to change the browser settings to enable acceptance of specific cookies. If cookies are disabled it may mean that not all the services of the Site might be available.
A Program may also use website analytic tools, such as Google Analytics, in order to better understand traffic sources, and traffic patterns and usage patterns.
The Canadian MPN Network has developed guidelines and implemented procedures with respect to the retention of PHI and PII. These guidelines and procedures are consistent with the terms of the Services Agreement and any legislative requirements with which Subcontractors may be required to comply.
PRINCIPLE 6 – ACCURACY
Because The Canadian MPN Network processes PHI and PII received from other individuals (e.g. Patients) it cannot assume any responsibility for the accuracy of this information.
PRINCIPLE 7 – SAFEGUARDS
The Canadian MPN Network endeavours to protect the confidentiality and security of the PHI and PII that it processes. It takes steps that are reasonable in the circumstances to protect the information against theft, loss, and unauthorized use, disclosure, copying modification or disposal. The Canadian MPN Network:
- uses administrative, physical and technical means to safeguard PHI and PII;
- makes employees aware of the importance of maintaining the confidentiality of PHI and PII; and
- uses care in the disposal or destruction of PHI and PII to prevent unauthorized persons from gaining access to the information.
PRINCIPLE 8 – OPENNESS
- The Canadian MPN Network processes the PHI and PII it receives and collects for the operation and maintenance of a Program;
- an individual may contact its Privacy Officer;
- an individual may obtain access to or request correction of their PHI and/or PII included in a Program; and
- to make a complaint to The Canadian MPN Network and the Office of the Information and Privacy Commissioner/Ontario.
PRINCIPLE 9 – INDIVIDUAL ACCESS
Individuals may access and, in most cases, modify (i.e. correct) their PHI and PII through the Site. Where an individual may not modify their information through the website, The Canadian MPN Network will direct the individual requesting the correction to the person or entity from whom The Canadian MPN Network received the information that is the subject of the request for correction.
PRINCIPLE 10 – CHALLENGING COMPLIANCE
The Office of the Information and Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8
Consent Agreement – Patients
Last Updated: July 3, 2019
By clicking on “I AGREE” you acknowledge that you have read, understood and agree that your information may be collected, used and disclosed by The Canadian MPN Network as described below in this consent.
Patient Registration Information
The Canadian MPN Network requires certain information about you in order that you may participate in a Program.
In order to register for the Program, you will need to provide your:
- first and last name
- email address
- age when diagnosed with MPN
Together, this information about you is called your “Registration Information” (RI). This information is used to uniquely identify you in the Program, to communicate with you about information you may be interested in, such as educational materials and other resources about your condition and treatment. Your age at which you were diagnosed with the specific health condition is important because this information will help us tailor the type of support information that may be of interest to you. We may ask you for your postal code at some point during your use of the Program in order to suggest other support services that are conveniently located near to you.
Personal Health Information
Once you have registered for a Program, you may be asked to complete a series of survey questions that will help The Canadian MPN Network understand the type of support and information you are looking for related to the management of your health.
Together, the information uploaded by you that relates to your health and medical condition is called your “Personal Health Information” (“PHI”).
The objective of a Program is to improve the level of care and support you receive while undergoing treatment for MPN. To facilitate this, your Physician or other individuals you identify may be granted access all of your Registration Information and PHI.
It’s Your Choice
The Canadian MPN Network obtains your express consent to disclose your Registration Information and/or PHI to third parties that have not been invited by you to participate in a Program.
There may be occasions when third party healthcare providers offer programs in which you may be interested in participating. The Canadian MPN Network will seek your consent before providing these organizations with your Registration Information and/or PHI. These organizations may only use the information The Canadian MPN Network provides to them for the purposes of the program in which you choose to participate.
The Canadian MPN Network will collect RI and PHI in order to provide our Program’s services and will analyze it to discover new facts that could help us better understand how our Program is used in individuals coping with MPN. We may combine, in a non-identifiable format, your RI and PHI with information from other Program users to create aggregate or summary data that we will use for our organization’s purposes and to support our mission to improve healthcare, and conduct analyses that may help us offer better services.
The Canadian MPN Network does not use or disclose RI or PHI for any other purposes.
Withdrawing Your Consent
You may change your mind at any time and withdraw your consent that authorizes The Canadian MPN Network to use and disclose your Registration Information and PHI as described above. You may do so by sending an email request to [email protected]. We will confirm receipt of your request by sending you an email and in that email, The Canadian MPN Network will ask you to confirm your desire to withdraw from the Program.
Please be aware that if you withdraw your consent, you will not be able to continue to participate in programs offered by The Canadian MPN Network. Should you withdraw your consent, your Registration Information (RI) and PHI is retained by The Canadian MPN Network. The Canadian MPN Network may use it in de-identified form or as Aggregate Data to calculate statistics on the use of Programs, draw insights related to particular therapies, disclose it as Aggregate Data to Physicians, or other healthcare-related individuals and organizations in order to improve medical care.