PRIVACY POLICY
Introduction
Easy Care at Home (ECAH) Incorporation (“ECAH”) respects the privacy of our users of the various ECAH Services (as defined below) and is committed to protecting Personal Healthcare Information of our users through ECAH’s compliance with this Privacy Policy (the “Privacy Policy”), as well as adhering to the various privacy laws that govern how ECAH conducts its business using Personal Healthcare Information of our users. This means that ECAH does not transfer, distribute, disclose, or sell any of ECAH’s users’ Personal Healthcare Information to third-parties, except as provided for in this Privacy Policy or as specifically consented by ECAH’s users.
ECAH’s “ECAH Services” mean
- ECAH’s mobile applications that ECAH makes available for the use of providing ECAH Services (“Apps”),
- (ii) ECAH’s website currently located at https://myecah.com and the webpages within that website) (“Website”), and (iii) any software, platforms, digital services, features, tools, and functionalities, as well as any content of ECAH or its licensors, made available via or accessible through ECAH’s Apps or
ECAH has developed policies and procedures consistent with Canada’s “Personal InformationProtection and Electronic Documents Act” (“PIPEDA”), and other relevant privacy laws, including “Canada’s Privacy Act”, “Healthcare Consent Act, 1996”, “Long-Term Care Homes Act, 2007”, “Personal Health Information Protection Act, 2004” (“PHIPA”), as well as adherence to United States’ “Health Insurance Portability and Accountability Act of 1996” (“HIPAA”) and “Health Information Technology for Economic and Clinical Health of 2009” (“HITECH”).
GENERAL TERMS OF SERVICES
These “ECAH’S GENERAL TERMS OF SERVICES (TOS)” are between you (i.e. the end-user) (“You”) and Easy Care at Home (ECAH) Incorporation (“ECAH”), and they govern Your use of the ECAH Services (as defined below). In these “ECAH’S GENERAL TERMS OF SERVICES (TOS)”, the word “use” means “access or use”.
ECAH makes available, via its Website and its Apps, an online service that allows Users seeking home care service to arrange, schedule and pay for home care services from third party service providers who wish to complete such services for the requesting User.
You may contact ECAH by e-mail at Privacy@MyECAH.com with questions about these “ECAH’S GENERAL TERMS OF SERVICES (TOS)”.
Scope
This Privacy Policy applies to all Personal Information collected, used or disclosed by ECAH from any user (“you” or “your”) of ECAH Services, including any Independent Healthcare Provider and any Recipient/ Client of ECAH. “Personal Information” is any form that identifies or can identify an individual or could be combined by ECAH or our service providers and affiliates with other information to identify you, and includes your personal health
information.
By using (the word “use” in this Privacy Policy will mean “access or use”) any of ECAH Services, you “expressly consent” to ECAH’s collection, use and disclosure of your Personal Information in accordance with this Privacy Policy. “Express consent” means that you are consenting in written format on our required legal documents.
For other types of instances where you consent to ECAH’s collection, use and disclosure of your Personal Information, please see the information under the sub–heading “Consent” below.
“Provider” includes Certified Personal Support Workers (PSWs), Registered Nurses (RNs), Physiotherapists, and other Accredited Healthcare Professionals and are all legally designated as ECAH’s Independent Healthcare Service Providers.
Accountability
ECAH is responsible for and the collection, storage, usage, and distribution of Healthcare Personal Information provided by ECAH’s users. ECAH’s “Privacy Office” is responsible for ensuring that ECAH’s business operations adhere to the various relevant Privacy Laws and regulations specified in the “Introduction” section of this Privacy Policy. ECAH’s “Privacy Office” is accountable for the strict adherence to ALL relevant Privacy & Data Security Laws and Regulations.
ECAH has developed policies and procedures consistent with Canada’s “Personal InformationProtection and Electronic Documents Act” (“PIPEDA”), and other relevant privacy laws, including “Canada’s Privacy Act”, “Healthcare Consent Act, 1996”, “Long-Term Care Homes Act, 2007”, “Personal Health Information Protection Act, 2004” (“PHIPA”), as well as adherence to United States’ “Health Insurance Portability and Accountability Act of 1996” (“HIPAA”) and “Health Information Technology for Economic and Clinical Health of 2009” (“HITECH”). Other Canadian and International applicable healthcare privacy and security laws relating to Healthcare Personal Information can be answered by contacting ECAH’s “Privacy Office” at: Privacy@MyECAH.com or by texting 1-647-825-5258 for ECAH’s “Privacy & Governance Officer”, Jenna Chou, PMP.
Information ECAH Collects
1) Personal Information
Personal Information that ECAH collects, or may have access to, includes, but not limited to:
- Registration information, such as name, date of birth, age, e-mail address, physical address, postal code, and phone numbers;
- Billing and payment information, including credit card information, billing address, and bank account details;
- MAC addresses or other device identifiers;
- IP addresses;
- Geo-locations;
- Web Server Logs and Application Logs;
- Health Information: Medical history, health card number, family physician(s), specialists’ diagnoses reports, prescriptions, and the individual’s health treatment plans from physicians/specialists, whether provided by you directly via ECAH’s technological services platforms, or indirectly via ECAH Services through ECAH’s Independent Healthcare Service Providers (who may collect such information during the delivery of Home Care Services);
- Personal Information contained within contents uploaded to ECAH Services by ECAH’s users, mostly using connected/linked third-party Apps/websites/other service providers that you already provided your Personal Information to, such as the various social media accounts platforms;
- Any other Personal Information that you may provide when you use ECAH Services, or when you contact ECAH with questions and/or inquiries about your healthcare requirements;
- Technical support records;
- Any information that ECAH collects from you that is intended to improve and personalize ECAH Services to provide ECAH’s users with the best personalized healthcare experience ECAH can
2) Non-Personal Information(NPI)
ECAH collects Non-Personal Information (“NPI”) about ECAH’s users when they interact with any of ECAH Services via ECAH’s various technological platforms and communication channels. For instance, NPIs may include, but not limited to: browser information, types of computers or devices, and technical information about ECAH’s users’ means of connecting to ECAH Services, such as through different operating systems, users’ Internet Service Providers’ information, and Cellular Carrier Service Providers’ details. ECAH uses NPIs in ongoing efforts to better understand and serve the users’ of ECAH Services, includes providing ECAH Services and to improve the contents and functionalities of the various ECAH Services and ECAH’s technological platforms.
For instance, ECAH uses NPIs to monitor traffic and to collect statistical data. ECAH also conducts research using ECAH’s users’ demographics and behaviours based on these Personal Information and the NPIs that ECAH collects from ECAH’s users. These research
projects are compiled and analyzed on an aggregated and de-identified basis and therefore are treated as NPIs under ECAH’s Privacy Policy.
The NPIs collected by ECAH will not be shared with third-parties, except in situations expressly indicated in this Privacy Policy, or with ECAH’s Affiliates, business partners and other third- parties providers which deliver ECAH Services and for other legal business operational purposes. Furthermore, the ECAH App may access the metadata and other information stored on your personal devices.
How does ECAH use Healthcare Personal Information?
ECAH collects Healthcare Personal Information to:
- Provide ECAH Services to you and other users of ECAH Services;
- Understand ECAH Services’ users’ needs and preferences;
- Facilitate transactions between or among you, other ECAH Services users, and ECAH (for example, ECAH’s Independent Healthcare Providers may use ECAH’s Recipients’/Clients’ Personal Information to provide higher quality Healthcare Home Care Services);
- Establish and maintain responsible business and healthcare services relations with all of ECAH’s users;
- Communicate with you as part of ECAH Services, including to provide you with ECAH Services or administrative messages to respond to any correspondence you may communicate to ECAH;
- Permit ECAH’s payment provider, currently “STRIPE”, to provide direct bank accounts payment transfer services. Stripe’s Privacy Policy is available here: http://www.stripe.com/ca/privacy
ECAH’s Internal Policies
- Enforce ECAH’s “General Terms of Services is available here: http://www.MyECAH.com/TOS.pdf
- Enforce ECAH’s “Non-Disclosure Agreement for ECAH’s ISPs” is available here: http://www.MyECAH.com/ISPNDA.pdf
Adhere to National and Provincial privacy legal and regulatory requirements;
- Prevent, detect and mitigate illegal or fraudulent activities related to the use of ECAH’s users’ Personal Information;
- Improve ECAH Services; and
- For any other reasonable purposes in which you have provided your “express written consent” or in which your consent can be reasonably implied (in adherence to the relevant privacy laws, “implied consent” applies to situations in which you provide your Personal Information via the various social media platforms and services, which are considered as “Public Data”).
- In addition, ECAH may use Personal Information, on an aggregated and “de-identified” basis, for research purposes in order to improve ECAH Services. These aggregated and de-identified information/data do not have any actual knowledge of residual information that can identify any individual. This de-identification process follows closely with United State’s “HIPAA” (“Health Insurance Portability and Accountability Act”, 1996) laws, in which 18 “Identifiable Elements” of Personal Information are required to be removed before the data can be legally utilized, especially for research purposes. These 18 identifiable elements include:
- Names
- All geographic subdivisions smaller than a state
- All elements of dates (except year) for dates directly related to an individual
- Telephone numbers
- Facsimile numbers
- Electronic mail addresses
- Social security numbers
- Medical record numbers
- Health plan beneficiary numbers
- Financial account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers, including license plates
- Device identifiers and serial numbers
- Web URLs
- IP addresses
- Biometric identifiers, including fingerprints, voiceprints, and Face IDs
- Full-face photographic images and any comparable images
- Other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for “re-identification” of the Personal Information/data Once the Personal Information are de-identified in accordance with the legal requirements, the data are considered and treated as NPIs under ECAH’s Privacy Policy.
Automatic Collection
ECAH Services may automatically receive and store certain types of information about ECAH’s users and their use of ECAH Services using their various devices, including IP addresses, geo- locations, browser types, web pages viewed, time stamps (date and time), as well as how users interact with ECAH, as stated above in the previous sections of this Privacy Policy.
Three types of cookies may be used during your visit to the ECAH website:
- “Session” cookies, which are not permanently stored on your hard drive and are permanently deleted from your computer after two hours of inactivity or when you end your session, are used solely to help you to navigate around the site;
- “Persistent” cookies, which remain on your computer for a period of time so that the website can recognize you when you return; and
- “Third-party” cookies used by our sponsors and advertisers to measure the effectiveness of their
Google Analytics
ECAH uses “Google Analytics” to assist in our data analytics activities to formulate ECAH’s strategic decisions. Google Analytics uses cookies to track information about traffic and visitors and sends such information (i) to Google’s servers in the United States; and (ii) to ECAH’s business databases. Google Analytics does not identify any individual user or associate IP addresses with any other data held by Google. ECAH uses such information to compile statistical reports about the activities on ECAH Services, as well as to benchmark ECAH Services to other third-parties competitors who also use Google Analytics. These information are used by ECAH to improve ECAH Services and ECAH’s technological platforms’ functionalities. Google’s Privacy Policy can be found here: http://www.policies.google.com/privacy
You may opt-out of Google Analytics by clicking here: http://www.tools.google.com/dlpage/gaoptout?hl=en
Consent
you have the right to determine how your personal health information is used and disclosed. For most health care purposes, your consent is implied as a result of your consent to treatment, however, in all circumstances “express consent” must be in written format, digital signatures are acceptable. you may expressly give your consent in writing, verbally or through other electronic methods (such as emails). ECAH respects your privacy and, unless otherwise required by law, ECAH will not collect, use or disclose your Personal Information without your prior expressed and written consent. your consent may be expressed or implied. In certain circumstances, your consent may be implied by your actions. For example, providing ECAH with your Personal Information to register for ECAH Services is considered as “implied consent”, and ECAH uses such information to provide ECAH’s users with the associated and the most appropriate ECAH Services.
Your express written consent will be forwarded to ECAH’s “Privacy Office”, which will document/securely store the consent documents in ECAH’s Recipients’/Clients’ Electronic Medical Records (EMR), then notifies the appropriate ECAH’s Independent Healthcare Providers and ECAH’s employees and supporting staffs to fulfill ECAH’s Recipients’/Clients’ healthcare service requirements, given that the consent documents are signed and completed prior to providing ECAH Services
ECAH’s Recipients/Clients who have withdrawn their consents to disclose their PHI must sign and date the “Consent to Withdrawal Form”. It is understood that the consent directive applies only to the PHI which ECAH’s Recipients/Clients had already provided, and not to PHI which the patient might provide in the future: PHIPA permits certain collections, uses, and disclosures of the PHI, despite the consent directive; healthcare providers may override the consent directive in certain circumstances, such as emergencies or when the Recipient/Client of ECAH’s “Capacities to Consent” comes into question. All written “Consent to Withdrawal Form” will be forwarded to ECAH’s “Privacy Office” will document and securely store all of these legal consent documents in ECAH’s Business “Central Documents Repository” locations.
ECAH’s “Consent to Withdrawal Form” is located here: http://www.MyECAH.com/WithdrawalConsentForm.pdf
Where appropriate, ECAH will generally seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before its use. In obtaining consent, ECAH will use all available and reasonable efforts to ensure that ECAH’s users are appropriately advised of the identified purposes for which Personal Information collected will be used or disclosed by ECAH in order to provide the best home care services to ECAH’s Recipients/Clients.
The form of consent sought by ECAH may vary, depending upon the circumstances and type of information disclosed. In determining the appropriate form of consent, ECAH shall consider the sensitivity levels of the Healthcare Personal Information and adhere to the governments’ protocols regarding sensitive healthcare personal data. In accordance with the relevant Privacy Laws, the governments and other regulated legal entities base their data protection regulations on three classes of data:
- Highly Sensitive Data
- Confidential Data
- Public Data
The above regulations apply to the “Highly Sensitive” class, which is comprised of:
- PHI: Protected Health Information
- PII: Personally Identifiable Data
- ECAH will seek “express consent” when the information is considered Highly Sensitive or Confidential. “Implied consent” will generally be appropriate where the information is less sensitive, such as Public Data that are shared on Social Media Sites. ECAH’s users may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notices. In order to withdraw your consent, you must provide notice to ECAH in writing by completing the “Consent to Withdrawal Form”: http://www.MyECAH.com/WithdrawalConsentForm.pdf
Limiting Use, Disclosure and Retention
In the event your Personal Information is disclosed to a third-party pursuant to a business transaction, ECAH will ensure that it has entered into an agreement under which the collection, use and disclosure of the information is related to those business purposes and applicable to the business transactions conducted.
Subject to the foregoing, only ECAH and ECAH’s Affiliates’ employees with a business need-to- know, or whose duties reasonably so require, are granted access to Personal Information about ECAH’s users. All ECAH’s employees are required as a condition of employment to sign ECAH’s legal “Healthcare Personal Information Privacy and Security Disclosure Agreement” document and to consent to contractually respect the confidentialities of ECAH’s users’ Personal Information. ECAH’s “Healthcare Personal InformationPrivacy and Security Disclosure Agreement” document can be found here: http://www.MyECAH.com/EmployeeNDA.pdf
In addition, all of ECAH’s “Independent Healthcare Services Providers” (“ISPs”) are required to sign ECAH’s “ISP Non-Disclosure Agreement“. This non-disclosure agreement protects ECAH’s Recipients’/Clients’ Personal Healthcare Information that ECAH’s ISPs may be provided to in order to ensure the most appropriate healthcare services are provided. ECAH’s “ISP Non-Disclosure Agreement “can be found here:
http://www.MyECAH.com/ISPNDA.pdf
ECAH will retain Personal Information for only as long as required to fulfill the identified business purposes or as required by law. Personal Information data that are no longer required will be destroyed/archived, according to the guidelines and procedures established by the relevant National and Provincial Privacy Laws and ECAH’s Privacy Policy. However, due to our on-going exposure to potential claims, some information is kept for a longer period. ECAH’s adherence to the retention of Healthcare Personal Information applied to both paper-based records and digital/electronic documents.
ECAH may disclose your Personal Information without your knowledge or consent if ECAH receives an order, subpoena, warrant or other legal requirement issued by a court, tribunal, regulator, or other entities with jurisdiction to compel disclosure of your Personal Information.
If ECAH receives a written request from a police officer or other law enforcement agency with authority to request access to your Personal Information in the course of an actual or potential criminal investigation into breach of laws, ECAH’s policy is to provide the requested information to the legal authorities. Under these circumstances, the legal entities requesting the Personal Information shall be the ones responsible for informing the individuals the reasons for the requests.
Links to Other Online Services and Social Networks
ECAH’s users may be able to access third-party websites and services through links available on various ECAH Services’ technological platforms.
Any links are provided for your convenience. ECAH does not have any control over those third- party websites or services and ECAH does not provide any guarantee that the privacy practices of these third-party providers meet ECAH’s privacy standards. The use of any third-party websites or services is at your own risks and will be governed by the Privacy Policies of those third-party websites or services and not by ECAH’s Privacy Policy or Practices. Do not disclose your Healthcare Personal Information via third-party websites or services without reading their Privacy Policies first, in order to understand how your healthcare Personal Information are being used and shared by these third-party entities.
ECAH’s users may choose to log-in to or register for ECAH Services through various social media platforms (e.g., Facebook, Google, Apple, etc.). When you do so, Personal Information from your social media service accounts may be shared with ECAH. Information that you share on various social media platforms are considered as “Public Data”, in which ECAH or any other third-party entities can freely access/use/distribute legally. ECAH is not responsible for how these third-parties use and disclose your Personal Information. Therefore, it’s crucial to refer to those third-parties’ Privacy Policies to understand how they use and share your Personal Information. ECAH’s users may create connections/links between ECAH Services and the various social media sites. If you do so, ECAH may be able to publish updates about ECAH Services to your social media service accounts through the connections/links that you authorized between ECAH and your various social media accounts. you may choose to terminate these connections/links at any time by configuring your social network accounts’ privacy and security settings.
Children and Minors
ECAH Services are not intended for the use of children under the age of majority. ECAH does not collect Personal Information about children under the age of majority. Please do not submit any Personal Information about minors. The general age of majority is age 16 for most of Canada’s Provinces, however, the age of majority differs across countries and Provinces/States. Since ECAH is a digital healthcare tech company which operates its digital technological platforms internationally for users/visitors around the world, please adhere to the legal requirements for the age of majority in your own countries/locations.
How can I Access my Personal Information?
Upon request, ECAH will provide you information regarding the existence, use and disclosure of your Personal Information and you will be given access to that information. ECAH will respond to the applications for users’ access to their own Personal Information they provided ECAH. Such data requests will be resolved within a reasonable time and at minimal or no cost to the individual (fees may be charged in accordance with the relevant laws). You may challenge the accuracy and completeness of the information and have it amended as appropriate.
In certain circumstances, ECAH may not be able to provide access to all of your Personal Information that it holds. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, or information that is subject to solicitor-client or litigation privileges. ECAH will provide the reasons for denying access upon request by working with ECAH’s legal teams.
Safeguards
ECAH protects your Personal Information by security safeguards appropriate to the sensitivity of the information. ECAH will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
ECAH’s methods of protection include:
- Physical measures: such as filing cabinets which are kept locked when not in use and are access-restricted, both to ECAH’s physical place of business and other physical locations where paper-based Personal Information documents are archived;
- Organization measures: such as security clearances and limited access on a need-to- know basis by ECAH’s employees; and
- Technological measures: such as the use of passwords, firewalls, VPN, proxy servers, and the most advanced encryption
Inquiries Regarding Challenging Compliance
An individual will be able to make inquiries and/or address challenges concerning ECAH’s privacy compliances with this Privacy Policy and other relevant Privacy Laws.
ECAH will maintain procedures for addressing and responding to all inquiries and/or complaints from ECAH’s users. ECAH will investigate every and all complaints. All inquiries or complaints involving ECAH’s handling of Personal Information or compliances with Privacy Laws shall be directed to: Privacy@MyECAH.com.
ECAH’s “Privacy Office” will respond to all such inquiries or complaints within 14 business days of receipt. ECAH will make reasonable efforts to resolve all such complaints within 30 days of receipt of the initial complaint. If ECAH finds a complaint to be justified by ECAH’s compliance to Privacy Laws, ECAH will take appropriate measures, including resolving the complaints with the claimants first, and/or amending/updating ECAH’s Privacy Policies and procedures.
However, if the complaints cannot be resolved, ECAH will, if necessary, initiate the necessary legal actions with the appropriate jurisdiction information privacy legal authorities.
ECAH has developed policies and procedures consistent with Canada’s “Personal hInformationProtection and Electronic Documents Act” (“PIPEDA”), and other relevant privacy laws, including “Canada’s Privacy Act”, “Healthcare Consent Act, 1996”, “Long-Term Care Homes Act, 2007”, “Personal Health Information Protection Act, 2004” (“PHIPA”), as well as adherence to United States’ “Health Insurance Portability and Accountability Act of 1996” (“HIPAA”) and “Health Information Technology for Economic and Clinical Health of 2009” (“HITECH”).
Applicable Courts of Law
The applicable legal courts for the purpose of filing formal complaints against ECAH’s data privacy and security of ECAH’s Users’ personal healthcare information adherences to the relevant Laws stated above. The applicable courts in Canada are:
Ontario (and individual Provinces) Superior Court of Justice, Canada Provincial Divisional Courts and Provincial Queen’s Bench Courts, Courts of Appeal, and other privacy and security legal regulator bodies that may be involved in the Data Breach Lawsuits.
Common law Tort of Invasion of Privacy
The defendant’s conduct must be intentional; The defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and. A reasonable person would regard the invasion as highly offensive, causing distress, humiliation or anguish.
Contact Information
1) ECAH’s Privacy Office
ECAH Privacy & Governance Officer: Jenna Chou, PMP, PgM, MBA, MSc.
Private Business Cell: 1-647-825-5258
E-mails: ECAH.Privacy@Gmail.com Privacy@MyECAH.com
2) ECAH’s General Business Contact Info
E-mail: Contact@MyECAH.com
Address: ECAH (Easy Care At Home) Incorporation
100 King Street West, Suite 5700, Toronto, Ontario, M5X 1C7, Canada
Website: http://www.MyECAH.com
Phone: 1-647-360-0909
3) Information and Privacy Commissioner of Ontario
If, after contacting us, you feel that your concerns have not been addressed to your satisfaction, you have the right to complain to the “Information and Privacy Commissioner of Ontario”. The Commissioner can be reached at:
Address: 2 Bloor Street East, Suite 1400, Toronto, Ontario, M4W 1A8
Phone: 1-800-387-0073
Fax: 1-416-325-9195
4) The Privacy Commissioner of Canada
If your concern involves a privacy issue that requires further escalation to higher privacy legal authorities, in order to find resolutions that result in outcomes satisfactory to the complainers. Any and all of ECAH’s users may contact the office of the Privacy Commissioner of Canada by: Telephone: 1-800-282-1376
Quebec: 1-819 994-5444
Fax: 1-819 994-5424
Website: http://www.priv.gc.ca
Important Notice
ECAH reserves the right to modify and/or amend this Privacy Policy from time to time in its sole discretion without prior notice to ECAH’s users. Any such amendment(s) will be posted on ECAH’s various technological platforms (including the ECAH App, ECAH’s website, as well as all ECAH’s various social media sites). The updated Privacy Policy will be effective as of the date of posting.