Touch Medical Intelligence’s Privacy Policy

Touch Medical Intelligence Inc. (“Touch”, “we”, “our”, “us”) is a clinic quality improvement platform that builds its solutions with privacy as a core foundational requirement. This platform, its websites and web-based resources, are referred to collectively as the “Services”. “Subscriber” in this document refers to anyone that has subscribed or paid for our Services. Any interaction between our Subscribers and their patients is called an  “Encounter” in this document.

This privacy policy details Touch’s privacy practices, how to request corrections or deletion of private information, and how we collect, use, disclose and safely manage personal information and personal health information. Personal information (PI)  is any information about an individual with associated identifying information. Personal health information (PHI) is information about an identifiable individual that is related to their provision of health care for physical or mental health including plans of service, payment information, eligibility for health care, information regarding body parts or substances, health numbers, family history.

Access and use of our Services is your agreement to this privacy policy. When using our Services it is required to also read, understand and agree to, in addition to this policy, our Terms & Conditions, Uses of Personal Information Consent Form and Service Agreement.

We are committed to the safeguarding of PI and PHI and take our responsibility seriously; privacy assurance is our default mode of operation. Any questions regarding our privacy policy or practice can be sent to our Privacy Officer at privacy.officer@touchclinics.com.

Patient Notice

All patients of a clinic or practitioner using our Services should be aware that these Subscribers control your personal information; kindly direct any questions regarding your personal information to your clinic or practitioner.

Touch’s Commitment to You

Touch will never collect, use or disclose your personal information without your consent.Touch will never sell or rent any PI or PHI that it collects.

Touch improves  and implements industry standards for the  administrative, technical and physical safeguarding of information from unauthorized access. 

Touch adheres to the relevant personal information legislature where it operates.

Information Collected and Stored

The following information will be collected and stored when you use our Services:

Identifying and Health Information

Registering an account as a Subscriber includes both entering and collection of personal information such as name, date of birth, and phone number.When as a patient you fill in our Subscriber’s health forms for the first time, your profile is registered so that your health practitioner can identify and contact you. This information is collected and includes date of birth, gender, name, phone number, and email address.  When you fill in our Subscriber health forms we will collect and store health information linked to you; including clinician findings, symptoms, treatment details, and medical history. 

Device and Website Information

We collect specific technical information about the use and access of our Services for improvement and quality assurance purposes. When you use or access our Services, we may collect the date, time, IP address, browser details, device identifiers, geo-location, activities performed, the network performance of your visit, and the URL that you were directed from.

Cookies and Tracking Information
Encounter Information

Information associated with Encounters is collected, anonymized, and de-identified for internal product and research development through compiling of statistics and data analysis.Billing InformationWhen paying for our services we collect and use the credit card, banking or other financial information to process the payment.

Disclosures and Uses of Information

Subscriber’s Role

Practitioners and clinics, Subscribers, that use our platform have full control over any patient's personal information and PHI collected with it. Our Subscribers referred to as “health information custodians” or ”covered entities” determine what PHI is collected, how they use this PHI, who has access to this PHI, how long personal information and PHI is stored, and the basis for deletion of this PHI.

Third-Party Service Providers

Your personal information and PHI may be transmitted to a third-party data center for secure storage. We validate that all service providers that we work with follow best practices in protection of privacy and information.

Legal Compliance

If required legally by an applicable law, we may disclose your personal information, including PHI, to a 3rd party if required so through court order, a regulatory body request or a government request. We will not disclose a patient’s personal information unless due to legal requirements.

Corporate Circumstances

In the case of a company transaction such as a merger, acquisition, or IPO, your personal billing information may be disclosed just for the needs of the transaction. Protection, safeguarding , and confidentiality of PHI are assured in these circumstances.

De-Identified Aggregate Data

Touch may conduct in good faith, product development and internal research with de-identified aggregate Subscriber and patient data. This research may include statistical analysis of this data. Touch will ensure that this de-identified aggregate information can not be used to identify an individual. The product developments and insights for research may be shared with Subscribers for  improvement of the quality of our services.

Rights Over Your Data

Individuals have certain rights concerning their personal information and PHI, how these pertain to our Subscribers is described below. If you are a patient of a practitioner or clinic that is a Subscriber, any exercising of your rights in regards to your information needs to be done through your practitioner or clinic.

Access, Modification and Deletion of Your Information

You have the right to modify or delete the personal information stored on the platform. This can be done on our platform by logging in as the clinic owner or requesting the individual with the clinic owner privileges to delete or modify your personal details from the “Staff “ page. These changes or deletion could also be made with a request to our contact details found below. If you require access to a copy of your personal information collected by us, kindly submit a request to privacy.officer@touchclinics.com, and we will get back to you within 30 days of receiving it.

Withdrawing Consent

Use, collection and disclosure of your personal information is only conducted with your consent; no use, collection or disclosure that you haven’t consented to occurs. You have the right to withdraw this consent at any point through a request to our Privacy Officer at privacy.officer@touchclinics.com, this can stop any usage, collection and disclosure of your information.

Complain

You have the right to complain to the authorities that monitor data protection laws in your area. You can find links listed below for the contact details of the relevant offices in different provinces.

Information Retention

Personal information regarding a Subscriber account will be retained the whole time that it is active. We will retain only information, if any, that is required by any applicable laws and regulations upon account closure. Personal information will be retained for the duration required under applicable laws and regulations. De-identified information may be retained and used in accordance with this privacy policy. If you wish to close your Touch account, kindly contact privacy.officer@touchclinics.com and we will close the account for you in a reasonable amount of time.

Safeguarding Your Information

The safety and protection of PI & PHI is important to Touch and is thoughtfully considered  in three domains; our physical, software and human resources associated with data security strive to follow state of the art practices.

Internet Communication Security

Communications from our platform are secured against unauthorized access to the industry standard Hypertext Transfer Protocol Secure (HTTPS), which is encrypted using Transport Layer Security (TLS). Access to our service can be further secured with the option for using double factor authentication, in addition to requiring unique user ID & password access. Kindly email privacy.officer@touchclinics.com if you would like to inquire about setting up double factor authentication at your clinic.

Touch Internal Administrative Management

Touch has a privacy steering committee which ensures that privacy is a core requirement for our product. This committee distributes and manages policies, procedures and information to maintain an environment of privacy assurance as the default course of action. Any Touch employees with access to PI will only access PHI on the instructions of the custodian, where necessary to react to technical issues, or if required by law or court order. All Touch employees or contractors with access have signed confidentiality agreements.

Breach Response

Touch monitors its database and takes reasonable measures to prevent and detect any breaches in a timely manner. In the case of a breach, Touch will notify those with affected information, take rectifying action immediately, and contact the relevant authorities.

Contact us

Name/Title: Liza Bahlmann, Privacy Officer
Address: 612 Rideau Rd SW, Calgary, Alberta
Phone: (905) 462-8277
Email: privacy.officer@touchclinics.com 

You can also contact the Privacy Commissioner of Canada for assistance between the hours of 8:30 a.m. to 4:30 p.m. est, at:

Toll-free: 1-800-282-1376
Phone: (819) 994-5444Fax: (819) 994-5424
TTY: (819) 994-6591
or by mail at 30 Victoria Street, Gatineau, Quebec K1A 1H3
or on the web at http://www.priv.gc.ca

You can also contact your Provincial or Territorial Privacy Commissioner's office for more information:

Alberta
Office of the Information and Privacy Commissioner of Alberta

British Columbia
Office of the Information and Privacy Commissioner for British Columbia

Manitoba
Manitoba Ombudsman

New Brunswick
Office of the Integrity Commissioner for New Brunswick

Newfoundland and Labrador
Office of the Information and Privacy Commissioner for Newfoundland and Labrador

Northwest Territories
Information and Privacy Commissioner of the Northwest Territories

Nova Scotia
Office of the Information and Privacy Commissioner Nova Scotia

Nunavut
Information and Privacy Commissioner of Nunavut

Ontario
Office of the Information and Privacy Commissioner of Ontario

Prince Edward Island
Office of the Information and Privacy Commissioner (Prince Edward Island)

Quebec
Commission d'accès à l'information du Québec

Saskatchewan
Saskatchewan Information and Privacy Commissioner

Yukon
Yukon Information and Privacy Commissioner

Touch Medical Intelligence Inc © 2022