Last updated and effective October 10th, 2017.
Your privacy is very important to us. We believe in responsible stewardship of data, we conform to all applicable laws and standards, we follow the principle of Privacy by Design and we strive to continuously improve our practices. We are constantly working to make sure that the data we collect is accurate, relevant, up to date, and well protected.
This Policy is part of, and incorporated into, the Terms of Service. Capitalized terms that are used in this Policy that are not otherwise defined have the meaning given to them in the Terms of Service. In the case of any conflict or ambiguity between this Policy and the Terms of Service, the Terms of Service shall prevail.
An health professional is a health care provider or member of staff of a Health Organization that is involved in providing, arranging, or organizing care for a patient and may include but not limited to doctors, nurses, therapists, technicians, medical office assistants, nurse managers, unit clerks, unit coordinators, administrators and managers. An health professional may be associated with a Health Organization Customer, or a Health organization that is not a customer of Careteam.
Any legal entity involved in the provision of health care services to patients.
Health Organization who is a customer
A Health Organization that has contracted with Careteam for the provision of Services.
The Patient is the person that is the subject of the Care plan and/or personal health information stored on Careteam.
Support Team Members
Are paid or unpaid people who provide supporting care to the Patient, often referred to as caregivers. They are often family members and friends.
Notwithstanding any other provision of this Policy, Careteam must meet the requirements of relevant laws. Careteam must protect information in accordance with relevant laws, and may be required to disclose confidential and personal information in compliance with those laws as well as regulations, rules subpoena or other legal process.
Purpose and Type of Personal Information we collect
Personal Information is collected for the following purposes:
- To plan, provide, track, assess, and improve the Services and future Services
- To identify you to other users
- Enable Patients, their Support Team Members and health professionals to plan, coordinate, track and improve the care of the Patient
- To assist Health Organization Customers to identify Patients that may require or benefit from proactive health care services
- To deliver notices, notifications and reminders to Careteam Users
- To perform internal market research, project planning, and troubleshooting
- To detect and protect against error, fraud, or other criminal activity
- To enforce the Terms of Service
Personal Information may include, but not limited to, the following:
- Registration data (demographic, identification data, contact information)
- Care plan (including purpose/diagnoses, instructions, goals, tasks, appointments)
- Additions or modifications to the Care plan(s)
- Tasks, appointments, and status thereof
- Attachments (such as documents, forms, videos, images)
- Care team members, resources, and their contact information
- Health information (information describing a patient’s health and health care such as diagnoses, allergies, procedures, medications, immunizations, family history)
- Communication messages
- Activity comments
- Data disclosed electronically by a health organization or third party rather than entered directly by an health professional
- Data from third party consumer services such as, but not limited to, devices, fitness trackers, diet trackers, or personal health records
It is important to understand that while Careteam provides some structure and limitations by virtue of the functionality in the Services, it stores what users enter. While health professionals and Health Organizations are bound by certain laws, regulations, policies and professional practice standards that limit what they record, both Patients and their Support Team Members must use their personal discretion in what they enter into Careteam – keeping in mind who may have access to that information both currently and in the future.
For each user, we record usage data including but not limited to:
- Login and logout information (user identity, date, time, device, location)
- Usage data
- Error logs
From time to time, we may also ask you to participate in surveys designed to help us improve the Services. Any Personal Information provided to us in connection with any such survey will be used only in relation to that survey and as elsewhere set forth in this Policy.
Use and Disclosure of Personal Information
By using the Services in connection with a health professional, Patients acknowledge that data recorded by or shared with health professionals and Health Organizations may be subject to the same policies and practices as other medical record information retained by that organization. For example, to the extent permitted and/or required by the provisions of relevant laws, regulations, policies, and professional practice standards:
- any information shared with an health professional or Health Organization through the Services may be shared with other authorized persons within that Health Organization or disclosed to others involved in the Patient’s care; and,
- the health professional and Health Organization may retain records of data entered or accessed in Careteam as part of their medico-legal record of care, storing those records either within Careteam Services or outside the Services.
Personal Information entered by an health professional at a Health Organization Customer may be:
- accessed by staff of that Health Organization Customer, and its authorized health care providers such as credentialed physicians, that are authorized as Careteam users by that Health Organization Customer;
- disclosed to other health professionals who are invited to the Patient’s care team by either the Patient or an authorized health professional at the Health Organization Customer;
- disclosed to Patients and their authorized Support Team Member (including Support Team Members selected by the Patient, and those with duly authorized Power of Attorney); and,
- disclosed to third parties authorized by the Patient or involved in the provision of the Services.
When information is provided or made accessible by a health professional or Health Organization to a Patient or their Support Team Members through Careteam, the Patient becomes a custodian of that information and acquires irrevocable access to that information.
Personal Information directly associated with a specific Care Plan that is entered by the Patient, their Support Team Members, health professionals, or third parties (including but not limited to additional careplan details and task/appointment status updates or edits) will be accessible to health professionals at the Health Organization Customer that created that Care Plan.
To the extent made possible by the Services, the Patient may further choose to grant access by any other User of Careteam to additional Personal Information entered by them or their Support Team Members, health professionals or third parties.
The Patient may designate one or more Support Team Members to be their Support Team Contact(s) in Careteam. The Support Team Contact has the same authority as the Patient to administer the Patient’s Careteam Account including the ability to message with the Patient’s health professionals, add/change/remove users on the Patient’s care team, add/change/remove other information, and disclose such information to other users on the Patient’s care team.
Patients also acknowledge that by granting access to their Careteam Account to a User on Careteam, they are granting access to both current information stored on Careteam and future information which they or any other User or third party may add to the Patient’s Careteam Account. With this in mind, Patients may wish to limit who they provide access to, what they provide access to, or be prepared to remove or modify access in the future if information may be added to their account which they do not wish to be accessible to existing members of their care team.
Information stored in communication messages between Users is accessible to any User that is included in that message. If one User’s account is disabled or removed, the other User(s) may still have access to those messages.
Disclosure of identifiable information to third parties
In the course of providing the Services, we may also share your Personal Information with Careteam’s service providers such as hosting service providers. We may also provide Personal Information to our subsidiaries, affiliated companies, and other trusted businesses or persons for the purpose of providing the Services, and for our other purposes described in this policy. We limit the Personal Information shared with these third parties to that which is necessary to carry out those functions.
We may also disclose Personal Information if we determine that disclosure is reasonably necessary to enforce our Terms of Service, to protect our operations or users, or to meet obligations set out by relevant laws.
Communications from Careteam
We may provide notices and notifications via e-mail or SMS alerts such as service notices, appointment reminders, and activity notices, and these notices and notifications may include an ability for the recipient to respond. Users have the ability to opt-out of receiving these messages. Opting out in this manner will not end transmission of service-related notices which Careteam considers necessary.
Aggregate and Non-Identifiable Information
Aggregated information and statistics (information aggregated or calculated from multiple users that is not associated with any individual user account), as well as anonymised and de-identified data (does not include Personal Information) are used to run and improve the services provided on or through Careteam. This information may also be used by us or provided to our partners for purposes of quality improvement, research and analysis, troubleshooting, safety and security, and service provision.
You may e-mail us at firstname.lastname@example.org to request that we close your Careteam Account. We will retain a copy of records as required by applicable laws, medico-legal requirements and legitimate business purposes. If a Patient closes their Careteam Account, all Support Team Members associated with a Patient’s Careteam Account will cease to have access to the Patient’s information stored on Careteam, with the exception of Messages they have shared with that User. If a Health Organization Customer license terminates, the Patient’s Personal Information that is in Careteam will remain accessible to the Patient and any other users they have granted access to, and the Patient will be the Custodian of that Information. If a Care plan or Careteam Account was created for a Patient and that Patient has never logged into or accessed their account, Careteam may archive, disable, archive, or delete that Patient’s Careteam Account and Personal Information at any time. Careteam is only required to retain records for the duration required by relevant laws, and may be limited by agreements with a Health Organization Customer.
Cookies and other technology
The Services may use “cookies” and other technologies such as pixel tags and web beacons. Cookies are alphanumeric identities in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. “Web beacons” are images embedded in a Web page or e-mail. These technologies tell us which parts of our website you have visited, whether emails have been opened, and how you use our Services. They are also used to analyze and improve our Service’s design and functionality. If you choose to delete cookies from your device or block them from being stored on your device, the full functionality of the Services may not be available to you.
We use a combination of firewall barriers, encryption techniques, and authentication procedures, among others, to maintain the security of your data and to protect Careteam Accounts and systems from unauthorized access according to the requirements of relevant privacy laws and any relevant Business Associate Agreement with a Healthcare Provider.
When you register for the Services, we require that you provide a password for your privacy and security. This password is stored in an encrypted fashion on our systems.
Unless otherwise specified, the Services are hosted and operated in Canada and are subject to Canadian laws, and any Personal INformation that you provide to us, or that we collect, will be hosted on Canadian servers.
If you are accessing the Services from outside Canada, or outside your own jurisdiction, please be advised that your Personal Information may be transferred over and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. Your consent to this Policy represents your agreement to that transfer.
We respect and endorse laws that protect and limit the collection of information from children under the age of 13. Therefore, our Services are not targeted or directed at children under 13. Any information we receive about children under 13 must come from someone authorized by law or consent to give it to us, such as parents, guardians, legal representatives, health care clinicians & providers, hospitals, and insurance companies.
Your responsibility for maintaining the confidentiality of your access
You are responsible for maintaining the security of your Careteam Account, login ID and password. If you believe that your Careteam Account, login ID or password have been compromised you should immediately change your password and contact email@example.com. We are not responsible if someone else accesses your Careteam Account through registration information they have obtained from you or through a violation by you of this Policy, or the Terms of Service. If you have a security related concern, please contact firstname.lastname@example.org.
You consent and agree that the agreement between you and us as evidenced in this Policy, any licenses herein, and the custodianship of any information collected about you including any Personal Information collected pursuant to this Policy, can be sold, assigned, transferred, or otherwise conveyed to a third-party as part of a merger, acquisition, reorganization, sale of all or substantially all of our assets or capital stock, in the event of a bankruptcy, or any other such change of control situation. Additionally, you agree that this Policy continues to bind you and guide the terms and conditions of your use of the Services in any of the foregoing circumstances.
Updates to this policy
We may update this Policy periodically. The date last revised appears at the bottom of the Policy. Changes take effect immediately upon posting.
If you have questions, comments, concerns or feedback regarding this Policy or any other privacy or security concern, contact email@example.com.