Privacy Policy

1.    WHAT DOES OntarioMD DO?

This Privacy Policy applies to personal information collected and used by OntarioMD.  The purpose of this Privacy Policy is to outline the type of personal information we collect, how we use that information in compliance with applicable laws and ethical business practices, and the safeguards we have in place to protect that information. OntarioMD's privacy policies and guidelines are guided by Ontario's Personal Health Information Protection Act ("PHIPA") and the federal Personal Information Protection and Electronic Documents Act ("PIPEDA").

OntarioMD supports clinicians in the selection, adoption, sustained and enhanced use of certified Electronic Medical Records ("EMRs") and related technologies.  Protecting personal information is a key value at OntarioMD.

OntarioMD has also developed products and services that allow physicians, hospitals, medical clinics and other health care organizations to optimize their use of digital delivery mechanisms and EMRs.  OntarioMD has developed solutions that enable and promote the exchange of patient health information between and among clinicians and health facilities.  We have developed and delivered electronic health initiatives that align and respond to provincial government priorities and many programs are funded by the Ontario Ministry of Health ("MOH").  Due to the nature of our work, OntarioMD will have access to personal information.

The OntarioMD Privacy and Security Training and Attestation Module is an online education tool and collects users' name, CPSO number and successful completion status. OntarioMD also collaborates with other stakeholders to research, evaluate and deliver other services. 

With respect to health information custodians ("HICs"), OntarioMD acts as a service provider; we support health care providers in the use and adoption of technology and digital health delivery tools; this may include either OntarioMD led, or collaborative research and publications related to the progress and effectiveness of use and adoption of technology and digital health delivery tools.  Although from time to time, our representatives may access or view personal health information ("PHI") in order to perform our services, OntarioMD itself, does not collect or store PHI in the course of providing these services. With respect to its provision of Health Report Manager (which enables the sharing of personal health information to two or more health information custodians), OntarioMD acts as a "health information network provider".

2.    WHAT PERSONAL INFORMATION DO WE COLLECT?

Personal information includes information about an identifiable individual.  Personal information does not include name, business address or business contact information, such as business title, or phone number, that are provided for business purposes. Types of personal information that we collect include: personal address, and, in some cases, CPSO numbers, financial information and practice information. OntarioMD generally collects personal information that is voluntarily provided, but we may collect information from third parties where you have registered for a program that requires this data, or otherwise where you consent, or as permitted or required by law. We may also collect information through our Website, such as your email address where you provide it. OntarioMD does not collect or store personal health information of patients for its own purposes.  

3.    USE AND DISCLOSURE OF PERSONAL INFORMATION

OntarioMD collects, uses and discloses personal information in order to deliver programs, products and services that work with, and on behalf of, health information custodians to leverage information technology ("IT") and to facilitate the adoption of new IT tools.  OntarioMD also has developed tools and services that facilitate the delivery of health information between stakeholders.  As discussed above, OntarioMD does not require access to personal health information in order to fulfill its mandate other than converting it to secure file formats for transmission to health information custodians in the provision of HRM. 

OntarioMD uses personal information for the following purposes: 

  • Providing information about OntarioMD products and services, and about developments in health IT policy of interest to physicians.
  • Registering physicians and other health care clinicians or their administrators so that they can use the OntarioMD Portal and other IT tools. We exchange information with the Ontario Medical Association (OMA) member services in order to have up-to-date records, including registration information for service and Portal access and provide services to OMA members.
  • Developing education programs and information services about developments in health IT and health policy of interest to physicians.  This includes marketing services and products tailored to the needs and interests of OntarioMD stakeholders.
  • Engaging stakeholders including physicians and other clinicians, in order to assess their views on OntarioMD services and benefits, and on the technology adoption. This information is then de-identified for use in economic and policy analysis, research and future planning.
  • OntarioMD led, or collaborative research and publications related to the progress and effectiveness of use and adoption of technology and digital health delivery tools.
  • Delivering personal information on behalf of health information custodians with respect to HRM or related services.
  • Supporting clinicians with any technical issues related to OntarioMD supported products (e.g., HRM).
  • Updating stakeholders about the direction of OntarioMD to ensure they are well informed.
  • Distributing financial reports to the MOH for physicians receiving EMR funding if a funding program is in place.

Except as expressly set out in this Privacy Policy, or otherwise as required by law, OntarioMD will not disclose personal information to any third party without prior consent.  In order to fulfill its role and reporting obligations to its funding partner and carry out its role as a certifying body for EMRs in Ontario, OntarioMD must share some information it collects with stakeholders. 

Stakeholders:  OntarioMD is required to provide reporting information on its activities to its funding agent, the MOH.  In almost all other situations, OntarioMD only provides anonymized or aggregated information to the MOH and other stakeholders.

In order for OntarioMD and the OMA to administer their respective member programs, they may share practice information for purposes of registering in or accessing such programs. Similarly, in order to register and onboard clinicians for products such as eConsult, provincial EHR assets and viewers, ONE ID (or other products as they are introduced), practice information including CPSO numbers and Billing Numbers may be shared with provincial agencies such as eHealth Ontario/Ontario Health, and the Ontario Telemedicine Network (OTN) for purposes of enrollment.

Where you consent, OntarioMD will share the status of your successful completion of the OntarioMD Privacy and Security Training Module (including required identification numbers) with provincial digital health partners in order to facilitate your access to their assets.  We may also share such status with CME accreditation bodies for the purpose of granting of CME credits.

Service Providers: From time to time we may transfer personal information to third party agents and service providers who provide services on our behalf. For example, we may use a service provider to help us conduct a study or verify information, to authorize and process payments, provide call center support, host our Website and operate some of its features. These third parties are required to safeguard the personal information transferred to them and not to use or disclose personal information transferred to them for any purpose other than the provision of services to OntarioMD. Examples of our service and infrastructure providers include eHealth Ontario and its data centers and networks. Some service provides may process data on servers outside of Canada. In the event our service provider is located in a foreign jurisdiction they are bound by the laws of the jurisdiction in which they are located and may disclose personal information in accordance with those laws.

Note that OntarioMD's service providers that transmit or handle PHI must process and store such PHI in Canada.

Sale of Business: OntarioMD may transfer any information we have about individuals as an asset in connection with a merger or sale involving all or part of OntarioMD or the OMA or as part of a corporate reorganization or other change in corporate control. OntarioMD may also transfer personal information to the professional advisors of the successor entity under an obligation of confidentiality for due diligence purposes and ultimately to the successor entity upon completion of the transfer of ownership.

4.    i4C DASHBOARD PROGRAM

This section is relevant if you choose to enroll for the i4C Dashboard Program.

The i4C Dashboard is a program offered by OntarioMD to clinicians through various certified EMRs. The i4C Dashboard enables clinicians and their authorized administrators to query the data contained in their EMRs on a set of clinical indicators. The EMR then provides an aggregate or quantifiable response to the query that is reported in the form of a number, called a "Metric". Metrics do not contain identifiable information of a patient and Personal Health Information does not leave a clinician's EMR. 

OntarioMD puts added controls in place to limit its access to and sharing of Metrics with third parties where the denominator of a Metric result is less than 5 patients. The i4C Dashboard is designed to leverage EMR aggregate data and functions for improved clinical outcomes and practice efficiency.

Identifiable Information collected by OntarioMD within the i4C Dashboard includes clinician name and the associated clinic name. In addition, i4C Dashboard data collected will include clinician identifiers, clinic identifier, indicator name, indicator segment (outcome category), Metric (aggregate patient count for clinician) and date of result. This Personal Information and other data will be held as Confidential Information to be used only by OntarioMD and authorized third parties. For example, at the request of a clinician, OntarioMD staff may review Metrics to better under a clinician's practice and develop a tailored quality improvement plan.

Viewing access to i4C Dashboard data will be restricted to OntarioMD, authorized third parties and participating clinics, which may include clinicians, authorized staff and executive directors in accordance with the Terms and Conditions of the Participation Schedule made available to you. However, viewing capabilities will be different among the parties.

(a)  Access to i4C Dashboard Data by OntarioMD

OntarioMD will only be able to view the Metrics from the i4C Dashboard. This data will be viewed outside the EMR and OntarioMD will not be able to view patient health information.  OntarioMD will use Metrics for analytical and practice improvement support purposes. For example, OntarioMD staff may review Your shared Metrics to better understand Your practice and to develop a tailored quality improvement plan for You. In addition, OntarioMD will offer a comparative analysis of aggregated i4C Dashboard Metrics across the entire cohort of i4C Dashboard participants, at the health system level, ("Health System ComparisonData") e.g. between different regions in the province. This Health System Comparison Data will be provided by OntarioMD to all participating Clinicians so that they may be able to better understand their own statistics against a larger provincial or regional pool.

OntarioMD puts controls in place to limit access to and sharing of Health System Comparison Data where the denominator of a Metric result is less than 5 patients. 

Data about the usage of the i4C Dashboard within a clinician's practice may also be collected and stored by OntarioMD. OntarioMD will treat this data and any identifiable information about you as confidential, and except as required by Applicable Law this information will not be further disclosed without your prior consent.

Clinicians are required to expressly consent to participate in the i4C Dashboard Program, however, sharing Metrics with OntarioMD is always required as a condition of participation.

(b)  Clinician Access to I4C Dashboard Metrics and PHI

Access to i4C Dashboard Metrics and patient level health information within an EMR is dependent on permissions established at the clinic level in accordance with clinic governance practices.  OntarioMD does not control viewing or access permissions and this is an internal matter within a clinic/practice. Depending on permissions enabled at a local clinic, clinicians will also be able to view their practice trends against an aggregate of their peers through the Health System Comparison Data (see above).

(c)  Health System Third Parties

For the purposes of enabling health quality improvement, planning, adoption or health system performance measurement, OntarioMD may share aggregate Metrics within i4C Dashboard with external health care organizations or health-related research bodies, including the MOH.  Aggregate Metrics will not be sold.  Prior to the disclosure of aggregate Metrics to health system third parties, each party must agree to use data only for these defined permitted purposes. Separate data sharing agreements will be executed between OntarioMD and each third-party stakeholder to assert that i4C data use will be within scope of identified permitted uses (i.e., for healthcare quality improvement or healthcare system performance measurement).

In accordance with the Terms and Conditions of Participation, Clinicians may opt-out of having Metrics contributed to the aggregated Metric pool shared with these third parties.

From time to time and with notice to you, OntarioMD may update the list of third-party organizations with whom data is shared. 

5.    CONSENT

By providing personal information to OntarioMD Inc., you consent to our collection, use or disclosure of such personal information in accordance with this Privacy Policy and as permitted or required by applicable laws and ethical business practices. An exception is made in cases of legal, medical or security reasons where it is impossible or impractical to receive consent. 

The majority of communications OntarioMD sends are required operational communications which provide important information regarding one of the products or services you are receiving. From time to time, OntarioMD also sends educational and marketing communications.  Receiving marketing communications, whether in hard copy or by e-mail, is always optional and you will be provided every opportunity to be removed from such distributions.  Registered Portal Users can manage their marketing preferences by logging in here. You can also unsubscribe by following links sent to you on marketing communications we send or by sending an email to info@ontariomd.com.

6.    SECURITY

Your personal information is treated as private and confidential information by OntarioMD.  We strive to ensure that your personal information, regardless of format, is protected and kept secure by providing security safeguards that are appropriate to the sensitivity of the information. OntarioMD only keeps personal information for as long as it is required for legal or business purposes. Although we make every reasonable effort to protect your personal information from unauthorized access, release, use, loss and theft, disclosure, alteration by third parties, copying or modification by physical and logical security procedures, confidentiality policies, and authorization requirements, you should be aware there is always some risk involved in transmitting information over the Internet. As a result, OntarioMD does not represent, warrant or guarantee that personal information will be protected against loss, misuse or alteration and does not accept any liability for personal information submitted by you, nor for your or third parties' use or misuse of personal information.

7.    WEBSITE

OntarioMD maintains a Website and a Portal that provides information to registered users.  

All Website Users:

Individuals may visit the public portion of our Website (OntarioMD.ca) without providing any personal information. However, we may automatically collect some information regarding your use on our Website and the pages you visit on the Website. Our servers may automatically collect information about the type of browser you use and the name of your Internet Service Provider. In addition, we may collect "cookie" information from your browser to identify your computer and provide us with a record of your visits to our Website (collectively, the foregoing is referred to as "Usage Data"). The technology used to gather "cookie" information is provided by the Internet browser you use, and is stored on your computer. You may set your browser to disable or refuse to accept cookies, although doing so may affect your viewing of certain portions of the Website. The Website collects Internet Protocol (IP) addresses for system administration, to report aggregate information and to audit the use of the Website. Our Website contains links to other Websites which may collect your personal information. OntarioMD assumes no responsibility for the privacy policies of these Websites. You should read the privacy policies of these Websites and make an informed decision whether or not to provide your personal information to the Websites' operators.

Registered Portal Users Only:  

OntarioMD collects personally identifiable information when you register for an OntarioMD Portal account. When you register for the Portal, we require your name, email address, gender, birth date, and telephone number. Once you have registered with the Portal and sign in, you are not anonymous to us. OntarioMD automatically receives and records information on our server logs from your browser which could include when you login, duration of Portal visits, IP addresses, portlets used and the pages requested. OntarioMD uses this information for the following purposes:

  • Authentication and provisioning access to certain Portal resources
  • Audit logging for security purposes
  • Monitoring and improving site performance issues
Except as provided in this Privacy Policy, OntarioMD will not share the information with third parties. The handling of all personal information collected from you by OntarioMD is governed by applicable law, including Ontario's PersonalHealth Information and Protection Act and the Personal Information Protection and Electronic Documents Act as applicable.

8.    CHANGES TO THIS PRIVACY POLICY

OntarioMD reserves the right to modify or amend this Privacy Policy from time to time and we encourage you to refer back to this policy regularly. The date of the most recent version is posted at the top of the Privacy Policy. If any material modifications are made to how we intend to use or disclose personal information, we will contact you accordingly to notify you, or where necessary, obtain your consent.

9.    ACCESSING YOUR PERSONAL INFORMATION 

You have the right to verify and amend your personal information collected by us. You are also free to withdraw your consent to such collection, use and disclosure of your personal information. On written request, and in a reasonable timeframe, you have the right to access your personal information, identify the uses to which that information is put and identify any third party to whom it may have been disclosed and for what purpose. These rights are not absolute; how ever if we deny your request for access, we will provide reasons for doing so.

If an individual identifies incorrect personal information in OntarioMD's possession, OntarioMD will correct or delete that information in accordance with the individual's direction.

10.  SAFEGUARDS

OntarioMD maintains reasonable administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of personal information in our custody and control. OntarioMD maintains strict confidentiality of all personal information collected and will only disclose such information to authorized persons who require such information for the purposes set out above. OntarioMD will keep to your personal information for as long as it remains necessary or relevant for the purposes stated above or as otherwise required by law.

11.  OPENNESS

OntarioMD makes its policies for protecting personal information readily available to those individuals from whom personal information has been collected. Reasonable access to such information can be provided where it does not interfere with the legal rights or requirements of OntarioMD or other third parties. The following policies are readily available on the OntarioMD Website:

  • OntarioMD Privacy Complaints and Inquiry Policy and Procedures
  • OntarioMD Privacy Breach Management Policy
  • FAQ Privacy for Physicians and Staff

12.  HOW TO CONTACT US OR MAKE A COMPLAINT

If you have any questions or concerns about how OntarioMD manages your personal information and protects your privacy, please contact our General Counsel and Chief Privacy Officer at:

You have the right to complain to the Information and Privacy Commissioner of Ontario or the Office of the Privacy Commissioner of Canada if you are concerned that OntarioMD has violated privacy obligations regarding personal health information or personal information.


Information and Privacy Commissioner of Ontario Office of the Privacy Commissioner of Canada

Address:
2 Bloor Street East, Suite 1400
Toronto, ON
M4W 1A8

Address:
30 Victoria Street
Gatineau, Quebec
K1A 1H3

Phone:
416-326-3333 or 1-800-387-0073

Phone:
819-994-5444 or 1-800-282-1376

Fax:
416-325-9195

Fax:
819-994-5424

Web:
www.ipc.on.ca

Web:
www.priv.gc.ca/