Medcan Privacy Policy
Updated: November 1, 2024
Medcan is committed to protecting the privacy of your personal information, including your personal health information. Please read this Privacy Policy carefully. It explains how we collect, use, handle, and disclose your personal information.
This Privacy Policy applies to any personal health information or other personal information that we collect from you when you: (i) use the myMedcan online client portal (the “Portal”), (ii) visit and receive care at a Medcan health facility or through our virtual care services, (iii) visit our websites where this Privacy Policy is posted (the “Websites”), or (iv) otherwise interact with us.
TABLE OF CONTENTS
1. Collection and Use of Personal Information
2. Sharing of Personal Information
3. Storage and Location of Personal Information
4. Information About Our Websites
5. Safeguards and Retention
6. Your Choices
7. Access to Information
8. Updates to our Privacy Policy
9. Contact Us
1. COLLECTION AND USE OF PERSONAL INFORMATION
We may collect and use your personal information, including your personal health information, when you:
- Visit or obtain health care or wellness services at a Medcan health facility or through our virtual care services
- Create an account to access and use the Portal
- Book an appointment
- Purchase a membership or service from Medcan
- Chat with us through our live chats
- Sign up to receive marketing emails about Medcan resources, services, offers and events
- Interact with our Websites
- Participate in a Medcan survey
- Consent to participate in research
- Download research or content through our Websites
- Apply for a job with Medcan
- Visit a clinic
- Contact us
Health Care and Wellness Services: We collect your personal health information to enable Medcan health care providers to provide you with health care services when you visit one of our clinics, receive virtual care services, use our Portal, or otherwise engage with us. We may also collect relevant personal health information about you from your other health care providers, in order to enable Medcan health care providers to provide you with our health care services. Your personal health information is stored in your medical record which is accessible to health care providers, employees, agents and contractors in our clinics and through virtual care technologies. We also collect personal information (which may include personal health information) to provide you with wellness services. Information we collect to provide you with wellness services is not stored in your medical file.
While the nature of the personal health information you provide us will be unique to you and your health care needs, in general, we may collect information such as your name, gender, date of birth, general health concerns, personal and family medical history (including information about any treatments, diagnosis, or prescriptions), physician and medical referral appointment information, health care documents (including reports and imaging results), health card number, and other relevant health information, for the purposes of determining suitability for, planning and delivering health care services to you.
Virtual Care Services: Medcan health care providers offer virtual care services to provide non-urgent, non-emergency health care services remotely, either through real-time video or audio technology. If you choose to use our virtual care services, Medcan may request that you verify your identity such as by showing the health care provider your government-issued photo ID at the start of your virtual care session. Virtual care sessions are not recorded. If you and your health care provider exchange personal information through the chat functionality in a virtual care session, relevant information may be stored in your medical record.
We do our best to make sure that any information you give to us during virtual care visits is private and secure, however, as with all online communications, there is a risk that your health information may be intercepted or unintentionally disclosed. To help mitigate the risk, you should be in a private setting and should not use an employer’s or someone else’s computer/device. For additional information, please review the Client Information Sheet on Virtual Care included in your booking confirmation email.
myMedcan Portal: As a Medcan client, you will create an online account to access and use the Portal in order to communicate with us, book and view appointments, view the status of your upcoming or past referrals, purchase products and services, access test results and use our virtual care services. In order to create and administer your account and authenticate you, we will collect your full name, email address, date of birth, and a password that you create. We also collect your provincial health card number to provide you with provincially funded health resources and to accurately identify and link your personal health information records. You will also have the option to add information to your account profile, such as your gender, address, preferred method of contact phone number, emergency contact information, marital status, employment status, workplace name, role which help us understand your needs and tailor our products, services, and pricing to you. The information in your account profile on the Portal may automatically update to reflect information you provide to Medcan when you book a service or visit our clinic. You are required keep your username and password secure and not share it with anyone else. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages).
Appointment Booking: We collect personal information when you book an appointment with a health care provider through the Portal, by phone, text message, email or in person. This information may include the type of visit you would like (i.e. in person, virtual or by phone), name, reason for booking the visit, medical history, and emergency contact information. We use this information to book your appointment and provide the health care provider with the information they need to deliver health care services to you. For certain products and services, we will request a credit card number at the time of booking as described below. You can manage some of your appointment bookings or view your past and upcoming appointment bookings through the Portal or by contacting us.
Payment: If you purchase a product, service or membership from Medcan, we (or our authorized third party payment processor) will collect your full name, payment information (including billing address, credit card number, expiry data and CVV code), or if applicable, your private health insurance information, in order to process the transaction and enable Medcan health care providers to provide you with the health care services you have purchased.
Website Chat Functionality: When you use our chat functionality to chat with a live agent to make an inquiry, provide feedback, or make a request, we may collect information about you such as your first and last name and email address and mobile phone number, your specific feedback or request and the contents of your messages with us. We use this information to respond to your inquiry or process your request. Please do not provide any sensitive or health information to us through the chat functionality.
Electronic Marketing Communications: The provision of health information and educational material is a core feature of the Medcan service offering. When you join Medcan (or, if we otherwise have your consent) we will collect and use your full name, email address and/or your mobile phone number to provide you with marketing communications including information about Medcan resources, services, offers, events and promotions that may be tailored to your interests and interactions with Medcan. You can unsubscribe at any time. Please see Section 6 “Your Choices” to learn how to adjust your preferences.
Interest Based Advertising: Medcan wants to ensure that you are provided with information about products and services that can improve your health and wellbeing and are of interest to you. We may deliver interest-based advertising to you on Medcan Websites, third-party websites, mobile applications or social media platforms. In order to ensure you receive information and advertising relevant to your interests, we may use unique identifiers and/or your hashed email address or phone number to place you in general interest categories to determine what types of advertising may be of interest to you, and to serve such advertising to you on Medcan or third-party platforms. You may opt out by contacting Medcan, using third-party unsubscribe functionality (e.g. via Meta properties) to change your preferences on their platforms, or by changing your browser settings on your devices. Medcan will not use sensitive personal health information for marketing purposes without your express consent, and does not sell your personal information to third-parties.
Surveys: From time to time, we may offer you the opportunity to participate in one of our surveys. We may use the information we obtain through our surveys, which may include personal health information, to review and identify opportunities for improving our delivery of health care and wellness services to our clients and as otherwise explained to you at the time of the survey.
Research and Analytics: From time to time, Medcan may participate in research and data analytics projects utilizing personal health information previously and/or prospectively collected for the purpose of planning, delivering or improving the health and wellness services at Medcan or to advance medical knowledge. Data analysis may encompass elements like algorithms, computational models, machine learning and other technologies often referred to as artificial intelligence (AI), depending on the project. Medcan will not use or disclose your personal health information for these projects in a manner that can identify you without first obtaining your consent or in a manner consistent with applicable law, such as with the approval of a research ethics board. Medcan may generate, analyze and share de-identified information and disclose this information to third-parties. De-identified information is information that has had identifiers and other information removed so that it is not reasonably foreseeable that the information could be used, alone or in combination with other information, to identify an individual. Medcan may also generate and analyze de-identified data to create comparative statistical benchmarking reports across client groups or sectors to better understand health trends and to improve Medcan’s operations, products and services. Such benchmarking reports may be shared with third-parties (such as corporate clients of Medcan) in order to provide insight across client and corporate populations on an aggregate basis.
Perspective Papers: If you download one of our perspective papers or other publications through our Website, we may collect your first and last name, name, and email address in order to facilitate the download. If you consent, we will also add you to our email marketing list.
Careers: If you use our Website to apply for a job with Medcan, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application. For more information, please contact us to request a copy of the Medcanner Privacy Policy.
Visit a Clinic: We may conduct video recording for security purposes via the use of cameras located in public areas of our clinic, such as the reception area and the clinic entrance and exit area. In areas of our clinic where we conduct video recording, we will post signs to notify you.
Contacting Us: You may get in touch with Medcan, including by telephone, email or by using the chat functionality on our website or through the Portal. When you contact us with a comment, question or concern, you may provide information that identifies you, such as your name, email and phone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future. In addition, we may monitor and record our telephone conversations with you for documentation, training, and quality assurance purposes. If you do not wish to have your call recorded, you have the option to speak with us in person or communicate with us by email.
2. SHARING OF PERSONAL INFORMATION
We do not sell, rent or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.
- Other health care providers: We may share your personal information with your other health care providers and facilities (e.g. another physician or health care practitioner, an allied health professional or member of your clinical care team, a public hospital, pharmacy, laboratory, or ambulance service) for the purpose of supporting your continuity of care. We may also share your personal information if required for the purpose of contacting your family or a potential substitute decision maker. Unless you tell us not to, we may use electronic systems that are shared and accessible by health-care organizations across Ontario. These systems allow us to share and review your personal health information with care providers at other facilities to provide timely and coordinated patient care. For example, Medcan may use the Ocean system, Connecting Ontario Clinical Viewer, the Ontario Laboratory Information System and the Digital Health Drug Repository provided by eHealth Ontario on behalf of the Ministry of Health and Long Term Care. Additional information about these systems is available at the Connecting Ontario website.
- Employers and Other Third Parties: Where Medcan services are made available to you through your employer as part of your employment benefits plan, we may share aggregated, de-identified data regarding the use of Medcan services with your employer. We may also share limited personal information with your employer for billing and invoice reconciliation purposes. Medcan may create and share reports containing aggregated, de-identified data with other third parties such as benchmarking or other comparative reports.
- Benefits Providers: We may disclose certain personal information to your benefits provider for the purposes of coordinating payment from them, including your name, date of service, and the service provided. We may also share certain personal information with provincial health plans for billing of publicly funded services.
- Referrals to Affiliate Clinics: Where Medcan services are made available to you as part of a corporate benefit through your employer but we do not have a Medcan clinic in your area, we may refer you to an affiliate health clinic that has a partnership with us and disclose certain information about you, such as your employer, full name, gender, address, phone number and email address, to that affiliated health clinic. We may also disclose this information to support your continuity of care and so that you can access and use health care services from non-Medcan clinics in other locations outside of Ontario.
- Service Providers: Your personal information may be transferred (or otherwise made available) to third parties that provide services to us or on our behalf. We use third parties to provide services to us such as laboratory testing, virtual care technology, printing, mail distribution, marketing and advertising (including mobile marketing, optimization and retargeting) cloud storage services, payment card processing, and employment recruitment. Our service providers are only provided with the information they need to perform their designated functions. They are not authorized to use or disclose personal information for their own marketing or other purposes without Medcan’s written consent.
- Research Partners: As described above, Medcan may participate in medical research projects from time to time, including with third-party partners. Medcan may generate de-identified information and disclose this information to third-parties who are part of the research project and bound to use the data for the purposes of the study.
- Prescribed Registries: Medcan may share personal information to a prescribed registry who compiles or maintains a registry of personal health information for purposes of facilitating or improving the provision of health care in accordance with the requirements of applicable privacy laws.
- Legal and Compliance: We and our Canadian, U.S. and other foreign service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S. or other law or legal process, which may include lawful access by U.S. or foreign courts, law enforcement or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
- Sale of Business: We may transfer information we have about our clients as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Medcan or as part of a corporate reorganization or other change in corporate control.
3. STORAGE AND LOCATION OF PERSONAL INFORMATION
We use service providers who may access or store personal information or personal health information in the U.S., or other foreign jurisdictions in the course of providing services to us. Personal health information that forms part of your medical record is stored in Canada but may be transferred outside of Canada (for example, to specialists located outside of Canada for the purposes of providing health services to you).
4. INFORMATION ABOUT OUR WEBSITE
- Visiting our Website: In general, you can visit our Websites without telling us who you are or submitting any personal information. However, we collect the IP (Internet protocol) addresses of all visitors to our Websites and other related information such as page requests, browser type, operating system and average time spent on our Websites. We use this information to help us understand our Website activity and to monitor and improve our Websites.
- Cookies: Our Websites use a technology called "cookies" and similar technologies. A cookie is a tiny element of data that our Websites send to a user’s browser, which may then be stored on the user’s hard drive so that we can recognize the user’s computer or device when they return. Medcan uses cookies to improve your digital experience, offer enhanced functionality, personalize your content and ads and provide social media features. You may set your browser to notify you when you receive a cookie or to not accept or disable certain cookies. However, if you decide not to accept cookies from our Websites, you may not be able to take advantage of all of the Websites’ features. Medcan may also use third-party cookies. For example, Medcan may work with agencies or other service providers to help deliver ads on third-party websites where Medcan purchases advertising. These types of third-party cookies enable us to reach you on third-party websites and platforms with ads that may be of interest to you, and to understand the effectiveness of third-party advertising campaigns.
- Analytics: Our Websites also use web analytics services such as Google Analytics to help us gather and analyze information about the areas visited on the Websites (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the Websites. For more information about Google Analytics or to prevent the storage and processing of this (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on Google Analytics’ data privacy and security at the following links: https://policies.google.com/technologies/partner-sites and https://support.google.com/analytics/topic/2919631
- Third Party Links: Our Websites may contain links to other websites that Medcan does not own or operate. We provide links to third party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. This Privacy Policy does not apply to information collected by the linked websites. They have separate and independent privacy policies, notices and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the privacy policy of every website you visit.
- Tracer Tags & Web Beacons: The Websites may also use a technology called “tracer tags” or “Web Beacons”. This technology allows us to understand which pages you visit on the Websites. These tracer tags are used to help us optimize and tailor the Websites for you and other future visitors to the Websites.
5. SAFEGUARDS AND RETENTION
We have implemented reasonable administrative, technical and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss and unauthorized access, use, modification and disclosure. The only Medcan employees and service providers who have access to our clients’ personal information are those who “need-to-know” the information in order to carry out their job duties.
We retain personal information only for as long as necessary to carry out the purposes discussed in this Privacy Policy or to meet our legal or business requirements. Personal health information that forms part of your medical record will be retained in accordance with provincial and territorial retention guidelines.
Medcan may also create and retain de-identified or anonymized personal information for internal research and analysis purposes, including to improve business operations.
6. YOUR CHOICES
- Electronic Marketing Communications: If you receive our email marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email or by adjusting your preferences through your account profile in the Portal. Alternatively, you can opt-out of receiving our marketing communications by contacting us at the contact information under “Contact Us” below. Please note that you may continue to receive transactional, informational or account-related communications from us (including, for example, appointment reminders) even if you unsubscribe from marketing communications.
- Withdrawing your Consent: If you have provided consent to our collection, use or disclosure of personal information, you can withdraw your consent at any time (subject to our legal or contractual restrictions) by contacting us at the contact information set out below. If you withdraw your consent, we may not be able to provide certain products or services to you.
- Closing your Account: You can also close your account on the Portal at any time. To close your account or request to delete the personal information contained within your account profile, please contact us at the contact information below. If you choose to close your account or delete personal information contained within your account profile, we may retain certain information (including your medical record) to meet our legal or regulatory obligations. For more information review the “Safeguards and Retention” section above.
7. ACCESS TO AND UPDATING OF INFORMATION
Subject to limited exceptions under applicable law, you have the right to access, examine, update and ask to correct inaccuracies in your personal information and personal health information in our custody and control (and, in certain provinces, to authorize another person to receive a copy of your personal health information). You may make such requests by emailing or writing to us using the contact information set out below. You also have the ability to update your personal information through your account profile or by calling Medcan. We may request certain personal information from you when you make such a request in order to verify your identity.
8. UPDATES TO THE PRIVACY POLICY
We may update this Privacy Policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this page to ensure you are familiar with those changes. We will indicate at the top of this Privacy Policy when it was most recently updated.
9. CONTACT US
If you have any questions, concerns or comments about this Privacy Policy or the manner in which we or our service providers handle your personal information, or wish to request access to or correction of your personal information in our records, please contact us at:
Privacy Officer
150 York Street, Suite 1500
Toronto, ON M5H 3S5
(416) 350-5900
You may also bring your questions or concerns to the Information and Privacy Commissioner of Ontario by visiting www.ipc.on.ca.