Last Updated: August 11, 2022
“Personal health information” is a defined term under the Ontario Personal Health Information Protection Act, 2004 (“PHIPA”) and includes any information in oral or recorded form (including written, audio or video) about an individual’s physical, cognitive, and/or emotional health, health care history, or health care treatment that could identify an individual when used alone or with other information.
TABLE OF CONTENTS
- Collection and Use of Personal Information
- Sharing of Personal Information
- Information About Our Website
- Your Choices
- Safeguards and Retention
- Access to Information
- Privacy Breach Management
- Contact Us
Consultations with health care practitioners are available in Ontario. BRIA has overall responsibility for protecting your personal health information, including your medical record, and we are directly accountable to you.
COLLECTION AND USE OF PERSONAL INFORMATION
We may collect and use your personal information, including your personal health information, when you:
- Create an account to access our virtual care services
- Obtain health care services through our virtual care services
- Book an appointment
- Purchase a service from BRIA
- Sign up to receive marketing emails about BRIA resources, services, offers and events
- Participate in a BRIA survey
- Apply for a job with BRIA
- Contact us
- Provide consent to do so for other reasons
- Health Care Services: We collect your personal health information to provide you with health care services when you visit our Website, create an account to access virtual care services, or otherwise engage with us. We may also collect relevant personal health information about you from your other health care providers (i.e., an affiliate fertility clinic), to provide you with our health care services. We will not collect personal health information if other information we have will serve the purpose of the collection. In addition, we will not collect more information than is reasonably necessary to meet the purpose of the collection. This information is stored in your medical record which is accessible to BRIA health care providers and administrators who are involved in providing you virtual care services.
- Creating Your BRIA Account: As a BRIA client, you will create an online account to access and use the BRIA Solution to communicate with us, book and view appointments, purchase services, and use our virtual care services. To create and administer your account and authenticate you, we will collect your name, email address, and healthcare stage or objectives (i.e., trying to conceive, pregnant, postpartum, or perimenopausal). You are required to keep your username and password secure and not share it with anyone else. We will never ask you for your password in any unsolicited communication (such as letters, phone calls or email messages). If you become aware of any unauthorized access to or use of your account, you are required to notify us immediately.
- Intake Forms: After creating a BRIA account on the BRIA Solution, you may provide further treatment related information via an intake form, such as your reproductive stage, date of birth, physician and medical referral information, and emergency contact information. We also collect your provincial health card number to provide you with provincially funded health resources and to accurately identify and link your personal health information records. Based on your current healthcare stage or objectives, you may provide information regarding your symptoms and wellbeing. While the nature of the personal health information you provide to us in the intake forms will vary according to your healthcare stage or objectives, in general, we use this information for the purpose of determining suitability for, planning, and delivering health care services to you, to develop your personalized care plan, and to monitor your treatment progress through BRIA.
- Mental Health Assessments: In addition to intake form information, users may opt to obtain individualized mental health or other health assessments through an assessment with either a trained health care provider, mental health care professional and/or a psychiatrist. Assessments are completed by either an occupational therapist, social worker, psychiatrist, gynecologist or a trained RN, as appropriate. While the nature of the personal health information you provide us will be unique to you and your health care needs, in general, during the mental health assessments, our health care professionals may collect additional information such as your general health concerns, personal and family medical history, physician and medical referral appointment information, health care documents, and other relevant health information, for the purposes of determining suitability for, planning, and delivering health care services to you.
- Appointment Booking: We collect personal information when you book an appointment with a health care provider through the BRIA Solution or by phone. This information may include the type of appointment you would like (i.e., individual, group, or couple’s therapy), name, reason for booking the visit, intake form information, medical history, emergency contact. We use this information to book your appointment and provide the health care provider with the information they need to deliver health care services to you. You can manage some of your appointment bookings or view your past and upcoming appointment bookings through the BRIA Solution or by contacting us.
- Virtual Care Services: We offer virtual care services to provide non-urgent, non-emergency health care services remotely, either through real-time video or audio technology. If you choose to use our virtual care services, BRIA may request that you verify your identity such as by showing the health care provider your government-issued photo ID at the start of your virtual care session. Virtual care sessions are not recorded. While the nature of the personal health information you provide to us will be unique to you and your health care needs, in general, in providing virtual healthcare services, our health care professionals may collect and use relevant health information for the purposes of determining suitability for, planning, and delivering health care services to you.
We do our best to make sure that any information you give to us during virtual care visits is private and secure, however, as with all online communications, there is a risk that your health information may be intercepted or unintentionally disclosed. To help mitigate the risk, you should be in a private setting and should not use an employer’s or someone else’s computer/device.
- Payment: If you purchase a product, service, or membership from BRIA, we (or our authorized third-party payment processor, Stripe) will collect your full name, payment information (including billing address, credit card number, expiry date and CVV code), in order to process the transaction and provide you with the health care services you have purchased.
- Marketing Communications: The provision of health information and educational material is a feature of the BRIA service offering. When you join BRIA (or if we otherwise have your consent) we will collect and use your full name and email address to provide you with marketing communications including information about BRIA resources, services, offers, events and promotions that may be tailored to your interests and interactions with BRIA. You can unsubscribe at any time by clicking the “unsubscribe” link included at the bottom of each email or by adjusting your preferences through your account profile on the BRIA Solution. Alternatively, you can opt out of receiving email marketing communications in your BRIA Solution account directly, or by contacting us using the contact information provided in the “Contact Us” section below. Please note that you may continue to receive transactional, informational or account-related communications from us even if you unsubscribe from marketing communications.
- Surveys: From time to time, we may offer you the opportunity to participate in one of our surveys. We may use the information we obtain through our surveys, which may include personal health information, to review and identify opportunities for improving our delivery of health care services to our clients. You have the option to partake in this by consenting to receive our marketing emails.
- Perspective Papers: If you download one of our perspective papers or other publications through our Website, we may collect your first and last name and email address in order to facilitate the download. If you consent, we will also add you to our email marketing list.
- Careers: If you use our Website to apply for a job with BRIA, you may provide us with certain personal information about yourself, such as information contained in a resume, cover letter, or similar employment-related materials. We use this information for the purpose of processing and responding to your application.
- Contacting Us: You may get in touch with BRIA, including by telephone or email. When you contact us with a comment, question or concern, you may provide information that identifies you, such as your name, email and phone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future.
SHARING OF PERSONAL INFORMATION
We do not sell, rent, or disclose your personal information to third parties without your consent, except as described below or as required or permitted by applicable law.
- Other Health Care Providers: We may share your personal information with your other health care providers and facilities (i.e., an affiliate fertility clinic, another physician or health care practitioner, an allied health professional or member of your clinical care team, etc.) for the purpose of supporting your continuity of care. We may also share your personal information if required for the purpose of contacting your family or a potential substitute decision maker.
- Employers and Other Third Parties: Where BRIA services are made available to you through your employer as part of your employment benefits plan, we may share aggregated, de-identified data regarding the use of BRIA services with your employers. We may also share limited personal information, such as your name, service date, and email address, with your employer for billing and invoice reconciliation purposes. Alternative arrangements may be made with the permission of your employer.
- Benefits Providers: We may disclose certain personal information to your benefits provider for the purposes of coordinating payment from them, including your name, date of service, and the service provided. We may also share certain personal information with provincial health plans for billing purposes of publicly funded services.
- Referrals from Affiliate Clinics: Where BRIA services are made available to you through a referral from an affiliate fertility clinic that has a partnership with us to provide applicable mental health care services, we may disclose certain personal information about you, such as your full name, gender, address, phone number and email address, to that affiliated fertility clinic. Invoices may be issued to an affiliate fertility clinic, which include information pertaining to the patient and the services they received.
- Service Providers: Your personal information may be transferred (or otherwise made available) to third parties that provide services to us or on our behalf. We use third parties to provide services to us such as virtual health care consultation and therapy scheduling assistance, virtual care technology, privacy and security compliance, cloud storage services, payment card processing, and other services as required. Our service providers are only provided with the information they need to perform their designated functions. They are not authorized to use or disclose personal information for their own marketing or other purposes.
- Legal and Compliance: We and our Canadian service providers may disclose your personal information in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian law or legal process. Your personal information may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.
- Sale of Business: We may transfer information we have about our clients as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of BRIA or as part of a corporate reorganization or other change in corporate control.
INFORMATION ABOUT OUR WEBSITE
- Visiting our Website: In general, you can visit our Website without telling us who you are or submitting any personal information. We do not collect the IP (Internet protocol) addresses of visitors to our Website.
- Analytics: Our Website also uses web analytics services such as Google Analytics to help us gather and analyze information about the areas visited on the Website (such as the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the Website. For more information about Google Analytics or to prevent the storage and processing of this (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on Google Analytics’ data privacy and security at the following links:
- Tracer Tags & Web Beacons: The Website may also use a technology called “tracer tags” or “Web Beacons”. This technology allows us to understand which pages you visit on the Websites. These tracer tags are used to help us optimize and tailor the Website for you and other future visitors to the Website.
If you have provided consent to our collection, use or disclosure of personal information, you can withdraw your consent at any time by contacting us at the contact information set out below. If you withdraw your consent, we may not be able to provide certain services to you.
If you have signed-up to receive our email marketing communications, you can unsubscribe any time by clicking the “unsubscribe” link included at the bottom of the email or by adjusting your preferences through your account profile in the Jane App. Alternatively, you can opt-out of receiving our marketing communications by contacting us at the contact information under “Contact Us” below.
SAFEGUARDS AND RETENTION
We have implemented all administrative, technical, and physical measures that are reasonable in the circumstances to safeguard the personal information in our custody and control against theft, loss, disposal and unauthorized access, use, copying, modification, and disclosure. The only BRIA employees and service providers who have access to our clients’ personal information are those who “need-to-know” the information in order to carry out their job duties, and are subject to confidentiality agreements and end-user agreements which require them to apply similar safeguards to protect our clients’ personal information.
Client medical records are maintained in an electronic format in a central electronic medical record system (“EMR”) which is stored in secure data centres in Canada and protected by encryption, user account and password controls, restricted access by service providers and logging, auditing and monitoring of all access to electronic records of personal health information. BRIA is the health information custodian of all client records maintained in their EMR. Please note that appointment reminders are provided by a US-based service and therefore, the information included in those communications will travel to the United States.
BRIA may also create and retain de-identified or anonymized personal information for internal use to improve the provision of services and business operations.
When personal health information is disposed of, BRIA will take reasonable steps to ensure secure and permanent destruction of these records. Where a third party is retained to dispose of this information, BRIA will enter into a written agreement with the third party that sets out the requirements for secure disposal and require the third party to confirm in writing that secure disposal has occurred. BRIA keeps a record of all personal health information that has been destroyed, including the date and manner in which the information was disposed of and to whom the information relates.
ACCESS TO INFORMATION
Subject to limited exceptions under applicable law, you have the right to access, examine, update and ask to correct inaccuracies in your personal information and personal health information in our custody and control (and, in certain provinces, to authorize another person to receive a copy of your personal health information). You may make such requests by emailing us using the contact information set out below. You also have the ability to update your personal information through your account profile or by calling BRIA. We may request certain personal information from you when you make such a request in order to verify your identity.
PRIVACY BREACH MANAGEMENT
In the event that BRIA is notified that a client’s personal health information has been stolen, lost or subject to unauthorized use, access, disclosure, copying or modification, they will immediately notify the Privacy Officer and anyone else from within and outside BRIA (i.e., involved staff, outside experts and legal counsel) who should be involved in addressing the breach.
BRIA’s first priority will be to identify and contain the breach, and then to take steps to correct it and to minimize chances of similar breaches in the future. We will notify any client whose personal health information may have been stolen, lost, or accessed in an unauthorized manner, at the first reasonable opportunity. We will also advise clients of their right to contact the Information and Privacy Commissioner of Ontario (“Privacy Commissioner”). We will then investigate the breach and take any reasonable steps to remediate it. Finally, we will consider whether a report to the Privacy Commissioner or any regulatory college of a BRIA service provider is required.
Dr. Beverly Young,
You may also bring your questions or concerns to the Information and Privacy Commissioner of Ontario by visiting www.ipc.on.ca