TERMS  OF USE AND SERVICE

Whereas, Members Health Inc. (“MHI”), 121 King Street West, Suite 2150, Toronto, Ontario, M5H 3T9, Tel. 1-800-484-0152, www.Members-Health.com, has offered to arrange independent third party Physicians, Specialists, healthcare providers and appurtenant healthcare administrative and support staff to communicate with me using the following means of electronic communication: Phone, Email, Chat, Text, Videoconferencing using various video chat and/or conference platforms (“the Services”), I hereby acknowledge that I accept the services as will provided to me, that same may have been arranged and/or provided to me as an Employee or Association Benefit, or, as a service that I purchased directly from MHI independently for myself and/or jointly on behalf of my family, to wit I assert and consent that I will fully read the risks, limitations, conditions of use, and instructions for use of the services, both as detailed below and as will be provided in advance of use of the Services, either in advance of or at time of an appointment booking, and that my personal use of the services, including that of my dependents, will conclusively, definitively and irrevocably constitute my consent to the TERMS OF USE AND CONSENT TO USE OF ELECTRONIC COMMUNICATIONS and the PRIVACY POLICY. 

 

I acknowledge that it has been disclosed to me that either I, MHI, the referred Physicians that and/or the administrative and support staff for MHI may, at any time, withdraw the option of communicating electronically through the Services upon providing written notice and that any questions I have, have been answered.   NOTE:  You are free, at any time to ask questions via email to: drjones@members-health.com, matthew.handley@members-health.com, lina.elrayes@members-health.com, directly to Tel. 1-800-484-0152 or directly to the Physician prior to engaging with the Physician on the matter for your phone, text, email or video call.

 

I acknowledge and understand that multiple risks of using electronic communication and the services exist and that while encryption software may be used as a security mechanism for electronic communications, it is possible that communications with MHI, the referred Physicians that and/or the administrative and support staff for MHI using the Services may not be encrypted or subject to data interference by malicious actions of third parties. Despite this, I agree to communicate with MHI, the referred Physicians that and/or the administrative and support staff for MHI using the Services with a full understanding of the risks.

 

I specifically acknowledge that while MHI, uses reasonable means to protect the security and confidentiality of information sent and received using the Services, MHI cannot guarantee the security and confidentiality of all electronic communications, specifically and in part, because:

 

  • Use of electronic communications to discuss sensitive information can increase the risk of such information being disclosed to third parties.

  • Despite reasonable efforts to protect the privacy and security of electronic communication, it is not possible to completely secure the information.

  • Employers and online services may have a legal right to inspect and keep electronic communications that pass through their system.

  • Electronic communications can introduce malware into a computer system, and potentially damage or disrupt the computer, networks, and security settings.

  • Electronic communications can be forwarded, intercepted, circulated, stored, or even changed without the knowledge or permission of the Physician or the patient.

  • Even after the sender and recipient have deleted copies of electronic communications, back-up copies may exist on a computer system or servers.

  • Electronic communications may be disclosed in accordance with a duty to report or a court order.

  • Videoconferencing platforms and services may periodically be more open to interception.

 

As regards email or text as an e-communication tool, the following additional risks present:

 

  • Email, text messages, and instant messages can more easily be misdirected, resulting in increased risk of being received by unintended and unknown recipients.

  • Email, text messages, and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender, or to ensure that only the recipient can read the message once it has been sent.

 

You acknowledge and accept that you are subject to the following conditions of using the Services:

 

  • While MHI, the referred Physicians that and/or the administrative and support staff for MHI using the Services the Physician will attempt to review and respond in a timely fashion to your electronic communication, the Physician cannot guarantee that all electronic communications will be reviewed and responded to within any specific period of time and as such the Services are not to be used for medical emergencies or other time-sensitive matters.

  • If your electronic communication requires or invites a response from MHI, the referred Physicians that and/or the administrative and support staff for MHI using the Services and you have not received a response within a reasonable time period, it is your responsibility to follow up to determine whether the intended recipient received the electronic communication and when the recipient will respond.

  • Electronic communication is not an appropriate substitute for certain types of in-person or over-the-telephone communication or clinical examinations.  MHI, the referred Physicians that it designates and/or the administrative and support staff for MHI will endeavor, using best efforts, to alert you to same when such an event arises and will where appropriate, arrange or instruct you to attend an alternate assessment process, which may include attendance at an Emergency Department.

  • Electronic communications concerning diagnosis or treatment will be transcribed into the MHI secure Electronic Medical Records (EMR) system and made part of your medical record.  Only MHI designated and monitored staff and the referred Physicians will have authorized access to the medical record.

  • MHI, the referred Physicians that and/or the administrative and support staff for MHI may forward electronic communications to other Medical staff involved in delivery and administration of your care.   MHI, the referred Physicians that and/or the administrative and support staff will not forward electronic communications to third parties, including family members, without your prior written consent, except as authorized or required by law.

  • MHI, the referred Physicians that MHI designates and/or the administrative and support staff for MHI will not use the Services to communicate any sensitive medical information about matters specified below without your consent or a legal requirement to disclose: Sexually transmitted diseases, AIDS/HIV Mental health Developmental disability, or Substance abuse issues.    You agree to specifically inform the Physician of any types of additional information you do not want sent via the Services, in addition to those set out above and you are noticed that you can add to or modify the above list at any time by notifying MHI, the referred Physicians that MHI designates and/or the administrative and support staff for MHI.

  • Some of the Services might not be used for healthcare, or therapeutic purposes or to communicate clinical information. Where applicable, the use of the Services in these instances will be limited to education, information, and administrative purposes.   

  • That MHI, the referred Physicians that it designates and/or the administrative and support staff for MHI are not responsible for information loss due to technical failures associated with your software or internet service provider.

  • You will reasonably limit or avoid using an employer’s or other third party’s computer.

  • You will inform MHI, the referred Physicians it designates and/or the administrative and support staff for MHI of any changes in your email address, mobile phone number, or other account information necessary to communicate via the Services. 

  • Message subject lines will have an appropriate description of the nature of the communication (e.g. “prescription renewal”), and that your full name may appear in the body of the message.

  • You will review all electronic communications to ensure they are clear and that all relevant information is provided before sending MHI, the referred Physicians that it designates and/or the administrative and support staff for MHI using the Services.

  • You will ensure that MHI, the referred Physicians that it designates and/or the administrative and support staff for MHI using the Services are aware you have sent them an electronic communication, such as by a reply message or allowing “read receipts”.

  • You will take precautions to preserve the confidentiality of your electronic communications, such as using screen savers and safeguarding computer passwords.

  • You will only withdraw consent via email or written communication to MHI, the referred Physicians that and/or the administrative and support staff for MHI using the Services.

  • You will in instances where you require immediate assistance, or when a condition appears serious or rapidly worsens, not rely on the Services, but take immediate measures as appropriate, such as going to the nearest Emergency Department.

  • You have fully read and understand all the services, risks and this TERMS OF USE AND CONSENT TO USE OF ELECTRONIC COMMUNICATIONS in total as detailed above, that you have had opportunity to ask or clarify any questions you have, and as such that you hereby consent and agree to the use of the services on the understanding that MHI will not use your personal or personal health information without your consent except as necessary to provide its services,  that MHI will never sell your personal or personal health information, nor otherwise make any of your personal information available to a third party in exchange for remuneration, that MHI will never disclose your personal information except as required by law and upon demonstration of lawful authority, as determined by their Corporate Legal Counsel, and that upon your express request and instruction, will immediately close your account and destroy or anonymize all personal information related to your account, that MHI may/shall/will collect my name, the name and contact information of the health care provider (including their specialization), as well as the time of your appointments, that consultations may/shall/will occur on a secure video platform, safeguarded as described in the Privacy Policy as immediately below, that none of your personal or personal health information shall be used without your consent except as necessary to provide its services.

 

PRIVACY POLICY

 

Members Health provides its users the capability to engage in secure video consultations with health care providers from the privacy and convenience of a location they choose as secure and appropriate. This means personal information and personal health information is collected by Members Health. This information is highly-sensitive and protected by the Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all applicable provincial personal health information protection legislation throughout Canada.  

 

Members Health is committed to safeguard this information at the corresponding level. This Privacy Policy describes the physical, technological and administrative measures we implement to safeguard personal and personal health information. We comply with privacy law and we honour the trust of our users by taking the necessary measures to protect personal and personal health information.

 

By law, personal information is that which relates to an identifiable individual, to the exclusion of business contact information (name, title, work address, work phone number or work email address). Personal health information includes information that relates to an identifiable individual’s health, physical and/or mental, health history, including family health history, and/or medical treatment.

Read on to learn more, and if you have questions, feel free to contact our Designated Privacy Contact, Chief Privacy and Security Officer, Matthew Handley: matt@members-health.com, 1-800-484-0152 ext. 700. If we update this Privacy Policy, we will notify you.

 

Our commitment

 

Members Health will never collect, use or disclose personal or personal health information without the consent of the individual to which it relates.

 

Members Health safeguards personal and personal health information on the basis of risk assessments and industry standards regarding physical security, technological security and administrative policies and processes, as detailed below.

 

Members Health complies with all applicable personal health information legislation where it operates.

 

Information we collect

From patients:

When consulting a health care provider registered with Members Health, we collect: Name, email and phone number of the patient, date and time of the appointment, confirm address info and health card details, together with any written instructions the provider has added to the "notes for patient" after the appointment, and files attached by the provider or patient during or after the appointment inside the platform, usually as PDF or Word documents

 

From health care providers:

We collect name, business contact information, availability and specialization details.

 

How we protect the information we collect

 

Members Health protects personal and personal health information through integrated physical, technological and administrative safeguards:

 

Physical safeguards:

 

Members Health premises do not house any of the electronic equipment upon which personal health information is permanently stored, this information is stored directly on Telus supplied and managed Secure Servers inside highly secure Telus Facilities, none of which can be accessed without Telus authorization and protocols being followed.

 

Access is controlled by digital tokens, codes and monitored in a manner that keeps all personal and personal health information secure from unauthorized access.

 

Members Health electronic equipment does include portable equipment, however these devices do not locally store personal or personal health information, they are merely the conduits to secure cloud based data. 

 

All necessary backups are safely locked away, offsite, by third parties.

 

Members Health does not keep personal or personal health information on paper.

 

Technological safeguards:

Members Health stores all personal and personal health information with Telus on Telus Secure Servers based in Toronto, and, also with a third party in Montreal, Canada, with Amazon Web Services Secure Cloud (AWS). AWS is certified as compliant with ISO/IEC Standard 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. In addition to the independent certification process under ISO/IEC 27018:2014, this Standard also includes the right to audit AWS for compliance.

The secure video and/or text consultations we utilize are encrypted with the AES cipher using 128-bit keys. Here are the details of our encryption:

  • The basic voice, video, and text traffic are converted into cipher, a form which cannot be understood by anyone except authorized parties.

  • The conversion is done with random keys that change from the beginning to the end of the conversation to make it even more secure.

  • The keys last a short period of time and are neither stored nor persistent anywhere. Members Health destroys or anonymizes all personal and personal health information when it is no longer necessary to deliver service. Members Health employees can only gain technological access to personal information or personal health information collected by Members Health:

  • With a robust password, based on required elements.

  • Upon authorization, granted strictly on a need-to-know basis, defined according to job requirements.

 

Access is monitored through technological audit trails.

 

Audit trails are reviewed to ensure compliance.

 

Administrative measures:

 

Members Health has appointed a Designated Privacy Contact, mentioned above, who acts as Chief Privacy and Security Officer (CPSO) responsible for information systems monitoring and information security policy and procedure management.

 

The CPSO is responsible for compliance with Members Health’s privacy programme including:

  • Undertaking threat and risk assessments on a regular basis and as systems are approved

  • Adopting policies and procedures on the basis of threat and risk assessments to mitigate all identified risks, and updating these policies and procedures as necessary.

 

Members Health users may access their personal information by accessing their account and, should they require assistance, by contacting our CPSO.

 

Upon the express request of a user, Members Health will immediately close the user’s account and destroy or anonymize all personal information related to that account.

 

Members Health trains, supports and supervises all its employees on its Privacy Policy and procedures.

Contractors are held to the same high level of protection of personal and personal health information as

 

Members Health through contractual agreements, including audits, based on Members Health’s Privacy Policy and procedures.

 

Members Health senior management receives regular reports on privacy compliance and, in turn, reports to the Board for oversight.

 

Members Health uses external services for the provision of data storage and these parties are regularly audited by a third party to ensure they meet our privacy obligations. This is part of a process for Members Health to reassess all policies and procedures on an ongoing basis to ensure that legal requirements are met and personal and personal health information is highly secure.

 

How we use the information we collect

 

Members Health will never use personal or personal health information for purposes other than those for which it is provided – with express consent – and those necessary to deliver the service requested by our users.

 

Members Health will never sell the personal information or personal health information it collects, nor otherwise make any such information available to a third party in exchange for remuneration.  

 

Members Health will never disclose personal or personal health information, except as required by law and upon demonstrated lawful authority, as determined by our Corporate Legal Counsel.

 

Should Members Health conduct market or product research, it will never use personal nor personal health information, which is traceable to any individual; rather, it will fully anonymize information, meaning the risk of this information being traced back to a given individual is reduced to the greatest extent possible.

 

Breach response

 

There is no total guarantee against data breaches. However, as described above, Members Health has taken all steps it believes reasonable as measures to prevent breaches.

 

Furthermore, in the event of a breach, Members Health would immediately mitigate its impact by:

  • Notifying users at the first reasonable opportunity, namely as soon as we identify the breach

  • Applying remedial measures immediately.

 

Ensuring patients’ meaningful consent

 

To ensure Members Health users meaningful consent, Members Health provides relevant information in this Privacy Policy, as well as through the availability of our Designated Privacy Contact, Matthew Handley, matt@members-health.com, Tel. 1 800 484 0152.

Accessibility Policy

Website Accessibility

Members Health is committed to providing a website that is accessible to everyone.

We are actively working towards achieving a fully accessible website that conforms to the World Wide Web Consortium (W3C), Web Content Accessibility Guidelines (WCAG) 2.0 at Level AA in accordance with the requirements of Ontario’s Accessibility for Ontarians with Disabilities Act, 2005, Integrated Accessibility Standards.

If you would like information in a different format, please contact us. We will work with you to create a suitable format.

Please reach out to us at Tel. 1 800 484 0152 or via careteam@members-health.com

 

Accessibility Policy

 

Members Health Inc., is incorporated under federal legislation, its directors are responsible for managing and supervising the activities and affairs of the Corporation. In accordance with its By-law’s, the Board of Directors has appointed a president who has general charge of Members Health Inc., business affairs, and is responsible for the overall day-to-day management of Members Health Inc., and has such authority as prescribed by the Board.  Accordingly, a policy has been developed to provide direction with regards to the responsibilities of employees and others who deal with the public or other third parties in Ontario on behalf of Members Health Inc in providing services to people with disabilities in compliance with the Accessibility for Ontarians with Disabilities Act (AODA) (2005) and to meet the applicable requirements of the Integrated Accessibility Standards, Ontario Regulation (IASR) for Members Health Inc., being 1) the Information and Communications Standard, which applies to the provision of information and communications services and materials for people with disabilities, 2) the Employment Standard, which applies to the provision of accessible employment services for persons with disabilities and 3) the Customer Service Standard, which applies to the provision of goods and services (in Members Health case, specifically services) to the public or other third parties.