Website and Health Information Privacy Policy

 

Website Privacy Policy

 
 
 
 

Fio Corporation (we, us, our) recognises and values the protection of your personal information. We recognise that you have an interest in our collection and use of your personal information via our websites, which are located at  www.fio.com (and other similar addresses). We have implemented this Website Privacy Policy in order to be open and transparent about how we collect, hold, and use your personal information, and under what circumstances we may disclose or transfer your personal information. The Website Privacy Policy also outlines your rights to gain access to, and seek corrections of, your personal information we hold. Finally, the Privacy Policy provides information about how you can approach us about your privacy-related concerns and complaints, and how we will deal with such communications. ​

 

This policy applies only to information that Fio Corporation collects via this Website. ​ 

 

Please note that this Privacy Policy forms part of the Terms of Use document, which is displayed at the footer of each page of our Websites. 

 

​Information we collect and hold

Wherever possible, you can elect to remain anonymous or use a pseudonym in interacting with us e.g. when making an enquiry. From time to time, we may ask you to supply personal information such as your name, address, date of birth, telephone number or e-mail address. However, under no circumstances will we request any information from you that may disclose your:

·    political, religious or philosophical opinions, beliefs, associations or affiliations;

·    health and sexuality;

·    racial or ethnic origin;

·    membership of a trade union, or a professional or trade association; 

·    or criminal records.

We may also conduct surveys or market research and may seek other information from you on a periodic basis. These surveys will provide us with information that allows improvement in the types and quality of services offered to you, and the manner in which those services are offered to you.

 

Personal information via the Website

Most commercial websites use ‘cookies’, which are pieces of information that websites send to the browser and are stored in your computer hard-drive. Cookies make using the Website easier by storing information about your preferences on the Website. This allows the Website to be tailored to you for any of your return visits. Cookies will not identify you personally. If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However, by disabling the cookie function in your web browser you may impede your ability to use parts of the Website.​

 

Your option not to provide your personal information​

Providing us with your personal information is absolutely optional but may be necessary for us to provide you with our services. Whenever it is optional for you to provide us with non-essential personal information, we will make this clear to you. When you provide us with your personal information, you are consenting to our storage, use and disclosure of that information as outlined in this Website Privacy Policy. Providing us with this information is absolutely optional to you. However, if you do not provide your personal information to us we may not be able to contact you or give you access to the additional information. You may opt out of these additional communications at any time.​

 

Use and disclosure of your personal information

When we hold your personal information it will be used for the following primary purposes:

·    to ensure the proper functioning of the Websites;

·    to ensure the proper functioning of the Fio Corporation business ; and

·    to assist Fio Corporation with our auditing, marketing, planning, billing, product development and research requirements.

We will not use or disclose (or permit the use or disclosure of) information that could be used to identify an individual member in any circumstances except:

·    to ensure the proper functioning of our business and the Website;

·    to communicate promotional offers and special events to you;

·    where the law requires us, or authorises us, or a company holding data on our behalf, to do so; or

·    where you have given express consent to us for a prescribed purpose.

We will not sell, distribute, rent, licence, disclose, share or pass your personal information onto any third parties, other than those who are contracted to us to keep the information confidential whether subject to a statute or a scheme which imposes similar restrictions to the Privacy Principles, regarding the handling of personal information. Should a third party approach us with a demand to access your personal information, we will take reasonable steps to redirect the third party to request the information directly from you, wherever it is lawful and reasonable for us to do so. If we are compelled to disclose your personal information, to a third party we will take reasonable steps to notify you of this in advance, wherever it is lawful and reasonable for us to do so. 

 

Security of personal information

In our business, personal information may be stored both electronically and in hard-copy form. We are committed to keeping your personal information secure regardless of the format in which we hold it and we take all reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification or disclosure. However, you use the Website at your own risk and we accept no responsibility, whether we are deemed to have been negligent or not, in the event of a security that affects your privacy. Note that no information transmitted over the Internet can be guaranteed to be completely secure. However, we will endeavour to protect your personal information as best as possible but we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk. 

 

Accuracy and quality of personal information​

We will take all such steps as are reasonable in the circumstances to ensure that:

·    all information collected from you is kept accurate, up to date and complete; 

·    and the personal information that we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

Access to your personal information

In most cases, you have the right to access the personal information that we hold about you. If you wish to access your personal information, please contact our Privacy Officer by emailing: privacyofficer@fio.com.

 

​We will deal with all requests for access to personal information as quickly as possible. Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given. We may charge you a reasonable fee for access if a cost is incurred by us in order to retrieve your information, but in no case will we charge you a fee for your application for access. Whenever a fee will be applied, you will be notified of how that fee will be calculated, or where possible, the total amount that will be charged. You will then have the option to decide whether to proceed with your access request.​

 

In some cases, we will refuse to give you access to personal information we hold about you. This includes, but is not limited to, circumstances where denying access is required or authorised by or under the law or a court/tribunal order or where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within the Fio Corporation business in connection with a commercially sensitive decision-making process.​

 

We will also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Fio Corporation and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.

 

​If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.​

 

These mechanisms for accessing your personal information operate alongside, and do not replace, other informal or legal procedures by which you may be provided with access to your personal information.​

 

Correction of your personal information

The accuracy of the personal information we have requested from you is important to us. Should you suspect, or become aware of, that your personal information we hold is inaccurate, out of date, incomplete or misleading, please contact our Privacy Officer. We will deal with all requests for correction of personal information as quickly as possible. Requests relating to a large amount of information, or information which is not currently in use, may require further time before a response can be given.

 

​If we refuse to change the personal information as you request, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also provide details of how you may make a complaint about our decision. Further, in case of our refusal, you may request that we take reasonable steps to associate, with the relevant information, a statement that you view it as inaccurate, out of date, incomplete or misleading.

 

​In the case we have corrected personal information about you, you may request that we take reasonable steps to give notice of the correction to any third party to which we have disclosed the inaccurate, out of date, incomplete or misleading personal information.​

 

These mechanisms for correcting your personal information operate alongside, and do not replace, other informal or legal procedures by which you may be provided correction of your personal information.​

 

Concerns and complaints about breaches

If you have concerns about how we handle your personal information, it is important that you notify us as soon as possible, so that we can address your concerns appropriately as the circumstances require. Any concern or complaint should be made in writing. Please send it to our Privacy Officer by email to:  privacyofficer@fio.com and we will respond as soon as reasonably possible.

 

Disposal of personal information not required

If we hold personal information about you, and we do not need that information for any purpose for which the information may be used or disclosed, we will take reasonable steps to destroy or de-identify that information unless we are prevented from doing so by law.​

 

Unsubscribing from our e-mail database

To unsubscribe from our e-mail database, please send us an e-mail to  privacyofficer@fio.comwith “UNSUBSCRIBE” typed into the subject line of the e-mail.​

 

 

 

Health Information Privacy Policy

 

 

At Fio Corporation, we are committed to maintaining the accuracy, confidentiality and security of the information we collect and use. This Health Information Privacy Policy describes the Personal Health Information that Fio collects, how we use it and to whom we disclose it.

Fio has adopted a series of privacy practices in order to address the specific privacy concerns of certain groupings of individuals or certain types of information. This Health Information Privacy Policy applies to the Personal Health Information we collect, use and disclose, unless the personal information (i) is unrelated to an individual’s Personal Health Information or (ii) is related to an individual who seeks to be, is or was employed by Fio.

Interpretation

In this policy, the following words and phrases will have the following definitions:

  1. The “Act” shall mean Ontario’s Personal Health Information Protection Act, 2004 SO 2004 c 3 Sched A, as amended.

  2. De-Identified Health Information” means information that (i) relates to the physical or mental health of an individual, relates to the providing of Health Care to the individual, including the identification of a person as a provider of Health Care to the individual, or is collected in the course of the individual seeking Health Care and (ii) is incapable of being used to identify the individual from whom the information was initially collected. 

  3.  “Health Care” means any observation, examination, assessment, care, service or procedure that is done for a health‑related purpose and that, (i) is carried out or provided to diagnose, treat or maintain an individual’s physical or mental condition, (ii) is carried out or provided to prevent disease or injury or to promote health, or (iii) the compounding, dispensing or selling of a drug, a device, equipment or any other item to an individual, or for the use of an individual.

  4. Identifying Information” means information that identifies an individual or when used in conjunction with other information it could be reasonably foreseeable that the information may identify an individual.

  5. Personal Health Information”, means identifying information about an individual in oral or recorded form, if the information, (i) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family, (ii) relates to the providing of health care to the individual, including the identification of a person as a provider of Health Care to the individual, (iii) is the individual’s health number, or (iv) is collected in the course of the individual seeking Health Care.

 

Privacy Policy Effective for Canada

It is Fio’s policy to endeavour to comply with the privacy legislation within each jurisdiction in which we operate. Sometimes the privacy legislation and/or an individual's right to privacy are different from one jurisdiction to another. This Health Information Privacy Policy is designed and maintained with respect to the Act.

The Collection of Personal Health Information

Fio is engaged in aiding diagnosis and improving care management globally. The Personal Health Information that Fio collects will be collected in compliance with this Health Information Privacy Policy. The majority of Personal Health Information that Fio has custody or control over is collected by third parties i.e. Fio’s customers who are Healthcare providers. Fio endeavours to ensure that any Personal Health Information that is collected by third parties is collected in compliance with this Health Information Privacy Policy and in compliance with applicable laws. Fio will ensure that the third parties engaged to collect the Personal Health Information will take reasonable measures to ensure the accuracy of the Personal Health Information collected.

All Personal Health Information collected by Fio is collected with the knowledgeable consent of the individual from whom it is collected and not through deception or coercion. Except where a particular means of consent is required by applicable law, the consent of the individual may be implied or express. 

Custody or Control over Personal Health Information: Our Practices

Fio complies with the practices set forth in this Health Information Privacy Policy. To the extent that Fio engages with third parties to enable Fio to use electronic means to collect, use, modify, disclose, retain or dispose of Personal Health Information, Fio will endeavour to ensure that those third parties comply with the applicable practices set forth in this Health Information Privacy Policy. Fio will employ reasonable steps to ensure that the Personal Health Information is as accurate, complete and up-to-date as may be necessary for the purposes for which Fio uses the Personal Health Information. Fio will employ reasonable steps to ensure that the Personal Health Information it has custody over or that is under its control are retained, transferred and disposed of in a secure manner.

Fio will take diligent steps to ensure that Personal Health Information in its custody or control is protected against theft, loss and unauthorized access, use or disclosure and to ensure that the records containing the information are protected against unauthorized copying, modification or disposal. In the event of theft, loss and unauthorized access, use or disclosure of Personal Health Information Fio may, or will if required by applicable law, notify the individual at the first reasonable opportunity of the theft or loss or of the unauthorized use or disclosure.

Privacy Officer

Fio will at all times have an employee designated as a privacy officer to ensure compliance with this Health Information Privacy Policy. The privacy officer shall, among other things: facilitate the custodian’s compliance with the Act; ensure that all agents of Fio are appropriately informed of their duties under this Act; respond to inquiries from the public about the Fio’s information practices; respond to requests of an individual for access to or correction of a record of Personal Health Information about the individual that is in Fio’s custody or control; and receive complaints from the public about Fio’s alleged contravention of the Act or its regulations. 

The privacy officer, named below, will be accessible to the public during regular business hours (EST) at the listed contact information.

The privacy officer shall be available to describe to individuals how he or she may obtain access to or request correction of Personal Health Information about that individual that is in the custody or control of Fio and describes how to make a complaint to Fio and to the Commissioner under the Act. In the unlikely event that Fio uses or discloses Personal Health Information about an individual, without the individual’s consent, in a manner that is outside the scope of this Health Information Privacy Policy the privacy officer shall, inform the individual of the uses and disclosures at the first reasonable opportunity, make a note of the uses and disclosures; and keep the note as part of the records of Personal Health Information about the individual that Fio has in its custody or under its control. The privacy officer may also be contacted by an individual who wishes to withdrawal their consent to Fio’s use and disclosure of the individual’s Personal Health Information. 

The Personal Health Information We Collect

The Personal Health Information Fio has custody and control over, whether collected by Fio or by third parties, is collected in the context of an individual seeking Health Care. Specific Personal Health Information collected is connected to the reason the individual sought Health Care. Generally, Identifying Information is collected; such Identifying Information may include an individual’s: name, date of birth, national health identifying number, and address of residence. Apart from Identifying Information, information related to the Health Care interaction maybe also collected, including: the date, demographic data, general geographic data (e.g. GPS coordinates), symptoms, pregnancy status, brief medical history, indicative health metrics (e.g. blood pressure, heart rate, blood glucose, etc.), diagnostic tests performed, diagnostic test results (both quantitative and qualitative), diagnosis, treatments and referrals given. 

Personal Health Information

The Personal Health Information Fio has custody or control over is used for a variety of purposes. The purposes for which the Personal Health Information is used can be divided into two categories: Customer Care Guidance & Management and De-Identification. 

  1. Customer Care Guidance & Management: The Personal Health Information Fio has custody or control over is collected by Fio or third-parties on behalf of Fio’s customers. Fio’s customers are generally themselves health information custodians as defined in the Personal Health Information Protection Act, 2004 SO 2004 c 3 Sched A, or foreign analogues of health information custodians. Fio’s customers are public and private entities that are otherwise engaged in providing Health Care to individuals. Personal Health Information collected by those customers is made available to that customer via a central platform to review and act upon the Personal Health Information Fio has custody or control over. Fio enables its customers to act upon the Personal Health Information it has custody or control with the desire to aid in Health Care delivery and Health Care management. While the Personal Health Information Fio has custody or control over is primarily used by Fio to simply make such Personal Health Information available in Fio’s customers in a remotely accessible portal; Fio’s agents may in rare cases use Personal Health Information incidentally to providing customer service or improving the software and services Fio provides to its customers. In general all customer service or improve exercises use de-identified data.
     

  2. De-identification: Fio may also use the Personal Health Information it has custody and control over to manipulate it into De-Identified Health Information. In the process of de-identification, the Personal Health Information is altered in such a way that it can no longer be used to identify an individual, whether with the information alone or in conjunction with other information. In the process of de-identification, the pre-cursor Personal Health Information is necessarily used. The De-Identified Health Information may then be used for Fio’s own marketing purposes, it may be marketed to third parties to inform them of the incidence, burden, and care practices of the infectious diseases Fio tracks, or Fio may use it for post-market surveillance and clinical post-market follow-up. In the process of de-identification, the following items are removed from the Personal Health Information to render it De-Identified Health Information: any patient Identification numbers, the patient’s names, the patient’s date of birth, the patient’s county, municipality and street address, the patient’s email and phone number and any extra, identifying patient information.

 

Personal information collected via the Fionet Website

Most commercial websites use ‘cookies’, which are pieces of information that websites send to the browser and are stored in your computer hard-drive. Cookies make using the Website easier by storing information about your preferences on the Website. This allows the Website to be tailored to you for any of your return visits. Cookies will not identify you personally. If you would prefer not to receive cookies, you can alter your security settings on your web browser to disable cookies or to warn you when cookies are being used. However, by disabling the cookie function in your web browser you may impede your ability to use parts of the Fionet Website.​

Information about our use of cookies and other data collected:

 

Category of Use and its Description

  • AuthenticationIf you’re signed in to Fionet, cookies help us show you the right information and personalize your experience.

  • SecurityWe use cookies to enable and support our security features, and to help us detect malicious activity and violations of our User Agreement.

  • Preferences, features and servicesCookies can tell us which language you prefer and what your communications preferences are. 

  • Performance, Analytics and ResearchCookies help us learn how well our site and plugins perform in different locations. We also use cookies to understand, improve, and research products, features, and services, including when you access Fionet from devices such as your work computer or your mobile device.

 

In any event, Fio does not use the Personal Health Information for any purpose other than the purpose for which it was collected or created or for those functions that are reasonably necessary for carrying out that purpose. 

 

Access to your personal information

In most cases, you have the right to access the personal information that we hold about you. If you wish to access your personal information, please contact our Privacy Officer by emailing privacyofficer@fio.com .

 

​We will deal with all requests for access to personal information as quickly as possible. Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given. We may charge you a reasonable fee for access if a cost is incurred by us in order to retrieve your information, but in no case will we charge you a fee for your application for access. Whenever a fee will be applied, you will be notified of how that fee will be calculated, or where possible, the total amount that will be charged. You will then have the option to decide whether to proceed with your access request. ​

 

In some cases, we will refuse to give you access to personal information we hold about you. This includes, but is not limited to, circumstances where denying access is required or authorised by or under the law or a court/tribunal order or where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within the Fio Corporation business in connection with a commercially sensitive decision-making process.​

 

We will also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Fio Corporation and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.

 

​If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision. ​

 

These mechanisms for accessing your personal information operate alongside, and do not replace, other informal or legal procedures by which you may be provided with access to your personal information

 

Correction of your personal information

The accuracy of the personal information we have stored on behalf of a customer/Healthcare provider about you is important to us. Should you suspect, or become aware of, that your personal information we hold is inaccurate, out of date, incomplete or misleading, please contact our Privacy Officer. We will deal with all requests for correction of personal information as quickly as possible. Requests relating to a large amount of information, or information which is not currently in use, may require further time before a response can be given.

 

​If we refuse to change the personal information as you request, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also provide details of how you may make a complaint about our decision. Further, in case of our refusal, you may request that we take reasonable steps to associate, with the relevant information, a statement that you view it as inaccurate, out of date, incomplete or misleading.

 

​In the case we have corrected personal information about you, you may request that we take reasonable steps to give notice of the correction to any third party to which we have disclosed the inaccurate, out of date, incomplete or misleading personal information. ​

 

These mechanisms for correcting your personal information operate alongside, and do not replace, other informal or legal procedures by which you may be provided correction of your personal information. ​

 

Concerns and complaints about breaches

If you have concerns about how we handle your personal information, it is important that you notify us as soon as possible, so that we can address your concerns appropriately as the circumstances require. Any concern or complaint should be made in writing. Please send it to our Privacy Officer by email to: privacyofficer@fio.com and we will respond as soon as reasonably possible.

 

Fio will make all reasonable efforts to investigate and respond to challenges relating to this Privacy Policy. Where a challenge is well founded Fio will take action to correct any outstanding problems up to and including amending the Privacy Policy and related procedures.

 

Complaints regarding this investigation process and its outcome can be made to regulatory authorities (Canada-Office of the Privacy Commissioner, US-Office for Civil Rights, EU-National Data Protection Authority)

Disclosure of Personal Health Information

We will not sell, distribute, rent, licence, disclose, share or pass your personal information onto any third parties, other than those who are contracted to us to keep the information confidential whether subject to a statute or a scheme which imposes similar restrictions to the Privacy Principles, regarding the handling of personal information. Should a third party approach us with a demand to access your personal information, we will take reasonable steps to redirect the third party to request the information directly from you, wherever it is lawful and reasonable for us to do so. If we are compelled to disclose your personal information, to a third party we will take reasonable steps to notify you of this in advance, wherever it is lawful and reasonable for us to do so

 

Fio does not disclose the Personal Health Information to anyone before approvals are provided by its customer/Healthcare provider on behalf of whom the data was collected.

 

The Personal Information disclosed to the requestor will be in a form that is reasonable and understandable. Where the meaning of information is not clear then translations and explanations will be provided without additional cost.

 

Amendments of these Privacy Policies

​We are obligated to regularly review and update this policy. We therefore reserve the right to amend this Privacy Policy at any time. Should any significant amendments occur, notification will be provided by publication on the Website 14 days prior to the changes being implemented (the Notice Period) unless the circumstances of the amendments makes it unreasonable to provide such a Notice Period. Your continued use after the Notice Period has lapsed indicates your consent to be bound by the amended Website Privacy Policy.

Our Website Privacy Policy was last updated on 17th Dec, 2020