To further clarify this commitment, HH has adopted this Privacy Code to guide how we collect, use and discloses personal information gathered in the course of operating our business.
Our code is based upon the Principles outlined in the Personal Information Protection and Electronic Documents Act of Canada (PIPEDA). It is designed to ensure that the purpose for gathering personal information is clearly defined, that consent is obtained to collect and use the information, and that safeguards are in place to protect the information. As business environments change, so do the requirements for the collection of personal information. Accordingly, this Code and the internal policies that support this Code will be subject to review to address new business conditions, and respond to evolving law and policy.
What is Personal Information?
Personal Information is any information about an “identifiable individual” including information regarding ethnic background, religion, marital status, medical, employment, and education. Information published publicly such as listed telephone number, address and name is not considered to be personal information.
HealthHub is responsible for the personal information under our control. We have established internal procedures, and where appropriate, contractual arrangements with external parties, to protect personal information. A Chief Privacy Officer has been appointed to monitor adherence with this Code, to guide staff in understanding and implementing privacy procedures, and to respond to requests from customers and employees for information on privacy issues.
The purpose for collecting personal information will be communicated at the time the information is gathered. If personal information is to be used for a purpose other than originally communicated, consent will be obtained before using the information for the new purpose. In general, HealthHub collects personal information for the following purposes:
- to provide entertainment and communication services to patients and residents of healthcare facilities, and to allow HealthHub to collect debts, rectify billing errors or issue refunds in relation to these services
- to undertake customer satisfaction surveys for the purpose of improving existing products and services delivered, and determining other products and services in demand
- to provide Point of Sale terminals and related network connectivity to merchants, as well as necessary leasing arrangements
- to provide transaction processing through automated teller machines
- to pay employees, and to provide benefits and performance reviews to those employees in compliance with all relevant Provincial and Federal laws
- to comply with any other legal or regulatory requirement
HealthHub will obtain consent to collect, use or disclose any personal information except where HealthHub is authorized or required by PIPEDA or any other law to do so without consent. Depending upon the circumstances, consent may be express or implied. The purpose for obtaining personal information will be communicated in understandable terms so that the individual can base consent upon meaningful information.
Consent may be withdrawn at any time, subject to legal or contractual restrictions, providing adequate notice is provided. Upon withdrawal of consent, HealthHub will notify the individual of the consequences of withdrawal, which may include the inability of HealthHub to provide further services to the individual.
HealthHub will limit its collection of personal information to that which is reasonably necessary to provide a product or service, and which is reasonably necessary for the purposes consented to.
Limiting Use, Disclosure and Retention
Personal information is not used, disclosed or retained for any purposes other than those for which it was collected. Personal information will be kept only as long as necessary to fulfill those purposes. In most cases, personal information will be retained for at least one year to allow for challenges to, or correction of, transactions related to the information. Where personal information is no longer required to fulfill the identified purposes, it will be destroyed, erased, or made anonymous.
In certain circumstances, personal information may be disclosed to third parties without consent of the individual. HealthHub may disclose personal information for the following purposes:
- in respect of an emergency that threatens the life, health or security of the individual to comply with a warrant, order or subpoena made by a court or other body with appropriate jurisdiction
- when HealthHub has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law, and the information is used for that investigation
- any other situation as permitted under PIPEDA
HealthHub will endeavor to keep personal information as accurate, complete and up to date as possible for the purposes for which it was collected. Individuals are encouraged to advise HealthHub of any changes to personal information that may be relevant to the services provided by HealthHub.
HealthHub will protect all personal information in its custody by making reasonable arrangements to prevent unauthorized access, collection, copying, use, disclosure or modification of that information. HealthHub’s methods of protection will include physical measures (such as locked storage facilities and restricted areas), organizational measures (such as restricting access to computer systems) and technological measures (such as passwords and firewalls).
Our employees are educated on the importance of client confidentiality, and are instructed to ensure client information is accessed and used only for the business purposes we have identified, and disclosed only to parties who are bound, contractually or through other reasonable means, to a comparable level of personal information protection.
HealthHub will be open about its procedures used to manage personal information. We will make available additional information regarding our policies relating to the management of personal information, upon request.
The most up to date version of this policy will be available on our website or by writing the Privacy Officer at the address noted below.
Individuals who wish to review or verify personal information held by HealthHub may do so by making a request, in writing, to the address noted below. Upon verification of the individual’s identity, HealthHub will respond within 30 days with a description of the ways in which that information is used and a description of any entities to which such information may have been disclosed. HealthHub may request certain information of the individual in order to authenticate identity. If an individual finds the information inaccurate or incomplete, upon providing evidence to verify the correct information, HealthHub will promptly update the individual’s records.
In certain instances, HealthHub may not be able to provide access to certain personal information. This may include situations in which:
the information contains references to other individuals’ personal information the information cannot be disclosed for legal, security or commercial proprietary reasons, or the information is subject to solicitor-client privilege
HealthHub encourages our customers and clients to tell us of any concerns they may have regarding our compliance with the principles of PIPEDA. If an individual has an inquiry or concern about HealthHub’s personal information handling practices, it may be directed, in writing, to the Chief Privacy Officer at the address noted below. Should any complaints be determined to be justified, HealthHub will take appropriate measures including, if necessary, amending its policies and practices.
Your On-line Privacy on Our Web Site
HealthHub collects some information about the ways you use our web site in order to make our site more interesting and useful to you. You are welcome to browse our web site anonymously at any time, without revealing any personal information.
There are a few activities where the collection of personally identifiable information may be necessary. When personally identifiable information is collected, you will know because you will have chosen to provide your information.
When you visit our site, your IP address is collected so that we know where to send the information you are requesting. This IP address does not personally identify you.
This is information that cannot be associated with a specific individual. Our web servers collect some anonymous information automatically when you visit our site. This information may include the pages you visited, what content you downloaded, the type of web browser you were using, and the level of encryption your browser supports. This information is collected on an aggregated basis. No personal information is associated with these statistics. We use this information to determine what type of information is most useful to you so that we can improve our web sites to make it easier for you to access information.
Our site collects aggregated site-visitation statistics using cookies, small text files containing a unique identification number that identifies your browser to our computers. This small file of information allows the web site to remember important information that will make your use of the site more enjoyable.
Cookies tell us which pages are visited, by how many people, the average time spent, and other useful statistics relating to the use of the site. This helps us to enhance the online experience of visitors to our site. We use the statistics to understand how customers use our sites, to make it easier for you and other visitors to use, to monitor the site’s performance and to improve our web site.
To assist you, cookies help us remember who you are through your browser settings, while saving your passwords and preferences so you don’t have to enter them each time; essentially, cookies save you time.
You do not need to accept cookies to visit our site. However, should you choose not to accept these cookies, your experience at our site (and other web sites) may be diminished and some features may not work properly.
How We Safeguard Your Information
The information you provide to us on our web site is securely maintained and kept confidential. Information is retained in secure facilities, and protected from unauthorized access. We provide technical, administrative, and physical security measures to protect your information against loss, misuse, and unauthorized access or disclosure.
Links to Other Web Sites
This web site may contain links to other sites that are not governed by this Privacy Statement. Please be aware that HealthHub is not responsible for the privacy practices of other such sites. This policy applies solely to information collected by this web site.
Questions or Concerns
HealthHub welcomes your comments regarding this Privacy Statement. Please contact us if you have any questions about privacy and usage that were not answered here.
You may address these concerns in writing to us:
Chief Privacy Officer
HealthHub Patient Engagement Solutions
Suite 1600, 2002 Victoria Avenue
Regina, Saskatchewan S4P 0R7
If this does not resolve your concern to your satisfaction, you may contact the Saskatchewan Information and Privacy Commission by writing to:
Saskatchewan Information and Privacy Commissioner
#503 – 1801 Hamilton Street
Regina, Saskatchewan S4P 4B4