Skip to main content
CareChart Digital Health By Bayshore

Privacy Policy

How We Protect Your Privacy

We handle and protect your personal health information in accordance with Ontario’s Personal Health Information Protection Act, 2004 (PHIPA) and any other laws that we are required to follow. We provide training, follow established policies, and take other steps to ensure that our staff and anyone else acting on our behalf protects your privacy.

Collection, Use, and Disclosure of Personal Health Information

Your request for care from us implies consent for our collection, use, and disclosure of your personal health information for the following purposes:

  • to provide and assist in the provision of health care to you through our services and programs.
  • for the purpose of obtaining payment or processing, monitoring, and verifying the provision of health care or related goods and services.
  • to plan, administer, and manage the operation of our services and programs.
  • to manage risk and improve the quality and safety of our services and programs.
  • for educational and training purposes for our Clinicians to provide health care.
  • to conduct research activities as approved by a research ethics board.
  • to comply with legal and regulatory requirements; and,
  • to fulfill other purposes that are permitted or required by law.

From time to time, we may communicate about your care with your other health care providers, including collecting, using, and disclosing your personal health information through electronic medical information systems (sometimes called electronic health records, eHealth records, electronic medical records, etc.). If you would like more information about the electronic medical information systems we use, please speak with our Privacy Contact.

Any use of your personal health information other than those mentioned above would require your express consent.

Your Rights and Choices

PHIPA provides you with certain rights related to your personal health information under our custody or control. Please communicate with our Privacy Contact for more information related to your rights:

  • to see and get a copy of your personal health information.
  • to ask us to make corrections to inaccurate or incomplete personal health information.
  • to withdraw your consent to our collection and use of your personal health information and,
  • to be informed if your personal health information is lost, stolen, or improperly accessed.

Carepath Privacy Contact

For more information or to raise concerns about our privacy practices, please contact our privacy office:

Email: privacyofficer@bayshore.ca

Mailing Address: 2101 Hadwen Road, Mississauga, ON L5K 2L3

The Information and Privacy Commissioner of Ontario

The Information and Privacy Commissioner of Ontario is responsible for making sure that privacy law is followed in Ontario. For more information about your privacy rights, or if you are unable to resolve an issue directly with our Privacy Contact and wish to make a complaint, contact:

Information and Privacy Commissioner of Ontario

Email: info@ipc.on.ca

Address: 2 Bloor Street East, Suite 1400, Toronto, ON, M4W 1A8

Toll Free: 1-800-387-0073

TDD/TTY: 416-325-7539

Privacy and Confidentiality Risks associated with electronic communication and virtual care delivery services

Carepath will use reasonable means to protect the security and confidentiality of information sent and received using the services as outlined in the attached Consent to use electronic communication and virtual delivery.

However, because of the risks outlined below, the Clinician cannot guarantee the security and confidentiality of electronic communication. Some of the risks of electronic communication are:

  • Use of electronic communications to discuss sensitive information can increase the risk of such information being disclosed to third parties.
  • Despite reasonable efforts to protect the privacy and security of electronic communication, it is not possible to completely secure the information.
  • Electronic communication can introduce malware into the computer system and potentially damage or disrupt the computer networks and security settings.
  • Electronic communication can be forwarded, intercepted, circulated, stored or even changed without the knowledge or permission of the Clinician or the patient.
  • If electronic communication has been deleted, there is still a possibility that backup copies may exist on a computer system.
  • Electronic communication may be disclosed in accordance with a duty or report or a court order.
  • Videoconferencing using services such as Zoom, Teams or Face Time may be more open to interception.

If email or text is used as an e-communication tool, the following are additional risks:

  • Email, text messages, and instant messages can more easily be misdirected, resulting in the increased risk of being received by unintended and unknown recipients.
  • Email, text messages, and instant messages can be easier to falsify than handwritten or signed hard copies. It is not feasible to verify the true identity of the sender, or to ensure that only the recipient can read the message once it has been sent.

Condition of using the Services

  • While the Clinician will attempt to review and respond in a timely fashion to your electronic communication, the Clinician cannot guarantee that all electronic communications will be reviewed and responded to within any specific period of time. Carepath Services cannot be used for medical emergencies or other time-sensitive matters.
  • Electronic communication is not an appropriate substitute for in-person, or over-the-telephone communication or clinical examinations, where appropriate, or for attending the Emergency Department when needed.

Condition of using the Services (continued)

  • Electronic communication concerning diagnosis or treatment may be printed or transcribed in full and made part of your medical record, as such, staff, and billing personnel, may have access to those communications.
  • The Clinician may forward electronic communications to staff and those involved in the delivery and administration of your care. The Clinician might use one or more of the Services to communicate with those involved in your care. The Clinician will not forward electronic communications to third parties, including family members, without your prior written consent, except as authorized or required by law.
  • You agree to inform the Clinician of any types of information you do not want sent via the Services, in addition to those set out above. You can add to or modify the above list at any time by notifying the Clinician in writing.
  • Some Services might not be used for therapeutic purposes or to communicate clinical information. Where applicable, the use of these Services will be limited to education, information, and administrative purposes.
  • The Clinician is not responsible for information loss due to technical failures associated with your software or internet service provider.

Date Retention and Destruction Guidelines

  • All records must be retained for the complete retention period as per the Master Record Retention Schedule. Notification and approval from authorizing custodian must be confirmed, as per applied business contract agreements and approval by direct reporting manager/director or NSC Privacy office.
  • Electronic records that are managed with in a health information system will be retained until an electronic record series destruction cycle has been defined and supports legislation and custodian requirements.
  • Health (Client Information): At least 10 YRS from the later of the two dates: Date of the last patient encounter or, Date that the patient reached or would have reached the age of majority OR As per contractual requirements, whichever is longer.
    • It must be possible to retrieve and reproduce a complete health record for each patient throughout the retention period.
    • Considerations to the relevant provincial and contract regulations.
  • Statue: The Health Information Act for each corresponding province/territory and Canadian Medical Protective
    Association: Retention of clinical records by physicians in Canada
  • User Data Deletion: In accordance with the standard company policy, all client health information and electronic records are retained for a period of ten (10) years. Users may submit data deletion requests through the Contact Us section within the application or by contacting our customer support team directly. Upon review by the NSC Privacy Team and subsequent approval from the authorized custodian, the requested data will be permanently destroyed. A corresponding destruction record will be documented and maintained within the system’s inventory log to ensure compliance with data governance requirements.

Adapted by the Canadian Medical Protective Association CMPA – Consent to use Virtual Care Tools
https://www.cmpa-acpm.ca