Humaderme - Protection of Pesonal Information
Privacy Policy
Version - October 2024
HUMADERME PRIVATE MEDICAL DERMATOLOGY POLICY REGARDING THE PROTECTION OF PERSONAL INFORMATION
This personal information protection policy (hereinafter the "Policy") sets out how HUMADERME PRIVATE MEDICAL DERMATOLOGY uses, communicates, retains, and destroys your personal information. For ease of reading, we will use the terms "we" or "The Clinic" from time to time in the Policy. We may provide you with additional information regarding the processing of your personal information, in certain cases, at the time of collecting your personal information. We may also obtain your specific consent in certain cases regarding the collection, use, communication, and retention of your personal information. The Policy applies to the personal information we collect, regardless of the manner, whether, for example, in person, by phone, or via our website. By accepting this Policy or by providing us with personal information after having had the opportunity to review the Policy or any other supplementary notice, you agree that your personal information will be processed in accordance with the Policy and the supplementary notice.
1-ABOUT US
Feel free to contact our manager, Samuel Audet, at the following email address: saudet@humaderme.ca or by mail at the indicated address:
HumaDerme, Private Medical Dermatology located at 110-6 Boulevard Desaulniers, St-Lambert, QC, J4P 1L3.
For any questions or comments you may have regarding the Policy, how we handle your personal information, or to exercise your rights concerning your personal data.
At HumaDerme, we have assigned roles and responsibilities as follows:
Under the authority of the company's President, the person responsible for the protection of personal information, Mr. Samuel Audet, ensures that the rules concerning personal information protection are implemented within the clinic and understood by all staff members. We raise awareness among our staff and professionals to ensure they understand the importance of protecting personal information, particularly through the guidance provided by the Collège des médecins du Québec, the Commission d’accès à l’information du Québec, the Ordre des conseillers en ressources humaines agréé du Québec, and certain medical associations.
2-IMPORTANT DEFINITIONS
In the Policy, the following definitions apply:
"Confidentiality Incident" :
• Unauthorized access by law to personal information;
• Unauthorized use by law of personal information;
• Unauthorized communication by law of personal information; or the loss of personal information or any other breach of the protection of such information.
"Personal Information" :
• Any information that concerns a physical person and allows, directly or indirectly, to identify them.
3-HOW WE WILL PROCESS YOUR PERSONAL INFORMATION
How do we collect your personal information?
Mainly by phone and in person at our Clinic, through the Dossier Santé Québec (DSQ), via the medical questionnaire generated by our Telus Santé system, sent by email or fax.
What personal information do we collect?
• For our clientele : Personal contact information, health insurance card, health information. A valid credit card number for appointment booking.
• For our staff: personal contact information, information required under labor laws and tax laws.
From whom do we collect your personal information?
Directly from you, from the Dossier Santé Québec, the RAMQ, and from healthcare establishments in the network.
Why do we collect your personal information?
• For our clientele : To provide you with health services.
• For our staff : to employ and pay them.
What happens if you do not consent to the collection of your personal information?
We will not be able to provide you with health services or hire you.
How will we share your personal information with third parties?
• For our clientele : With our electronic medical records and also with the Dossier Santé Québec.
• For our staff : according to the means provided by the rules of government authorities.
Who can access your personal information?
• For our clientele : Doctors, consulting healthcare professionals, nurses, secretaries, all strictly in the performance of their specific duties.
• For our employees : The medical clinic managers and those responsible for human resources and accounting, strictly in the performance of their duties.
How long will we retain your personal information?
• As long as the doctor-patient relationship lasts, according to the rules established by the Law and the Collège des médecins du Québec.
• Credit card information is destroyed at the end of the appointment.
• For our employees : as long as the employment relationship lasts and according to the laws and regulations in force for human resources management within a company.
What are the risks associated with the processing of your personal information?
Associated risks are privacy incidents (see definition above).
Where will we retain your personal information?
We retain your personal information in the electronic medical record system of our provider, which is approved by the Ministry of Health and Social Services. Employee information is kept in our electronic personnel management systems, those of payroll service providers, and in locked filing cabinets.
4-WHAT TECHNOLOGICAL PRODUCTS DO WE USE?
Software Name : Medesync
Provider Name : Telus Santé
Utility : DME
Update Calendar : Provided by the provider
Software Name : Employeur D by Desjardins
Provider Name : Desjardins
Utility : Payroll system and employee records
Update Calendar : Provided by the provider
5-SECURITY MEASURES AND INHERENT RISKS
We follow security standards in our field of activities to protect the information we collect and receive. More specifically, we have in place appropriate physical, technical, IT, and administrative protection measures to safeguard your personal information against a confidentiality incident.
Despite these measures, given the inherent risks associated with the use of IT systems, we cannot guarantee the absolute security and confidentiality of the information you transmit to us or provide, and you do so at your own risk.
If you have reason to believe that personal information has been compromised, please contact us at the contact details indicated in section 1 of the Policy.
6-HOW AND UNDER WHAT CONDITIONS WILL WE COMMUNICATE YOUR PERSONAL INFORMATION FOR PUBLIC SAFETY OR CRIME PROSECUTION PURPOSES?
6.1 In case of serious risk of death or serious injury
We may communicate personal information we hold to protect a person or a group of people when there is reasonable grounds to believe that a serious risk of death or serious injury, related in particular to a disappearance or an act of violence, including a suicide attempt, threatens this person or group and that the nature of the threat inspires a sense of urgency.
Information may then be communicated to the person(s) exposed to this risk, their representative, or anyone likely to provide assistance. Only the information necessary for the purposes pursued by the communication will be disclosed.
6.2 Law enforcement
We may also communicate information to the Director of Criminal and Penal Prosecutions or to a person or group responsible for preventing, detecting, or repressing crime or legal violations when the information is necessary for the purpose of prosecuting an offense under a law applicable in Quebec.
Finally, we may communicate information to a police department when it is necessary for the planning or execution of an intervention adapted to the characteristics of a person or the situation, in one of the following cases:
1. The police department intervenes, at our request, to provide us with assistance or support in the services we provide to a person.
2. We act in coordination or partnership with the police department in mixed practices of psychosocial and police interventions.
7-IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE CLINIC?
We may transfer your personal information to service providers we use in our operations. Therefore, your personal information may be transferred outside Quebec, for example, to the cloud to ensure data redundancy, i.e., to ensure their integrity.
8-WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION?
The law grants you various rights concerning your personal information. You have the following rights:
• Access: The right to request if we hold personal information about you and, if so, to request access to that personal information.
• Rectification: The right to request the correction of any incomplete or inaccurate personal information we hold.
• Withdrawal of Consent: The right to withdraw your consent to the communication or use of the personal information held. If so, we will no longer be able to provide you with health services or keep you employed if you are one of our employees.
• Restriction or Refusal of Access: The right to request that a particular practitioner or a category of practitioners indicated not have access to one or more identified pieces of information.
• Complaint : The right to file a complaint with our personal information protection officer as identified in section 1 in connection with this Policy or to file a complaint with the Commission d’accès à l’information du Québec if you believe that a violation of personal information protection laws has occurred. To file a complaint with the Commission d’accès à l’information (Quebec), please use the appropriate form available at the following address: For Citizens | Commission d’accès à l’information du Québec : https://www.cai.gouv.qc.ca
• Portability : You have the right to request that your personal information be communicated to you or transferred to another organization in a structured and commonly used technological format.
To exercise any of these rights, please contact our personal information protection officer as indicated in section 1 of this Policy.
9-HOW DO WE USE WEBSITE COOKIES?
We use browsing cookies to understand and provide our services to users searching for this type of service on search engines and the web. For transparency, the website (https://www.humaderme.ca) collects certain user data, including location, technology used, and session duration.
10-FULLY AUTOMATED DECISIONS
We do not use any technology that makes automated decisions based on personal information.
11-DESTRUCTION OF PERSONAL INFORMATION
Personal information is destroyed in accordance with the rules set out by the regulations issued by the Collège des médecins du Québec, the applicable laws in Quebec regarding human resource management, and the applicable laws in Quebec for the protection of personal information.
12-WHAT IS YOUR ROLE IN PRIVACY PROTECTION?
Unless you have special authorization, you are not allowed to capture and/or record voices, images, or videos related to your consultation with a professional at our Clinic, whether your meetings are in person or via teleconsultation. You are also responsible for respecting the confidentiality of other individuals receiving services at our Clinic.
13-HOW DO WE UPDATE THIS PERSONAL INFORMATION PROTECTION POLICY?
We may, from time to time, modify the Policy to reflect changes in our business processes or in the law.