myPillCard Inc. Privacy Policy

  1. Introduction

    This is the Privacy Policy of myPillCard, Inc. to provide our services, we collect personal information about you and, if you are a healthcare provider, about the patients you serve using our services and use of the myPillCard website (the “site"). Protecting that information is fundamental to how we do business. This Privacy Policy describes our current privacy practices and our commitment to comply with applicable rules and regulations.

    This Privacy Policy describes our privacy practices. It does not describe the privacy practices of the healthcare providers to which we provide services.

    If you are an individual using our services through a healthcare provider, the healthcare provider's privacy policy governs our collection, use and disclosure of your personal information (whether we obtain it from you or from your healthcare provider) on its behalf, the consent that you provide to your healthcare provider in relation to that personal information applies to our use of it on your healthcare provider's behalf, and we may collect, use and disclose that personal information in accordance with that healthcare provider's privacy policy.

    If you have questions about a healthcare provider's privacy policy, you should contact that healthcare provider directly. 

    If you are an individual who wishes to use our services directly, or if you initially used our services through a healthcare provider but wish to continue to use our services after ceasing to use that healthcare provider, this Privacy Policy applies to our use of your personal information (whether we obtain it from you or from your healthcare provider).

    Please read this Privacy Policy carefully so that you understand how we safeguard your personal information. By using our services, you agree to the terms of this Privacy Policy. This includes ensuring that you (and, if applicable, your authorized employees and agents) adhere to the practices identified below to help maintain the privacy and security of the personal information you provide to us.

    We reserve the right to change this Privacy Policy at any time, and in our sole discretion. Any such change will not have retroactive effect – it will only apply from and after the stated effective date. If we make any such change, we will notify you in advance at the email address you provide in your registration information (it is your responsibility to ensure that such email address is current, and attended). If you do not agree with the change, you can cancel your account with us without further obligation, except for the amount due for the balance of the billing period in which you cancel your account. Unless otherwise specified, any change to this Privacy Policy will be effective immediately upon the stated effective date of the change, and if no effective date is stated, upon the date that is 30 days after the posting of the change on our website. Your continued use of our services after the effective date will constitute your acceptance of such change. If you do not agree to any changes to this Privacy Policy, you must stop using our services.

  2. Scope And Definitions

    This Privacy Policy applies to all personal information, including personal health information, that is collected by myPillCard from you or on your behalf. 

    "Personal information" means information that refers specifically and identifiably to an individual, or that could be used to identify an individual when combined with other information. For example, an individual's name and date of birth are personal information. This Privacy Policy applies to personal information that you provide to us whether it is about you or is about a third party (for example, if you are a healthcare provider, personal information includes information we collect on your behalf from your patients).

    "Personal health information" has the meaning given to it by applicable law (if any), and in any event includes information about an individual that (i) relates to the physical or mental health of the individual (including, but not limited to, the individuals medications and doses, medical conditions, allergies and intolerances, and information that consists of the health history of the individual's family), and (ii) relates to the providing of healthcare to the individual (including the identification of a person as a provider of healthcare to the individual), or (iii) relates to payments for healthcare, in respect of the individual. For example, personal health information includes information about an individual's medications, the healthcare services the individual receives, payments for healthcare services for the individual, and messages between an individual and a healthcare provider.

  3. Certain Applicable Legislation

    In Ontario, myPillCard is subject to Ontario's Personal Health Information Protection Act, 2004 (the "PHIPA"). Under PHIPA, when we provide services to Ontario healthcare providers and they or their patients provide personal health information to us in relation to those services, we act as an "agent" under PHIPA to that healthcare provider (in that healthcare provider's capacity as a health information custodian under PHIPA).

    We also provide services to healthcare providers in other jurisdictions, and in the course of providing those services may collect personal information, including personal health information, from them in order to provide services to them. Our collection, use and disclosure of that personal information are subject to all applicable laws.

    We also provide services to individuals directly, and in the course of providing those services may collect personal information, including personal health information, from those individuals in order to provide services to them. Our collection, use and disclosure of that personal information are also subject to all applicable laws.

  4. Our Collection And Use Of Your Personal Information

    We collect personal information to provide you with services and support, establish contractual relationships and process payments. For example, we require your name and email address in order to provide you with access to our website. We will only ask you to provide the information required to complete your request or improve your service. You can always choose not to disclose information, but this may make it impossible for us to provide you with a particular service.

    In some cases, we collect and use information provided by healthcare providers about their patients to provide services to the healthcare provider. As described above, we use this information to assist the healthcare provider in the provision of healthcare. A plain-language description of the services we provide is available at the end of this Privacy Statement.

    In other cases, we collect and use information provided by individuals to provide them with services related to their healthcare. This can be information we collect on behalf of the individual's healthcare provider (for example, personal information provided to us by a patient after being invited by a healthcare provider to use our services), or it can be information we collect from the individual for use in our delivery of services directly to the individual, on his or her own behalf. For example, we collect your name, email address and other demographic information to create your account.

    To provide, maintain and improve our services, we also collect monitoring and auditing data in order to analyze, support and improve our services. For example, we may automatically track certain information about your visits to our website, such as your geographic location, computer type and the site from which you discovered us. We aggregate and/or anonymize this data before using or disclosing it. We do not collect personal health information for these purposes.

    "Cookies" are small files placed on your hard drive that assist us in providing our services. We use cookies to provide you with a smooth, efficient, safe and customized experience. For example, cookies are used to allow you to enter your password less frequently during a session.

    Please see our Terms of Use for information on what we do to personal information when you terminate your account with us. 

  5. Our Disclosure Of Your Personal Information

    We will not sell, lease or trade your personal information to any third parties.

    If you are an individual using our services, we may disclose your personal information to the healthcare providers to which you give access to that personal information in the course of using our services. For example, if you request or establish a relationship with a pharmacist for our service, your pharmacist and the pharmacy staff may disclose your personal information in order to verify your medication record, and communicate recommendations with other healthcare providers within the circle of care.

    We may from time to time use the services of affiliates, subsidiaries and unrelated service providers in the operation of our services, and may disclose your personal information to them in the course of our use of their services. For example, we may use the services of third-party hosting companies. This may involve the hosting of data, including personal information, on servers operated by those hosting companies. We take care to use only service providers that we believe are reputable and able to live up to our and your expectations, including about the handling of personal information.

    We cooperate with law enforcement inquiries and demands for information that are made under force of law. Therefore, we may disclose your personal information (a) to any governmental authority as part of an investigation to determine our compliance with any applicable law, rule, or regulation (including privacy laws, rules, and regulations), (b) in response to a court order, subpoena, discovery request, or other lawful judicial or administrative proceeding, or (c) as otherwise required under any applicable law, rule, or regulation.

    We may also disclose personal information to the acquirer or its agents in the course of the sale of our business. If we do this, the disclosure will be subject to confidentiality arrangements customary in such transactions.

    Finally, please note that in some cases, information (not including personal health information) that we collect may be stored or processed outside of Canada. In such cases, we continue to protect the information with appropriate safeguards, but it may be subject to the legal jurisdiction of those countries and governmental authorities in those countries.

  6. Protecting Your Personal Information

    We use practices and policies to protect your privacy and the security of your personal information when we are using, storing, and disclosing it as described in this Privacy Policy. These practices and policies include:

    • Limiting access to only those personnel who require the information to provide our services. We provide training to our personnel in compliance with our privacy practices. Unauthorized access, use and disclosure of personal information by our personnel is strictly prohibited, including disclosing information to a third party, family member or friend or using the information for personal benefit.
    • Retaining your personal information only as long as required to provide services to you or to comply with applicable laws. Specific retention periods vary depending on the nature of the information.
    • Encrypting your personal information when it is stored or transferred offsite and protecting our servers and other unencrypted storage with physical security.
    • Protecting our servers, databases and networks with state-of-the-art firewalls and encryption technology, including SSL, the industry standard for website encryption and security.
    • Auditing access to and modification of personal information, particularly personal health information, and requiring individualized accounts and strong passwords for access.
  7. Deleting And Returning Personal Information

    When your personal information is no longer required to provide you and/or those patients and healthcare providers with whom you have shared information with services, we will destroy or delete your information according to our standard security practices and in accordance with our terms of use. Some logging and auditing information may be retained at our discretion; in addition, all of your information may not be deleted immediately (for example, we retain automated backups for a period of time to assist in disaster recovery). At your request, we will provide you with a copy of your information prior to deletion.

  8. Your Responsibilities

    As a user of our services, you agree that you will adhere to the best practices described below to safeguard your personal information. If you are a healthcare provider, you also agree to ensure that your employees and agents adhere to these practices to protect your information and your patients' information.

    Specifically, you agree to:

    • Use your own personal email address and password when accessing our services. Do not share your password with any other person outside your circle of care.
    • Provide personal information to us using only the following methods: (a) through our secure website, (b) by fax, with an attached Confidential Fax cover page, or (c) by phone, if required for support purposes. Email is not a secure method for transmitting personal information.
    • Maintain your software, devices and networks as required to ensure security. For example, you should apply software updates and use anti-virus or security software as applicable to your device.
    • Notify us immediately of any change to your personal or account information that may impact the security and privacy of personal information (for example, staffing, phone number and email address changes).
    • Notify us immediately of any privacy or security breach that may impact our service (for example, if your email account or password has been compromised).
    • Not attempt to circumvent any of our practices, policies or technical safeguards for the protection of personal information, or to aid another person in doing so.

    myPillCard is committed to protecting the confidentiality of user passwords at all times. You are solely responsible for keeping your username and password confidential, as well as any use of the Site that could be made under your identity and/or with their password. In addition, you undertake to preserve the confidentiality of any information you may access, while using the Site and specifically undertakes not to forward, communicate or disclose any information you could have obtained on any other patient by using the Site, including without limitation by using the prescription refill services. Furthermore, you hereby discharge Pharmasave of any responsibility and undertake to keep Pharmasave free of any charge, accusation or other in the event of an unauthorized transmission, communication or disclosure of such confidential information. Pharmasave assumes no responsibility and cannot guarantee the confidentiality of information transmitted via the Internet, email and/or any other form of communications. You recognize that any material or information sent via the Site becomes the property of Pharmasave and consent to any use by Pharmasave of this information in accordance with the Privacy Policy. You agree not to assert any ownership right of any kind in such communications (including copyright, trademark, patent, unfair competition, moral rights, or implied contract) and you hereby waive such moral rights in favour of Pharmasave as well as the right to receive any financial or other consideration with such communication. Any information accessed by you, including information copied, reproduced, downloaded, displayed on a computer or other electronic device, posted, transmitted, republished or printed from the Site, shall be deemed to be in your sole custody and Pharmasave assumes no responsibility or custody rights or obligations for such information. Pharmasave shall not willingly use your name and address without your written consent, except in accordance with the Privacy Policy, which is incorporated by reference into the Terms of Use. All information that Pharmasave may collect via the Site about you is subject to the Privacy Policy.

  9. Access And Accuracy

    You have the right to access and verify the personal information associated with your account. You may also request changes to your personal health information online, a healthcare representative will respond to your request within thirty days.

    We will not provide patients with access to information that we collect or use on behalf of their healthcare provider and that would not generally be accessible to a patient user through the use of our services. Requests for access to this information should be directed to the applicable healthcare provider, who may in turn request the information from us.

    If you identify inaccuracies in our personal information, we will make an appropriate change in accordance with your instructions. If we are unable to change your information and you disagree with our decision, we will note your opinion in your file.

  10. Withdrawing Consent

    We respect your right to withdraw consent to the collection, use and disclosure of your personal information, subject to legal and contractual restrictions and reasonable notice. Upon receipt of a consent directive from an individual or their authorized representative, we will act on your instruction and, if applicable, inform the appropriate health information custodian of the implications. Withdrawing consent for the collection and use of your personal information may limit our ability to provide you with services.

  11. Concerns And Interpretation

    You should direct any questions or concerns about our policy and practices and any access or correction requests to our Chief Privacy Officer:

    Chief Executive Officer (Penny Guimont)

    myPillCard Inc.

    2449 Shelter Valley Road

    Grafton, ON K0K 2G0

    Email: privacy@mypillcard.com

    Phone: 416.625.7325

  12. Description of Our Services

    Our services are conducted by health professionals, for patients and/or caregivers, and to assist health professionals in the provision of healthcare. They include:

    • Patient Registration: Assisting patients and/or caregivers with the secured online myPillCard Account registration process using the information provided by the patient and/or caregiver and the participating pharmacy at the time of registration.
    • MMRC: Exchanging pharmacist-approved recommendations about the patient's medications and/or health with other healthcare professional within the circle of care.
    • PillCard™: Supplying patients and/or caregivers with a wallet-sized card listing their myPillCard Account information.
    • PillCard™ Update: Supplying patients and/or caregivers with an updated wallet-sized card subsequent to changes made to their online myPillCard account.
    • Patient Notifications: Exchanging account notifications and other information about the patient's health with the patient, caregiver and/or healthcare professional.

    If you, as a patient or caregiver, have any questions or concerns about these services, please contact us using the information above.