The protection of personal information is of utmost importance, that’s why MEDFAR is committed to maintaining the accuracy, security and privacy of Personal Information in accordance with applicable legislation. This MEDFAR Privacy Policy (hereafter named “Policy”) aims to help our clients, service providers and other individuals (“you”) understand MEDFAR’s personal information collection, use, disclosure and retention practices.
MEDFAR
MEDFAR provides an intuitive and interconnected way of managing care through its fast, reliable, and secure SaaS-based MYLE Integrated Care platform. Its solutions streamline clinical processes and empower 15,000 healthcare professionals daily to provide better care for more than 20 million patient visits across North America. MEDFAR pledges to transform quality of care on a global scale with a plan to enable 5 million care providers to deliver high-quality care to 500 million patients across 5 continents by 2030.
Consent
By submitting personal information to MEDFAR or by using the Web site or any of our EMRs or Patient Portals, you consent to our collection, use and disclosure of such personal information as set forth in this Privacy Policy and as permitted or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent to certain of the identified purposes at any time by contacting the person in charge of the protection of personal information. If you refuse or withdraw your consent, we may not be able to provide or continue to provide you with certain services or information that may be of value to you. If you provide MEDFAR with personal information about another individual, you represent that you have all necessary authority or have obtained all necessary consents from such individual to allow us to collect, use and disclose such personal information for the purposes set forth in this Privacy Policy.
What is Personal Information and Personal Health Information
In this Policy, “Personal Information” as defined by Canadian privacy legislation means any information about an identifiable individual or information that allows an individual to be identified. Generally, Personal Information does not include what is considered business contact information: name, title or position, business address, telephone number, facsimile number or email address. “Personal Health Information” is a type of “Personal Information” and is defined as identifying information that relates to an individual’s health, including, but not limited to, information about diagnosis, treatment and care.
What Personal Information MEDFAR collects about you
When you use our website, communicate with us, subscribe to our services, use our EMR solutions, or our patient portals, we collect a certain amount of personal information that you provide to us. This includes:
EMR Solutions (Plexia and MYLE) Users :
- First and last name of the administrator
- Contact information of the administrator
- Clinic-specific system configuration
Patient Portal (Plexia and MYLE) users
- First and last name
- Date of birth
- Gender at birth
- Email address
- Telephone number
- Provincial health Card Number
Website Users and Website Chatbot
- First and last name
- Email address, phone number
- Any information included in the message content
- Whether you are a healthcare professional or a patient
- Website usage details and other technical information, such as details of visits to our websites or information collected through cookies (see our Cookie Policy for more information).
- Recruitment information such as your curriculum vitae, your education and employment history, details of professional memberships and other information relevant to potential recruitment (see our Talent Acquisition Privacy Policy – ENG for more information).
MYLE Health
- Date of birth
- Medication selection
- Confirmation or refutation that the allergies, intolerances, and adverse reactions that are displayed are up to date
- Consent to share a copy of your medical summary with your preferred pharmacy
We do not knowingly collect information from anyone under the age of 14. If you are a minor under the age of 14, please do not provide us with any personal information without the express consent of a parent or guardian. If you are a parent or guardian and know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from a minor child without verification of parental consent, we will take steps to remove that information from our servers.
How does MEDFAR collect your Personal Information
We collect personal information about you through various interactions you have with us, including:
- Website Interactions: When you take certain actions on the Website, including contacting MEDFAR directly to inquire about solutions or services, signing up for newsletters, registering for events, or purchasing subscriptions, we collect your first name, last name, email address, phone number, province of residence, and message content.
- Customer Service: When you contact customer service to report issues or ask questions, we collect your name, email address, phone number, and any other information you choose to provide.
- EMR solution users (Plexia and MYLE): When a healthcare organization subscribes to our EMR software, we collect the administrator’s first and last name, e-mail address and clinic-specific system configuration.
- Patient Portals: When you create a patient portal account (Plexia and MYLE), we collect the necessary personal information.
- MYLE health: When you submit the web form received by SMS.
- Recruitment: We use Smartrecruiters to manage job applications. When you apply for a position, you provide personal information directly to Smartrecruiters on our behalf, including your name, email address, phone number, and curriculum vitae. We use this information to assess the eligibility and suitability of candidates (see our Talent Acquisition Privacy Policy – ENG for more information).
- Social Media: When you interact with us on social media platforms (e.g., LinkedIn, Facebook, X), we collect the personal information you provide, such as your username.
How does MEDFAR use your Personal Information
We collect personal information to provide high-quality, personalized services, comply with legal obligations and continuously improve our offerings. We use the personal information we collect for the following purposes:
Service provision and enhancements:
- To enable customers to purchase or subscribe to a service.
- To provide the requested service.
- To provide any other complementary services associated with the requested service.
- To provide customer support.
- To understand customer needs.
- To control the quality of customer service and prevent errors.
- To personalize customer support, respond to your concerns and improve our service offerings.
- To configure and manage EMR solutions environments (Plexia and MYLE) for healthcare organizations.
- To manage and provide access to patient portal accounts (Plexia and MYLE)
- To confirm your identity (MYLE Health)
- To enable your preferred pharmacy to dispense your prescription (MYLE Health)
- To analyze website usage details and other technical information to improve website functionality and user experience..
Communication:
- To answer your requests for information.
- To notify you about products, services, events and updates.
- To communicate with you and manage business relationships.
- To respond to inquiries made through our social media sites (e.g., LinkedIn, Facebook, X).
Legal and regulatory compliance:
- To meet the requirements of the laws.
- To fulfil our legal, regulatory, or risk management obligations.
- To prevent fraud.
Recruitment:
For recruitment purposes, to enable us to process job applications and to assess the suitability of a candidate for the position for which he or she is applying.
Personal Information Collected by healthcare providers using our Solutions (Plexia et MYLE)
MEDFAR provides electronic medical record systems that enable healthcare providers to collect, use, process, store and communicate patients’ personal information. Below we have described the types of personal information collected from healthcare providers (including physicians, nurses and their administrative personnel).
- Personal information including first and last name
- Contact information including physical address, email address and telephone number
- Demographic information, including languages spoken, birthdays, gender identity, and dependents.
- Provincial personal health number
- Personal health information, including:
- Visit information (e.g., date, visit type, visit reason, name of healthcare provider, referring provider)
- Medical history (e.g., chronic conditions, past diagnosis, family medical history, clinical observations from previous visits etc.)
- Pharmacy and medications information (Current medications and dosages, allergies and intolerances, preferred pharmacy)
- Treatment information (e.g., symptoms, care plans and progress notes, diagnoses, referrals, lab and imaging requisitions)
With whom do we share Personal Information?
We do not sell or rent personal information to third parties. Personal information is used only to provide our services and for no other purpose. However, certain features of our solutions require us to share information with third parties as part of the healthcare delivery process. These features and the context in which the information is shared are described below:
- Government systems and health information banks: Our EMR integrates with various government systems and databases to facilitate healthcare delivery. This includes sharing information for medical billing, e-prescribing, laboratory and imaging results, and scheduling.
- Healthcare Providers: When healthcare providers use our EMR, they may share personal information with other healthcare professionals, specialists, and therapists involved in the patient’s care. This ensures coordinated and comprehensive care.
- Third-Party Service Providers: Our EMR is integrated with tools and services such as prescription management systems, secure fax transmissions, and SMS communication platforms. We limit the right of service providers to use personal information only for the services they provide to us, and we require service providers to maintain the confidentiality of personal information and to take steps to protect the security of personal information to which we provide access.
- Preferred Pharmacies: As part of our MYLE Health service, we share certain personal information you choose to provide with your preferred pharmacy so that they can fill your prescription. This information is shared solely for the purpose of facilitating medication dispensing and ensuring continuity of care.
How long do we keep Personal Information?
We retain personal information for as long as required to provide the services for which it was collected, otherwise, in accordance with applicable legal and regulatory requirements.
Healthcare professionals are required to retain personal health information for a minimum period of time in order to comply with various legal and regulatory requirements. We encourage you to speak directly with your healthcare provider about how long they are required to keep your personal information.
Where do we store your Personal Information?
Your personal information is currently hosted in Canada.
How do we protect your Personal Information?
We take reasonable and appropriate physical, administrative, and technical measures to help protect your personal information from accidental or unlawful loss, access, or disclosure. Only employees and service providers who have a legitimate business need to access the personal information we collect are authorized to do so. Unauthorized use of personal information by anyone is prohibited and will result in disciplinary action.
No method of transmission over the Internet or method of electronic storage is completely secure. We cannot ensure or warrant the security of any information you transmit or provide to us, and you do so at your own risk. We also cannot guarantee that such information will not be accessed, disclosed, altered or destroyed through a breach of our physical, technical or administrative safeguards. If you believe that your personal information has been compromised, please please contact us as described in the “How to Contact Us” section.
What rights does someone have in relation to its Personal Information
Under certain circumstances and in accordance with applicable data protection laws, you have the following rights regarding your personal information that we collect and use:
- Access: You have the right to ask whether we are processing your data and, if so, to request access to your personal data. This allows you, subject to applicable law and any fees, to obtain a copy of the personal information we hold about you and certain other related information.
- Accuracy: We are required to take reasonable steps to ensure that the personal information we hold is accurate, complete, not misleading and up to date.
- Correction: You have the right to request that any incomplete or inaccurate personal information we hold about you be corrected.
- Erasure: You have the right to ask us to erase, destroy or remove personal information in certain circumstances. There are certain exceptions where we may deny a request for erasure or destruction, such as when the personal information is required to comply with the law.
- Portability: You have the right to request the transfer of certain personal information to another party.
- Withdrawal of Consent: You have the right to ask us to stop disclosing or using your personal information.
- Complaint: You have the right to lodge a complaint with a data protection authority, particularly in the province where you normally reside, where we are based or where an alleged breach of data protection law has occurred.
To exercise any of these rights, please contact us as described in the “How to Contact Us” section.
Rights regarding personal information stored in the EMRs (Plexia and MYLE):
Healthcare providers collect, use and store personal information in our EMRs. For personal information stored in our EMRs, any request to access or rectify your medical record should be addressed to the healthcare organization where you received care.
How to contact us
MEDFAR has appointed Patrick Issid as the Person in Charge of the Protection of Personal Information to oversee compliance with this Privacy Policy and applicable privacy laws. For information on MEDFAR’s privacy practices, or to access, correct or delete your personal information, please contact Patrick Issid at:
Changes to the Privacy Policy
MEDFAR reserves the right to modify or supplement this Privacy Policy at any time. If we make a change to this Privacy Policy, we will post such changes on our website and make such revised policy and changes available upon request to the Person in Charge of the Protection of Personal Information.
This Privacy Policy was last updated on August 14, 2024.