The personal information we collect will be used in an appropriate and responsible manner. We have established procedures to comply with this Policy and have designated a Privacy Officer, who may delegate responsibilities to one or more employees as needed to oversee the protection of personal information for compliance. We will manage personal information in accordance with applicable Canadian privacy legislation. YES Medical remains accountable at all times for any patient information in our possession or control. We ensure any third party service contractor, will provide a comparable level of protection.
- Identifying Purposes for Collection of Personal Information
YES Medical System may collect personal information through YES Products for the following purposes:
- to convert our clients’ data into a format that is compatible with the use of YES Products.
- to provide support services on a as-needed basis, and assist clients with any technical difficulties they may experience when using a YES product;
- to meet any legal and regulatory requirements that are imposed upon YES Medical System.
YES Products may allow the following information to be collected, use and disclosed by healthcare providers:
- a) Name, Address, Contact information (phone number and e-mail address), Demographic information, such as languages spoken, birthdate, gender, Health number.
- b) Visits to your healthcare provider (e.g. date of service, healthcare provider, visit type, visit reason, referring provider, payment information); and
- c) Health information recorded by health care providers and their staff when providing treatment (e.g. conditions, diagnoses, medications, diagnostic imaging, lab observations, immunizations, treatments, referrals, clinical observations, surgical history and consultations).
We collect your personal information when you contact YES Medical System to directly inquire about YES Medical System and/or YES Products. For example, when you complete any of the contact or inquiry forms on our website, we will collect your name, phone number, e-mail address, city, province, postal code, and any other information that you choose to provide to us.
We use your contact information to contact and correspond with you directly about our relationship, and your use of the website and our products. We may contact you to inform you about our products and services in different ways including by mail, email, telephone, or other means to which you have agreed. We may use your contact information to provide you with information, quote, or products and services that you have requested and to respond to customer service requests.
When you ask for customer support, report a problem or concerns or comments regarding the YES Products, we collect your name, e-mail address, phone number, and any other information that you choose to provide to us. We collect personal information about our clients’ staff when providing services like training or support on our Products.
We want to learn more about how our customers and prospects who interact with our website. If you submit a request for demo, or form, you opt-in to saving your name, email address and website in cookies. These are for your convenience. These cookies only last until the session is completed.
If you have any questions, please email us at email@example.com.
- Obtaining Consent for Collection, Use or Disclosure of Personal Information Knowledge
As described above, there are some instances in which individuals provide personal information to YES Medical System. If you install any YES Products, enter into a License and Services Agreement, or use the website, you acknowledge the notices in this Policy and you consent to YES Medical System’s collection, use, disclosure, and retention of your personal information in accordance with this Policy and as otherwise permitted by law. You may withdraw your consent at any time by giving YES Medical System a written request with reasonable notice.
YES Medical System may seek your consent for the use and disclosure of your personal information after it has been collected, but before it has been used or disclosed, for example to use your personal information for a purpose not previously identified to you. You can always choose not to provide YES Medical System with certain requested personal information, but then you may not be able to access or utilize all or part of the website or YES Products which requires personal information to fulfill the explicitly specified and legitimate purpose.
YES Medical relies entirely on the patient’s treating physician to obtain consent for the collection of patient information. Since YES Medical acts as an agent to our clients, consent is not required for the use of YES-EMR.
- Limiting collection of Personal Information
YES Medical limits the collection of personal information to that which is necessary for purposes identified by YES Medical.
Development and testing work conducted by YES Medical, as we enhance our software or offer additional features to our clients, only takes place using dummy data that does not identify a real patient.
In the context of offering support services to YES product users, YES Medical support technicians may request access to our client’s system. In most cases, the client’s concerns can be addressed without collecting patient information. If patient information is collected from our client’s servers for support purposes, this data is only kept long enough to resolve the support case, and is then diligently destroyed.
Personal information collected by YES Medical System for its use directly is maintained in accordance with applicable privacy legislation.
- Limiting Use and Disclosure and Retention of Personal Information
YES Medical System limits the use and disclosure of personal information to that which is necessary for purposes identified by YES Medical System. YES Medical System only uses personal information for the purposes identified in section 2. And the company does not disclose any personal information to third parties for marketing or any other commercial purposes.
YES Medical System stores your personal information for as long as it is reasonably necessary to fulfill the purposes we collected it for, except as otherwise permitted or required by applicable law or regulation.
Patient information retention practices are dictated by our clients. Logs, controls and warnings built into YES-EMR prevent the inadvertent destruction of patient information.
When YES Medical converts data to a format that is acceptable to YES-EMR, patient information is immediately deleted from our systems upon successful conversion.
When the applicable retention period ends, personal information is scheduled for destruction according to our record retention policies. Where the personal information is stored in an encrypted electronic format, it will be deleted. Upon written request and confirmation from our client, YES Medical will make reasonable efforts to assist our client meet its data retention and destruction schedules. Any backups of the personal information will exist until rotated out of the backup archives.
- Accuracy of Personal Information
YES Medical System makes reasonable efforts to keep personal information as accurate, complete and updated as is necessary to fulfil the purposes for which the information is to be used.
YES Medical relies upon the patient’s treating physician to ensure accuracy of the information entered into YES-EMR. We have taken steps to ensure that data integrity is supported by our software. For example, when data or notes are added or updated by users with the access privileges to do so, such content changes are audited.
- Security Safeguards
YES Medical System takes precautions to help safeguard personal information we manage through our Products or is otherwise provided to us. We have made security arrangements to protect against unauthorized access, collection, use, disclosure, and disposal of personal information, in a manner appropriate to the sensitivity of the information. These measures include various administrative and technological safeguards including unique user accounts, and role-based access based on need to know. We also use security practices to protect our systems, which include but are not limited to regular monitoring of our systems for possible vulnerabilities and attacks, server hardening, encryption of data, and employing intrusion detection and prevention systems.
As well, YES Medical System will use care when destroying or disposing of personal information to prevent unauthorized access, use or disclosure of any personal information. YES Medical System’s employees with access to personal information are required to respect the confidentiality of such information. Annual training on the importance of privacy best practices and protecting client and patient information is provided to all YES Medical staff. Staff member or agent is required to sign confidentiality agreements as a condition of employment.
YES Medical System makes readily available specific information about its personal information management practices and policies within 48 hours and or upon request to firstname.lastname@example.org. For example, YES Medical has a data breach response procedure in place that requires timely client notification if YES Medical ever experiences a data security breach.
- Individual access
For YES Clients, You may request access to your personal information and/or correction of that information by contacting YES Medical System in writing to the contact information noted below, with sufficient detail to enable YES Medical System to identify the personal information being sought. When you contact YES Medical System, we may ask for further information to confirm your identity and the nature of the information being sought.
After we receive your request for access to personal information, YES Medical System may provide you with an estimate of when you can expect a response. In some cases, YES Medical System may need additional time to respond to a request, in which case we will provide you with written notice of the extension. If you require the documents in an alternative format, we will make reasonable efforts to provide you with your personal information in that format.
Please note that in some cases, YES Medical System may not provide access to personal information that we hold about you, such as where the denial of access is authorized by law. There are also cases where YES Medical System may be legally required to refuse access to personal information. If YES Medical System denies your request for access to personal information, we will advise you of the reason for the refusal.
YES Medical System may charge a reasonable fee at the cost required to retrieve and provide access to the requested information, or to provide it in a requested alternative format. We may provide an estimate of the fee in advance and in some cases, will require a deposit for all or part of the fee.
10. Challenging Compliance
YES Medical System takes any complaint about our privacy practices seriously. YES Medical System will investigate all complaints. if a complaint is justified, we will take the necessary steps to resolve it. You will be informed of the outcome of the investigation regarding any complaint. If you are not satisfied with YES Medical System’s response to a complaint, you may have options to exercise various complaint procedures, including with the relevant Privacy Commissioner.
Questions or concerns regarding this Policy, including the collection of your personal information, can be directed to the YES Medical System Privacy Officer, who is responsible for ensuring YES Medical System’s compliance with this Policy. You can contact the Privacy Officer using any of the following methods:
YES Medical System.
6-175 West Beaver Creek Road
Richmond Hill, ON L4B 3M1