Healthcare practitioners who use OceanMD’s products have their own privacy policies pertaining to the collection, use and disclosure of personal information, including personal health information. We encourage you to review their privacy policies to understand how your personal information is protected.
- What information do we collect?
- Why do we use personal information?
Unless you opt-out, our website uses “Cookies” and other automatic data collection technologies with your consent to collect personal information whenever you visit or interact with the Website, including unique identifiers and preference information such as IP address, technical usage, browser type, time zone settings, language preferences, operating system, unique device identifiers, search history, page response times and length of visit, pages viewed, marketing preferences or navigation and clickstream behavior for online interactions. These Cookies helps us understand how you use the Website and the content of the Website in order to make improvements. We also may use these Cookies to promote our services through marketing and advertising. These Cookies may be accessed or disclosed to third-parties for the purpose of serving you relevant advertisements. You can opt-out of Cookies or prevent third-party websites from accessing our Cookies through the privacy settings on your browser. However, opting-out of our Cookies may disable some of the Website’s features, and may prevent us from providing you with the information and services you have requested.
When you submit a form on the Website, or contact us directly by calling us, or e-mailing us, we may collect information like your name, e-mail, phone number, clinic/organization, the province in which you are located, and any other information you may voluntarily provide us. This information will be used by OceanMD to communicate with you to provide you with the information you requested.
OceanMD is the creator and operator of the “Ocean” platform, which includes a full suite of virtual patient engagement tools for healthcare practitioners, including online appointment booking, secure messaging, appointment reminders, and digital forms as well as in-clinic check-in kiosks and tablets that enables the collection of personal health information by health care practitioners and provides the ability to store and retrieve all appointment, lab and consult information.
As a health care practitioner using Ocean, information like your name, clinic, contact details, and billing details will be collected by OceanMD to administer your account (“Account”). As a patient of a health care practitioner that is using Ocean, all personal health information in relation to your appointment or referral is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking. OceanMD does not collect or use personal health information on Ocean and will only ever access personal health information information if OceanMD is requested to provide technical assistance by the healthcare practitioner. If technical assistance is provided, no personal health information is collected or saved by OceanMD.
If you sign up to receive direct marketing or promotional communications from OceanMD, we will collect your name and e-mail to inform you about the requested products and services.
We use your personal information to:
- manage our relationship with you and provide you with the information or services you request, conduct research and evaluate research and development on the Website including analyzing testing data to improve our services,
- communicate with you regarding inquiries for information or customer service request or employment opportunities,
- detect, prevent or investigate security breaches,
- process credit card or other payment information as agreed to on the Website,
- validate requests and confirm identities;
- protect our business, and
- maintain appropriate records for internal administrative purposes. OceanMD reserves the right to aggregate and anonymize Account information (or other information) and use such aggregated information as it sees fit. OceanMD does not use any patient personal health information for any reason and will never access any personal health information stored within Ocean, unless required to provide technical assistance to health care practitioners.
OceanMD only shares your personal information with service providers in order to operate the Website and offer you the information or services you request. This includes sharing your personal information for:
- fraud prevention,
- payment processing,
- providing requested services or information,
- operating the Website, and
- customer service.
We retain personal information, such as healthcare practitioner account information, for as long as required to provide the services for which it was collected, otherwise, in accordance with applicable legal and regulatory requirements. Health care practitioners using Ocean are required to comply with different statutory and regulatory requirements and store personal health information for a minimum length of time. We encourage you to speak with your healthcare practitioner directly on how long they are required to store your personal information. Ocean is not an electronic medical record. Once personal health information has been successfully downloaded to the patient chart in the clinic’s EMR, it is routinely deleted from the Ocean Platform.
We take reasonable steps to ensure that any personal information in our custody is accurate and up-to-date but we mostly rely on you to notify your healthcare practitioner of any changes to personal information you provided us. Once your healthcare practitioner updates your information, it will be automatically updated in Ocean as well.
We use reasonable and appropriate physical, administrative and technical measures designed to help you secure your personal information against accidental or unlawful loss, access or disclosure. Only staff and service providers who have a legitimate business purpose for accessing the personal information collected by us are authorized to do so. Access to sensitive data is automatically logged and restricted to senior operations personnel. Unauthorized use of personal information by anyone affiliated with OceanMD is prohibited and constitutes grounds for disciplinary action. On Ocean, all personal health information in relation to patient appointments or referrals is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking. Ocean’s client-side encryption ensures that all personal health information is inaccessible to third parties outside of the participating clinics, including OceanMD’s own employees. All data is encrypted at rest and secured in transit using industry-grade encryption measures. Further, Ocean uses a cloud-based architecture deployed in Canadian AWS data centres. AWS is an SOC 2-certified cloud service provider. Even though we take all necessary steps to protect your personal information, security breaches cannot be eliminated and we cannot guarantee a breach will never occur. If a breach is ever suspected or confirmed (an “Incident”), such Incident is immediately reported to OceanMD’s president and privacy officer and investigated. During their investigation of the Incident, any personal information at risk may be secured or deleted, and all audit logs are secured to assist with follow-up investigation. If an Incident is confirmed as a breach, OceanMD will follow all statutory and regulatory requirements, including all guidance from the relevant privacy commissioners of the jurisdiction in which the breach occurred. Depending on the breach, such response may involve notifying the relevant health care practitioner whose patient data was contained within the breach, notifying the individual directly of such breach, and/or reporting the breach to the relevant privacy body or commission.
Yes. OceanMD maintains an independent disaster recovery data centre and server infrastructure, with the ability to initiate an immediate switch-over of all operations to this server in emergency situations. All solutions are deployed with redundancies, auditing, and regular secure backups, so even if a disaster were to occur, OceanMD would be able to maintain operations and ensure all personal information is secure and safe.
All personal information collected by healthcare practitioners on Ocean is securely stored on servers in Canada (one in Montreal and one in Toronto). These servers are used to securely store all information collected on Ocean, and are used to store all personal information collected through OceanMD’s website; however, personal information processed by our third-party service providers may be done outside Canada. While outside of Canada, personal information is subject to that jurisdiction’s laws, which may permit governmental authorities the right to access your personal information. For more information on our service providers or where we store personal information, contact us at [email protected]
Our Website may lead you to third-party websites, including websites advertising other products or services. Further, your healthcare practitioner may have their own website and privacy policies. These organizations are separate and distinct from OceanMD. We are not responsible in any way for how any third-party collects, uses or discloses your personal information, so it is important to familiarize yourself with the privacy policies of these websites before providing your personal information to them.
You may sign up to receive marketing or promotional communications from OceanMD. Where you have expressly consented, we may use your personal information to inform you about us and our products and our services, including promotional offers and events. If you no longer wish to receive marketing or promotional communications from us, you can opt-out at any time by:
- using the unsubscribe feature found in our emails and other electronic communications, or
- contacting us via email at [email protected] destroy your information as soon as you unsubscribe.
You also have the right to:
- make a written request to access your personal information,
- request us to restrict our use or disclosure of your personal information,
- object to our use or disclosure of your personal information,
- request that we edit, but not remove, certain information (like an e-mail address),
- request that we transfer to another organization the personal information you have provided us, and
- request us to delete the personal information we hold about you. Contact us at [email protected] to exercise any of these rights. We will respond within 30 days. If we cannot grant your request, for example, we do not have the right to make corrections to the information contained within a healthcare practitioner’s account about you, we will give you reasons and try to connect you with the individual capable of assisting your request. If you would like to access your personal health information on Ocean, please contact your healthcare practitioner as we do not have the ability to access it. We will address all requests with equal attention.