Canadian MRO is aware of the importance of protecting your privacy and is committed to appropriately handling and safeguarding your personal information (which includes your personal health information). We will collect, use, store and disclose your personal information responsibly, and only as required to provide our services.
1.1 Personal Information
Personal information is any information that identifies you, or by which your identity could be deduced and includes any health related information, including any information about your health care, health status or health care providers.
Business information however (for example, your business title or business address and business telephone number) is not considered to be personal information according to privacy legislation.
Generally speaking, if we do not collect and use your personal information, we cannot provide you with our services. We will use your personal information only for the purposes for which it is collected.
1.2 Purposes for Collection, Use and Disclosure of Personal Information
We will only collect your personal information for the following purposes:
- to deliver quality medical laboratory and review services to our clients
- to identify and to ensure continuous high quality service
- to enable us to contact and maintain communication with you, including to distribute health-care information to you and to book and confirm appointments
- to allow us to efficiently follow up for testing, treatment and billing
- for teaching and demonstrating purposes on an anonymous basis
- for research, health surveillance and statistical analysis of data purposes
- to comply with any other requirements mandated by a government authority
- for administrative / management activities such as planning, resource allocation, reporting or evaluation
- to comply generally with the law
- for any other purpose that may be identified to you before or at the time the information is collected
If you are a user of Veriport, then we collect, use and disclose personal information as part of these services for the following purposes:
- to confirm your identity when you register for Veriport
- to manage your account and provide you with customer support
- we may also use information related to your usage of Veriport, on an anonymized basis, for the purpose of measuring metrics and statistics.
Your email address will only be used to send important service messages; such as username and password recovery, notifications about availability of your report, changes to your laboratory test results and messages about new functionality or changes to services and policies.
1.3 Control of your User ID and Password for Veriport
You are responsible for protecting your User ID and password and any actions taken with them. Do not share your User ID and password with anyone. For your protection, Veriport may require a change of your password periodically. If you suspect that your password has been compromised, for any reason, you should change it immediately. Select a password that is meaningful to you but not obvious or easy to guess; such as your birth date, phone number or similar information about your family. Do not write down your User ID and password, store it in a file on your computer or permit anyone to observe you entering your User ID and password. You can change your User ID/email address and/or your password at any time.
We will collect, use and disclose your personal information only on the basis of your consent, except where otherwise required or permitted by applicable laws. You may provide your consent to us either orally or in writing. By providing your personal information to us, you agree that we may use it for these purposes outlined above only.
You may withdraw your consent (which must be in writing) so as to prevent the disclosure of some or all of your personal health information to third party practitioners that would otherwise be entitled to receive your personal information for health care purposes. In such instances, if the information that is withheld is significant to your health care, then we are obligated to inform the requesting practitioner of the existence of such information, without actually disclosing the information itself.
1.5 Limits to Collection, Use, Disclosure and Retention of Personal Information
We will limit the collection of personal information to those purposes identified in this Policy. Similarly, your personal information will not be used or disclosed for purposes other than those for which the information is collected or as required, or permitted, by law.
We will retain your personal information for the periods prescribed by applicable rules and guidelines. These vary depending on the type of tests that we perform for you. After the expiry of these periods we will destroy, erase or make anonymous your personal information in Canadian MRO’s laboratory information system.
1.6 Destruction of Personal Information
We destroy our records (which include electronic records and hardware) in a way that protects your privacy. With respect to electronic records, at a minimum, we ensure that all information is wiped clean prior to disposal of electronic data storage devices. Paper based records are destroyed using methods that include incineration or shredding and/or bonded contractors who must adhere to contractual privacy obligations.
1.7 Accuracy of Your Personal Information
We will use our best efforts to ensure that your personal information is as accurate, complete and up-to-date as possible for the purposes that it is to be used.
1.8 Security of Your Personal Information
We take all reasonable precautions to ensure that your personal information is protected from loss, theft, unauthorized access, modification, use, copying, disclosure or tampering. Your information is protected whether recorded on paper or electronically. We have safeguards in place to protect all personal information retained in our facilities, and during their disposal and destruction. Our safeguards include:
- physical safeguards (e.g., locked filing cabinets, restricting access to our office, alarm systems)
- technical safeguards (e.g., passwords, encryption, firewalls, anonymizing software)
- administrative safeguards (e.g., security clearances, limiting access on a “need-to-know” basis, staff training, confidentiality agreement)
Our staff is also aware of the importance of maintaining the security and confidentiality of all personal information in our possession. We review and update our security measures on a regular basis.
1.9 Communicating with You
We are sensitive to the privacy of your health information and this is reflected in how we communicate with each other, both you and others involved in your care. We protect personal health information regardless of its format.
Telephone: We will make an attempt to confirm your preferences for leaving phone messages. If this is not possible, then we will try to call you back at a time when you can answer or we will not identify ourselves as Canadian MRO in the message unless we are reporting a critical result.
Fax: Our fax machines are located in a secure area and we use pre-programmed numbers to send transmissions. All transmissions are sent with a cover sheet that indicates the information is confidential. We take reasonable steps to ensure that health information is received only by a secure fax machine. We also use electronic fax services that meet the strict requirements in regard to ensuring that the electronic documents are stored properly and deleted securely.
Email: Any confidential information that we send via email over public or external networks will be encrypted. We employ a firewall and virus scanning software to mitigate against unauthorized modification, loss, access or disclosure.
Internet: Website users should be aware that requests submitted through our website should not be considered to be secure or a private method of communicating personal information. Additionally, Canadian MRO’s website may use “cookies” which are small files stored in your computer that identify users entering our website. These files allow us to direct you to your preferred subsections of our website and enable statistical analysis of how our website is used. Only aggregated data, no individual records, will be used for this analysis.
1.10 Access to and Correction of Your Personal Information
Canadian MRO provides patients with access to their test results through the Veriport Portal. However, not all test results are available through Veriport.
Canadian MRO does not make corrections to test results, unless our Quality Assurance department deems such a correction is necessary. If you disagree with a Canadian MRO test result, you should enquire with the provider that initiated the test requisition or with the Medical Review Officer (MRO) that was assigned to your file.
Canadian MRO will make corrections to your personal information (e.g., name, address, phone number) if the information we have about you is not correct.
1.11 Privacy Inquiries and Complaints
We take all privacy inquiries and complaints seriously. If you have a privacy inquiry or complaint about Canadian MRO or Veriport, how we have responded to your access requests or how we manage your personal information in Canadian MRO or Veriport, then please contact us to make an inquiry or complaint.
If you feel that we have not answered your request, inquiry or complaint to your satisfaction, then we will inform you about complaint procedures to contact the relevant governmental authorities if you wish to lodge a privacy complaint about us.
Should you have an access or correction request, or any questions about our information practices or complaints about our compliance with privacy legislation, then please contact us in writing to:
D-122 Commerce Park Dr.
Barrie, ON L4N 8W8
Last Updated April 16, 2019