Effective October 24, 2018
Dialogue Technologies Inc. (“Dialogue”, “we”, “us” or “our”) is a secure telemedicine platform (the “Platform”) that allows users to directly access quality healthcare services via on-demand telemedicine consultations with healthcare professionals (“Consultation”) through our application (the “App”) available on mobile devices and through a web browser.
For the purposes of this Policy, “personal information” or “PI” means information about an identifiable individual. “Personal health information” or “PHI” means information about an identifiable individual that relates to the individual’s physical or mental health, including name of patient, date of birth, medical history, medical treatment, medical test results, medication list, and health number. PHI may be found in medical records, treatment and examination notes and communications between patients and their healthcare professionals.
Dialogue will collect personal information and PHI from you when you access and use our App, the Platform, the website www.dialogue.co (the “Website”) or our other software products (collectively referred to as the “Services”).
We take the privacy of our users seriously and are committed to safeguarding your personal information and PHI. If you have any questions about the Policy or our privacy practices, please contact our Designated Privacy Contact with your questions at email@example.com.
- Dialogue will never disclose your personal information or PHI without your consent.
- Dialogue will never rent or sell the personal information or PHI that we collect.
- Dialogue has implemented industry standard physical, administrative and technological safeguards to protect personal information and PHI from unauthorized access.
- Dialogue complies with applicable privacy and personal health information legislation where it operates.
Information We Collect and Store
Dialogue will collect the following information from you when you register for an account with Dialogue (“Account”) or use the Services:
Registration and Health Information
When you register for an Account, in order to identify you properly and contact you when needed, we will collect identification and contact information, such as name, date of birth, email address, phone number, mailing address and a photo of your provincial health insurance card.
When you use the Platform, we will collect and store personal health information, such as symptoms, medical history, clinician observations, appointment history, diagnosis, investigation results and treatment information.
When you make or receive a payment through our Services, we will collect and use your credit card or banking information or other financial data in order to process the payment.
Log and Website Information
When you access and use the Services, we may automatically collect certain technical information about your visit, including the date, time, browser type, your internet service provider, your IP address, device information (including device identifiers), geo-location information, computer and network performance data, the URL that you are coming from and your navigation history in order to customize and personalize your experience on the Services, improve our Services and for statistical research purposes.
Information from Consultations
Data obtained from Consultations will be anonymized and de-identified before being analyzed and used by Dialogue for product development and research purposes.
Use and Disclosure of Your Information
Consultations and Healthcare Services
We will use the personal information and PHI that we collect from you to schedule, administer and personalize your Consultations, update your patient record and to provide you with healthcare services.
We may disclose your personal information, including PHI, to third-party healthcare professionals involved in providing you with healthcare services, such as a specialist physician, pharmacist, physiotherapist, psychologist, nutritionist or lab technician. When the disclosure is part of a care plan that you have agreed to, we will consider the agreed care plan to constitute implied consent. For all other disclosures to a third-party not associated with Dialogue, we will only make the disclosure after obtaining your express consent.
Only healthcare professionals and their delegates involved in providing you with healthcare services can access your PHI. All delegates who are not regulated healthcare professionals sign strict and durable confidentiality agreements.
Access to your information is logged and we perform regular audits in order to ensure that any access is authorized and that information is only accessed on a ‘need to know’ basis.
We may share with selected third-parties demographic and contact information about you (including but not limited to name, date of birth and any email addresses or phone numbers) by email, SMS, instant messaging or any other means necessary, for reasons including but not limited to: verifying your identity, medical follow-up, scheduling appointments, confirming appointments, customer support and technical support.
Third-Party Service Providers
We may transfer your personal information, including PHI to a third-party service provider for processing and storage in Canada. Whenever we engage a third-party service provider, we ensure that the information is properly safeguarded at all times at a comparable level of protection the information would have received if it had not been transferred.
We may use your personal information to detect, investigate, address and prevent fraudulent or illegal activities. We reserve the right to disclose your personal information as required by law, when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal process served on us and to defend against legal claims.
These situations may include, but are not limited to, disclosing potentially life saving information during medical emergencies and reporting infectious diseases or fitness to drive.
We may disclose and share your personal information to explore and/or undertake a corporate transaction, including a merger, acquisition, amalgamation, IPO, reorganization or sale of Dialogue. Your personal information relevant to the transaction, such as billing information, can be used and disclosed solely for the purposes related to the transaction and will be protected by security safeguards appropriate to the sensitivity of the information.
Your PHI will not be disclosed and will remain confidential.
Accessing the PHI held by Dialogue
You have the right to access your patient record. If you request a copy of your patient record, it will be provided to you, subject to a reasonable fee. You can request access to your patient record by contacting us at firstname.lastname@example.org.
Limitations on access
You may be temporarily denied access to your patient record if providing access would create a significant risk to your health. You will also be denied access to your patient record where disclosure would be likely to reveal personal information about a third person or the existence of such information and the disclosure may seriously harm that third person, unless the third person consents or in the case of an emergency that threatens the life, health or safety of the person concerned.
We use reasonable means to ensure that information in your patient record is accurate. If you identify any inaccuracies, you can request that a note be made on the file indicating the inaccurate information.
When conducting product development, research, advertising and marketing, we will only use anonymized, de-identified and aggregated information.
Retaining Your Information
If you want us to close your Dialogue account, please send an email to email@example.com. We will ensure it is done in a reasonable time after receiving the request. For billing purposes, we will notify your employer that your account is closed but not disclose the reason for the account closure.
We will retain any and all personal information that we are required to retain under any applicable laws and regulations for the full duration of time required under those laws and regulations. We may also retain any anonymized and de-identified information and continue to use this information in accordance with this Policy.
Safeguarding Your Information
Dialogue is committed to information security and protects personal information and PHI through integrated, physical, technological and administrative safeguards:
- Secure Storage: Dialogue stores all personal information and PHI in an Amazon Web Services (“AWS”) data center in Canada. AWS is ISO 27001 certified and adheres to global privacy and data protection best practices.
- Network Security: Dialogue has implemented network security controls to protect against unauthorized access, including segregating its internal systems from its publicly-accessible systems.
- End-to-End Encryption: Dialogue encrypts all video, audio and written exchanges with you. Data transmissions and communications on the Platform are end-to-end encrypted.
- Privacy Policies and Training: Dialogue has implemented written policies and procedures that specifically address the privacy and security of your PHI. Dialogue delivers privacy training to employees and contractors on how to safeguard personal information and mitigate operational risks. All Dialogue employees and contractors are legally bound to confidentiality.
- SOC2 Compliance: Dialogue’s Information Security Policy and its related policies and processes are certified as compliant with ISO/IEC 27002:2013.
There is no guarantee against data breaches. However, Dialogue has taken reasonable measures to prevent a breach, as described above. In the event of a data breach, Dialogue will:
- Notify users at the first reasonable opportunity of the breach; and
- Immediately apply remedial measures.
Changes To This Policy
If we decide to make material changes to the Policy, we will notify you and other users by placing a notice on our Website and App. You should periodically check the Website and the App for updates.
To ensure meaningful consent by patients, Dialogue provides information about privacy practices in this Policy, as well as through our Designated Privacy Contact at firstname.lastname@example.org.
If we are unable to resolve your issue to your satisfaction, you can file a complaint with the privacy commissioner in your province or territory, or with the Office of the Privacy Commissioner of Canada.