Last Modified: May 14, 2021
Swift Medical is accountable to its License holders for protecting the privacy, confidentiality, and security of Personal Information (PI) and Personal Health Information (PHI) in compliance with our obligations under Canadian and the United States privacy laws.
For the purposes of this policy:
- License holder means the entity that has entered into a contractual license agreement with Swift Medical to use its services. The entity in this policy will be identified as Client or Customer.
- PI means personal information, recorded or not, about an identifiable individual as defined under the applicable privacy legislation where the License holder is located. This includes information in any form, such as: age, name, ID numbers, income, ethnic origin, or blood type.
- PHI means personal health information about an identifiable individual as defined under the applicable privacy legislation where the License holder is located. This includes information in oral or recorded form that: (i) relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family, (ii) relates to providing health care to the individual, and including the identification of a person as a provider of health care to the individual, (iii) relates to payment or eligibility for health care, (iv) is the individual’s health number, or (v) identifies an individual’s substitute decision-maker.
What PI and PHI do we collect from the people that visit the website or mobile apps?
Swift Medical does not collect PHI data through our website. When ordering or registering on our site and mobile apps, as appropriate, you may be asked to enter your name, email address, phone number or other details to enable us to provide the user with the best experience.
Our mobile apps will transmit PHI data for processing that you provide to us in a secure, encrypted, and confidential manner in accordance with applicable regulatory requirements in Canada and the United States.
How do we collect, process and transmit data?
We collect information from and about you in the following ways:
User Account Registration
When you register your user account on our website or mobile apps, you will be required to provide certain information about yourself. You will register using information such as your first and last name, email address, and the name of the organization of employment.
We also collect certain information through automated means such as information about your device’s operating system, but this does not include PI of PHI as defined in this Policy or under the Canadian and the United States privacy laws.
Patient Information Processing
The mobile apps have been developed and are managed by Swift Medical, an Ontario-based company. The mobile apps transmit, and process PHI provided by the individual user in a secure, encrypted, confidential, and protected manner in compliance with the applicable Canadian and US privacy laws.
Why do we collect, process and transmit PI and PHI?
Swift Medical processes PI and PHI required data to provide you with the services available through the use of the mobile app. We process your PI or PHI as follows:
- To verify your identity when you log in to our services.
- To manage your account and support you when you contact our customer service centre.
- To plan, evaluate and monitor the services we provide to you.
- To provide the mobile app services to you.
- Where necessary, e.g., during patient’s login to the Patient Connect app, the app may require the patient’s date of birth for authentication and to provide you with access to the mobile apps.
How do we protect your information?
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information. We protect the PI and PHI with which we have been entrusted, throughout the full lifecycle, from the time the PI or PHI enters Swift Medical’s care until the time it is destroyed according to its records retention schedule.
Below is a sample of Swift’s security measures in place:
- Our platforms are scanned regularly for security gaps and known vulnerabilities in order to make your usage as safe as possible.
- Our mobile apps are encrypted, and tamper protected should the mobile be jailbroken.
- The mobile apps are segregated from the mobile unit’s storage and camera to ensure PHI data is not stored outside the apps.
- We use regular malware scanning.
- Both PI and PHI data are password protected and encrypted and contained behind secured networks. They are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
- Swift Medical maintains a sanctioning process that is followed for each end-user prior to being provided with an account and granted access to PHI.
- Swift Medical implemented a logging and monitoring tool to ensure security and operational events such as access to PHI are logged and monitored.
- Swift Medical personnel shall comply with Swift’s privacy policies to the extent that those policies are applicable to their activities.
- Most Swift Medical personnel are not granted access to the PHI that License holders provide when using Swift Medical services. However, a limited number of specialized personnel may be required to access PHI in order to provide technical or support services to clients or to de-identify PHI as an agent of a License holder.
- Swift Medical personnel who access PHI receive regular privacy and security training, which includes an overview of the applicable legislation and their responsibilities, including the process for identifying and reporting potential or actual privacy incidents or breaches and security incidents.
- Swift Medical proactively monitors compliance with its policies and procedures that include the safeguards and controls it has put in place to protect the PI and PHI in its systems.
- Swift Medical carries out Privacy Impact Assessments and Threat Risk Assessments of its digital wound care application annually.
- Clients’ users are authenticated to access PHI, which is authorized to collect this information under applicable law, such as medical professionals providing services in relation to your care.
- Sensitive/credit information you supply through our website is encrypted via Secure Socket Layer (SSL) technology.
Retention of Information
Your contact details and other personal data that directly identify you will be retained in the mobile apps only as necessary to deliver this service to you and to comply with our obligations and applicable regulatory requirements. PHI information is retained in accordance with the applicable Canadian and US laws and the contractual agreements with our clients.
Your Right to Access Your Information
If Swift Medical receives an access or correction request, it shall respond to the request in a timely manner in accordance with Canadian and/or United States privacy laws as applicable.
If Swift Medical receives an access or correction request regarding PHI provided by the License holder, it shall direct the individual to the appropriate License holder to respond to the request.
Swift Medical follows an internal incident and breach management process. Swift Medical shall contain the effects of the incident or breach by determining the nature, scope and impact of the incident or breach, and issue all required notifications through a clear communications and escalation process in accordance with Canadian and/or US privacy legislation as applicable.
Secure Destruction of Records
Swift Medical shall securely and permanently destroy all records of PI and PHI when such information is no longer required for the provision of the services and shall do so in accordance with the terms and conditions of its signed contracts and Canadian and/or United States privacy law as applicable.
You can stop using the mobile apps at any time by uninstalling the apps from your phone. Subject to applicable legal and regulatory requirements, your profile and contact details will then be removed. However, any coded de-identified data will be retained and may be used to improve the performance of the mobile app’s algorithm in accordance with the terms and conditions of our signed contracts.
We do not sell, trade, or otherwise transfer to outside parties your PI or PHI.
We do not include or offer third-party products or services on our mobile apps or our website.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some of the features that make your site experience more efficient may not function properly. It won’t affect the user’s experience, making your site experience more efficient and not functioning properly.
Cookies are text files containing small amounts of anonymous information that are downloaded to your computer or mobile device (if the user allows) when you visit a website. Cookies are then sent back to the originating website on each subsequent visit to that website or to another website that recognizes those cookies.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
- We may also use trusted third-party services that track this information on our behalf and any third-party services will be required to be provided in manner that complies with, and ensure Swift Medical complies with, applicable privacy law.
Attn: Privacy Office
1 Richmond Street West, Suite 500
Toronto, ON M5H 3W4
If Swift Medical is contacted with an inquiry or complaint regarding PI or PHI that is being held on behalf of a customer or a client regarding a License holder’s information management practices, Swift Medical shall forward the inquiry or complaint to the appropriate customer or client and advise the person making the inquiry or complaint that the person will receive a response directly from that customer or client.