Privacy at O’Regan Clinic North York Inc.

Updated: October 28, 2021

O’Regan Clinic North York Inc. (“O’Regan”), a member of the WELL Health Clinic Network, and our parent company WELL Health Technologies Corp. (“WELL” or “we”) are proud to offer you the O’Regan webpage (the “Website”) and the associated O’Regan clinic (“Clinic”). O’Regan is committed to protecting your personal information and complying with applicable data protection and privacy laws. This “Privacy Policy” tells you how we do so.

We will update this Privacy Policy as necessary. Please check it regularly.

1. What information do we collect?

O’Regan Website
Cookies
Unless you opt-out, our website uses “Cookies” and other automatic data collection technologies with your consent to collect personal information whenever you visit or interact with the Website, including unique identifiers and preference information such as IP address, technical usage, browser type, time zone settings, language preferences, operating system, unique device identifiers, search history, page response times and length of visit, pages viewed, marketing preferences or navigation and clickstream behavior for online interactions.

These Cookies helps us understand how you use the Website and the content of the Website in order to make improvements. We also may use these Cookies to promote our services through marketing and advertising. These Cookies may be accessed or disclosed to third-parties, such as Google Analytics and Facebook Pixel, for the purpose of analyzing site usage and better serving you relevant advertisements.

You can opt-out of Cookies or prevent third-party websites from accessing our Cookies through the privacy settings on your browser. However, opting-out of our Cookies may disable some of the Website’s features, and may prevent us from providing you with the information and services you have requested.

Contact Us

When you send us an e-mail or give us a call, we will collect some personal information about you, like your name, e-mail, and phone number. This information will be used to allow us to follow-up with you directly.

Direct Marketing

If you sign up to receive direct marketing or promotional communications from O’Regan or WELL, we will collect your name and e-mail to inform you about the requested products and services.

O’Regan Clinic

If you become a patient of O’Regan, we will collect some personal information about you, like your name, e-mail, phone number, address, your health card number and other payment details. This information will be used to create a profile with O’Regan, verify your identity, communicate with you, bill the relevant insurers for the insured healthcare services provided to you and charge you for all uninsured services.

O’Regan will also collect, either directly from you and potentially from other health service professionals or resources, personal health information about you. This information can include presenting problems, health history, health conditions and treatments provided. Only the personal health information necessary to provide you with the requested health services will be collected.

2. Why do we use personal information?

We use your personal information to:

• manage our relationship with you and provide you with the information you request,
• conduct research and evaluate research and development on the Website and at our Clinic including analyzing testing data to improve our services,
• communicate with you regarding inquiries for information, service requests, employment opportunities, or appointment reminders,
• detect, prevent or investigate security breaches,
• process insurance information or other payment information,
• protect our business against error, fraud, theft and damage,
• maintain appropriate records for internal administrative purposes or as required by law,
• review the diagnoses, treatment and services provided to you,
• conduct appropriate consultation and follow-up, and
• book appointments at hospitals and other health services as appropriate as per the order of the consulting physician.

O’Regan reserves the right to aggregate and anonymize personal information collected and to use such aggregated information as it sees fit.

3. Who do we share the personal information with?

We may share some of your personal information with third-party service providers in order to provide you with the services or information you request. We only use service providers that ensure a comparable level of protection for your information, as provided in this Privacy Policy. Our contracts with our service providers ensure they comply with that obligation and use your personal information only for the services requested.

Exceptionally, we may collect, use or disclose personal information without your consent in the following limited circumstances:

• when the collection, use or disclosure of personal information is permitted or required by law or by regulatory proceedings,
• in an emergency that threatens an individual’s life, health, or personal security,
• when we require legal advice from a lawyer,
• to protect ourselves from fraud,
• to a collection agency in order to collect our unpaid accounts; or
• to investigate an anticipated breach of an agreement or a contravention of law.

If we merge with another business, we will inform you of any impact on your personal information.

O’Regan Website

We only share your personal information with service providers in order to operate the Website. This includes potentially sharing your personal information for:

• providing requested services or information,
• operating and optimizing the Website, or
• customer service.

O’Regan Clinics

We may share your personal information, including your personal health information, with service providers in the course of administering health services to you. This includes potentially sharing your personal information to:

• refer you to a specialist or another health professional,
• process payments or to bill the relevant insurance providers, or
• provide you access to requested imaging files or reports via a service provider, as applicable.

4. How long do we keep personal information?

We retain personal information for as long as required to provide the services for which it was collected, otherwise, in accordance with applicable legal and regulatory requirements. All personal health information collected at the Clinics will be retained for at least ten (10) years, as per the requirements established by the College of Physicians and Surgeons of Ontario.

5. How do we keep personal information accurate?

We take reasonable steps to ensure that any personal information in our custody is accurate and up to date but we mostly rely on you to notify us of any changes to personal information you provided us.

6. How do we protect your personal information?

We use reasonable and appropriate physical, administrative and technical measures designed to help you secure your personal information against accidental or unlawful loss, access or disclosure. Only staff and service providers who have a legitimate purpose for accessing the personal information collected by us are authorized to do so. Security and data protection training is also provided to all O’Regan and WELL staff. Unauthorized use of personal information by anyone affiliated with O’Regan or WELL is prohibited and constitutes grounds for disciplinary action.

All of our contracts with our third-party service providers, including our EMR providers, contain clauses specifically to address confidentiality and data management, and covenants ensuring compliance with privacy law and the protection of personal health information.

Even though we take all necessary steps to protect your personal information, security breaches cannot be eliminated and we cannot guarantee no breach will ever occur.

7. Where do we store personal information?

O’Regan Website
All personal information we collect on our Website or when you contact is stored on secure servers in Canada; however, personal information processed by our third-party service providers may be done outside of Canada. While outside of Canada, personal information is subject to that jurisdiction’s laws, which may permit governmental authorities the right to access your personal information.

For more information on our service providers or where we store personal information, contact us at privacy@well.company.

O’Regan Clinic

All personal health information we collect at the Clinic is stored within electronic medical records (EMR). Our agreements with our EMR vendors, and all other third-party service providers used in the operations of the Clinic, ensure that all personal health information remains in Canada and that our vendors comply with all relevant privacy laws and adhere to certain data protection standards.

For more information on our Clinic’s third-party service providers and how your personal health information is protected, contact us at privacy@well.company.

8. Links to third-party sites

Our Website may lead you to third-party websites, including websites advertising other products or services. Those organizations are separate and distinct from O’Regan and WELL and have their own separate privacy policies. We are not responsible in any way for how any third-party collects, uses or discloses your personal information, so it is important to familiarize yourself with the privacy policies of these websites before providing your personal information to them.

9. Direct marketing

You may sign up to receive marketing or promotional communications from WELL. Where you have expressly consented, we may use your personal information to inform you about us and products and services offered by O’Regan and/or WELL, including promotional offers and events.

If you no longer wish to receive marketing or promotional communications from us, you can opt-out at any time by:

• using the unsubscribe feature found in our emails and other electronic communications, or
• contacting us via email at marketing@well.company.
We remove your contact information from our marketing lists within 48 hours as soon as you unsubscribe.

10. Consent

O’Regan will obtain the patient’s consent to collect, use or disclose personal information (except where we are authorized to do so without consent). Consent can be provided orally, in writing, electronically, through an authorized representative, or it can be implied when the purpose for collecting, using or disclosing the personal information would be considered obvious. Consent may also be implied when a patient or physician is given notice and a reasonable opportunity to opt-out of his/her personal information being used but chooses not to opt-out.

11. Your rights

You also have the right to:

• rescind or withdraw your consent to the use or disclosure of personal information,
• request to access your personal information, including your personal health information,
• request us to restrict our use or disclosure of your personal information,
• object to our use or disclosure of your personal information,
• request that we edit, but not remove, certain information (like an e-mail address),
• request that we transfer to another organization the personal information you have provided us, and
• request us to delete the personal information we hold about you.

Contact us at privacy@well.company to exercise any of these rights. If you request access to your personal health information, we may refer your request to the relevant healthcare provider to comply with your request. We will respond within 30 days. If we cannot grant your request, for example if you make an access request and providing you access would disclose personal information about another person, we will give reasons.

We will address all requests with equal attention.

12. Contacting us

Accountability with respect to your personal information is important to O’Regan and WELL. In the event that you have any questions (including how personal information is managed by O’Regan), complaints or concerns about this Privacy Policy, or if you have reason to believe that we may have failed to adhere to it, please contact us by sending an email. Questions regarding your rights and responsibilities under this Privacy Policy can be directed to our privacy officer at privacy@well.company.

If after contacting us you are still not satisfied, you have the right to file a complaint with your local privacy authority.