Canadian Health Matters Canadian Health Matters Canadian Health Matters Canadian Health Matters Canadian Health Matters

Security Policy

SECURITY POLICY

Through its Health Tag (“Health Tag”) Emergency Health Registry (accessible at www.canadianhealthmatters.com) (the “Program”), 2272464 Ontario Inc., an Ontario corporation carrying on business as Canadian Health Matters (“CHM”), acts as an application service provider dedicated to providing secure online communication services to individuals and emergency medical services providers that are licensees of the Program (“EMS”) and other medical professionals that are licensees of the Program (collectively with the EMS, “Authorized Users”) for the transmission of secure personal health information, emergency contact information, insurance provider information, physician, prescription, and other medical information (“Subscriber Data”). References below to “we” and “us” refer to CHM, and references below to “you” and “your” refer, as applicable, to individuals accessing the invisiblebracelet.org website, to persons who register for and use the Program (“Subscriber” or “Subscribers”)  or to Emergency Medical Services Providers that are licensees of the Program (“EMS”) or other medical professionals that are licensees of the Program (collectively with EMS, the “Authorized Users”).

SECURITY POLICY

CHM employs a high degree of security consciousness. The environment at CHM currently encompasses the security tenants of the Personal Health Information Protection Act and the accompanying regulations (“PHIPA”). The overall priorities of CHM as an organization are to assure the security of information provided to CHM by Subscribers and be fully compliant with PHIPA, as it may be amended from time to time.  Please be advised that CHM is not subject to PHIPA regulations, but has a policy of adherence to such regulations as an indicator of its commitment to security and privacy of Subscriber Data. Access, integrity, availability, ownership, authorization, dependability, authentication, and confidentiality are all major considerations within CHM’s Security Policy.

CHM upholds its stringent Security Policy with the following security measures:

Audit Trail. CHM maintains an audit trail and log of accesses to information provided by you in connection with the Health Tag service.

Auto-Logoff. CHM protects you against accidentally leaving Subscriber Data active on a computer browser screen after a certain period of time.  CHM uses security controls in the Program that end your on-line “session” if you are logged in but have not actively used the service for a set period of time. This prevents others from accessing your account when you leave a session and forget to log out.  The period of time after which the session will automatically be logged off is determined in CHM’s sole discretion and is subject to change from time-to-time.  CHM is not responsible for the availability of Subscriber Data or Public Profile Data prior to the end of such session automatically for inactivity.

Business Partners. We require parties with whom we do business to agree to comply with PHIPA and other privacy and security laws.  We are not responsible, however, for ensuring that such parties maintain compliance with PHIPA or other application privacy and security laws on an ongoing basis.

Confidentiality. CHM has internal policies designed to keep your data private and confidential.  CHM will not share your data with any unauthorized party.

Data Security. The third party that owns and operates the servers at the data center at which your data is maintained takes all reasonable measures to secure your data. The data center is administratively, physically and technically secure. The servers are separated from the Internet by a firewall that prevents access by Internet traffic that fails to meet certain security criteria in an effort to block access by unauthorized parties and reduce Internet traffic from non-legitimate sources.

Digital Certificates. CHM uses a digital certificate to authenticate its validity. This gives you the confidence that you are connected to a website operated by CHM, and authenticated as such.

Encryption. All communication between you and the third-party server used by CHM is secured by using TLS/SSL, which uses up to 256-bit encryption depending upon the Internet browser in use.

Login ID and Password. Access to your Subscriber Data and Public Profile Data through your account (“Health Tag Account”)is controlled by a login ID and a password, which you chose. Strict login ID and password rules are designed to eliminate unauthorized users from gaining access to your Health Tag Account. You are responsible for maintaining the secrecy of your login ID and password.

Access to Subscriber Data. Authorized Users are granted  access to your Subscriber Data and do not have the ability to alter or modify your Subscriber Data.  Authorized Users may, however, in providing medical services to you, transfer your Subscriber Data, or portions thereof, to other Authorized Users or medical professionals, such that the Subscriber Data becomes part of their records.  CHM is not responsible for the means by which or accuracy with which such Subscriber Data is transferred.

Sensitive Information. You should follow the Authorized User’s policy on communicating sensitive information when dealing with personnel of the EMS Provider.