Introduction
TCS Healthcare ("we," "us," or "our") is committed to protecting the privacy and security of your personal information, including personal health information. This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of your information.
We operate in accordance with the Personal Health Information Protection Act, 2004 (PHIPA) of Ontario and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada. We maintain the highest standards of confidentiality and security to ensure your information is protected.
By using our services, you acknowledge that you have read and understood this Privacy Policy. If you have any questions or concerns, please contact our Privacy Officer using the information provided at the end of this document.
Information We Collect
We collect various types of information necessary to provide you with quality healthcare services. The types of information we collect depend on your relationship with us and the services you receive.
Personal Identification
- Full name and preferred name
- Date of birth
- Contact information (address, phone, email)
- Government identification numbers (for verification)
- Emergency contact details
Health Information
- Medical history and diagnoses
- Medication lists and allergies
- Treatment plans and care notes
- Vital signs and health assessments
- Physician and specialist information
Payment Information
- Billing address
- Credit card or banking details (processed securely)
- Insurance policy information
- Payment history
- Third-party payer details
Usage Data
- Platform access logs
- Feature usage patterns
- Device and browser information
- IP addresses
- Communication preferences
How We Use Your Information
We use your information only for legitimate purposes related to your care and our operations.
Providing Care Services
To coordinate and deliver personalized healthcare services, including scheduling caregivers, creating care plans, and ensuring continuity of care.
Communication
To contact you regarding your care, send appointment reminders, provide health updates to authorized family members, and respond to inquiries.
Billing and Payments
To process payments, submit insurance claims, manage accounts, and provide financial records as required.
Legal Compliance
To comply with healthcare regulations, respond to lawful requests, maintain required records, and report as mandated by law.
Quality Improvement
To analyze service delivery, improve care outcomes, conduct satisfaction surveys, and enhance our platform and services.
Safety and Security
To protect against fraud, ensure platform security, verify identities, and maintain safe environments for clients and caregivers.
PHIPA Compliance (Ontario)
The Personal Health Information Protection Act, 2004 (PHIPA) governs the collection, use, and disclosure of personal health information by health information custodians in Ontario.
Under PHIPA, "personal health information" includes information about your physical or mental health, the provision of healthcare to you, your healthcare provider, and payments or eligibility for healthcare services.
Your Rights Under PHIPA
Right to Access
You have the right to access your personal health information held by TCS Healthcare upon written request.
Right to Correction
You may request correction of any inaccurate or incomplete personal health information in your records.
Right to Consent
We collect, use, and disclose your health information only with your informed consent, except where permitted by law.
Right to Complaint
You may file a complaint with the Information and Privacy Commissioner of Ontario if you believe your rights have been violated.
PIPEDA Compliance (Canada)
PIPEDA establishes 10 fair information principles that form the ground rules for the collection, use, and disclosure of personal information.
The 10 Fair Information Principles
Accountability
We are responsible for personal information under our control.
Identifying Purposes
We identify the purposes for collecting information at or before collection.
Consent
We require your knowledge and consent for collection, use, or disclosure.
Limiting Collection
We collect only information necessary for identified purposes.
Limiting Use, Disclosure, and Retention
We use information only for stated purposes and retain it only as needed.
Accuracy
We keep personal information accurate, complete, and up-to-date.
Safeguards
We protect information with appropriate security measures.
Openness
We make our policies readily available to you.
Individual Access
You may access your information and challenge its accuracy.
Challenging Compliance
You may address compliance concerns with our Privacy Officer.
Data Security
We implement comprehensive administrative, technical, and physical safeguards to protect your information.
Encryption Standards
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Access Controls
Role-based access ensures only authorized personnel can access specific information.
Staff Training
All employees complete mandatory privacy and security training with annual refreshers.
Audit Logging
Comprehensive audit trails record all access to personal health information.
Incident Response
We maintain a comprehensive incident response plan for privacy breaches.
Physical Security
Our facilities employ access controls, surveillance, and secure document handling.
Your Rights
You have significant rights regarding your personal and health information.
Access Your Information
Request a copy of the personal and health information we hold about you within 30 days.
Request Corrections
If you believe any information is inaccurate or incomplete, you may request corrections.
Withdraw Consent
You may withdraw consent for certain uses of your information, subject to legal restrictions.
Restrict Processing
In certain circumstances, you may request that we limit how we use your information.
Data Portability
You may request your information in a commonly used, machine-readable format.
File a Complaint
You have the right to file a complaint with the Privacy Commissioner of Ontario or Canada.
Data Retention
We retain your personal and health information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Retention Periods:
- Health Records: Minimum 10 years from last service date
- Financial Records: 7 years as required by tax regulations
- Employment Records: 7 years after employment ends
- Platform Usage Data: 2 years
Third-Party Sharing
We do not sell or rent your personal information. We may share information with third parties only as described below.
Healthcare Providers
Physicians, specialists, hospitals, and other healthcare professionals involved in your care.
Insurance Companies
To process claims and verify coverage, with your authorization.
Government Agencies
When required by law, for public health reporting, or regulatory compliance.
Service Providers
Technology and service providers who assist our operations, bound by confidentiality agreements.
Important Notice
We will never share your personal health information without your consent except where required or permitted by law, such as for mandatory public health reporting or in emergency situations.
Mobile Information & SMS Communications
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
This Privacy Policy was last updated on January 15, 2024. We may update this policy from time to time.