Cortico Author

Cortico Health
27 Jul, 2021

Privacy Policy

An HTML Version of our Privacy Policy

jason-dent-JFk0dVyvdvw-unsplash(1).jpg

Cortico Health Technologies Inc. - Privacy Policy
Last Updated: March 24, 2021

  1. OVERVIEW
    Cortico Health Technologies Inc. having an address at Suite at 230 - 5081 Victoria Drive, Vancouver BC, V5P 3T9 (“Cortico”, “we” or “us”) is committed to protecting and respecting the privacy rights of its visitors and users (“you” or “Patients”). The Cortico Privacy Policy (“Privacy Policy”), as amended from time to time, applies to your access and use of our website (“Website”) as well as Cortico’s online patient engagement platform and booking service (together, the “Programs”) offered to you by us.
    Our Privacy Policy explains how we collect, store and use information collected from you in connection with your access and use of the Programs.
    By accepting this Privacy Policy you expressly consent to our use and disclosure of information you provide to us in the manner described in this Privacy Policy.

Due to the nature of Cortico’s Programs and Cortico’s information collection and information management practices Cortico’s Programs comply with all applicable privacy laws and regulations of Canada and the US.

This Privacy Policy is incorporated into and subject to the terms of any other agreement between you and Cortico with respect to Programs offered to you by Cortico.

This Privacy Policy will take effect on March 24, 2021.

  1. INFORMATION WE COLLECT & HOW WE USE IT
    In this section of the Privacy Policy, we will describe the type of personal and non-personal information that may be collected and how that information may be used or disclosed.
    Generally the Cortico application is a front-end user interface application (“Program”) provided via Web and electronic device that collects PHI but never stores it. The PHI is forwarded via Cortico to an electronic medical records software application (“EMR”) that then processes such information to handle scheduling, appointments, reminders, alerts, changes and other functions associated with patient booking. The EMR stores and administers your PHI and account information. The Program can also pull information from EMR and display it on a user interface for you to view but without storing that information on the Program.
    Due to the nature of the Program such PHI can never be accessed by Cortico personnel whether it is inputted on the Program user interface or viewed via that user interface.
    The type of information Cortico collects or displays (but never stores) and then sends to EMR is referred to as PHI and is as follows:
  • Personal Health Number
  • Date of birth
  • Email
  • Sex (as stated on patient care card)
  • Allergies
  • Phone number
  • Address
  • Emergency contact information.
  • Reason for visit

Because Cortico never stores or displays PHI such PHI is governed by privacy principles established by the EMR provider. Contact the EMR provider for information about PHI.

2.1 PHI vs PII

For the purposes of this Policy, the term PHI reflects a particular jurisdiction’s definition of “personal health information”, “protected health information” or “health information” as set out in their respective privacy laws and regulations. PHI includes information relating to you, your physical or mental health, as well as your health history, to the degree that it can be directly related to you and the information specifically set out in section 1 above. PHI is never collected by Cortico and is protected by the EMR Provider.
For the purposes of this Policy, “PII” or “Personal Information”) means personally identifiable information as set out in a particular jurisdiction’s definition of information relating to a particular person. To clarify any data that has been collected in which all personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered Personal Information or PHI. PII is collected by Cortico and protected at a certain level. It includes information that specifically identifies you as an individual and is the items listed below.

2.1.1 Contacting Us
When you choose to contact Cortico using the Programs’ functionality, we may collect, store and use the PII that you provide to us, such as your name, email address and other information you choose to provide in the content of your message, so we can respond to your inquiry. We will also retain all related correspondence from us to you and all related records. We retain these records in order to measure and improve our customer service, or as required to comply with applicable law and/or regulation

2.1.2 Other Purposes
Additionally, Cortico may collect, store, and use PII to solicit your feedback or to help improve the Programs and other Cortico products, advise you about new products, notify you about changes to the Programs or other Cortico products, and communicate with you for other commonly accepted purposes. You may opt-out of emails that you receive from us at any time.

2.1.3 Surveys
We may offer optional questionnaires and surveys to you for the purposes of assessing Programs quality. If you give us permission, we may contact you for a follow-up in connection with survey results.

2.2 Non-PII
We may also collect, use and disclose non-PII that does not directly identify you as follows:

2.2.1 Aggregated Data
Cortico may collect, use and disclose de-personalized information generated from the Programs for the purposes of statistical and demographic research, analysis, reporting and to further develop the Programs and ancillary services. “Aggregated Data” means data Cortico collects about your use of the Programs, including Progress Reports, that has been aggregated and de-personalized. All Aggregated Data is and will be, as between us and you, the property of Cortico and not considered to be PII.

2.2.2 Cookies
When you access or use the Programs, we may use “cookies” to track what you view and interact with on the Programs. Cortico treats information collected by cookies and similar technologies as non-PII. A “cookie” is a small bit of record-keeping information that is sent to your computer. The cookies that Cortico uses do not include PII and may be used to: (1) help you navigate around the Programs, (2) monitor how many people are using the Programs, and (3) track trends. This cookie is anonymized and deleted soon after creation.

2.2.3 Server Logs
Cortico’ servers may log non-PII about your use of the Programs, such as: (1) your search activity, pages viewed, the date and time of activity; and (2) any information provided by your computer or mobile device in connection with your use of the Programs, such as your browser type, browser language, IP address, mobile carrier, unique device identifier, location, and requested and referring URLs.

2.2.4 Trusted Partners and Sponsored Companies and Organizations
We may use and disclose to our affiliated companies, contractors, trusted partners or persons collected non-PII for the purpose of reporting aggregate and de-personalized Progress Reports, auditing, researching and analyzing usage of the Programs, ensuring the technical functionality of the Programs and further developing the Programs and other Cortico products.

2.2.5 Site Traffic Information
Due to the technical nature of web-browsing, when you visit our Website or use obtain Programs from us, we obtain the following information:

  • the web address of the website that you came from or are going to;
  • which pages of our Website and features of our Programs you visit or use;
  • the type of browser you use;
  • the times you access our Website or use our Programs;
  • the type of device you use to access our Website or use our Programs;
  • the content of any undeleted cookies that your browser previously accepted from us or delivered to your device via use of our Programs;
  • technical information, including the address used to connect your device to the Internet, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address);
  • information about your visit, including Programs response times, interaction information (such as button presses) and functionality accessed.

We may use standard Internet technology, such as web beacons and other similar technologies, to track your use of our Website or use of our Programs. We may allow third-parties, including our authorized service providers, to access usage information regarding how you use our Programs or our Website. We use all this collected information only to try to understand your preferences better and to manage the load on our servers, so as to improve our service, analyze trends, optimize Programs performance, administer the Website, improve Website performance, and gather broad demographic information for aggregate use. Finally, usage activity information is required to meet legal and regulatory requirements in order to ensure compliance with certain laws requiring medical-related applications to achieve certain performance standards. We do not track the websites that you visit before or after you leave our Website

  1. DISCLOSURE OF PII

3.1 Need-to-know disclosure

Only those who “need to know” have access to PII. This includes relevant quality control personnel, Cortico developers, and technical support. All PII is stored indefinitely on an encrypted server. All data is backed up daily and a copy is stored securely off-site.

Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to, for example, troubleshoot bugs within the Website and/or Programs, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our Website and/or Programs so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.

We limit access to all PII about you to those employees and agents who need to know the information to provide products and services to you.

Cortico will not disclose your PII to anyone other than to our employees and those third parties that require such information in order to provide us those services that help administer our business. We will require that these parties agree to process such PII based on our instructions and in compliance with this Privacy Policy, any applicable law, and any other appropriate confidentiality and security measures.

3.2 Other disclosure
We will not disclose any of your PII to third parties except in the limited circumstances described below, or with your express permission. These third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information is disclosed. We disclose information appropriate to the circumstances as determined in our sole unfettered discretion.

We disclose information in response to a subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process whether criminal or civil, including subpoenas from private parties in a civil action.
If we merge or are acquired by another company then the successor company would have access to your information but would continue to be bound by this Privacy Policy.
We may use a third party communication company to communicate with you. We will require such third party to only use your contact information for the purpose of our communications with you and will also require such third party to delete such contact information from their records following the termination of their retainer by Cortico.
We may share your PII with our authorized service providers that perform certain services on our behalf. These services may include hosting, performing business and sales analysis, supporting our Website and/or Programs functionality, and supporting features offered through our Website and/or Programs. These service providers may have access to PII needed to perform their functions but are not permitted to share or use such information for any other purposes.
We disclose information that we are required by applicable law to disclose to applicable parties including, without limitation, law enforcement authorities, regulators or auditors.

  1. CHOICES FOR PII
    If Cortico proposes to collect, use or disclose PII for any purpose other than those described in this Privacy Policy, we will obtain your consent or offer you an effective way to opt out of the use of PII for those other purposes. You may choose to withdraw your consent to the collection, use or disclosure of your PII as outlined in this Privacy Policy at any time. If you withdraw consent, then Cortico may no longer be able to provide you with full or any access to the Programs. Users are also given the opportunity to “opt-out” of having their PII used for specific purposes. Withdrawals of consent will not have an effect on personal or other data that Cortico has used or disclosed in accordance with this Privacy Policy prior to such withdrawals.

  2. DATA STORAGE
    Unless otherwise permitted by applicable law, your PII will be stored and maintained on servers and databases located in Canada and is subject to regulation under the laws of Canada.
    We retain all records related to messages sent or received via Cortico.
    Once you terminate your relationship with the medical facility providing the Cortico Programs to you, subject to applicable laws requiring us to retain records, Cortico will delete any information you have provided to Cortico, including, without limitation, any PII. Depending on legal or regulatory requirements (which may require us to retain records for an indefinite period) we may retain PII you provided to us.
    You can see what PII of yours is deleted and PII we continue to store by request to [email protected]

  3. ACCESSING YOUR INFORMATION AND EXPORTING IT
    You have the ability to review and update your PII by contacting us by sending an email to [email protected]. While very little PII pertaining to you is retained by Cortico you can export a copy of any PII specific to you by also contacting us.

  4. INFORMATION SECURITY MEASURES
    7,1 Information and data security is of paramount importance at Cortico. Cortico is committed to handling all of your information with applicable industry-standard information security practices. Cortico follows these basic principles with respect to data security and data ownership:

You own your private data, not us.
You can request deletion of your PII (which would mainly be cookies and/or any emails you send to Cortico) from Cortico when you want.
You can request access to the PII Cortico holds about you.
You can ask us to rectify or erase PII we hold about you subject only to regulatory record-keeping requirements that may be imposed by governments on us to store PII or personal health data for prescribed periods of time.
We restrict access to your PII to employees who need to know that information in order to provide products or services to you.
We maintain other physical, electronic and procedural safeguards that comply with applicable laws to guard your PII.
We use what we believe to be “best-of-class” hosting services and security technologies and services that we believe provide you with a secure and safe environment.
We encrypt data transmitted to and from the Website and/or Programs.

7.2 Your responsibilities
The security of the Cortico Programs also relies on your protection of any credentials you use to access Programs. You may not share your secure appointment links with anyone. Cortico will never ask you to send your credentials or other sensitive information to us in an email, though we may ask you to enter this type of information on the Cortico websites, at the following URLs: www.cortico.ca, *.cortico.ca or any of our other sites.

Any email or other communication requesting your credentials, asking you to provide sensitive account information via email, or linking to a website with a URL other than those specified within this document should be treated as unauthorized and suspicious and should be reported to Cortico immediately. If you do share your access credentials with a third party for any reason, you may be responsible for actions taken using your access credentials. If you believe someone else has obtained access to your access credentials, please contact us right away.
The security of the Cortico Programs relies on your device being secure, and not compromised. It is up to you to safeguard your device’s security. by:
Untrusted browser extensions.
Leaving the Coritco program open on a public device.
Using unsecured/public WiFi connections.

  1. ACCURACY AND ACCESS/CONTROL OVER PII
    You can review the PII you provided us and make changes to some information at any time by contacting us.

If Cortico is satisfied on reasonable grounds that your request to update or correct your information should be implemented, we will correct your PII. We may retain an archived copy of your records as required or authorized by applicable law.

  1. CHANGES TO THIS POLICY
    Cortico reserves the right to modify this Privacy Policy at any time. We may provide you with notice of such modifications, by sending you an e-mail message or otherwise bringing it to your attention in the Programs. Your continued use of the Programs will signify your acceptance of the modifications to this Policy.
    Any changes to the Privacy Policy will be effective immediately. If you do not agree to such changes then please contact us and we will not use your information in the new manner. We will only use information in the accordance with the privacy policy under which your information was collected and to which you agreed.

  2. CONTACT INFORMATION
    Should you have any questions relating to this Privacy Policy, please send correspondence to [email protected]
    .

See how Cortico saves you time.

Book a 30-minute demo with our team to learn how Cortico can transform your medical practice.

Install Plugin
Install EMR plug-in Send messages & files in your EMR