Introduction
This Privacy Policy explains how Calian’s health solutions collect, use, and disclose your personal information (PI) and personal health information (PHI) through the use of our products or services by a healthcare provider or a research organization (also referred to as “customer”, “health information custodian”). This policy should be read in conjunction with Calian’s Privacy Policy. We are committed to protecting the privacy and security of your information and complying with all applicable laws and regulations including, but are not limited to, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and/or other applicable national/federal or state/provincial privacy legislation.
Scope
This notice applies to the following health solutions, which will be referred to collectively as “Calian Health”:
- Patient support program (PSP) design and delivery
- Contract research organization (CRO) services
- Therapeutic expertise
- Healthcare system integration
- Healthcare enterprise resource management
- Healthcare property management
- Psychological services
Accountability
When your healthcare provider or research organization collects your PHI through the use of Calian’s health products or services, the provider or research organization is the health information custodian and is accountable for the privacy and security of the PHI. In this setting, Calian is an agent or an electronic service provider for the healthcare provider or research organization and is only responsible for:
- Supporting them in meeting their privacy obligations as necessary and related to their services, and
- Notifying them of a breach of privacy and/or security without undue delay and assisting the customer in responding to the breach, as needed.
Information collection
Calian Health does not collect any PHI. Your healthcare provider or research organization retains sole control over your PHI and determines:
- What PHI to collect for what purposes
- How they will use PHI
- Who has access to PHI
- How long they will store and retain the PHI
- How to dispose of the PHI
Your healthcare provider is responsible for complying with applicable privacy laws and regulations governing the use of PHI, and for determining the legal basis for such use.
Information use and disclosure
We do not collect, use, or disclose any PHI. However, we may collect other types of information while providing services and may share the information with the following parties:
- Your healthcare provider: to support necessary services, such as fixing or updating the software or solutions as requested by the provider.
- Third-party service providers: to improve the quality or functionality of our products and services. We will use de-identified or aggregate data for this purpose.
- Government authorities: to comply with a court order or to report a public health incident.
Information retention and disposal
As health information custodians, your healthcare provider is solely accountable for establishing retention requirements for PHI.
Your rights
You have the right to access, correct or update your PHI/PI. Please contact your healthcare provider for any requests for access or correction of your PHI/PI.
Security
We have implemented security measures to protect your PHI from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Secure data storage and transmission protocols
- User authentication and authorization controls
- Regular security audits and assessments
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
Contact us
If you have any questions about this Privacy Policy, please contact us at:
ATTN: Privacy Officer
770 Palladium Drive, Ottawa, Ontario K2V 1C8
Toll Free 1.877.225.4264
Email: [email protected]
