Statement of Information Practices – Platform
The sharing of personal health information (PHI) is a core element of aTouchAway, a patient remote monitoring solution that provides support to a patient and their authorized caregivers when receiving remote care and communicating with healthcare providers who are on the patient’s care team.
As the provider of aTouchAway, Aetonix may use your personal health information when supporting its clients, who are healthcare providers through the provision of the following services:
- Enabling health care providers to use the telemedicine components of the system to facilitate care provided to the patient;
- Safeguarding the PHI stored, processed and managed in the system;
- Limiting use of PHI to only the purposes identified by Aetonix’s clients in agreements and ensuring that staff only access the least amount of PHI required to meet the identified purpose;
- Logging and reviewing events and activities such as access to PHI;
- Maintaining an enterprise-wide privacy program to support Aetonix’s compliance with the requirements of PHIPA and its regulations as well as our agreements with health care providers. We follow recognized standards in privacy, security and information management to safeguard your PHI more broadly. Below is a summary of our privacy program and practices for PHI.
Aetonix will never disclose the PHI or personal information of its clients’ users, such as patients or their caregivers, except as instructed by its healthcare provider clients or where required by law.
Accountability for Privacy
Aetonix’s Chief Privacy Officer is accountable for ensuring that Aetonix complies with its privacy obligations as a HINP to health care providers and any other privacy obligations identified in agreements with its clients and in its organizational privacy policies.
Aetonix Privacy Program
Aetonix has developed and implemented an enterprise-wide privacy program through which it has defined and meets its privacy obligations.
The foundation of this program is Aetonix’s Privacy and Data Protection Policy, which defines how Aetonix, as a service provider to health care providers, protects the privacy of people whose PHI is in the system that Aetonix manages and provides to health care providers.
- Privacy and information management procedures to ensure that Aetonix staff, contractors and third-party vendors appropriately limit their access to and use and retention of your PHI for the purposes of providing and managing the system and services;
- Privacy training and awareness for all new employees, with refresher privacy training provided annually;
- Processes for identification and management of privacy risks; and
- Privacy review activities to confirm that Aetonix complies with its privacy requirements, including Privacy Impact Assessments and Threat Risk Assessments of the services.
Getting your consent to collect, use, and disclose your PHI is the responsibility of the health care provider that captures, accesses, and shares your PHI in the system.
If you want to withdraw your consent for your PHI to be accessed or shared, you must contact the health care provider that provided you with care or placed your PHI in the shared system.
Aetonix has implemented information security safeguards to protect your PHI in the shared system from unauthorized collection, use, disclosure, and retention. Key safeguards include, but are not limited to:
- Access controls on the shared system and other repositories of PHI (electronic and hard copy) to ensure that access to your PHI by staff, contractors and third-party vendors has been appropriately limited;
- Data protection measures, including protection (e.g., encryption) of your PHI when transmitted between health care providers and when stored in the shared system; and
- Network protections, including firewalls, intrusion detection and prevention measures, and anti-malware protections.
Your Privacy Rights
You must contact the healthcare provider that provides you with the health care that is documented in this system for the following privacy matters:
- Request a copy of your PHI in the system;
- Request information about how health care providers have been accessing and using your PHI in the system;
- Request a correction to your PHI in the shared system; and
- Make a privacy inquiry or complaint about how the health care providers are managing and ensuring the privacy of your PHI in the shared system.
If you contact Aetonix regarding any of the above, we will redirect your request to the health care provider(s) that placed your PHI in the system.
Contacting the Privacy Officer
If you have a general inquiry or complaint about the service that Aetonix provides to health care providers or our privacy and security program, contact the Aetonix Privacy Officer:
1 855 561-4591
or by mail:
725 Baransway Drive (formerly Third St.)
London, Ontario N5V 5G4
You can also contact Information and Privacy Commissioner of Ontario at (416) 326-3333 for privacy inquiry or complaint. See more information at: https://www.ipc.on.ca/