TELUS health space® Account Privacy Statement
(Last updated: August 2011)
TELUS Health Solutions GP (thereafter referred to as “TELUS Health”) is committed to protecting your privacy. This privacy statement applies to the personal information (which includes personal health information) collected by TELUS Health through the TELUS health space Account. It does not apply to data collected through other online or offline TELUS Health sites, products, or services nor to data collected through Solutions (as defined below).
TELUS health space is an online storage system for your health information. It can store many different types of information, such as hospital and doctor visit records, medication, immunization records, lab results, data originating from health and fitness Devices (such as pedometers, blood glucose monitors, blood pressure monitors) and from Applications (such as chronic management applications, fitness training applications, weight loss applications, blood pressure applications) and much more. Devices and Applications are collectively referred to as Solutions. You can utilize components of TELUS health space directly to view and manage your health information, or you can use selected web sites and Devices that have been created by Application providers and Device manufacturers to work with TELUS health space. Several mechanisms enable you to control how your health information can be accessed, used and shared.
TELUS health space provides you the technology and services that enable you to collect, store, analyze and share your health related information online. It is a shared data platform that allows access by multiple Applications and Devices to work with your health data to improve health management and outcomes.
Accounts and Records
• A person using TELUS health space has an Account, identified by a set of credentials
• A Record contains information about an individual
• Accounts and records share a many-to-many relationship
• Information contained in a Record can be shared with third parties
In addition, you can choose to share specific information (or all information) contained in a Record for which you are a Custodian with:
· Third parties (such as friends and family)
· Healthcare providers
· Solutions (such as Solutions that add data to your Records, provide information to your healthcare provider, or use some of your health Records to provide information to you about managing your health)
When you create a Record, you are designated as a Custodian—this is the highest level of security access and gives you full control over the Record, including the ability to add and remove health information, view the complete history of changes to the record, share the record with other users and applications and to delete the Record. No other users or Solutions can access a newly created Record until you explicitly shares or grants access.
You may invite additional users to be Custodians and you may be invited by other users to be Custodian of their Record. Each Custodian can add and remove other Custodians and users who can view and modify the Record. Some of the information stored in the Records you manage may be highly sensitive, so you need to consider carefully with whom you choose to share the information. A Record may have multiple Custodians.
Collection of personal information
TELUS health space asks you to enter an identifier and password to sign in. TELUS health space currently accepts Windows Live ID.
When you sign in using Windows Live ID, TELUS health space refers to the e-mail address and password you use as your Windows Live ID. After you create your Windows Live ID, you can use the same credentials to sign in to many different TELUS Health sites and services (such as TELUS health space site), you may find that other TELUS Health sites and services automatically sign you in when you visit those sites and services.
The first time you sign in to TELUS health space, TELUS health space asks you to create an account. To create an account, you must provide personal information such as name, date of birth, e-mail address, postal code and country/region. TELUS health space may request other optional information, but TELUS health space will clearly indicate that such information is optional.
TELUS Health will use the e-mail address you provide when you create your account to send you an e-mail requesting that you validate your email address, to include in sharing invitations you send through TELUS health space and to send you TELUS health space notifications, such as e-mail notification that information is available to add to your account. As described in their own privacy statements, Solution providers may also use your e-mail address.
An account allows you to manage one or more health Records, such as the ones you create for yourself and your family members and those for which you were granted Custodian access. When creating a Record for a third party (family member or other) you must do so in respect of such individual’s privacy and obtain appropriate consent. You choose what information to put in those Records. Examples of the types of information you can store in a Record include:
· health history
· measurements such as blood glucose and blood pressure
· fitness-related activities such as aerobic sessions
· lab results
· discharge summaries from hospitalizations
A key value of the TELUS health space is the ability to share your health information with people and Solutions who can help you meet your health-related goals. For example, you can share health information from Records you control:
· to co-manage the health of a family member
· to use products and services that can improve or monitor your health
· to consult with your health care provider
· to provide fitness information to coaches and trainers
Once you have created your Account, you can access, upload and share health information by paying the applicable service fees for Solutions made available on TELUS health space. When you choose to use a third party Solution made available on TELUS health space, you acknowledge that we are acting as agent for the third party Solution Provider in providing such third party Solution to you and we are not a party to the end user agreement between you and the Solution Provider. When you purchase a Solution, we may collect credit card information for billing purposes.
Sharing Records with other TELUS health space users
You can share information in a TELUS health space Record, for which you are the Custodian, with another person by sending a Sharing Invitation e-mail through TELUS health space (when the TELUS health space Record being shared contains personal information of a third party (family member of other) you must do so in respect of such individual’s privacy and obtain appropriate consent). If such person accepts your Sharing Invitation and has or creates a TELUS health space account, you have given such person access to that information. You can specify how long such person has access (except for Custodian access) and whether he or she can modify the information in the Record. Some of the information stored in the Record managed by you may be highly sensitive, so you need to consider carefully with whom, and for how long, you choose to share the personal information.
When sharing information, you determine which level of access you grant, the options are:
ü No sharing of personal information with any third party
ü View-only access (time-limited access with ability to revoke at any time)
ü View-and-modify access (time-limited access with ability to revoke at any time)
ü Custodian access (no time limit but can be revoked at any time)
If you choose to make another user the Custodian of the Records, then both of you will have complete control over the Record. In fact, the second Custodian could remove the original user as a Custodian and deny them access to the Record. You should only grant custodial access to people they trust.
Custodian access is the highest level of access. A Custodian of a health Record can:
ü View and modify everything including: the Record profile, health information, sharing status (information about the people and Solutions who have sharing access to the Record)
ü View history of all changes to the Record (including deleted information)
ü View items marked as Personal
ü Mark items as Personal, or remove the Personal mark
ü Delete the Record from TELUS health space
ü Grant any level of sharing access including Custodian access
ü Remove all access for anyone including Custodians (even the Custodian who first granted them Custodian access)
When you grant someone non-Custodian access, that person can grant the same level of access to Solutions (for example, someone with view-only access can grant a Solution view-only access).
Sharing Records with Solutions through TELUS health space
Once you decide to join TELUS Health Space, you expressly decide which Solution (s) are to be used, which data types are to be shared with such chosen Solution(s) and which Record will be using such Solution(s). You can access Solutions listed at TELUShealthspace.com via links and/or, if available, through the Solution Provider’s web sites.
When you choose to use a Solution for the first time, you will be informed of (a) the type of information the Solution will access, and (b) what the Solution wants to do with the information (view, add, modify) as well as why it needs access to that information. You control what health information you allow Solutions to access and the length of time they can access the information. In addition, the Solution informs you, through a privacy statement, how it uses such information. Based on this, you must affirmatively authorize a Solution's access to any Record in your account. TELUS Health requires Solutions Providers to agree not to disclose your data without express consent or as required by applicable laws. You should carefully read the Solution's privacy statement before authorizing access. You can freely grant and revoke a Solution's access to the Records stored in TELUS health space. The access you grant a Solution through TELUS health space is valid until you revoke that access.
Service users with whom you have shared your Records can also give a Solution access to those Records. You can see a complete history of how Solutions have accessed the information in your Records by using the History of change feature in your TELUS health space account.
How TELUS health space uses your personal information
TELUS Health commits to use or disclose personal information collected through TELUS health space, including personal health information, exclusively to provide TELUS health space (which includes the billing, support, maintenance and incident resolution services) and as described in this privacy statement, unless expressly otherwise agreed to by you. Usage of the personal information (including personal health information) for the provision of TELUS health space includes that TELUS Health may use your personal information:
· to provide you with information about TELUS health space, including updates, notifications and sharing invitations
· to send you TELUS health space e-mail communication, if any.
· to determine your age and location to help determine whether you qualify for an account
TELUS Health occasionally hires other companies to provide services on it behalf, such as answering customer questions about products and services. TELUS Health gives those companies only the personal information they need to deliver the service. TELUS Health requires the companies to maintain the confidentiality of the personal information and prohibits them from using such information for any other purpose.
In addition, TELUS Health may use and/or disclose your personal information if TELUS Health believes such action is necessary to comply with applicable legislation or legal process served on TELUS Health.
Personal information collected on TELUS health space is stored and processed in Canada. Solution Providers will be asked by TELUS Health to store their information in Canada.
TELUS Health has processes and employees (i.e Head of Privacy and other resources) whose responsibility is to ensure the protection of your privacy and to notify you in the event that TELUS Health becomes aware of a breach affecting your personal information.
How TELUS Health uses aggregate information and statistics
TELUS Health may use aggregated information from TELUS health space to improve the quality of TELUS health space and for marketing of TELUS health space (for example, to tell potential customers how many TELUS health space users live in Canada, how many use a particular Solution). This aggregated information is not associated with any individual account and would not identify you. TELUS Health will not use or disclose your individual account and Record information from TELUS health space for marketing purposes without TELUS Health first asking for and receiving your express consent.
Account access and controls
You choose whether to create an account with TELUS health space. The required account information consists of a small amount of information such as your name, e-mail address, region, and TELUS health space credentials. TELUS health space may request other optional information, but clearly indicates that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your TELUS health space account and editing your account profile.
When you close your account (by signing into your TELUS health space account and editing your account profile), TELUS health space deletes all Records for which you are the sole Custodian. If you share Custodian access for a Record, you can decide whether to delete the Record from TELUS health space. TELUS health space waits 90 days before permanently deleting your account information in order to help avoid accidental or malicious removal of your health information.
Record access and controls
TELUS health space allows an account to contain multiple health Records. This feature enables, for example, family health managers to create and manage Records for family members.
When you create a Record and when you are granted Custodian access right to a Record, you become a Custodian of that Record, and you have direct access to the personal information entered into such Records. You can, at any time, modify, add, or delete that personal information directly when logged into your TELUS Health Space account. TELUS health space creates a fixed list of each access or change by Solutions and users, which TELUS health space keeps as a full history of the Record. You can view and update Records you are Custodian of and can examine the history of access and changes to those Records.
You can delete any health Record that you are a Custodian of by signing in to your TELUS health space account and editing a Record's profile. If other users had any level of access to that Record, the Record no longer appears in their accounts. TELUS health space deletes the Record from all users. TELUS health space waits 90 days before permanently deleting the Record information in order to help avoid accidental or malicious removal of your health information. With respect to the personal information that may be stored by Solution providers (for the Solution you have chosen to use), you have to refer to such Solution Provider’ privacy statement for its data deletion rules and limits.
Archiving health information
When a user with "View and modify" or Custodian access deletes a piece of health information, TELUS health space archives the information so that it is visible only to Record of Custodians. Solutions and other users with whom you have shared your information, but who are not Custodians of the Record, are not able to see archived health information.
Privacy Impact Assessment
TELUS Health has conducted a Privacy Impact Assessment of TELUS health space. The purpose of this Privacy Impact Assessment is to document and review the measures and controls implemented by TELUS Health for the protection of individual’s privacy and security when using TELUS health space. It is also intended to offer general guidance for privacy and security risk management for using and/or promoting TELUS health space, such as a Consumer and/or Solution provider. The Privacy Impact Assessment contains a privacy report card for TELUS health space organized around the ten privacy principles that are at the core of all Canadian data protection legislation. If you wish to have a copy of the Privacy Impact Assessment, please send a written request at firstname.lastname@example.org.
To keep you informed of the latest improvements, TELUS health space may send you e-mail communications. If you do not want to receive this information, you can uncheck the box that requests such information when you sign up for TELUS health space, uncheck the box in your account profile page at any time, or unsubscribe through a link at the bottom of the newsletter. If you later decide that you want to receive the newsletter, you can request it by checking the box on the account profile page.
Security of your personal information
TELUS Health is committed to protecting the security of your personal information. TELUS Health uses a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, and disclosure. For example, TELUS Health stores the personal information you provide on computer servers, with limited access, that are located in controlled facilities. TELUS Health uses encryption during transmission and storage of personal information.
One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a Web page, or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. Using cookies simplifies the process of delivering relevant content, eases site navigation, and so on. When you return to the Web site, you can retrieve the information you previously provided, so you can easily use the site's features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline some or all cookies if you prefer. If you choose to decline all cookies, you may not be able to use interactive features of this or other Web sites that depend on cookies.
Use of Web beacons
TELUShealthspace.com Web pages may contain electronic images known as Web beacons sometimes called single-pixel gifs that may be used:
· to assist in delivering cookies on TELUS Health sites
· to enable TELUS Health to count users who have visited those pages
· to deliver co-branded services
TELUS Health may include Web beacons in promotional e-mail messages or in its newsletters in order to determine whether you opened or acted upon those messages.
TELUS Health may also employ Web beacons from third parties to help it compile aggregated statistics and determine the effectiveness of its promotional campaigns. TELUS Health prohibits third parties from using Web beacons on TELUS Health sites to collect or access your personal information. TELUS Health may collect information about your visit to account TELUShealthspace.com, including the pages you view, the links you click, and other actions taken in connection with the Service. TELUS Health also collects certain standard, non-personally identifiable information that your browser sends to every Web site you visit, such as your IP address, browser type and language, access times, and referring Web site addresses.
Changes to this privacy statement
TELUS Health may occasionally update this privacy statement. In such event, TELUS health space will notify you either by placing a prominent notice on the home page of the TELUS health space Web site or by sending you a notification directly. TELUS Health encourages you to review this privacy statement periodically to stay informed about how TELUS health space helps you to protect the personal information collected. Your continued use of TELUS health space constitutes your agreement to this privacy statement and any updates. Please be aware that this privacy statement does not apply to personal information you may have provided to TELUS Health in the context of other, separately operated, TELUS Health products or services.
Contact information for privacy related questions and/or complaint
TELUS Health welcomes your comments regarding this privacy statement. You have the right submit a complaint to the applicable Privacy Office if you believe that TELUS Health has not adhered to this statement but, as recommended by the Office of the Privacy Commissioner of Canada, you are strongly encouraged to try first to settle the matter directly with us, please contact us at email@example.com. All questions and/or complaints will be treated as confidential.
TELUS Health Solutions GP, 1000 de Sérigny, Suite 600, Longueuil, PQ, Canada, J4K 5B1
© 2011 TELUS