Service Privacy Policy

Oncology Simplified Inc. – Introduction and Privacy Policy Last Modified – July 2024

This policy describes the information practices of Oncology Simplified Inc. (“Oncology Simplified”, “we”, “us”, “our”) including the purposes for which we collect, use and disclose personal health information.

Who We Are and Why We Created Oncology Simplified.

We are a Canadian Company headquartered in Southwestern Ontario, founded in response to requests for assistance from individuals struggling to understand or manage their cancer related testing and treatment needs. The founders worked with experts specializing in different types of cancers to design and implement services to fill gaps in oncology related services currently available in the healthcare system. Oncology Simplified delivers its services (“Services”) through consultations with registered nurses, nurse practitioners, registered dieticians and pharmacists licensed to practice in Ontario (“Healthcare Providers” or “HCPs”) through electronic means (“Consultations”), as described below in the Section “Online Delivery of Services”. As of the date posted above, Oncology Simplified only offers Services in Ontario.

HCP Accountability

Oncology Simplified recruits HCPs with expertise in oncology and verifies that they are in good standing with their regulatory body. HCPs are independent contractors to Oncology Simplified and are responsible to Oncology Simplified clients (“Clients”) for the care that they provide. Clients have a health professional/patient relationship with the HCPs from whom they receive Services. Oncology Simplified designs the Services, and provides administrative functions, including registering Clients and billing. To facilitate access, even where an HCP ceases to provide Services, we are the custodian of Client records including records of personal health information created or compiled by HCPs (“Records”). As such, Oncology Simplified is responsible for maintaining Records in compliance with applicable privacy law.

Services

Our Services are supportive cancer care services, tailored to a Client’s needs and clinical history. It is important to understand that they supplement and support but do not replace the healthcare services available or being provided to Clients through their family physician, oncologist or other providers. We offer three types of supportive services: everyday cancer services (“ECS”) via phone, video or chat functions, advanced cancer services (“ACS”) via phone or video, and caregiver emotional support services (“CES”) via phone or video. We include an overview below, but encourage you to read the full description of each of the Services on our website: Oncology Simplified | Personalized Cancer Services

  • ECS assist Clients to: parse and understand information about cancer related investigations, nutrition, treatment and options; understand what to expect and otherwise prepare for treatments, procedures, and potential side effects; and manage the emotional impact of a cancer diagnosis and treatment.
  • ACS includes side effect management (through Consultations with pharmacists and/or nurse practitioners) and advice on cancer testing options (through Consultations with nurse practitioners). ACS may involve an assessment by an HCP and the HCP authorizing tests, prescribing medications or making referrals for additional support.
  • CES provides emotional assistance and resources for individuals caring for loved ones battling cancer.

Eligibility Criteria:

You (Client) represent and warrant (promise) to Oncology Simplified and acknowledge that Oncology Simplified is relying on your representations and warranties that:

  • ECS & ACS. To receive ECS and ACS, individuals must be at least 18 years old and undergoing investigations for a potential cancer diagnosis or have recently received a cancer diagnosis. To facilitate the implementation of HCP recommendations, we prefer that Clients be under the care of a family physician, nurse practitioner or oncologist when receiving Services. This is particularly important for Clients receiving ACS and for continuity of care for Clients who need to be monitored for an extended period of time.
  • CES. To receive CES, individuals must be at least 18 years old and either directly caring for loved ones battling cancer or closely associated with someone who is battling cancer.
  • Online Delivery of Services. We provide our Services through the Telus Collaborative Health Record System (“CHR” and the “System”), which you can read about at: TELUS Collaborative Health Record | TELUS Health. CHR includes an electronic health record (“EMR”) for our use and that of the HCPs, and a personal health record (“PHR”) and patient portal (“CHR Connect”) for Client use. Clients access the Services through CHR Connect, which allows them to: book and manage Consultations, receive reminders of Consultations and related information, receive and reply to encrypted messages from HCPs, complete pre-Consultation questionnaires (including on their mobile device), meet their HCP by video, phone or chat, receive relevant health information, pay for the Services and download invoices for any private insurance they carry. In addition to CHR Connect, Consultations may be booked online through our CHR e-booking site www.oncologysimplified.inputhealth.com or by clicking “Book Now” on our website www.oncologysimplified.com. We do not collect personal information or personal health information (“PHI”) through our website, but rather through the System, a secured information management system (see the Section below on “Collection of Client Data”). To access any of the Services, Clients must accept the privacy policy and terms of use applicable to Telus CHR Connect posted at TELUS CHR- Privacy and Consent and TELUS CHR Connect - Terms of use . Clients can further facilitate access to the Services by downloading the CHR Connect App by clicking on CHR Connect App Download CHR Connect App | TELUS Health.
  • Opening an Account. Clients may open account with us by downloading the CHR Connect App, registering their profile and selecting Oncology Simplified as their clinic. Alternatively, Clients may open an account by visiting our website and clicking “Book Now” under any relevant Service, which will redirect the Client to the Oncology Simplified dedicated CHR e-booking portal. Clients may also access the booking portal and Service directory through www.oncologysimplified.inputhealth.com.
  • Telus and Client Data. As described above, Oncology Simplified uses the System to manage and backup Client personal information and PHI (together, “Client Data”). The System uses reasonable physical, organizational and technical measures to keep your data safe and secure. However, it’s important to note that Oncology Simplified has no control over how Telus maintains or manages their CHR system. TELUS will only use the Client Data for the provision of the Solution to Oncology Simplified, otherwise TELUS is strictly prohibited from selling or providing any Client Data to third parties. This is why it is essential that you review and are prepared to accept the CHR Patient privacy and Consent and CHR Connect Terms of Use before registering to be a Client.

Our Privacy Practices

Collection/Use of Client Data

Oncology Simplified collects and uses Client Data for the purpose of delivering, and to the extent necessary to deliver the Services and to comply with legal requirements. We do not record the audio or video portions of consultations with HCPs. Medical Office Administrators (Personal Health Information Privacy Agent of Oncology Simplified) may support the intake of personal information or PHI necessary to tailor your call with HCPs. However, HCPs are responsible for creating and compiling records of the Services they provide, which records will be maintained by Oncology Simplified in Canada. HCPs will have access to Records through the TELUS CHR system.

The Client Data that we collect or create may include some or all of the following:

  • Client name, address, phone number, healthcare card number, the name and contact information for the Patient’s family physician, oncologist, emergency contact, and where applicable, substitute decision-maker;
  • Client health and medical history (which may include family health and medical history);
  • name of the Client’s HCP(s);
  • clinical notes;
  • records of examinations carried out by the Client’s HCP(s);
  • results of laboratory, pathology, consultations, diagnostic imaging examinations or tests and investigative procedures;
  • diagnoses, care and treatment information;
  • photos that Clients upload for use by their HCP(s);
  • requisitions for treatment or investigation;
  • consent to treatment; and
  • record of missed and/or canceled Consultations.

Disclosure of Client Data

If you provide us with a list of your care team members, such as your family doctor or oncologist, or your substitute decision maker, we will understand that you are authorizing us to disclose information including PHI in your Records to them. Notwithstanding this authorization, it is your responsibility to keep your care team members updated about the Services you are receiving. We do not guarantee that we will provide information in your Record to any member of your care team. In some cases, we may have to disclose your PHI to comply with the law, such as if we receive a subpoena or court order. We might also need to disclose your PHI to advance our legal rights, defend against legal claims, and deal with illegal activities such as fraud or threats to Client or third-party safety or reputation.

Third Party Service Providers

We use third-party software and service providers for a variety of services, such as technical, operational, and marketing services. For example, our credit card processing is provided through a third-party service provider. We require our third-party service providers to limit their use of Client Data to that which is necessary for their services and to have appropriate security measures in place to protect Client Data from unauthorized access, use and disclosure. Some of our third-party services operate from outside of Canada, which means that Client Data to which they have access to provide their services to us will be subject to laws other than the laws of Ontario or Canada and may be available to foreign governments and authorities under the operation of those laws or orders made under those laws. Additional information about our third-party service providers is available through links in Appendix 1 to this policy.

Access and Correction of Client Data

Clients may update or otherwise correct the Client Data that they provided at any time, but not Client Data that an HCP has created or compiled.

Clients can access their Record by sending a request to info@oncologysimplified.com or by calling us at 1-437-500-5000. Subject to our discretion under the law to withhold PHI, we will provide the Record through a secure message via CHR Connect. The security of any copy of a Record that a Client downloads is the Client’s responsibility. After six months of account inactivity, we will archive Client Records and close the related Client account. We will retain archived Records as required by applicable regulations which is generally set as ten years and during that timeframe, Clients can request their archived Records by sending a request to info@oncologysimplified.com or by calling us at 1-437-500-5000. Clients may name individuals (substitute decision maker) who may request their Records if for any reason, they are unable to do so. If no individual is named as substitute decision maker, we may not be legally authorized to release the Records to the requestor.

Security Measures

We prohibit our personnel (“Personnel,” which includes our employees, independent contractors and HCPs) from accessing Client Data except as necessary for the provision of their services. We require Personnel to complete privacy and security training and to commit to complying with our policies, procedures and applicable privacy law.

Oncology Simplified has implemented security measures to protect Client Data including but not limited to the following:

  • requiring Personnel to log into the Records using two factor authentication;
  • proactively scanning for threats and vulnerabilities through end point detection and response;
  • setting password expiry intervals and changing passwords regularly
  • monitoring access logs;
  • controlling access to Client Records through permission settings;
  • sending messages to Clients only through CHR Connect; and
  • prohibiting HCP from using SMS or email accounts to disclose Client PHI to another health professional for a consultation.

Notwithstanding the safeguards we employ to deliver the Services, we cannot guarantee the security or error-free transmission, storage or maintenance of Client Data. There are risks inherent in the use of electronic means to transmit and hold information in electronic format. These risks can be minimized but not eliminated by the use of appropriate security measures, such as those we employ. These risks include interception, loss, corruption, unauthorized access to, use and disclosure of Information, and delay in the availability of Information.

Clients play an important role in protecting and the privacy of their Client Data, including by:

  • creating a strong and unique password for their CHR Connect account and device;
  • enabling two factor authentication within their CHR Connect account;
  • keeping confidential (not sharing with anyone) their account password;
  • logging out of their account as soon as they finish using it;
  • checking their login history through Telus CHR Connect; and
  • receiving the Services in a private location.

Links to Third Party Websites

The Services and the resources section of our website provide may provide links to websites or content that we do not own or operate. This policy does not apply to such sites or content, and we are not responsible for the content or privacy practices applicable to the sites. We provide the links solely for convenience. Our provision of the links does not constitute an endorsement of or referral to the linked websites or content. We strongly encourage you to review the privacy policies and terms of use applicable to any website you choose to access through the links.

Amendments to this Policy

Oncology Simplified last updated this Privacy Policy (“Policy”) on the date posted at the top of the policy. We reserve the right to amend the Policy at any time to account for changes in applicable law, our practices and the Services. Please check to see if we have amended the policy since you last used the Services as by continuing to use the Services, we will understand that you have agreed to the amended policy.

Contact Us

If you have any questions or concerns about our privacy practices, please contact our Compliance Officer through one of the means indicated below. Please include your name and contact information if you would like us to respond to you.

By post to: Oncology Simplified Inc., ATTN: Haya Sarras — Compliance Officer, 151 Charles St. West Suite 100, Kitchener, ON N2G 1H6

By email to: privacy@oncologysimplified.com

By telephone: 1(437)-500-5000

Appendix 1 - Links and system integrations

Telus CHR Connect: CHR Connect App | TELUS Health

SRFax Integration: https://help.inputhealth.com/en/articles/5180974-srfax-integration

Stripe Integration: https://help.inputhealth.com/en/articles/5192642-overview-of-collecting-private-bill-payments-using-stripe

OLIS integration: https://help.inputhealth.com/en/articles/5721823-getting-connected-to-olis

Lifelabs: https://help.inputhealth.com/en/articles/6149886-ontario-and-british-columbia-integrating-excelleris-lifelabs-with-your-chr-account

Dynacare: https://help.inputhealth.com/en/articles/6128022-ontario-and-manitoba-integrating-dynacare-eresults-with-your-chr-account