Privacy Notice

Last updated date: 29-Jul-2024

ONRx (“ONRx”, “We”, “Us”, “Our”) has provided this privacy notice to explain how your personal information (PI) and personal health information (PHI) is processed (namely: collected, used and disclosed) and the associated purposes for processing, through our ONRx platform (including web and mobile app) and as provided in our terms of service. The data processing fully abides by the applicable Canadian federal and regional (e.g., Ontario) legal provisions.

ONRx is an integrated patient centric software platform which digitally enables registered health care practitioners (“doctors” or “physicians” or “other health care practitioners” under the applicable law, hereafter referred to as “practitioners”) and health information custodians (such as hospitals, clinic, pharmacy, home care etc., hereafter referred to as “Custodians”) to provide virtual health care services to patients across Ontario / Canada in an easy, efficient and convenient manner. Various personal information (or “identifying information”) and personal health information (as described further in the detailed notice) is collected and exchanged through the platform to enable provision of these services.

This notice does not apply to the processing of information by Custodians and Practitioners through the platform. The ONRx platform is a digital medium used by the Custodians / Practitioners, and it does not alter their obligations or responsibility for the information they individually collect and process from you as a result of your interaction with them. These entities are subject to professional and privacy obligations as per the applicable law for the information they process regardless of the medium used and any queries in this regard may be directed to them. As such we encourage you to have review the respective Custodians / Practitioners privacy notice applicable for your interaction with them.

  1. What is covered by the Notice

This notice applies to the processing of personal information including personal health information through the Platform. This notice does not apply to the processing of information by Custodians and Practitioners, who use this platform to provide their services, as already described above. These entities and professionals shall maintain their own privacy policies and processes to govern the information they collect and process through the platform as it relates to the provision of Health/Support Services and to protect the information collected through appropriate means. The platform does not intend to provide direct services to individuals under the age of 18 and does not knowingly collect or process information of such individuals directly from them. The parents or legal guardians of individuals under the age of 18 years may submit their information on the platform through their accounts.

  • Which individuals does this notice address
  • Platform visitors.
  • Individuals (Patients) who register and use the services on the platform.
  • Healthcare practitioners (such as doctors, nurses etc.) who are registered on the platform for identification purposes and for provisioning their services to patients.
  • Personal information we process and the respective purposes

The platform processes the following categories of information:

  1. Information provided directly by you
  2. ONRx account information (User Account): When you register on our platform, we collect information such as your full name, email address, phone number, physical address, gender to create your User Account. Each time you login to one of our platforms we process your account username and password (User ID) for the purpose of identifying and authenticating you when using our services. We will also use this information for prior consent-based notifications about services that you request. We will send you email, SMS and push notifications to inform you about the status of your consultations and other requests (e.g. prescription orders). We will maintain the audit trails of your use of the platform for security purposes and for resolving disputes. Whilst we take reasonable measures for protecting your account, securing and protecting it is also your responsibility (do not share your account password and change it if you suspect is has been compromised).
  3. ONRx account information of Practitioners: When you register or login on the platform as Practitioners, we collect information such as your full name, email address, phone number, billing details, official ID, photo, medical registration details, affiliation with Custodians, audit logs for the purposes of identification, maintaining audit trails, verifying your license & registration, and managing your Practitioner account. Each time you login to one of our platforms we process your account username and password (User ID) for the purpose of identifying and authenticating you when providing services through our platform. We will send you email, SMS and push notifications to inform you about the status of your consultations and other schedules.  We will maintain the audit trails of your use of the platform for security purposes and for resolving disputes. Whilst we take reasonable measures for protecting your account, securing and protecting it is also your responsibility (do not share your account password and change it if you suspect is has been compromised).
  4. Patient information (PI or PHI): We collect patient information on behalf of the Practitioners and Custodians when you request Health/Support Services to facilitate the provision of those services and to assist in connecting you with your preferred Practitioners.

Patients also provide health information and insurance information to avail virtual healthcare services. Custodians / Practitioners process your (or your Registered Child’s) information to provide you or your child with Health/Support Services. Collection of this information may be done by the respective entities verbally or by text, including the reason for your consultation request, relevant health history and present condition or symptoms. The Practitioners may access the patient information that you have entered or uploaded to your profile and medical records, or information created during earlier interactions through the Platforms with other Custodians / Practitioners. The ONRx platform also maintains health or medical history of the patients to enable the healthcare practitioners in diagnosis and for patients to keep track of their consultations.

Patient information is stored on the platform for identification, billing, insurance and shipment (as necessary) services.

  • Demographic information: Demographic information is aggregated and de-identified (or anonymized) information. This information may be used for analysis by us, healthcare practitioners and other clients to obtain insights and hence improve the quality of services. Such data includes, but not limited to, age category of users, frequency of visits on platform, aggregated health issues, distance from pharmacies etc. This information does not contain any identifying information.
  • Survey information: ONRx platform may prompt the individual users (patients, health care practitioners etc.) for feedback and surveys. The surveys may be conducted directly by us or through one of our partners. The surveys may collect personal information, preferences, personal health information for the purposes of understanding needs and providing better services. In case survey results are shared with third parties, only de-identified and aggregated information shall be shared. Taking the survey and accepting the data collection is entirely voluntarily and it doesn’t limit or impact your usage of our platform.
  • Contact us: When you contact us for any queries, we may collect your email, phone and any other information provided by you in the email or text body.
  • Platform Services: There are several optional services that may be provided through the Platform, where authorized. ONRx may process your information to provide services that you request us to perform on your behalf (e.g. securely faxing your prescription to your chosen pharmacy, a summary report about your Healthcare Services to a physician of your choice; open an account for you with a prescription delivery service; and, where available, securely transmit your information to the prescription delivery service).
  • Information processed automatically by the platform
  • Usage data: Usage Data is collected automatically when using the Service.

Usage Data may include information such as your device’s internet protocol address (e.g. IP address), browser type/version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers,  and other diagnostic data. We may also collect information that your browser sends whenever you visit our service or when you access the service by or through a mobile device. We will use this information to improve the quality & accessibility of our services and for fraud prevention.

  • Statistical analysis data: This data includes the demographic data and other analysis data derived from the platform. This data or information may be shared with and used by the practitioners, custodians and other third parties. This information is considered de-identified (anonymized) and cannot be used to identify an individual.  
  • Cookies or mobile device information: A cookie is information that a website puts on a user’s computer. Cookies store limited information from a web browser session on a given website that can then be retrieved in the future. They are also sometimes referred to as browser cookies, web cookies or internet cookies. The Platforms use different kinds of cookies and/or use services which use “cookies”. The cookies used by the Platforms do not contain any PI or PHI about you, but they may identify your specific computer or mobile device. We do not save PI or PHI on cookies without your permission.

We use Cookies (both “Persistent” and “Session” cookie types) and similar tracking technologies to track the activity on our service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse our service.

  • Other purposes

• Marketing: Only with your prior and explicit consent we will use your information including patient information to send you commercial electronic communication. We do not share email addresses or other contact information with third parties without your consent.

• Other Reasonable purposes: We may use any information collected for reasonable purposes of ONRx such as fraud prevention, in situation of emergencies, collection on unpaid accounts, investigation of breaches, customer service, payment processing etc.

  • Our policy on personal information of children

This platform is intended to be used by individuals with 18 years of age or above. Parents or legal guardians with the age of 18 years and above may open an account with us for their own use, and use of their minor dependents. Individuals below the age of 18 should not register with us however a registered child may use the Platforms through their parent or legal guardian. If we learn that a child under the age of 18 years has provided information on the platform directly, we will promptly delete that information. Anyone who becomes aware that the platform has collected information from a child below the age of 18 years may report the same at privacy@onrx.ca.

  • Where do we store and transfer your personal information

The ONRx platform stores its data including personal information within Canada only. Other than the transfer of information to third parties while providing services to you (which is described further below), this information may be accessed by government and law enforcement agencies pursuant to a court order or under applicable Canadian law.

  • Whom do we disclose your information (Recipients)

We will not disclose, share, sell or rent your PI/PHI with or to any third party, except with your written consent or as required or permitted by applicable laws. Below are the main recipient categories of your data:

  • Demographic and statistical data: This data or information does not include personal information. This data may be disclosed for our healthcare practitioners, onboarded institutions, health information custodians for various business purposes including improvement in services.
  • Service providers and business partners: We may contract certain part of our services to other service providers, business partners or contractors. Your information including patient health information may be transferred to these companies or contractors for the purpose of providing various services on our behalf. These companies and contractors are bound by the contract and do not have any right to process your information beyond what is necessary to provide the services. To know any further details about our business partners and service providers please write on privacy@onrx.ca.
  • Secondary disclosures: If we plan to disclose your information for purposes other than mentioned in this privacy notice and other than necessary to provide services to you, we will notify you and take your explicit consent as required by the applicable law.
  • How do we protect your personal information

We use reasonable organizational and technical measures for security including encryption of your data, strict access control and periodic technical security assessments. Only authorized staff, Practitioners and Custodians have access to your personal information for legitimate business purposes and any unauthorized access is prohibited. Practitioners and Custodians are themselves responsible for securing your information in their control including managing your information on the platform in a responsible manner and as per their respective policies. You may request any information directly from the Practitioners and Custodians with regards to their policies.

  • What is the Retention period

We will retain your personal information including personal health information for as long as necessary to provide your services for the identified purposes and as required by applicable law. This may extend beyond the termination of your account & relationship with us on the platform. In case you choose to terminate or delete your account, ONRx shall archive your account and retain it for a period of 10 years as per the Public Hospitals Act. You will have the opportunity to download your information within these 30 days of deactivation request. We may still retain certain information which are necessary for fraud prevention or abuse or for legitimate business reasons such as aggregated or de-identified information, account recovery or as required by law.

  1.  Your rights to access, modify and correct your information

You have the right to access, modify and correct your personal information available with us and to know how we use your information. Wherever possible, you may directly access your account and access your information or make changes as required. Where it is not possible for you to access or makes changes by yourself, you may write to us on privacy@onrx.ca. We will take reasonable measures to provide you access to your information and to assist you in correcting it within reasonable time as per applicable law. In certain cases, we may not be able to provide you access to the information (such as when the information consists of personal information of another person) and in such cases we will provide you the reasons for denial.

In connection with the provision of Health Services, you have additional rights under applicable privacy laws. You may request access or correction to your health records, withdraw your consent or request limits on the collection, use or disclosure of your PHI for health care purposes by contacting your Practitioners.

  • Changes to this Privacy notice

We may amend this privacy notice from time to time and whenever these changes are material, we will notify you through our platform or through email prior to effective date. It is understood that you have read the notice when you use our platform for the first time after such changes have been made effective.

  • Governing Law

All matters relating to your access or use of the Platforms shall be governed by the laws of the Province of Ontario and the laws of Canada applicable therein, without regard to principles of conflicts of law. You agree and hereby submit to the exclusive jurisdiction of the courts of the Province of Ontario with respect to all matters relating to your access and use of the Platforms, as well as any dispute that may arise therefrom.

  • Contact us

If you have any questions about this Privacy notice or any other matter regarding your personal information, you can contact us at privacy@onrx.ca

  • Definitions: Following are the definitions of the various terms used in this policy. Wherever the definitions are given in the applicable law, those definitions shall prevail.
  • ONRx platform or Platform means collectively the websites, applications, content, products, software, hardware and services owned and / or operated by us to enable the provision of virtual healthcare services.
  • Personal information: or “identifying information” means information that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual and as defined under applicable law.
  • Personal health information means identifying information about an individual in oral or recorded form, if the information,

(a)         relates to the physical or mental health of the individual, including information that consists of the health history of the individual’s family,

(b)        relates to the providing of health care to the individual, including the identification of a person as a provider of health care to the individual,

(c.1)           is a plan that sets out the home and community care services for the individual to be provided by a health service provider or Ontario Health Team pursuant to funding under section 21 of the Connecting Care Act, 2019,

(d)        relates to payments or eligibility for health care, or eligibility for coverage for health care, in respect of the individual,

(e)         relates to the donation by the individual of any body part or bodily substance of the individual or is derived from the testing or examination of any such body part or bodily substance,

(f)         is the individual’s health number, or

(g)         identifies an individual’s substitute decision-maker. 

And as defined under applicable law.

  • Health information custodians means a person or organization described in one of the following paragraphs who has custody or control of personal health information as a result of or in connection with performing the person’s or organization’s powers or duties or the work described in the paragraph, if any:
  • A health care practitioner or a person who operates a group practice of health care practitioners.
  • A health service provider or person or entity that is part of an Ontario Health Team and that provides a home and community care service pursuant to funding under section 21 of the Connecting Care Act, 2019, including a person or entity from whom the provider or Team has purchased the home and community care service.
  • A person who operates one of the following facilities, programs or services:

i.            A hospital within the meaning of the Public Hospitals Act, a private hospital within the meaning of the Private Hospitals Act, a psychiatric facility within the meaning of the Mental Health Act or an independent health facility within the meaning of the Independent Health Facilities Act.

A long-term care home within the meaning of the Fixing Long-Term Care Act, 2021, a placement co-ordinator described in subsection 47 (1) of that Act, or a care home within the meaning of the Residential Tenancies Act, 2006.

ii.          a retirement home within the meaning of the Retirement Homes Act, 2010.

             iii.          A pharmacy within the meaning of the Drug and Pharmacies Regulation Act.

             iv.          A laboratory or a specimen collection centre as defined in section 5 of the Laboratory and Specimen Collection Centre Licensing Act.

             v.           An ambulance service within the meaning of the Ambulance Act.

             vi.          A home for special care within the meaning of the Homes for Special Care Act.

             vii.         A centre, program or service for community health or mental health whose primary purpose is the provision of health care.

  • An evaluator within the meaning of the Health Care Consent Act, 1996 or an assessor within the meaning of the Substitute Decisions Act, 1992.
  • A medical officer of health of a board of health within the meaning of the Health Protection and Promotion Act.
  • The Minister, together with the Ministry of the Minister if the context so requires.
  • Any other person prescribed as a health information custodian if the person has custody or control of personal health information as a result of or in connection with performing prescribed powers, duties or work or any prescribed class of such persons. 
  • Health care practitioner:

(a)         a person who is a member within the meaning of the Regulated Health Professions Act, 1991 and who provides health care,

(b)        a person who is a member of the Ontario College of Social Workers and Social Service Workers and who provides health care, or

(c)         any other person whose primary function is to provide health care for payment; (“praticien de la santé”)