Privacy Policy

Privacy

Wagon Mobile App Privacy Policy

Effective: February 7th, 2017

Last Modified Date: February 6th, 2019

The Wagon system consists of two parts: the Wagon app and online counselling services. The Wagon app and online counselling services can be provided to you directly through Wagon Health Solutions or through another authorized treatment facility or healthcare provider. This Privacy Policy governs how Wagon Health Solutions and the Wagon app collect, use, disclose, and otherwise manage your personal information, including personal health information, when applicable.

If you use Wagon as part of a treatment program provided by another authorized provider, please refer to that provider’s Privacy Policy in order to understand how they collect, use, disclose, and otherwise manage your personal information, including personal health information.

PLEASE READ THIS PRIVACY POLICY CAREFULLY.  BY ACCESSING THE WAGON APP AND MAKING USE OF ITS SERVICES, YOU ACKNOWLEGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND THE TERMS OF SERVICE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE WAGON.

Wagon does collect information from you:

Wagon collects different information from you depending on whether you use the Wagon app, enroll in the online counselling services provided by Wagon Health Solutions, or both.

The Wagon app collects your name, address, and email address when you set up your online profile and recovery plan. The Wagon app also collects information when you log your goal completions, emotions, triggers and using behaviours using the app.  Wagon securely transmits and stores this data, leveraging Microsoft’s Azure Cloud Computing Platform. The Wagon app also collects and compiles progress statistics on your goal completions, emotions, triggers, and other behaviour.

The Wagon app transmits your data to Wagon Health Solutions (or an authorized healthcare provider), allowing said company to provide counselling and guidance based on this data.

The Wagon app optionally provides geo-fencing in order to provide more support to app users, and indicate when they are in a location that may trigger them. The geo-tracking activity and history cannot be accessed by your counsellor.

If you enroll in the online counselling services offered and delivered by Wagon Health Solutions (online Aftercare, Group Therapy, Coaching, Individual Counselling, or our Intensive Outpatient program), your Wagon counsellor may also collect personal information provided by you during enrollment or shared by you during your therapy sessions.  This personal information may include your home address, employer, gender, credit card information for payment; information or records regarding your medical or health history; previous treatment and counselling services; health status and laboratory testing results; current and previous medications; and other identifying and health related information. Your personal information may be contained in medical records, treatment and examination notes, and other health related records maintained by your counsellor.  All personal information collected during your enrollment or therapy sessions is stored and maintained in a secure storage system.

Wagon stores your information only for as long as it is necessary to provide services to you and for legal protections or as required by applicable laws and regulations.

What Wagon doesn’t do:

The Wagon app does not collect health or medical data such as diagnosis, age, weight, medications, etc. Wagon collects personal health and medical information from you only if you enroll in online counselling services offered through Wagon Health Solutions or another authorized healthcare provider.

Wagon does not predict health outcomes such as sobriety or relapse.

Wagon does not act as a crisis line, and cannot be relied upon in an emergency situation.

Wagon does not store geographical data or send geographical data to the company or institution providing the Wagon app to the user.

Wagon uses information as disclosed and described below:

Neither Wagon Health Solutions nor Wagon counsellors uses or discloses personal information for any other purpose than to help you achieve long-term recovery.

We use information to respond to your needs, requests, or questions.  We may use your information to respond to your feedback also.

We may disclose your information among Wagon counsellors and support staff for the purposes of improving our services to you.

We also use your information to improve the Wagon app and the services we provide.  We may use your information to customize your experience with us, in an effort to provide better support for your goals.

We use information to communicate with you.  We may communicate with you about your account or in response to your progress or behaviour.  We may use push notifications in the Wagon app.  These may include tips and strategies to help you reach your goals and identify triggers and behaviours.  Your counselor may also use the app to communicate with you.

We may use the email address your provided during enrollment to periodically response to and support your recovery progress. Your email address is not used for any other purpose and is not shared with outside parties.

We will use information as otherwise permitted by law, or as we may notify you.

Wagon shares some information with third parties:

We will share information with third parties who may perform services on our behalf. For example, we may use service providers to process payments, host our website, and store information on our behalf.

As the provider of your treatment, Wagon Health Solutions will not willingly release any information concerning you outside EHN’s facilities and clinics, without your written consent.

We will share information if we are required to comply with the law or to protect our company.  We will supply information if requested by court subpoena or court order; if a government or investigatory agency requests.  We may share info if we are investigating a potential fraud.

We will share information for other reasons that we may inform you about.

You have a say in how Wagon uses some of your information:

You can turn off push notifications for the Wagon app on your phone.  You can also decide to opt out of emails that you don’t want to receive.

While Wagon may use geo-fencing, you can disable this feature within the app itself.

Wagon uses standard security measures to protect data:

We understand that data security is a critical issue for you and we are committed to safeguarding your personal information in our custody and under our control.

Wagon has implemented a comprehensive information security program that includes written policies and procedures, and security controls. We have implemented reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in our custody and control.

Our privacy practices are intended to comply with applicable privacy laws, including, without limitation, the Personal Health Information Protection Act (Ontario) (“PHIPA”) and the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”). We will maintain the privacy of your personal information as required by applicable privacy laws, including without limitation, PHIPA and PIPEDA and the regulations under those Acts.

Complex passwords are required for all users to access Wagon, including developers, administrators, counsellors, and clients.

While you use Wagon, your data is encrypted both in transit and at rest, using AES_256 level encryption. This is a specification approved by the National Institute of Standards and Technology for symmetric key data encryption and has been adopted by the US government to replace previous methods of encryption.

In addition, Wagon uses HTTPS to authenticate communication between all entities within Wagon’s system. HTTPS provides a reasonable guarantee that data is being transferred only between the components of Wagon (database, server, and app) and that the data cannot be read or forged by any third party.

Wagon uses Zoom Video Communications Inc. (Zoom) as the technology for hosting video counselling sessions. Zoom is compliant with the Health Insurance Portability and Accountability Act (HIPPA), providing safe and secure online therapy sessions. Your counselling session data transmitted across the network is protected using a unique Advanced Encryption Standard (AES) with a 256-bit key generated and securely distributed to you and any other participants at the start of each session. Session access is protected by protected by verified email and password.  For more information on how Zoom protects the privacy of your online sessions, see Zoom’s Privacy Policy.

While we use all standard measures at our disposal to safeguard and protect information that is under our control from unauthorized access, use or disclosure, remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We cannot guarantee its absolute security. It is up to you the user to ensure you protect yourself.  Use caution when using any app or the Internet. Don’t allow unauthorized access to your account, protect your passwords and usernames, and limit access to your devices. Lock your mobile device when not in use, and never leave yourself logged in to a site or app.

Wagon stores data in Canada:

You understand and agree that we store your information or data in Canada.  This is subject to Canadian privacy laws.

Wagon is not responsible for third-party sites or services we do not directly control:

If you click on a link to a third-party site, be sure you are familiar with their privacy policy.  We are not responsible for those third-party sites.

You can access your information t anytime you can request to access, update, or correct your personal information by contacting your Wagon counsellor directly. We may request certain personal information for the purposes of verifying your identity.

You can delete your information:

You may request deletion of your personal information by Wagon, but please note that we may be required (by law or otherwise) to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete personal information, it will be deleted from the active database, including from our archives. Once we disclose some of your personal information to third parties, we may not be able to access that personal information any longer as maintained by the third party and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures.

What Wagon will do if this policy is updated:

Wagon may need to amend their privacy practices from time to time.  We will always notify you as required by law, and we will always keep an updated policy accessible through the app.  Please be sure to check for updates periodically.

Wagon wants to hear from you if you have questions or concerns:

You can submit your general inquiry or concern with a detailed message to support@onthewagon.ca

 

Executive Summary

In accordance with Ontario Regulation 329/04 made under the Personal Health Information Protection Act , 2004 (PHIPA), Wagon Health Solutions team has completed a Privacy Impact Assessment (PIA) for Wagon Health Solutions Version 1.0. 

Wagon Health Solutions is a sophisticated recovery management solution that helps maintain a continuous connection between counsellor and patient throughout recovery. Wagon is both a patient monitoring tool for healthcare providers, as well as a daily goals-based addiction recovery support tool for patients.

This summary reflects the findings and recommendations from the first PIA conducted for Wagon Health Solutions Version 1.0. The PIA was conducted based on the guidelines recommended by the Office of the Privacy Commissioner of Canada, which incorporates the ten principles of the Canadian Standards Association Model Code for assessing fair information handling practices. 

Privacy Principles 

The findings and recommendations relating to potential privacy risks for Wagon Health Solutions 1.0 are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices. 

 

Principle 1: Accountability

Compliance status: Partial

Recommendations for risk mitigation:

  • Document the administrative structure for privacy, including who is responsible for performing privacy-related duties within the Wagon organization.
  • Determine who in the Wagon organization performs the annual PIA and who will approve each PIA.

Principle 2: Identifying Purposes 

Compliance status: Full

Recommendations for risk mitigation:

  • Remove or change the collection of Clinic Location from the information collected via the Wagon Dashboard. If changed, ensure that it provides information to counsellors that affects the patients care.

Principle 3: Consent

Compliance status: Partial

Recommendations for risk mitigation:

  • Include in the Wagon set-up email sent that is sent to patients a link to the Wagon privacy policy and disclaimer.
  • Create a formal written policy for updating the Wagon Privacy Policy, which specifies that it should be updated when a new feature is added to Wagon.

Principle 4: Limiting Collection

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 5: Limiting Use, Disclosure, and Retention 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a formal written retention policy and disposition schedule for patient data.

Principle 6: Accuracy 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a policy for periodic testing of the accuracy of the transmission of patient data.
  • Develop policies and procedures for monitoring and evaluating Wagon user audit logs.

Principle 7: Safeguards

Compliance status: Partial

Recommendations for risk mitigation:

  • Document a Threat & Risk Assessment (TRA) policy with emphasis on privacy risks and concerns and how these concerns have been addressed.
  • Configure Azure to monitor and report on inappropriate system use.
  • Develop and document a policy for monitoring and responding to inappropriate system use.
  • For internal Wagon administrators and developers, create an internal access level tracking system which logs name, role, access level and approver.

Principle 8: Openness 

Compliance status: Partial

Recommendations for risk mitigation:

  • Post Wagon’s PIA Summary report on Wagon’s website (onthewagon.ca).
  • Include a link to Wagon’s Privacy Policy within the Wagon app.
  • Designate a Privacy Officer.
  • Create and post an Outline of Procedure for data deletion and/or privacy inquiries to the FAQs at onthewagon.ca.

Principle 9: Individual Access 

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 10: Challenging Compliance 

Compliance status: Partial

Recommendations for risk mitigation:

  • Create formal written procedures for receiving and responding to privacy complaints.
  • Designate a person responsible for receiving and resolving privacy complaints.
  • Provide a mechanism for tracking and reporting privacy complaints.
  • Implement a process for conducting privacy complaints compliance audits.