Privacy Policy

Privacy

Wagon Mobile App Privacy Policy

Effective: February 7th, 2017

Last Modified Date: November 9th, 2018

Your privacy and the protection of your personal information is important to us.  We at Wagon want you to feel comfortable and confident using our app.  We are dedicated to protecting the privacy of those who use this online product.  This policy covers how the owners (Edgewood Health Network) and administrators of this app will treat the personal information we collect on the Wagon app.  This policy does not apply to information we may collect from you offline or in person.  Wagon may be provided to you by the owner (EHN) or by a separate company who has been granted permission to use the software.

PLEASE READ THIS PRIVACY POLICY CAREFULLY.  BY ACCESSING THE WAGON APP AND MAKING USE OF ITS SERVICES, YOU ACKNOWLEGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND THE TERMS OF SERVICE.  IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THIS APP.

Wagon does collect information from you.

Wagon collects your name, address, email address, and mobile number when you register with us.

Wagon collects data on goal completion, emotions, triggers and using behaviours.  Wagon securely transmits and stores data, leveraging Microsoft’s Azure Cloud Computing Platform. Wagon provides progress statistics on goal completion, emotions, triggers, etc.

Wagon transmits user data to the company providing Wagon, allowing said company to provide counselling and guidance based on this data.

Wagon provides geo-fencing in order to provide more support to app users, and indicate when they are in a location that may trigger them.

Wagon collects data in different ways.

We collect information directly from you.  We collect information when you register for an account.  We collect information when you enter data about goals, emotions, triggers.

We combine information.  We may combine information that we have collected offline with information we collect on line.

What Wagon doesn’t do

Wagon doesn’t collect medical data such as diagnosis, age, weight, medications, etc.

Wagon does not predict health outcomes such as sobriety or relapse.

Wagon does not act as a crisis line, and cannot be relied upon in an emergency situation.

Wagon does not store geographical data or send geographical data to the company or institution providing the Wagon app to the user.

Wagon uses information as disclosed and described below:

We use information to respond to your needs, requests, or questions.  We may use your information to respond to your feed back also.

We use information to improve our app and the services we provide.  We may use your information to customize your experience with us, in an effort to provide better support for your goals.

We use information to communicate with you.  We may communicate with you about your account.  We may use push notifications in our app.  These may include tips and strategies to help you reach your goals and identify triggers and behaviours.  Your counselor may also use the app to communicate with you. 

We will use information as otherwise permitted by law, or as we may notify you.

Wagon shares some information with third parties.

We will share information with third parties who may perform services on our behalf.  As an example, we may share information with companies who operate our secure server environments.

We will share information with business partners.  We share information about you with our counselors.  We may also share information with outpatient clinics to support you better.

We will share information if we are required to comply with the law or to protect our company.  We will supply information if requested by court subpoena or court order; if a government or investigatory agency requests.  We may share info if we are investigating a potential fraud.

We will share information for other reasons that we may inform you about.

You have a say in how Wagon uses some of your information.

You can turn off push notifications for the app on your phone.  You can also decide to opt out of emails that you don’t want to receive.

While Wagon may use geo-fencing, you can disable this feature within the app itself.

Wagon uses standard security measures to protect data.

The internet is not 100% safe.  While we use all standard measures at our disposal to safeguard and protect information that is under out control from unauthorized access, use or disclosure, it is up to you the user to ensure you protect yourself.  Use caution when using any app or the internet.  Don’t allow unauthorized access to your account, protect your passwords and usernames, and limit access to your devices.  Lock your mobile device when not in use, and never leave yourself logged in to a site or app.

We will hang on to your information as long as it is relevant or needed by our business, or as required by law.

Wagon stores data in Canada.

You understand and agree that we store your information or data in Canada.  This is subject to Canadian privacy laws.

Wagon is not responsible for third party sites or services we do not directly control.

If you click on a link to a third party site, be sure you are familiar with their privacy policy.  We are not responsible for those third party sites.

What Wagon will do if this policy is updated.

Wagon may need to amend their privacy practices from time to time.  We will always notify you as required by law, and we will always keep an updated policy accessible through the app.  Please be sure to check for updates periodically.

Wagon wants to hear from you if you have questions or concerns.

Submit your general inquiry or concern with a detailed message sent to info@onthewagon.ca or write to us at

Wagon Health Solutions

Att: Wagon App Administration

175 Brentcliffe Rd, Toronto, ON M4G 0C5

Executive Summary

In accordance with Ontario Regulation 329/04 made under the Personal Health Information Protection Act , 2004 (PHIPA), Wagon Health Solutions team has completed a Privacy Impact Assessment (PIA) for Wagon Health Solutions Version 1.0. 

Wagon Health Solutions is a sophisticated recovery management solution that helps maintain a continuous connection between counsellor and patient throughout recovery. Wagon is both a patient monitoring tool for healthcare providers, as well as a daily goals-based addiction recovery support tool for patients.

This summary reflects the findings and recommendations from the first PIA conducted for Wagon Health Solutions Version 1.0. The PIA was conducted based on the guidelines recommended by the Office of the Privacy Commissioner of Canada, which incorporates the ten principles of the Canadian Standards Association Model Code for assessing fair information handling practices. 

Privacy Principles 

The findings and recommendations relating to potential privacy risks for Wagon Health Solutions 1.0 are presented in a framework consistent with the ten privacy principles of the CSA Model Code for assessing fair information handling practices. 

 

Principle 1: Accountability

Compliance status: Partial

Recommendations for risk mitigation:

  • Document the administrative structure for privacy, including who is responsible for performing privacy-related duties within the Wagon organization.
  • Determine who in the Wagon organization performs the annual PIA and who will approve each PIA.

Principle 2: Identifying Purposes 

Compliance status: Full

Recommendations for risk mitigation:

  • Remove or change the collection of Clinic Location from the information collected via the Wagon Dashboard. If changed, ensure that it provides information to counsellors that affects the patients care.

Principle 3: Consent

Compliance status: Partial

Recommendations for risk mitigation:

  • Include in the Wagon set-up email sent that is sent to patients a link to the Wagon privacy policy and disclaimer.
  • Create a formal written policy for updating the Wagon Privacy Policy, which specifies that it should be updated when a new feature is added to Wagon.

Principle 4: Limiting Collection

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 5: Limiting Use, Disclosure, and Retention 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a formal written retention policy and disposition schedule for patient data.

Principle 6: Accuracy 

Compliance status: Partial

Recommendations for risk mitigation:

  • Develop a policy for periodic testing of the accuracy of the transmission of patient data.
  • Develop policies and procedures for monitoring and evaluating Wagon user audit logs.

Principle 7: Safeguards

Compliance status: Partial

Recommendations for risk mitigation:

  • Document a Threat & Risk Assessment (TRA) policy with emphasis on privacy risks and concerns and how these concerns have been addressed.
  • Configure Azure to monitor and report on inappropriate system use.
  • Develop and document a policy for monitoring and responding to inappropriate system use.
  • For internal Wagon administrators and developers, create an internal access level tracking system which logs name, role, access level and approver.

Principle 8: Openness 

Compliance status: Partial

Recommendations for risk mitigation:

  • Post Wagon’s PIA Summary report on Wagon’s website (onthewagon.ca).
  • Include a link to Wagon’s Privacy Policy within the Wagon app.
  • Designate a Privacy Officer.
  • Create and post an Outline of Procedure for data deletion and/or privacy inquiries to the FAQs at onthewagon.ca.

Principle 9: Individual Access 

Compliance status: Full

Recommendations for risk mitigation:

  • None

Principle 10: Challenging Compliance 

Compliance status: Partial

Recommendations for risk mitigation:

  • Create formal written procedures for receiving and responding to privacy complaints.
  • Designate a person responsible for receiving and resolving privacy complaints.
  • Provide a mechanism for tracking and reporting privacy complaints.
  • Implement a process for conducting privacy complaints compliance audits.