LinkedIn
Skype
Request A Demo

Privacy Policy

CognisantMD is Committed to Protecting the Privacy of Our Customers and Their Patients

Privacy Policy
10 Fair Principles
Terms of Use
Contacting Us
Privacy Policy

Privacy at CognisantMD

Updated: October 4, 2022

2355581 Ontario Inc. dba CognisantMD (“CognisantMD”) is proud to offer you the CognisantMD website (the “Website”). We are committed to protecting your personal information and complying with applicable data protection and privacy laws.  This “Privacy Policy” tells you how we do so.

We will update this Privacy Policy as necessary. Please check it regularly.

Healthcare practitioners who use CognisantMD’s products have their own privacy policies pertaining to the collection, use and disclosure of personal information, including personal health information. We encourage you to review their privacy policies to understand how your personal information is protected.

  1. What information do we collect?

    Website Access

    Unless you opt-out, our website uses “Cookies” and other automatic data collection technologies with your consent to collect personal information whenever you visit or interact with the Website, including unique identifiers and preference information such as IP address, technical usage, browser type, time zone settings, language preferences, operating system, unique device identifiers, search history, page response times and length of visit, pages viewed, marketing preferences or navigation and clickstream behavior for online interactions.These Cookies helps us understand how you use the Website and the content of the Website in order to make improvements. We also may use these Cookies to promote our services through marketing and advertising. These Cookies may be accessed or disclosed to third-parties for the purpose of serving you relevant advertisements.You can opt-out of Cookies or prevent third-party websites from accessing our Cookies through the privacy settings on your browser. However, opting-out of our Cookies may disable some of the Website’s features, and may prevent us from providing you with the information and services you have requested.

    Contact Us

    When you submit a form on the Website, or contact us directly by calling us, or e-mailing us, we may collect information like your name, e-mail, phone number, clinic/organization, the province in which you are located, and any other information you may voluntarily provide us. This information will be used by CognisantMD to communicate with you to provide you with the information you requested.

    Ocean Platform

    CognisantMD is the creator and operator of the “Ocean” platform, which includes a full suite of virtual patient engagement tools for healthcare practitioners, including online appointment booking, secure messaging, appointment reminders, and digital forms as well as in-clinic check-in kiosks and tablets that enables the collection of personal health information by health care practitioners and provides the ability to store and retrieve all appointment, lab and consult information.

    As a health care practitioner using Ocean, information like your name, clinic, contact details, and billing details will be collected by CognisantMD to administer your account (“Account”). As a patient of a health care practitioner that is using Ocean, all personal health information in relation to your appointment or referral is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking. CognisantMD does not collect or use personal health information on Ocean and will only ever access personal health information information if CognisantMD is requested to provide technical assistance by the healthcare practitioner. If technical assistance is provided, no personal health information is collected or saved by CognisantMD.

    Direct Marketing

    If you sign up to receive direct marketing or promotional communications from CognisantMD, we will collect your name and e-mail to inform you about the requested products and services.

  2. Why do we use personal information?

    We use your personal information to:

    1. manage our relationship with you and provide you with the information or services you request,
    2. conduct research and evaluate research and development on the Website including analyzing testing data to improve our services,
    3. communicate with you regarding inquiries for information or customer service request or employment opportunities,
    4. detect, prevent or investigate security breaches,
    5. process credit card or other payment information as agreed to on the Website,
    6. validate requests and confirm identities;
    7. protect our business, and
    8. maintain appropriate records for internal administrative purposes.CognisantMD reserves the right to aggregate and anonymize Account information (or other information) and use such aggregated information as it sees fit.CognisantMD does not use any patient personal health information for any reason and will never access any personal health information stored within Ocean, unless required to provide technical assistance to health care practitioners.

  3. Who do we share the personal information with?

    CognisantMD only shares your personal information with service providers in order to operate the Website and offer you the information or services you request. This includes sharing your personal information for

    • fraud prevention,
    • payment processing,
    • providing requested services or information,
    • operating the Website, and
    • customer service.

    We only use service providers that ensure a comparable level of protection for your personal information, as provided in this Privacy Policy. Our contracts with our service providers ensure they comply with that obligation and use your personal information for the services requested.Exceptionally, as allowed or required by law, we may have to disclose your personal information to law enforcement agencies where they demonstrate they have the legal authority to request it.Ocean enables healthcare practitioners to securely refer patients to other healthcare practitioners using the Ocean platform. As such, at your healthcare practitioner’s discretion, your personal information may be shared with other healthcare practitioners and clinics. We encourage you to review your healthcare practitioner’s privacy policy on how your personal information may be used and shared. CognisantMD will never disclose your personal health information.

  4. How long do we keep personal information?

    We retain personal information, such as healthcare practitioner account information, for as long as required to provide the services for which it was collected, otherwise, in accordance with applicable legal and regulatory requirements.Health care practitioners using Ocean are required to comply with different statutory and regulatory requirements and store personal health information for a minimum length of time. We encourage you to speak with your healthcare practitioner directly on how long they are required to store your personal information.Ocean is not an electronic medical record. Once personal health information has been successfully downloaded to the patient chart in the clinic’s EMR, it is routinely deleted from the Ocean Platform.

  5. How do we keep personal information accurate?

    We take reasonable steps to ensure that any personal information in our custody is accurate and up-to-date but we mostly rely on you to notify your healthcare practitioner of any changes to personal information you provided us. Once your healthcare practitioner updates your information, it will be automatically updated in Ocean as well.

  6. How do we protect your personal information and respond to breaches?

    We use reasonable and appropriate physical, administrative and technical measures designed to help you secure your personal information against accidental or unlawful loss, access or disclosure.  Only staff and service providers who have a legitimate business purpose for accessing the personal information collected by us are authorized to do so. Access to sensitive data is automatically logged and restricted to senior operations personnel. Unauthorized use of personal information by anyone affiliated with CognisantMD is prohibited and constitutes grounds for disciplinary action.On Ocean, all personal health information in relation to patient appointments or referrals is collected and securely stored through industry-standard 256-bit AES encryption, the same technology used for online banking.  Ocean’s client-side encryption ensures that all personal health information is inaccessible to third parties outside of the participating clinics, including CognisantMD’s own employees. All data is encrypted at rest and secured in transit using industry-grade encryption measures. Further, Ocean uses a cloud-based architecture deployed in Canadian AWS data centres. AWS is an SOC 2-certified cloud service provider.Even though we take all necessary steps to protect your personal information, security breaches cannot be eliminated and we cannot guarantee a breach will never occur. If a breach is ever suspected or confirmed (an “Incident”), such Incident is immediately reported to CognisantMD’s president and privacy officer and investigated. During their investigation of the Incident, any personal information at risk may be secured or deleted, and all audit logs are secured to assist with follow-up investigation.If an Incident is confirmed as a breach, CognisantMD will follow all statutory and regulatory requirements, including all guidance from the relevant privacy commissioners of the jurisdiction in which the breach occurred. Depending on the breach, such response may involve notifying the relevant health care practitioner whose patient data was contained within the breach, notifying the individual directly of such breach, and/or reporting the breach to the relevant privacy body or commission.

  7. Do we have a disaster recovery plan?

    Yes. CognisantMD maintains an independent disaster recovery data centre and server infrastructure, with the ability to initiate an immediate switch-over of all operations to this server in emergency situations. All solutions are deployed with redundancies, auditing, and regular secure backups, so even if a disaster were to occur, CognisantMD would be able to maintain operations and ensure all personal information is secure and safe.

  8. Where do we store personal information?

    All personal information collected by healthcare practitioners on Ocean is securely stored on servers in Canada (one in Montreal and one in Toronto). These servers are used to securely store all information collected on Ocean, and are used to store all personal information collected through CognisantMD’s website; however, personal information processed by our third-party service providers may be done outside Canada. While outside of Canada, personal information is subject to that jurisdiction’s laws, which may permit governmental authorities the right to access your personal information.For more information on our service providers or where we store personal information, contact us at privacy.officer@cognisantmd.com.

  9. Links to third-party sites

    Our Website may lead you to third-party websites, including websites advertising other products or services. Further, your healthcare practitioner may have their own website and privacy policies. These organizations are separate and distinct from CognisantMD.  We are not responsible in any way for how any third-party collects, uses or discloses your personal information, so it is important to familiarize yourself with the privacy policies of these websites before providing your personal information to them.

  10. Direct marketing

    You may sign up to receive marketing or promotional communications from CognisantMD.  Where you have expressly consented, we may use your personal information to inform you about us and our products and our services, including promotional offers and events.If you no longer wish to receive marketing or promotional communications from us, you can opt-out at any time by:

    • using the unsubscribe feature found in our emails and other electronic communications, or
    • contacting us via email at info@cognisantmd.com.We destroy your information as soon as you unsubscribe.

  11. Your rights

    You also have the right to:

    • make a written request to access your personal information,
    • request us to restrict our use or disclosure of your personal information,
    • object to our use or disclosure of your personal information,
    • request that we edit, but not remove, certain information (like an e-mail address),
    • request that we transfer to another organization the personal information you have provided us, and
    • request us to delete the personal information we hold about you.Contact us at privacy.officer@cognisantmd.com to exercise any of these rights. We will respond within 30 days. If we cannot grant your request, for example, we do not have the right to make corrections to the information contained within a healthcare practitioner’s account about you, we will give you reasons and try to connect you with the individual capable of assisting your request.If you would like to access your personal health information on Ocean, please contact your healthcare practitioner as we do not have the ability to access it.We will address all requests with equal attention.

  12. Contacting us

    Accountability with respect to your personal information is important to CognisantMD. In the event that you have any questions (including how personal information is managed by CognisantMD), complaints or concerns about this Privacy Policy, or if you have reason to believe that we may have failed to adhere to it, please contact us by sending an email. Questions regarding your rights and responsibilities under this Privacy Policy can be directed to our privacy officer at privacy.officer@cognisantmd.com.If after contacting us you are still not satisfied, you have the right to file a complaint with your local privacy authority.

10 Fair Principles

The Personal Health Information Protection Act (PHIPA) is the Ontario provincial legislation that sets out rules for the collection, use and disclosure of personal health information. These rules apply to all health information custodians operating within the province of Ontario and to individuals and organizations that receive personal health information from health information custodians.

PHIPA incorporates some general principles that apply to the collection, use and disclosure of personal health information, based on the “10 Fair Information Principles” of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal privacy law for the private sector.

The 10 Principles are outlined below, followed by examples of our adherence to each principle:

  1. Accountability
    An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.

    • CognisantMD has a publicly-designated privacy officer to provide leadership on compliance with privacy accountability.
    • All CognisantMD employees and representatives sign a Privacy and Security agreement that describes their obligations under PHIPA.
  2. Identifying Purposes
    The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.

    • CognisantMD / Ocean does not collect patient health information without providing a clear explanation of the intent in the system’s user interface.
    • Patient information is encrypted prior to its transmission to Ocean using encryption keys known only to the health information custodians and providers (the clinics). This technology provides a strong safeguard against the unintentional collection of personal information.
    • The personal information required for the fulfillment of specific Ocean services (such as the sending of an eReferral) is used only for the service and nothing else.
    • In the rare cases where patient health information must be used directly by Ocean (such as the collection of a patient’s email for notification purposes), the system confirms with the health service provider that the patient has provided informed email consent for the purpose of clinical notifications.
  3. Consent
    The knowledge and consent of an individual are required for the collection, use, or disclosure of personal information, except where appropriate.

    • Ocean’s patient engagement services may be used by health service providers to collect or disclose information to and from patients, such as Ocean Studies and the Ocean Online secure emailing service. Prior to using these services, the providers are required to obtain the appropriate consent from patients based on Ocean’s end-user license agreement (EULA) unless implicit consent is deemed appropriate by the health information custodian.
    • When Ocean’s email services are used to send information to patients, the health service providers are reminded for each individual patient to ensure that they have obtained a signed, informed email consent policy.
  4. Limiting Collection
    The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization.  Information shall be collected by fair and lawful means.

    • CognisantMD / Ocean never attempts to collect personal information beyond what is clearly necessary to fulfill its primary use cases (such as the completion of a designated clinical questionnaire by a patient’s health service provider)
    • All personal information is encrypted with private encryption keys prior to leaving the clinic. Since CognisantMD personnel do not have these keys, it provides a strong safeguard against the unauthorized use.
    • All collection and processing of information is in accordance with Canada’s and Ontario’s privacy laws.
  5. Limiting Use, Disclosure and Retention
    Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.

    • CognisantMD / Ocean indeed does not use personal health information for purposes other than those for which the information is collected.
    • These purposes are limited to the use cases of its patient engagement and eReferral system, such as the completion of an Ocean tablet questionnaire or a secure message sent to the patient via email.
    • The actual uses and disclosures by the system are directed by the health service providers to fulfill these use cases in accordance with our EULA.
    • Details on our data retention and disposal procedures can be found here 
  6. Accuracy
    Personal information shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used.

    • The Ocean system typically interfaces with the patient’s electronic medical record system to obtain comprehensive and up-to-date clinical information for patients.
    • Ocean regularly synchronizes its encrypted information with the primary electronic medical record to ensure it is reasonably up-to-date with regard to the email address and other relevant information.
    • Safeguards are placed in the user interface to ensure important personal information is periodically confirmed by patients for accuracy. For example, patients may review their contact information for accuracy each visit on an Ocean tablet. “Check digit” tests are done for birth dates, phone numbers and health numbers to reduce the likelihood of error.
  7. Safeguards
    Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.

    • As a general safeguard, Ocean’s end-to-end public-private key encryption ensures that all patient health information is inaccessible to third parties including CognisantMD’s own employees.
    • Industry-standard techniques such as 256-bit encryption, strong password policy management and user access restrictions are universally used within CognisantMD systems and are strictly enforced by the development and operations team.
    • Source code reviews are regularly performed to limit the risk of unintentional disclosures of PHI.
    • Third-party integrations with Ocean, including the Care Portal patient portal, have limited access to personal health information only within sites designated by the applicable health information network provider (HINP). These integrations are only permitted by CognisantMD in contexts where the HINP has explicitly authorized such integrations with and on behalf of participating HICs, and HICs may disable such integrations for specific patients.
    • A threat-risk assessment (TRA) was performed by MNP and deemed the safeguards to result in an overall “low” risk to personal health data.
  8. Openness
    An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

    • CognisantMD endeavours to publish its policies and procedures openly on its support site, which is publicly available (this article is an example).
    • CognisantMD also provides a simplified patient-friendly summary of our privacy policy online and public links to our existing PIAs. Many other articles that discuss privacy and security are available in our community portal. Access to a summary of our threat-risk assessment (TRA) is also accessible on request.
  9. Individual Access
    Upon request, an individual shall be informed of the existence, use, and disclose of his or her personal information, and shall be given access to that information.  An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

    • Individuals may consult our patient-facing support articles to learn more about the company’s policies on personal information usage.
    • CognisantMD / Ocean is unable to provide direct access to unencrypted personal health information, since it is merely an electronic service provider and not an agent with access to personal information (due to our end-to-end encryption).
    • However, CognisantMD will assist as necessary to connect these individuals with the applicable health service providers to ensure they can access and review their personal information encrypted within Ocean in a timely manner.
    • (Note: Since Ocean typically pulls data from third-party electronic medical records systems as its primary information source for personal health information, individuals are likely to first request access to their electronic patient chart within these systems at their clinician’s office. They may choose to make corrections in these systems as necessary, whereupon the changes will be automatically updated in Ocean as well.)
    • CognisantMD may also, upon request, provide individuals with a full audit log of the use and disclosure of their personal information by its systems including Ocean.
  10. Challenging Compliance
    An individual shall be able to address a challenge concerning compliance with the above principles to the designate individuals accountable for the organization’s compliance.

    • The company’s senior leadership and its privacy officer pledge to create an open, supportive environment for individuals who have any concerns about the company’s compliance to the above principles.
    • Health information network providers (HINPs) interacting with CognisantMD as an electronic service provider are encouraged to contact CognisantMD with any concerns as they arise.
    • Individuals are also encouraged to contact CognisantMD’s privacy officer with any concerns.
    • The company commits to providing a timely and appropriate response in these circumstances, including the provision of any organizational and technological changes deemed necessary to correct gaps in this compliance.
Terms of Use

CognisantMD is committed to protecting your privacy and providing a safe online experience. This statement of privacy applies to the CognisantMD website and governs data collection and usage. By using the CognisantMD website, you consent to the data practices described in this statement.

CognisantMD.com Terms of Service

1. Terms

By accessing the website at http://www.cognisantmd.com, you are agreeing to be bound by these terms of service, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.

2. Use License

  1. Permission is granted to temporarily download one copy of the materials (information or software) on CognisantMD’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
    • modify or copy the materials;
    • use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
    • attempt to decompile or reverse engineer any software contained on CognisantMD’s website;
    • remove any copyright or other proprietary notations from the materials; or
    • transfer the materials to another person or “mirror” the materials on any other server.
  2. This license shall automatically terminate if you violate any of these restrictions and may be terminated by CognisantMD at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.

3. Disclaimer

  1. The materials on CognisantMD’s website are provided on an ‘as is’ basis. CognisantMD makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.
  2. Further, CognisantMD does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

4. Limitations

In no event shall CognisantMD or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on CognisantMD’s website, even if CognisantMD or a CognisantMD authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.

5. Accuracy of materials

The materials appearing on CognisantMD’s website could include technical, typographical, or photographic errors. CognisantMD does not warrant that any of the materials on its website are accurate, complete or current. CognisantMD may make changes to the materials contained on its website at any time without notice. However CognisantMD does not make any commitment to update the materials.

6. Links

CognisantMD has not reviewed all of the sites linked to its website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by CognisantMD of the site. Use of any such linked website is at the user’s own risk.

7. Modifications

CognisantMD may revise these terms of service for its website at any time without notice. By using this website you are agreeing to be bound by the then current version of these terms of service.

8. Governing Law

These terms and conditions are governed by and construed in accordance with the laws of Ontario, Canada and you irrevocably submit to the exclusive jurisdiction of the courts in that province.

Privacy Policy

Your privacy is important to us. It is CognisantMD’s policy to respect your privacy regarding any information we may collect from you across our website, http://www.cognisantmd.com, and other sites we own and operate.

We only ask for personal information when we truly need it to provide a service to you. We collect it by fair and lawful means, with your knowledge and consent. We also let you know why we’re collecting it and how it will be used.

We only retain collected information for as long as necessary to provide you with your requested service. What data we store, we’ll protect within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.

We don’t share any personally identifying information publicly or with third-parties, except when required to by law.

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies.

You are free to refuse our request for your personal information, with the understanding that we may be unable to provide you with some of your desired services.

Your continued use of our website will be regarded as acceptance of our practices around privacy and personal information. If you have any questions about how we handle user data and personal information, feel free to contact us.

This policy is effective as of 6 June 2018.

Contacting Us

If you have a complaint, question or concern regarding CognisantMD’s privacy policies and procedures, please contact:

Privacy Officer
CognisantMD
4040 – 3080 Yonge Street
Toronto, Ontario M4N 3N1
Tel: 1-888-864-8655 xt. 701

Or by email: privacy.officer (at) cognisantmd.com

Menu