The Grove Hubs is a project under CMHA WW. If you have any questions or concerns related to your privacy and CMHA WW, please contact our Chief Privacy Officer, Anna Tersigni at firstname.lastname@example.org or 1-844-CMHA WW3 (2642-993) ext. 2011.
Understanding Your Personal Health Information and Privacy Rights
What is personal health information?
Your personal health information may contain information about:
your mental health
your physical health
your health history
your personal history
your relevant family medical history
Why is my information being collected?
Your personal health information is primarily used to paint the picture of your overall health so that your care providers can give you better care.
Sharing your personal health information by mail, fax and electronically with other service providers is important. The information shared with the members of your community care team allows them to have the most up-to-date information about you so they can better and more safely meet your needs.
How is my personal health information being protected?
Your personal health information can only be used by authorized staff providing you with health care support and services.
Your care providers are required to have administrative, physical and technical safeguards to protect their physical records and their electronic networks from misuse, correction, copying, disclosure, destruction, monitoring and/or damage. These safeguards include security software and encryption protocols, firewalls, locks and other access controls, privacy impact assessments, privacy training for staff and students, and confidentiality agreements.
Privacy and security safeguards are constantly under review and are enhanced where necessary to ensure the highest level of protection.
What are my privacy rights?
You have the right to request a copy of your clinical file by contacting your health service provider.
You also have the right to request a correction or amendment to your personal health information. You have the right to block all or parts of your clinical file to designated recipients.
You may log a complaint if you feel that your service provider has not addressed your privacy concern correctly.
How is my privacy protected even when I receive my services through secure virtual care?
Secure virtual care includes telephone, email, text and videoconferencing (through OTN or MS Teams). We will ask for your express, verbal consent to communicate using any of these platforms.
How is my privacy protected when we use virtual care methods?
We will ask for your express, verbal consent to communicate.
Due to privacy concerns, we discourage counselling via email or text. However, with your informed, documented, verbal consent we may communicate “need to know” information via email if all other methods of communication, telephone or mail are not possible and/or will impede urgent and/or needed services.
Texting may be used only to send/receive administrative communication, for example appointment times or medication renewal requests.
Is my personal health information ever sent using email?
At times it may be necessary to use email to send password protected documents that include your personal health information, either to you or to other healthcare providers within your circle of care. Your express verbal consent will be obtained to any other required non-circle of care providers (e.g., legal). We take the following steps when sending emails:
First, we send a test email to your email address (or the healthcare provider’s email address) to ensure we have the correct address. The body of the email and the subject line do not contain your name, identifying information, personal health information or attachments.
Once we confirm that we have the correct address, we send the email with any attachments.
The body of the email and the subject line do not contain your name or any identifying information
All documents to be attached are encrypted with a password using secure software. This means the document cannot be opened unless the receiver has the password. No identifying information is used in the file names.
When we send a password protected document by email, we provide a link to our CMHA WW Privacy Notice.
Finally, we send a third email with the password. Again, no identifying information is used in the body of the email or in the subject line. Alternatively, the password may be shared by telephone instead of email.
Once we confirm receipt of the email, we delete the sent emails from our inbox and then delete again from the recycling bin. This ensures the emails are completely removed from our email system.
Can my personal health information be shared with third parties that are not health care providers?
Your health care provider requires your express consent to share your personal health information with third parties.
You can request copies of parts and/or all of your health record for purposes other than healthcare, such as your lawyer, or an application for short or long term disability.
Are there times when my personal health information can be shared without my express consent?
Yes – there are times when your health care providers are required to share your personal health information without your express consent. For example, if you are at risk of harm to self or others, we may need to share need-to-know information to keep you safe. Your health care providers are also obligated by law to respond to a subpoena and/or search warrant.
Anonymous demographic and statistical data may also be used for the purposes of program and funding evaluation.
Why are my assessments shared in a centralized electronic assessment system?
Having your health information in an electronic format allows your authorized health care providers to quickly and securely access your health history, no matter where you receive care. Since the other health service providers involved in your care have a better picture of your assessments, they will be able to provide you with better care.
A centralized electronic sharing system is used to share your assessment data with community health service providers who need to review the assessment data in order to provide services to you. If you have concerns regarding the privacy and security of your personal health information, you may contact your health service provider’s Privacy Officer. If you wish to consent or withhold your consent to the sharing of your assessments in the electronic sharing system you may contact the Consent Call Centre at 1-855-585-5279 or TTY (1-855-973-4445).
What does it mean when I give my consent to share my personal health information within my circle of care?
When you give your consent, your assessment record will be uploaded onto a secure and centralized electronic assessment system. Your care providers will use the information in your assessment to provide you with the safe, quality care that better meets your needs.
You have the right to be informed of the positive and negative consequences of your consent to share or not to share your personal health information with health service providers involved in your care.
To learn more about electronic health information supporting high quality and timely care click here.
The website and its content is owned by The Grove Hubs. (“Company”, “we”, or “us”). The term “you” refers to the user or viewer of thegrovehubs.ca (“Website”).
Information We May Collect
We collect personal information from you so that we can provide you with a positive experience when utilizing our Website or content. We will only collect the minimum amount of information necessary for us to fulfill our obligation to you. We may collect:
1. Your name and an email address so we can deliver emails to you – you would be affirmatively consenting to this by providing this to us in our stay connected form.
2. Your billing information including name, address, and credit card information so that we can process a donation from you.
3. Your name and an email address if you complete our stay connected form. We may send you information emails with either your consent or if we believe we have a legitimate interest to contact you based on your contact or question.
Please note that the information above (“Personal Data”) that you are giving to us is voluntarily, and by you providing this information to us you are giving consent for us to use, collect and process this Personal Data. You are welcome to opt-out or request for us to delete your Personal Data at any point by contacting us at email@example.com
If you choose not to provide us with certain Personal Data, you may not be able to participate in certain aspects of our Website or content.
Other Information We May Collect:
Anonymous Data Collection and Use
To maintain our Website’s high quality, we may use your IP address to help diagnose problems with our server and to administer the Website by identifying which areas of the Website are most heavily used, and to display content according to your preferences. Your IP address is the number assigned to computers connected to the Internet. This is essentially “traffic data” which cannot personally identify you but is helpful to us for marketing purposes and for improving our services. Traffic data collection does not follow a user’s activities on any other websites in any way. Anonymous traffic data may also be shared with business partners and advertisers on an aggregate basis.
Use of “Cookies”
We may use the standard “cookies” feature of major web browsers. We do not set any personally identifiable information in cookies, nor do we employ any data-capture mechanisms on our Website other than cookies. You may choose to disable cookies through your own web browser’s settings. However, disabling this function may diminish your experience on our Website and some features may not work as intended.
What We Do With Information We Collect
We may contact you with information that you provide to us based on these lawful grounds for processing:
1. Consent. We may contact you if you give us your clear, unambiguous, affirmative consent to contact you.
2. Legitimate Interest. We may contact you if we feel you have a legitimate interest in hearing from us. For example, if you sign up under the “stay connected” form, we may send you informational emails, newsletters, or promotions for upcoming events. You will always have the option to opt out of any of our emails.
Email communications that you send to us via the email links on our Site may be shared with the appropriate Grove Hubs’ staff to address your inquiry. We make every effort to respond in a timely manner once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry. The email functionality on our site does not provide a completely secure and confidential means of communication. It is possible that your email communication may be accessed or viewed by another internet user while in transit to us. If you wish to keep your communication private, do not use the email function on the site.
Share with Third Parties
We may share your information with trusted third parties such as our email marketing provider in order to contact you via email, our merchant accounts to process donations.
Our site includes online forms that allow users to donate to The Grove Hubs. By voluntarily providing us with personal information in connection with donations, you are deemed to have consented to our collection, use and disclosure of such information for processing your donation or for registering you. You are also deemed to consent to being added to our contact database to receive news of our activities and to solicit further donations. You are given an opportunity to request that we no longer send you information or further requests for donations. If you do not wish to receive any email communications from The Grove Hubs regarding our activities, you may unsubscribe at any point or contact firstname.lastname@example.org. If you do not wish to receive any communications from The Grove Hubs regarding our activities and to solicit further donations, you may let us know at any point by contacting us at email@example.com Online donations to The Grove Hubs are processed through a third party. When donating, we will also add your name to our public list of donors unless you opt to be anonymous.
Viewing by Others
Note that whenever you voluntarily make your Personal Data available for viewing by others online through this Website or its content, it may be seen, collected and used by others, and therefore, we cannot be responsible for any unauthorized or improper use of the information that you voluntarily share (i.e., sharing a comment on a Facebook group that we manage, sharing details on group meeting, etc.).
Submission, Storage, Sharing and Transferring of Personal Data
Personal Data that you provide to us is stored internally or through a data management system. Your Personal Data will only be accessed by those who help to obtain, manage or store that information, or who have a legitimate need to know such Personal Data (i.e., our hosting provider, email marketing provider, payment processors or team members).
We retain your Personal Data for the minimum amount of time necessary to provide you with the information and / or services that you requested from us. We may include certain Personal Data for longer periods of time if necessary, for legal, and accounting obligations.
How You Can Access, Update or Delete Your Personal Data
You have the right to:
1. Request information about how your Personal Data is being used and request a copy of what Personal Data we use.
2. Restrict processing if you think the Personal Data is not accurate, unlawful, or no longer needed.
3. Rectify or erase Personal Data and receive confirmation of the rectification or erasure. (You have the “right to be forgotten”).
4. Withdraw your consent at any time to the processing of your Personal Data.
5. Lodge a complaint with a supervisory authority if you feel we are using your Personal Data unlawfully.
6. Receive Personal Data portability and transference to another controller without our hinderance.
7. Object to our use of your Personal Data.
8. Not be subject to an automated decision based solely on automatic processing, including profiling, which legally or significantly affects you.
You may unsubscribe from our emails or updates at any time through the unsubscribe link at the footer of all email communications. If you have questions or are experiencing problems unsubscribing, please contact us at firstname.lastname@example.org
We take commercially reasonable steps to protect the Personal Data you provide to us from misuse, disclosure or unauthorized access. We only share your Personal Data with trusted third parties who use the same level of care in processing your Personal Data. That being said, we cannot guarantee that your Personal Data will always be secure due to technology or security breaches. Should there be a data breach of which we are aware, we will inform you immediately.
We have a no spam policy and provide you with the ability to opt-out of our communications by selecting the unsubscribe link at the footer of all e-mails. We have taken the necessary steps to ensure that we are compliant with the CAN-SPAM Act of 2003 by never sending out misleading information. We will not sell, rent or share your email address.
Third Party Websites
We may link to other websites on our Website. We have no responsibility or liability for the content and activities of any other individual, company or entity whose website or materials may be linked to our Website or its content, and thus we cannot be held liable for the privacy of the information on their website or that you voluntarily share with their website. Please review their privacy policies for guidelines as to how they respectively store, use and protect the privacy of your Personal Data.
Notification of Changes
Data Controller and Processors
We are the data controllers as we are collecting and using your Personal Data. We use trusted third parties as our data processors for technical and organizational purposes, including for payments and email marketing. We use reasonable efforts to make sure our data processors are GDPR- compliant.