Confidentiality policy

Effective Date: September 2023 

Introduction 

Radiomedic Radiology Clinic is committed to protecting the confidentiality and security of its patients’ personal information. This data privacy policy aims to explain how we collect, use, share, and protect personal data in accordance with the Act modernizing legislative provisions relating to the protection of personal information and other applicable laws in Quebec. 

Some definitions: 

  • Personal Information: Personal information refers to data about an individual that allows for their identification. This includes, but is not limited to, name, date of birth, residential address, phone number, personal email address, and RAMQ number.
  • Consent: Consent is the authorization of the individual providing the personal information to collect and use their personal data. Consent must be explicit, voluntary, informed, given for specific purposes, in clear and simple terms, and for the duration necessary to achieve the purposes for which it was requested.
  • Person in charge: The person responsible for access to information and the protection of personal information. Their mandate has been delegated by Radiomedic‘s General Management.
  • Third Party: Any individual or entity external to Radiomedic, who is not a patient or member of its staff. The third party may include treating physicians, external clinics, partners, consultants, other external organizations, etc.
  • Necessary2: Necessity goes beyond mere utility. For a company, it is evaluated in relation to the purpose of the collection and its proportionality. Thus, collection will be necessary if the following conditions are all met:
  • The objective pursued is legitimate, important, and real; 
  • The invasion of privacy is proportionate to this objective, meaning more precisely that: The collection of information is rationally linked to the objectives. 
  • The invasion of the right to privacy is minimized. In other words, there are no other means of achieving the same objectives in a way that infringes less on privacy. 
  • The collection, use, or disclosure of the information is significantly more useful to the organization or company than detrimental to the individual concerned. 

 

  1. Collection of Personal Data 

We only collect necessary personal data when you access our radiology services. The necessary personal data we may collect include, but are not limited to, identification information, medical information, and contact information. 

  • Health Information: including details of your health such as your medical history, a medical document with or without a diagnosis, consultation with a healthcare professional, consultation date, medications, prescriptions, and data related to your genetic profile.
  • Data collected automatically when you visit our website.

Personal data is collected in accordance with Law 25, which strengthens protections for personal information, particularly regarding the collection, storage, and security of personal data, as well as professional regulations established by the College of Physicians of Quebec such as the Guide to the Organization of Places and the Management of Medical Records in Extrahospital Settings. 

Personal data may be collected in several ways such as: 

  • In-person: When you visit the clinic, to complete your appointment, we collect your personal information necessary to identify you, provide the required services, and communicate results. 
  • By phone: When you call us to make an appointment, we collect the personal information necessary to complete the appointment. 
  • Electronically: When you complete an appointment request through our website. We collect the necessary personal information related to a medical prescription when it is submitted by email or through our website. 

From our website: 

  • By interacting with our website, we collect various information electronically through technologies such as cookies and pixels, to tailor our sites to your preferences, analyze the use of our sites and electronic communications, and provide you with personalized advertising from Radiomedic Clinic with the help of our partners. For example, we use your location to display our sites in the appropriate language and use the pages you visit to deliver personalized ads on our partners’ sites, in compliance with applicable laws.
  • Cookies are small files stored on your computer to save information such as your login data or language choice between visits, making it easier to log in later. Pixels are small image files containing information such as your IP address, allowing for an understanding of your online behavior, monitoring the delivery of our emails, and presenting personalized ads. We use third-party tools like Google Analytics and HotJar to analyze the use of our sites and provide anonymized activity reports, without transmitting personally identifiable information.
  • You can disable or delete these technologies via your browser settings at any time.
  1. Use of Personal Data 

We use our patients’ personal data to provide high-quality radiology services, including medical assessment and diagnosis. This data may also be used for appointment management, patient identity verification, patient communication, patient record administration, staff training, and to comply with legal requirements. 

  1. Management of our Activities and Operations

We use your personal data for various operations and activities, such as: 

  • Maintaining and managing our computer systems, including ensuring the security of our networks.
  • Managing and improving the experience on our websites, for example, by using cookies.
  • Allowing you to participate in satisfaction surveys after your appointments.
  • Ensuring the safety of clients, employees, and assets, particularly in our clinics.
  • Fulfilling our legal obligations by providing reports to government authorities if necessary.
  1. Our Communications

With your consent, we use your personal data to contact you in various ways, including: 

  • Sending our newsletters, with the option to unsubscribe at any time.
  • Informing you about programs, products, services, or events that may interest you via various means such as email, phone, SMS, or mail.
  • Broadcasting personalized ads about our products or services if we believe they may interest you.

Your consent is necessary to receive our commercial communications by email, in accordance with the law. Without your consent, we cannot send them to you. If you wish to unsubscribe from our commercial communications after consenting to receive them, please follow the unsubscribe procedure included in each message. For more information, see the “How to Change My Privacy Preferences?” section. 

  1. Data Analysis and Research

We use your personal data to conduct data analysis and research to improve our health products and services, as well as our programs, promotions, contests, or events, and to better understand our clientele. Typically, we aggregate and/or anonymize your personal data so that it no longer contains information allowing you to be identified. 

For example, this data analysis and research can be used to: 

  • Assess the effectiveness of treatments and develop improvements or tools to enhance diagnostics or imaging interpretation.
  • Conduct health and genetic research.
  • Improve the performance of our websites and create content more tailored to the interests of our visitors.
  • Measure the effectiveness of our marketing and develop campaigns that meet the needs of our clients.
  • Develop new health products and services that meet the needs of our clients.
  • Conduct data analysis and research to develop new tools such as algorithms or reports.
  1. Sharing of Personal Data 

We only share patients’ personal data with authorized third parties, such as members of Management, healthcare professionals involved in patient treatment, regulatory authorities, and health organizations in accordance with the law and patient consent. We formally request our staff and these third parties to comply with their confidentiality obligations. 

We may share aggregated and/or anonymized information with third parties, such as the government, pharmaceutical companies, physicians, and other actors in the medical field. We do not disclose your personal data to third parties outside our group of companies, except in the following cases: 

  1. Service Providers: We may share your personal data with service providers who assist us in providing our services, operating our technological systems, or implementing our advertising and marketing strategies. For example, we may use third-party laboratories for specific tests or email providers for sending our newsletters.
  2. Sale or Transfer of Business: In the event of a sale, merger, or other business transaction, your personal data may be transferred to third parties involved in this operation.
  3. Other Authorized Reasons: In certain circumstances, the law may authorize or require the collection, use, or disclosure of your personal data without your consent. For example, to investigate illegal activities or to protect public safety.
  4. With Your Consent: With your explicit consent, we may share your personal data with third parties such as your insurer, employer, or treating physician.

Please note that if you use our services and possess a health insurance number issued by RAMQ, we may be required to communicate your health information in accordance with the Health Information Sharing Act. By using our services, you consent to such communications. 

  1. Protection of Personal Data

We implement technical and organizational security measures to protect personal data against unauthorized access, loss, disclosure, unauthorized modification, and destruction. We train our staff on personal data protection and confidentiality. 

  1. Data Retention 

We retain patients’ personal data for the duration of our business relationship with the patient and as long as necessary to comply with legal and regulatory obligations. 

Personal information is not stored on any physical media such as paper records or production boards, but rather on local digital media such as portable hard drives and USB keys, and local data servers and cloud-based media. 

Once this data is no longer required, we securely delete it in a manner that prevents you from being identified. 

  1. Security 

We use the following technologies and security procedures to protect personal information: 

  • Software Firewall
  • Hardware Firewall
  • Antivirus and regular scanning on all network computers
  • Data encryption on our website
  • Data encryption of our databases
  • Software access control to computer data
  • Physical access control to offices and server rooms
  • Employee training on phishing
  1. Consent 

We obtain patients’ informed consent before collecting or using their personal data, except where the law otherwise permits. 

When you use our services and explore our websites, you consent to the collection, use, and disclosure of your personal data in accordance with the terms outlined in this policy. It is important to note that in some situations, your consent may be implicit, meaning that your consent is presumed based on your actions or inaction during the collection, use, or disclosure of your personal information. 

In general, we will seek your consent when we intend to use your personal information for new or different purposes than those stated in this policy, or otherwise at the time of collection, as specified, for example, in a dedicated consent form or specific service terms to which you subscribe. 

  1. Patients’ Rights 

Patients have the right to access their personal data, correct it, delete it, object to its processing, and withdraw their consent, in accordance with the law. To exercise these rights, patients must contact us using the contact details of the responsible party provided at the end of this policy. 

  1. Contact 

For any questions regarding this data privacy policy or to exercise your data protection rights, please contact the person responsible for personal information protection: 

Data Protection Officer (DPO) 

Email: admin@radiomedic.ca 

Conclusion 

Radiomedic Radiology Clinic is committed to respecting the confidentiality and security of its patients’ personal data. This policy is subject to periodic revisions, and updates will be published on our website. We encourage you to regularly review our data privacy policy to stay informed of the latest changes. 

Do You Need Any Of Our Service?

Make an appointment with one of our specialists now!

MAKE AN APPOINTMENT