ZeeNovo Health Privacy Policy

Version -1.0 Effective Date:01-Sep-2024

Introduction

At ZeeNovo Health, we are committed to protecting the privacy and security of your personal and health information. This Privacy Policy outlines how we handle data collection, use, storage, and protection to ensure compliance with federal and provincial regulations such as PIPEDA, PHIPA, and others. By using our web-based booking management platform ("Platform"), you agree to the practices described in this policy.

1. Data Collection and Use

a. Types of Data Collected

• Personal Information (PI): This includes general information used to facilitate communications, such as your name, date of birth, email address, and telephone number.

• Personal Health Information (PHI): This includes information necessary for providing healthcare services, such as symptoms, medical history, vaccination status, and prescription details.

ZeeNovo Health only collects information that is essential for providing the requested health services through our platform. While the platform is designed to standardize data collection, individual pharmacists may customize additional data fields based on specific service requirements. ZeeNovo Health does not monitor or control these customizations.

b. Purpose of Data Collection

• To Facilitate Healthcare Services: We collect PI and PHI to enable pharmacies and pharmacists to deliver healthcare services, including appointment bookings, minor ailment assessments, vaccinations, and prescription management.

• To Enhance User Experience: We use data to improve the functionality and usability of our platform, ensuring it meets the needs of both patients and pharmacies.

• To Comply with Legal Obligations: We may use your information to comply with applicable laws, regulations, and industry standards.

2. Data Storage and Security

a. Data Storage Partner

ZeeNovo Health partners with leading data and security providers to ensure that your information is stored securely and is protected by industry-leading encryption standards. All data is stored in Canada and is encrypted both in transit and at rest.

b. Security Measures

• Encryption: All PI and PHI are encrypted to ensure confidentiality and security during transmission and storage.

• Access Controls: Access to sensitive information is restricted to authorized personnel, including pharmacists and select ZeeNovo Health engineers, all of whom have undergone thorough training in data privacy and security.

• Monitoring and Auditing: Regular audits and security checks are conducted to ensure compliance with privacy laws and to safeguard against unauthorized access.

3. Access to Information

a. Patient and Pharmacy Access

• Public-Facing Information: Only minimal personal information (PI) required for booking appointments is accessible through public-facing sites. This information is kept separate from more sensitive health information (PHI), which is stored securely and is not accessible from public access points.

• Patient Access: Patients cannot access their own health documentation after submission. They may request modifications or deletions through their pharmacy, or reset their information if necessary.

b. Pharmacy Control

Pharmacies have full control over the data stored within their accounts. They can view, modify, or delete patient records as needed. ZeeNovo Health provides tools for pharmacies to manage patient data securely and efficiently.

4. Data Deletion and Retention

ZeeNovo Health is committed to giving pharmacies and patients control over their data. Data can be deleted or modified in the following ways:

1. Patient-Initiated Deletion: Patients can delete their data via a link provided in email communications. This will remove all associated records, including those held by the pharmacy.

2. Pharmacy-Initiated Deletion: Pharmacies can delete any patient data from their dashboard. Patients can request modifications or deletions directly through their pharmacy.

3. Request for Deletion: Patients may also request data deletion by contacting ZeeNovo Health’s Privacy Officer at [email address].

5. Organizational Policies

ZeeNovo Health follows strict internal protocols to safeguard data:

• Restricted Access: Full database access is limited to authorized personnel with necessary technical training. This includes key engineers and healthcare professionals employed by ZeeNovo Health.

• Support Access: ZeeNovo Health support staff can only access a pharmacy's data with explicit consent and must use secure methods such as private/incognito browsing sessions.

• Patient Communication: ZeeNovo Health will not contact patients directly without the pharmacy's consent, except for technical support purposes.

• Password Management: Pharmacy passwords are managed using secure authentication services, ensuring no unauthorized access by ZeeNovo Health staff.

6. Data Sharing

ZeeNovo Health does not sell or share personal information (PI) or personal health information (PHI) with third parties, except as required to provide healthcare services or comply with legal obligations. Anonymized data may be shared for research, educational purposes, or to improve our services, without including any personal identifiers.

7. Procedures in Case of a Data Breach

In the event of a data breach, ZeeNovo Health follows a four-step process:

1. Assessment: We coordinate with our data partners to assess the scale and cause of the breach.

2. Resolution: If the breach is due to a vulnerability in our system, we will deploy a fix as quickly as possible.

3. Notification: Affected pharmacies and patients will be notified, and instructions will be provided on how to secure their information.

4. Policy Review: We will review our internal policies and make necessary adjustments to prevent future breaches.

8. Contact Information

ZeeNovo Health’s Privacy Officer is Jeet Kandoriya, responsible for ensuring all aspects of our privacy practices comply with regulations. You can contact the Privacy Officer with any questions or concerns about your data at Contact@zeenovo.com