Privacy Policy

Effective Date: 2021-05-17

Evoke Health Inc. (“Evoke Health”, “we”, “us”) is committed to protecting personally identifiable and health information (together as “Personal Information”) and safeguarding the privacy of all individuals (“User”, “you”, “your”) who utilize Engage⁺ (the “Service”), accessible through https://evokehealth.ca website (the “Site”).

This privacy policy (the “Policy”) applies to Personal Information collected by Evoke Health through the Service. It does not apply to information or data collected through other sites, products, or services.

This policy informs you of our practice regarding the collection, use and disclosure of Personal Information when you use our Service and the choices you have associated with that data. This is in accordance with the requirements of

  • Health Insurance Portability and Accountability Act, 1996 (“HIPAA”)- United States
  • Health Information Technology for Economic and Clinical Health Act, 2009 (HITECH)- United States
  • Personal Information and Protection of Electronic Documents Act,2000 (“PIPEDA”)- Canada
  • Personal Health Information Act, 2004 (“PHIPA”)- Ontario, Canada
  • Personal Information Protection Act, 2003 (“PIPA”)- British Columbia, Canada
  • Health Information Act, 2000- Alberta, Canada
  • Comparable legislation in other jurisdiction

Evoke Health operates the Service for use by the health care providers such as senior care, nursing homes, assisted living senior homes, and other healthcare facilities (together as “Providers”). Information provided in the Service shall only be accessed by Users authorized by the Provider.

By using the Service and voluntarily providing your Personal Information to us, you consent to the collection, use, disclosure, retention and disposal of Personal Information by us as described in this Policy. This Privacy Policy is incorporated into and subject to the terms of the Evoke Health’s Terms of Use (“Terms”). If you do not agree to the terms of this Privacy Policy, please do not provide us with any information and do not use the Service.

Unless otherwise defined in this Privacy Policy, the terms used in this Privacy policy have the same meanings as in our Terms of Use (“Terms”).

    DEFINITION

      Personally Identifiable Information. Information that can be used to identify an individual, including without limitation: individual’s name, home address and phone number, age, sex, marital status, health number, financial information, educational history.

      Personal Health Information. Identifying information about an individual in oral or recorded form that relates to their physical or mental health. Examples include medical history, family health history, health card number, and any information that identifies an individual and links them to a healthcare provider.

      Non-Personal Information. Any information about an individual that does not identify them.

      Provider. Healthcare facilities that deliver healthcare services and has custody or control of Personal Information as a result of the work it does.

      In this policy, Provider includes nursing homes, assisted living senior homes, retirement homes, and other healthcare providers that enlist the services of Evoke Health.

      Under PHIPA, Provider are called Health Information Custodian.

      Under HIPAA, Provider are called Covered Entities.

      User. Substitute Decision Makers or Proxy who are authorized to receive Personal Information of “patient(s)” or “resident(s)” of Provider(s), or employees or representatives of Provider(s) who are authorized to act on behald of Provider.

      Business Associate/Agent. Acts for on behalf of the Provider to collect, use, or disclose Personal Information.

      Under HIPAA, Evoke Health acts as a Business Associate to Covered Entities.

      Under PHIPA, Evoke Health acts as a Agent to Health Information Custodians.

      Service Provider. Any third-party company or people contracted to perform services on behalf of Evoke Health. All Service Provider have to agree and comply with Evoke Health’s Privacy Policies and Practices.

    RELATIONSHIP WITH PROVIDERS

    Under the terms of the Subscription Agreement and Business Associate Agreement ("Agreement") by and between Evoke Health and a Provider, Evoke Health provides services to Provider that may involve Personal Information. Evoke Health’s uses and disclosures of Personal Information and other actions under each Agreement are and shall be consistent with the Provider’s privacy policies, and which may be modified or altered by the Provider from time to time.

    COLLECTION OF PERSONAL INFORMATION

    Via the Service, Evoke Health may collect from you: (i) Personal Identifiable and Personal Health Information (“Personal Information”), (ii) Non-personal information. You may choose not to provide us with your Personal Information. However, choosing not to provide certain requested information may prevent you from accessing and taking advantage of the Service.

      Personal Identifiable and Personal Health Information:

        Users:

        Evoke Health collects and stores Personal Information to provide you with access to the Service. Evoke Health collects your and associated patient’s Personal Information from your Provider to initiate your account setup and validation. This allows expedition of your enrolment and authorize access to the Service. Personal Information collected for this purpose may include without limitation

        • Your contact and identification information, including first and last name, e-mail address, home address, telephone number, relationship to patient.
        • Patients’ information, including first and last name, gender, date of birth, photograph, room number.
        • Patients’ health information, including vitals, medications, tests, health and daily updates, allergies, conditions, upcoming appointments.

        Contacting Us:

        You may contact us by emailing us within our Site and Service for general inquiry, complaints, or customer support. In this regard, we may collect Personal Information including but not limited to: Legal name, title, email address, Provider and patient name.

        Non-Personal Information

        Evoke Health uses cookies within your web browsers to facilitate the sign in process and to deliver personalized services within the Service. The cookie is a small data file that a website places on your computer’s hard disk. Evoke Health uses cookies to help it compile aggregate statistics about usage of the Site and Service. This information includes without limitations:

        • Device Information: We may collect device-specific information, for example: Hardware model, operating system, network information
        • Log information: We may automatically collect and store information in our logs such as
          • Internet protocol address;
          • How many users log into the Service;
          • How long users spend viewing the Service
          • What pages are viewed most often;
          • Device event information such as crashes, system activity, browser type, browser language, the date and time of you request.

        This is a temporary or session cookie that uniquely identifies you as you move from page to page on the Site and Service. We need this information in order to operate the Service, but it does not collect Personal Information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

    USE OF INFORMATION

    We do not (nor do we intend to) sell or otherwise market Personal Information to third parties.

    We limit the collection, use, retention and disclosure of Personal Information to that is reasonably necessary for the purposes outlined below. By using the Services, you consent to our collection from, verification with and communication to the Provider and any Service Provider for the purposes set out in this Policy, by Evoke Health. Personal Information will not be used without your consent for any purpose other than those mentioned in this Policy.

      PERSONAL INFORMATION

      We collect, retain, use, and disclose Personal Information we collect for the following purposes:

      • To establish you as a User on the Service with access to any password protected portions of the Service;
      • To provide you the Service.
      • To operate and improve the Service.
      • To verify your identity to allow your access to the Service.
      • To respond to an inquiry from you or address a request submitted by you (including contacting you directly to request additional information to process your inquiry or request);
      • To correspond with you regarding the Services;
      • To contact and provide you promotional information regarding Evoke Health to inform you of developments in our company or with our Services that we believe may be of interest.
      • To send you newsletters, publications and other non-commercial communications regarding the Services if you are on our mailing list.
      • To create aggregated, non-personal information, or to create de-identified information;
      • For security logs;
      • To comply with applicable laws, regulations or legal process;
      • To comply with requests of relevant regulatory and law enforcement and/or other governmental agencies or authorities;
      • To enforce our Terms of Use; and/or to protect the rights, property, or safety of Evoke Health, Users, and Providers.

      We shall obtain your consent prior to using, retaining, or disclosing Personal Information for purposes not mentioned above. We may use your Personal Information for purposes otherwise disclosed at the time you provide your information. Notwithstanding anything to the contrary herein, Evoke Health agrees to not use or disclose any Personal Information that has been submitted to Evoke Health through the Service other than as permitted or required by applicable law.

      Non-Personal Information

      We may use any Non-personal Information for any purposes as appropriate and subject to applicable law, since non-personal Information cannot identify you as an individual. For example, we may use Non- personal Information collected to monitor visitor traffic patterns and Service usage, to improve our Services, to customize your experience, and as may be permitted by applicable law. We may also use Non-personal Information in the aggregate to create summary statistics that help us analyze Service usage trends, assess what information is of most and least importance, determine technical design specifications, arrange our Service in a user-friendly way, and identify system performance or problem areas.

    DISCLOSURE OF INFORMATION

    Personal Information is not shared with companies, organizations, and individuals outside of Evoke Health unless one of the following occurs

    • Legal Concerns: Personal Information may be shared with companies, organizations, or individuals outside of Evoke Health if there is a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
      • enforce applicable Terms of Use;
      • meet applicable laws, regulations, legal processes or enforceable governmental requests;
      • detect, prevent, or otherwise address fraud, security or technical issues and defend rights or property of Evoke Health;
      • investigate wrongdoing in connection with the Service; or
      • protect personal safety of users of the Service or the public.
    • Consent: Personal Information will be shared with companies, organizations, or individuals outside of Evoke Health only when your consent has been provided to do so.
    • Service Providers: We may from time to time employ other companies and people to perform tasks on our behalf and need to share Personal Information with them to provide the Services. In particular, we use cloud services provided by Microsoft Inc., which may be replaced or supplemented by us from time to time (“Service Providers”). Unless we tell you differently, such Service Providers do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.

    SECURITY

    Our servers are located in Canada. Evoke Health uses commercially reasonable efforts to ensure that your Personal Information is stored and maintained in a secure environment. Evoke Health uses encryption technology such as TLS/SSL during transmission and the storage of Personal Information. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

    RETENTION AND DISPOSAL

    Evoke Health shall keep your Personal Information for as long as necessary in connection with the purposes identified in this Policy or as required by law, which may extend beyond the termination of Evoke Health’s relationship with you or your Provider. You must notify Evoke Health at support@evokehealth.ca or your Provider if you no longer want your information to be retained by Evoke Health. If you request to close your Account, Evoke Health will delete your record within thirty (30) days of notification from your Provider.

    You acknowledge and agree that if you request that your Personal Information be removed from our databases, it may not be possible to completely delete all Personal Information due to technological and legal constraints. An example of a legal constraint may include Evoke Health being requisitioned by provincial or federal government entities to disclose Personal Information for the purpose of a criminal investigation.

    THIRD PARTY WEBSITES

    Through the Services you may be introduced to a variety of third parties and websites. The privacy policies of these third parties are not under the control of Evoke Health and may differ from this Policy. The use of any information that you may provide to any third party, or the use of "cookie" technology by any third party, will be governed by the privacy policy of the operator of the website that you are visiting. If you have any doubts about the privacy of the information you are providing on another website, we recommend that you contact that website directly for more information and review its privacy policy. An example of this scenario is your Provider directs you to a survey on another website via a link from the Service.

    ACCESS, CORRECTION AND ACCURACY

    Evoke Health believes in the right of individuals to access their Personal Information.

    Personal Information is collected from your Provider and as such any inquiries related to Personal Information displayed in the Service should be brought to the attention of your Provider. Should you wish to make an inquiry about the state of your Personal Information, you can contact us at support@evokehealth.ca and we will notify your Proivder of your inquiry.

    We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with mechanisms to update, correct, delete or add to your Personal Information as appropriate. For security reasons, you may not be able to amend some of your Personal Information through our Service, such as your email address. In these cases, you will need to contact your Provider and they shall inform us for the change.

    USERS FROM OUTSIDE CANADA

    Our website and its Service are hosted in Canada and are governed by Canadian law. If you are using the Service from outside Canada, please be aware that your information may be transferred to, stored, and processed in Canada where our servers are located and our central database is operated. The data protection and other laws of Canada and other countries might not be as comprehensive as those in your country. By using the Service, you consent to your information being transferred to our facilities and use it as described in this Privacy Policy.

    CHANGES TO THIS POLICY

    Evoke Health may amend and update this Policy at any time, which will be reflected by the “Effective Date” above, and will notify you of this change upon your next logon. It is highly recommended that you read over this Policy occasionally to keep informed of our commitment to the protection of your private information and any changes to this Policy. You must agree to this Policy and any changes thereto to continue usage of the Services.

    Contact Information

    Should you have any questions or concerns about this Policy, please send your correspondence to:

    Varsha Chaugai CEO & Privacy Officer
    Evoke Health
    572 Ashbourne Cres
    Ottawa, Ontario
    K2J 0P5
    support@evokehealth.ca

    All communications relating to privacy will be considered confidential and treated as such.