Dapasoft is a technology service provider based out of Toronto, Canada that provides a variety of information system services to various customers in Canada and the U.S. Some customers are health care organizations that require Dapasoft’s services to collect, use, disclose, and otherwise manage PHI (personal health information in Canada, or protected health information in the U.S.) in their custody. Other customers are public/private sector organizations in Canada that also require Dapasoft’s services to collect, use, disclose, and otherwise manage personal information (PI) / personally identifiable information (PII) in their custody. In all cases, when Dapasoft provides its services, the customer is the custodian of the PHI or PI/PII; Dapasoft is not a custodian of the information and so does not have ultimate decision-making authority or accountability for the PHI.
When Dapasoft provides this technology to its health care customers it is subject to privacy legislation in Canadian provinces and the U.S. Health Information Portability and Accountability Act (HIPAA). As a technology provider, Dapasoft has specific privacy and security responsibilities under these Acts, including a ‘health information network provider’ under Ontario’s Personal Health Information Protection Act (PHIPA) when its services enable two or more health care providers to disclose to one another PHI about a patient.
To meet the legislated privacy requirements of Dapasoft’s customers across Canada and the U.S. as well as privacy best practices, Dapasoft has set privacy requirements that meet the most stringent privacy requirements of all acts combined to support its compliance regardless of the jurisdiction of its customer. Below are key components of our privacy program, how we manage PHI and PI/PII, and your privacy rights regarding this data.
Dapasoft services as a technology provider include:
- Enable customers to collect, use, disclose (share), manage, modify, retain, and destroy PHI or PI/PII in custom-build solutions;
- Enable customers to integrate systems across their organization, with organizations, and across regions;
- Coordinate the secure transmission and storage of your PHI and PI/PII that our customers store in Dapasoft services;
- Maintaining a privacy program that follows recognized standards in privacy and security to protect your PHI and PI/PII;
- Ensuring strong privacy and security terms in our contracts with all our third-party vendors that we rely on e.g., Microsoft; and
- Storing all PHI and PI/PII in Canada, unless requested otherwise by the customer.
Below is a summary of our privacy program and practices for PHI.
Accountability for Privacy
The President and Privacy Officer is accountable for ensuring that Dapasoft complies with its privacy obligations as a technology provider to its customers.
Dapasoft Privacy Program
Dapasoft has developed and implemented the following measures to support it in meeting its privacy requirements as a technology provider, including;
- Privacy, security, and information management procedures that limit Dapasoft employee access to, use, and retention of your PHI and PI/PII to the purposes of providing and managing its technology services to customers;
- Privacy training and awareness for all new Dapasoft employees, with refresher privacy training and awareness provided regularly;
- Processes for identifying and managing privacy and security risks to PHI and PI/PII, including privacy breaches; and
- Privacy review activities to confirm that Dapasoft complies with its privacy requirements as a technology provider to customers.
Dapasoft has implemented information security safeguards to protect your PHI and PI/PII in our technology services from theft, loss, or unauthorized collect, use, disclosure, or retention. Key safeguards include, but are not limited to:
- Access controls in Dapasoft technology services to ensure that our access to your information by our employees and third-party vendors has been appropriately limited to the job duties and authorized services of Dapasoft;
- Data protection measures, including protection (e.g., encryption) of your PHI and PI/PII when transmitted between customers through Dapasoft services and between Dapasoft and its customers;
- Network protections, including firewalls, intrusion detection and prevention measures, and anti-malware protections.
Your Privacy Rights
If you have any of the following privacy questions about a Dapasoft customer and your PHI or PI/PII in Dapasoft services, then please contact the relevant Dapasoft customer:
- Obtain or withdraw your consent for customers to collect, use, disclose, and retain your information in Dapasoft services;
- Request a copy of your information stored, transferred and managed in Dapasoft services to customers;
- Request access to information about how Dapasoft customers have been using, accessing, and sharing your information in Dapasoft services;
- Request a correction of your information collected by customers using Dapasoft services; and
- Make a privacy inquiry or complaint about how a Dapasoft customer is managing and ensuring the privacy and security of your information in Dapasoft services.
If you contact Dapasoft regarding any of the above, we will ask that you forward your request to the customer that is using, accessing, and sharing your information in Dapasoft services.
Contacting the Dapasoft President and Privacy Officer
If you have a general inquiry about Dapasoft’s privacy program, then please click here to access our Privacy and Security White Paper. If you have a specific question that was not answered in this notice or our Privacy and Security White Paper, then please contact our President and Privacy Officer at firstname.lastname@example.org.