The website https://platform.mindbeacon.io is owned by MindBeacon Software Inc., and the MindBeacon application is licensed to and operated by MindBeacon Health Inc. and it's subsidiaries (MindBeacon Health Inc., its subsidiaries and MindBeacon Software Inc. collectively referred to as “MindBeacon”).
For Canadian Residents:
You must be at least sixteen (16) years old to use the MindBeacon Platform. By using the MindBeacon Platform, you represent and warrant to MindBeacon that you are at least sixteen (16) years old. Parental consent or the consent of a legal guardian may be required if you are under the age of eighteen (18).
For U.S. Residents:
You must be at least eighteen (18) years old to use the MindBeacon Platform. By using the MindBeacon Platform, you represent and warrant to MindBeacon that you are at least eighteen (18) years old.
What is “Personal Information”?
For Canadian Residents:
Any data that has been collected in which personal identifiers have been removed, such that the information could not reasonably be used to identify the individual, is not considered Personal Information.
For U.S. Residents:
MindBeacon is considered a “covered entity” under the U.S. federal privacy law referred to as the Health Information Portability and Accountability Act of 1996 (“HIPAA”). Regulations under HIPAA explain how we may use and disclose identifiable health information that we collect from and about you and how we must keep your health information safe and secure.
Where appropriate for a particular mental health service, we may collect Personal Information directly from you through questionnaires or surveys, as well as through other health information that you disclose to counselors and other participants in the mental health services.
MindBeacon protects the Personal Information of patients that reside in the U.S., has designated a Security Officer and a Privacy Officer, has adopted HIPAA Privacy and Security policies and procedures, trains its workforce and enters into the appropriate business associate agreements with third parties when sharing Personal Information for payment, treatment and health care operations to appropriately protect the Personal Information of residents of the U.S. under HIPAA as well as applicable state law.
Consent and Authorization
MindBeacon will collect, use and disclose your Personal Information without your consent only in limited circumstances and as permitted or required by applicable law or regulatory requirement. For example, Personal Information may be used or disclosed without consent for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual. In certain limited circumstances, we may be called upon to release your Personal Information in response to a court order, subpoena, search warrant, or applicable law or regulation. We will cooperate in responding to such requests, taking appropriate measures to ensure that the requester understands the sensitive nature of the Personal Information that they may receive, and that disclosure is necessary to comply with applicable law.
In certain cases, you may choose not to provide us with some or all of your Personal Information. However, should you choose not to provide necessary Personal Information to us, that decision may impact your ability to interact with us or for us to provide you with certain services. For example, we require that you provide us with current emergency contact information, and we cannot provide any services without emergency contact information.
Your Rights Regarding Your Personal Information
For Canadian Residents:
Right to Access Personal Information. Except in the limited circumstances established by law, you may obtain access to your Personal Information. Requests for access must be made in writing and should be addressed to our Privacy Officer (please see the contact details set forth below).
Right to Correct Personal Information. You may also amend or correct your Personal information through the MindBeacon website or mobile application or request us to correct your Personal Information where you believe it to be out of date or otherwise inaccurate. Requests for correction must be made in writing and should be addressed to our Privacy Officer (please see the contact details set forth below).
Right to Withdraw Consent. You may withdraw your consent for collection, use or disclosure of Personal Information at any time by notice to us in writing, subject to legal and contractual restrictions and reasonable notice. Should you choose to do so, you may not be able to access certain or all of the MindBeacon services. Withdrawal of consent cannot be retroactive. Please contact our Privacy Officer listed below to find out how.
For U.S. Residents:
Under HIPAA, your rights with respect to your Personal Information include the following:
Right to Access Personal Information. You have the right to obtain a copy of the Personal Information that MindBeacon maintains about you. To access a copy of your Personal Information, you must submit your request in writing. There may be a fee for the costs of copying, mailing, labor and supplies associated with your request. MindBeacon may deny your request to inspect and/or copy your Personal Information in certain limited circumstances. If that occurs, MindBeacon will inform you of the reason for the denial, and you may request a review of the denial.
Right to Correct Personal Information. You have a right to request that MindBeacon amend your Personal Information if you believe it is incorrect or incomplete. You must submit your request in writing to MindBeacon and provide a reason to support the requested amendment. We may, under certain circumstances, deny your request by sending you a written notice of denial. If MindBeacon denies your request, we will inform you of the reason for the denial, and you may request a review of the denial.
Right to Withdraw Consent. You may, at any time, withdraw your consent for us to collect, use, and disclose your Personal Information as outlined in this Notice. However, withdrawal of consent is subject to legal or contractual restrictions and reasonable notice. As such, we may continue to collect, use, and disclose your Personal Information as may be required to provide you with access to our Services, and to the extent required or permitted by law. If you refuse to provide us with Personal Information, or later contact us to withdraw your consent for us to use and disclose the Personal Information we have already collected, you may not be able to use our services including our websites and Platform.
Right to Provide us with Communication Preferences. In order to obtain access to MindBeacon’s services, when you register, you must provide MindBeacon with your email address and/or cell phone number. MindBeacon will use your email address or cell phone number to send you information related to updates on the Platform (e.g. security changes, registration changes) as well as appointment reminders and other information specifically related to your use of our services via the Platform. You are always able to opt out of receiving emails or text messages from MindBeacon. However, you opt out of receiving emails and text messages, MindBeacon may no longer be able to provide you with health care services.
If you authorize us to use or disclose PHI about you, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose Personal Information about you for the reasons stated in that written authorization, except to the extent we have already acted in reliance on your authorization. Any revocation of an authorization applies only to what you or your personal representative had authorized and does not apply to the situations above where we are permitted to use or disclose PHI about you without an authorization. You understand that we are unable to take back any disclosures that we have already made with your permission and that we are required to retain our records of the care we provide to you.
What Personal Information does MindBeacon Collect?
We may collect Personal Information about you for the purpose of administration and providing services through the MindBeacon Platform, including, without limitation, information such as:
- Your name;
- Your contact information, emergency contact information, date of birth;
- Demographic information (gender, ethnicity, place of birth, education, health, family and lifestyle information, etc.);
- The services you will and have received through the MindBeacon Platform, dates, etc.;
- Responses to your screening and/or online assessment;
- Your assessment report;
- Secure messaging or email communications between you and a regulated healthcare professional involved in your care;
- Any information that you send to us through email or the MindBeacon Platform;
- Notes and records of assessment and information relating to your assessment for suitability for services through the MindBeacon Platform, and notes and records relating to your progress through the MindBeacon Therapist Guided Program and/or MindBeacon’s Live Therapy or other MindBeacon program;
- Outcome data from self-report measures; and
- Your responses to requests for information and/or treatment questions at follow-up intervals three (3) and six (6) months after you have completed the course.
How is this Personal Information Used?
We will use your Personal Information for the purposes for which it was collected as outlined above, and as required or permitted by applicable law. Specifically, we will use your Personal Information to:
- Determine your eligibility for the services;
- Deliver and administer services to you through the MindBeacon Platform, including, but not limited to, assessments, the Therapist Guided Program, Live Therapy and other services;
- Communicate with you, including setting up an assessment phone call, enabling communications with your therapist, to provide you with information about possible services and treatments, and to provide other reminders, prompts and feedback about your progress through the Therapist Guided Program and/or Live Therapy; and/or other services;
- Provide you with ongoing service and support and to help us better understand your needs.
Your Personal Information may be de-identified and/or aggregated, and thereafter used for the purposes of improving and developing new assessment processes or other related product or service offerings, research, including academic and non-academic research, AI and other types of analytics, quality assurance, performance reporting, customer reports, promotion and advertisement, and business development.
What Personal Information does MindBeacon Share?
We may share your Personal Information with third parties as follows:
MindBeacon Therapists: Your Personal Information may be shared with another MindBeacon therapist and/or any one or more clinical supervisors or clinical consultant of any MindBeacon therapist, if sharing such information is necessary to provide you with services through the MindBeacon Platform.
Consulting Professionals: Your Personal Information may be shared by your MindBeacon therapist with a MindBeacon consulting regulated healthcare professional for the purpose of quality assurance and otherwise in accordance with applicable laws.
Insurance Providers: In circumstances where you are completing therapy as part of a return to work plan established by an insurance company, we may share your Personal Information with those involved in your care, including the insurance company. This disclosure may include information regarding your assessment results, progress and discharge from the MindBeacon Therapist Guided Program, Live Therapy or other program.
Payors: If your use of services through the MindBeacon Platform is paid for by your employer or a third-party insurance provider, we may disclose certain information in order to assist us with arranging payment for your enrollment. This information includes your name and insurance plan information. We will not disclose to your employer or a third-party insurance provider, any correspondence between you and your MindBeacon therapist, any of your assessment information, progress or discharge reports, or any summaries of such information.
Hospitals: In circumstances in which you have been referred to us through a hospital or other health care provider that remains involved in your care on an ongoing basis, or if you are referred to such provider after concluding the MindBeacon Therapist Guided Program, Live Therapy or other program, we may share your Personal Information with such provider. This disclosure may include information regarding your assessment results, progress and discharge from the MindBeacon Therapist Guided Program, Live Therapy or other program.
Employees and Agents: We may provide your Personal Information to our employees and those of our affiliates and our respective agents and those third parties that require such information in order to help us provide services to our clients and administer our business.
Funding Body and its Agents: we may share your personal information for reporting and remuneration purposes with the funding body or its agents in circumstances where you are completing therapy as part of a publicly funded program or for evaluation purposes with the agents of the funding body who have been tasked by the funding body to conduct evaluation to understand the effectiveness of the MindBeacon Program as part of the service MindBeacon is paid to perform. The disclosed information may include identifiable information.
Service Providers: We have relationships with agents and third-party service providers that help us provide services to you including, but not limited to, administering our business, and designing, maintaining and improving the MindBeacon Platform and our systems and computer security.
We use payment processing service providers that are hosted and operated in the United States, and laws in the United States and other jurisdictions may differ from the laws where you reside.
Legal Disclosure: We and our service providers may disclose your Personal Information if we are required or permitted by applicable law or legal process, which may include lawful access by foreign courts, law enforcement or other government authorities in the jurisdictions in which we or our service providers operate.
The Personal Information you provide to us through the MindBeacon Platform will not be otherwise disclosed to a third party without your consent, except as required or permitted by applicable law.
For residents of the U.S., MindBeacon may use and disclose your Personal Information for the following purposes and to the extent required or permitted by law:
- to respond to a subpoena, order, legal process, or government request;
- to protect, establish or exercise our legal rights or defend against legal claims;
- to respond to requests from regulatory agencies; and
- to investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person.
For residents of Canada, MindBeacon has the following legal obligations to release confidential information:
- Harm to self: If a regulated healthcare professional involved in your care has reason to believe that you are in danger of physically harming yourself in ways that may be life-threatening, s/he will have to make a referral to a hospital and/or contact a family member, close other, or another person such as a police officer who may be able to help protect you. There may be other emergency health care related circumstances where disclosure is reasonably necessary for the protection of your health, in which case your regulated healthcare professional will disclose Personal Information to other healthcare professionals as long as you have not expressly prohibited him/her from doing so.
- Harm to others: If a regulated healthcare professional involved in your care has reason to believe that you are seriously threatening physical violence against another person, or if you have a history of physically violent behaviour, and if s/he believes that you are an actual threat to the safety of another person, s/he is required to take some action (such as contacting the police, notifying the other person, seeking hospitalization, or some combination of these actions) to ensure that the other person is protected.
a) If a regulated healthcare professional involved in your care has reason to believe that a child under the age of sixteen (16) is being abused or neglected, s/he is legally obligated to report this situation to the appropriate child protection authority (e.g., the Children’s Aid Society).
b) If a regulated healthcare professional involved in your care suspects or is informed of unlawful conduct that resulted in harm or risk of harm to a resident of a Long Term Care Facility or Retirement Home, or that a resident is being harmed or is at risk of being harmed in any way (e.g., sexual or physical abuse, neglect, misappropriation of resident’s funds), s/he may be required to contact the applicable Ministry or Regulatory Authority and report all relevant information.
- Sexual Abuse: If you have been sexually abused by a member of a regulated health profession, this information must be reported to the appropriate regulatory body if you share the information with a regulated healthcare professional involved in your care.
- Court Order: A regulated healthcare professional involved in your care and your clinical record can be subpoenaed by a court order. Your regulated healthcare professional can be required to testify and give information obtained during sessions. Without a court order, this information would never be provided voluntarily without your direct request or consent.
- Quality Control:
a) On occasion, a regulated healthcare professional involved in your care may be randomly selected to participate in a Peer Assisted Review by his/her regulatory college (for example, the College of Psychologists of Ontario). As part of this process, your file may be potentially reviewed by a member of the regulatory college. Regulatory colleges have confidentiality policies in place to protect your information.
b) A regulated healthcare professional involved in your care may be supervised in his/her clinical work by a more senior professional. You will be informed of any such supervisory arrangement. That supervisor may access your clinical file for the purposes of quality control.
We may collect and use information about how you interact with the MindBeacon Platform, including Internet Protocol addresses, Internet domain names and operating system used to access the MindBeacon Platform, the time spent on each page and the time and date of each visit. This information is used for, among other things, auditing and tracking purposes, to improve the content of the MindBeacon Platform, and to create a better experience for users of the MindBeacon Platform.
Sale of Business
We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of MindBeacon or as part of a corporate reorganization or other change in corporate control.
Links and Referrals to Third Parties
Our Security Measures
We are committed to protecting the security of your Personal Information. We have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to your Personal Information. We apply security safeguards appropriate to the sensitivity of the Personal Information, such as retaining information in secure facilities and making Personal Information accessible only to authorized employees on a need-to-know basis. We have clearly defined internal policies and practices.
Although we will make commercially reasonable efforts to protect Personal Information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk that an unauthorized third party could find a way to thwart our security systems. This risk is heightened if you are using unsecured/public Wi-Fi.
We may remove identifiers from your Personal Information and maintain, use and disclose it in a de-identified form and combine it with other information to generate aggregated information. Such de-identified information will be owned by MindBeacon and we shall have unrestricted title, rights, and interest to it which may include, without limitation, the right to use, disclose, rent, or sell the de-identified information.
We retain your Personal Information only for as long as is necessary for the purpose for which it was collected in accordance with the applicable laws, regulations, ethics and standards (e.g., to the members of the College of Psychologists of Ontario, HIPAA or such other applicable regulatory body in jurisdictions in which we operate). When your Personal Information is no longer required or required to be maintained, it will be destroyed in accordance with applicable laws.
If you create an account for the MindBeacon Program but do not submit your answers to the screening or the online assessment questionnaire within seven (7) days from the date upon which you create your account, then we will automatically delete your answers.
Your record will be maintained, as required, in accordance with the applicable laws and standards set out by the College of Psychologists of Ontario, HIPAA or any other applicable regulatory body governing the provision of services as a clinician.
MindBeacon Health Inc.
175 Bloor St East, Suite 801 North Tower
Toronto, ON, M4W 3R8
If you have any concerns about MindBeacon’s privacy practices or for more information on your privacy rights, you can contact:
Ontario - Office of the Information and Privacy Commissioner 1-800-387-0073
Alberta - Office of the Information and Privacy Commissioner 1-888-878-4044
British Columbia - Office of the Information and Privacy Commissioner 250-387-5629
Manitoba - Ombudsman 1-800-665-0531
New Brunswick - Office of the Integrity Commissioner 1-877-755-2811
Newfoundland and Labrador - Office of the Information and Privacy Commissioner 1-877-729-6309
Northwest Territories - Information and Privacy Commissioner 1-888-270-3318
Nova Scotia - Office of the Information and Privacy Commissioner 1-866-243-1564
Nunavut - Information and Privacy Commissioner 1-888-521-7088
Prince Edward Island - Office of the Information and Privacy Commissioner 902-368-4099
Quebec - Commission d’accès à l’information 418-528-7741
Saskatchewan - Office of the Information and Privacy Commissioner 1-877-748-2298
Yukon - Information and Privacy Commissioner 1-800-661-0408
Federal - Office of the Privacy Commissioner 1-800-282-1376
In the U.S.
HIPAA Concerns or Complaints
If you desire further information about your privacy rights, if you are concerned that we have violated your privacy rights, or if you disagree with a decision that we made about access to your PHI, you may contact our Privacy Officer in any of the manners described above. You also may send a written complaint to the U.S. Department of Health and Human Services, Office for Civil Rights, and we can provide you with the office’s current address. We will not take any action against you for filing a complaint.