ABELSoft is committed to protecting and securing the patient information entrusted to us by customers who use ABELMed or ABELDent (the “software”). The term ‘patient information’ as used in this policy includes a patient’s name, birthdate, contact information, appointment details, payments, insurance information, personal health information, such as any information about a patient’s treatment, health history or medications, and any other patient-related information recorded using the software. Patient information does not include aggregate or de-identified information that cannot be associated with a specific individual.
ABELSoft takes full responsibility for the management and confidentiality of patient information in our custody or control. Patient information is collected, used, shared and stored in accordance with federal and provincial privacy laws that apply to ABELSoft and its customers.
ABELSoft has appointed a Privacy Officer who oversees compliance with privacy laws and best practice. The Privacy Officer’s duties include:
Patient information is directly collected by our customers and recorded on various screens in the software. The data is hosted on the customer’s local servers or in a secure cloud environment. ABELSoft acts as a service provider or agent of the customer, and thus only indirectly collects patient information or is provided with access to this information if required to support the customer, as outlined in the next section of this policy. Thus, the customer always has full knowledge of any temporary collection of or access to patient information by ABELSoft. ABELSoft relies entirely on the patient’s treating physician/dentist to obtain consent for the collection of patient information.
Patient information is used or made accessible to ABELSoft for one or more of the following specific purposes:
Patient information is shared or made accessible to third parties only to the extent required to provide customers with our software and services, and to comply with legal requirements. We may share patient information in the following circumstances:
ABELSoft acknowledges that a data security breach could result in potential harm to individuals whose information is entrusted to ABELSoft. Thus, we have implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the patient information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, patient information. While no system is completely secure, the measures implemented by ABELSoft significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
Here are some examples of the security controls built into ABELSoft’s software:
In addition, we recommend that customers do their part in preventing unauthorized access to patient information. For example, customers should enforce that passwords never be shared or written down. Also, our customers are responsible for ensuring users log in using unique usernames to allow transparency of their actions. ABELSoft is not liable for any unauthorized access to patient information that is beyond our reasonable control.
In the context of offering support services, our support technicians may require access to customer systems. In most cases, the customer’s concerns can be addressed without collecting patient information. However, if limited patient information must be collected from our customers’ servers for support purposes, this data is only kept long enough to resolve the support case, and is then diligently destroyed.
In some contexts, such as complex support cases or in the context of converting a customer’s database so it is in a format suitable for the software, more extensive patient information may need to be copied to, and stored on, ABELSoft’s secure servers. In these circumstances, once the data is no longer required, it is securely destroyed from our servers. Regular auto-purging of data also ensures that data is not inadvertently retained for lengthy periods of time.
Development and testing work conducted by ABELSoft, as we enhance our software or offer additional features to our customers, only takes place using dummy or fully scrambled data that does not identify a real patient.
If back-up services are provided by ABELSoft, patient data is retained in and can be restored from secure back-ups. Upon written request and confirmation, ABELSoft will make reasonable efforts to assist a client meet its data retention and destruction schedules. Keep in mind however that data may persist in back-up storage spaces for a period of time before being overwritten.
ABELSoft takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. Any suspected privacy breach must be escalated internally to ABELSoft’s Privacy Officer who oversees the containment, investigation and corrective actions for the breach situation, as well as timely notification to the customer.
Any inquires, concerns or complaints regarding privacy should be directed to:
3310 South Service Rd., Unit 101
Burlington, ON L7N 3M6
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about ABELSoft’s policies and practices. Patients who may contact us for access to their own information will be directed to their treating physician or dentist. /p>
Keep in mind that e-mail is not a secure form of communication, so never send confidential information to us this way.
Thank you for continued trust in ABELSoft.