Respect for your privacy and the confidentiality of your information is a fundamental value of InfoTech Inc. ("InfoTech"). It has been the underpinning of our products and the services we provide to our clients. InfoTech's Privacy Policy for Wellness Checkpoint® ("InfoTech's Privacy Policy") informs you of our commitment to privacy. It describes how we ensure that your privacy and the confidentiality of the information you have disclosed to the Wellness Checkpoint® are protected.
As we continue to develop new product capabilities and provide new services, respect for privacy will continue to be an underlying principle. We will ensure that all our systems keep your information confidential and secure. As new laws come into force in the countries where we conduct business, we will make every reasonable effort to ensure that we are fully compliant. InfoTech's Privacy Policy has been designed to be compliant with the following privacy protection laws, collectively referred to as the "Privacy Laws":

• PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
• HIPAA - Health Insurance Portability and Accountability Act of 1996 (US)
• Data Protection Act 1998 (UK)

While the detail provisions of these Privacy Laws may differ, each provides you with certain rights to ensure that your personal information is kept private and confidential, is accurate, is used only for the purposes disclosed to you when the information is being collected and is not disclosed to other parties without your consent, except in limited defined circumstances (for example, where required or permitted by law).

Personal Information

Under the Privacy Laws listed above, "personal information" is defined as being that information which can identify an individual, for example, name, address, social insurance number, social security number, patient number, health plan account, telephone, email address. "Personal information" does not include anonymous or de-identified data or aggregate group data or statistics.

Information collected by Wellness Checkpoint® and personal information as defined by the Privacy Laws

InfoTech's product, Wellness Checkpoint®, includes an interactive health risk assessment that is administered in a manner designed to protect the privacy of each participant. Wellness Checkpoint® is made available for your use by your employer, benefits provider, insurer or other organization (referred to hereafter as the "Sponsor") that has licensed Wellness Checkpoint® from InfoTech.

Generally, the information which InfoTech collects, uses and retains is anonymous. The personal profile created from your responses to Wellness Checkpoint® risk assessment and maintained over time does not include any data that would identify you. Within Wellness Checkpoint®, the identifiers used by the system to recognize you and to track your profile data over time are selected by you, known only to you and are the only way that your data can be accessed by the assessment. Wellness Checkpoint® provides the Sponsor capabilities to access group data and statistics through secure and restricted access to extracted data that has had your private identifiers removed, with minimum sample size restrictions set by the Sponsor.

As our system is designed to operate without the system or InfoTech knowing the actual identity of each individual participant, the information collected through Wellness Checkpoint® falls, in most respects, outside the scope of the Privacy Laws. Nevertheless, InfoTech's Privacy Policy outlines how InfoTech has implemented privacy protection into its products and services to respect and honour your right to privacy and to adhere to the principles, spirit and intent of the Privacy Laws.

Selecting your Wellness Checkpoint Identifier and Password

Before you can enter Wellness Checkpoint®, you will need to select a private Login identifier that will uniquely identify you to the system and a password that will be used to authenticate you and allow access to the systems and to your profile (the "Identifiers"). In your selection of Login identifier and password, you may be required to meet additional security criteria. If you are an existing user with access codes that do not meet new criteria, you may be asked to select a new identifier that complies with the security criteria. You need to remember these Identifiers, as you are the only one who knows them. Within Wellness Checkpoint, you are assigned an "internal identifier" which is used exclusively within the application to identify your data throughout your interactive session and for the storage of your data.

Collecting Information

As you complete the Wellness Checkpoint® health risk assessment, you will be asked a series of questions related to your lifestyle habits, personal health history and family health history. You may also be asked additional questions about your job, work and other factors that may be related to or affected by your physical or emotional health including the relationship between your work and your life outside of work.

Use of your Information

Your profile data will be used to present you with an evaluation of your risk of developing and/or managing the negative effects of chronic disease conditions such as heart disease, cancer and diabetes. You may also be encouraged to seek professional help dealing with issues related to your emotional health and your ability to cope with the pressures and demands of your job. Although Wellness Checkpoint® has access to your profile data to personalize the information and links made available to you during your session, that information cannot be "linked" by InfoTech to any external personal information or be attributed to you or identify you.

Accessing your Information

1. Only you, and not InfoTech or the Sponsor, know the unique combination of Identifiers that you have selected to identify you to the system for the purpose of storing and accessing your profile data.

2. Although the private identifier you select appears on the Personal Profile report you generate for yourself, the password and significant date you select does not appear on any document or screen. Your password is encrypted by a one-way encryption technique and is only used to validate your login. All three of the Identifiers you have chosen at your initial login are required for you to access and revise your profile data.

3. All responses which you provide to Wellness Checkpoint® assessment are stored in an encoded format on the server hosting your application. In the unlikely event that someone should gain unauthorized access to the database maintained by the system, they would still be unable to "read" the data in a decipherable form. Your encoded profile data is interpreted by InfoTech's proprietary software to dynamically present information and links based on your responses and your health priorities.

    

You can help protect your privacy by:

1. Choosing a private Login identifier that has meaning only to you and that you can remember.

2. Choosing a password that you can remember, and that is different from your network login.

3. Not leaving your printed Personal Profile report around for others to see.

4. Not sharing your private Login Identifier and/or password with others.

5. Choosing a password that is different from your private Login Identifier.

    

Changing your Wellness Checkpoint® Password

To give you an additional level of security, Wellness Checkpoint® gives you the option of changing your password while you are in an assessment session. The new password you select will be encrypted and will replace your previous password. Your personal history of profile data will now be accessible by you only through this new password.

If you forget your Wellness Checkpoint® Password

If you forget your password, you will no longer have access to your profile history. Selecting a new private identifier and/or password will identify you to the system as a new user. You may choose to select a reminder question which, should you forget your password, can authorize you to select a new password. In some implementations, the Sponsor may have designated an administrator (the "designated administrator") to assist users who have forgotten their passwords. The process of having a new password assigned to you will require you to disclose your private identifier to the designated administrator, who can then query the system to locate users with that private identifier. In consultation with you, the designated administrator can confirm that your private identifier exists and can assign you a new temporary password. It is then your responsibility to login to Wellness Checkpoint® and change your new temporary password to a new password known only to you. In the event that more than one user has selected the same private identifier as you, albeit with their own unique password, the designated administrator can view the age, gender and date of last assessment for all persons with that private identifier. The designated administrator cannot see any of the other data in your assessment profile and can never see the passwords you or others have selected.
 

Keeping your Wellness Checkpoint® Information Accurate

You are the only one who can enter, access, review and update your profile data. Therefore, you are the only one who can ensure that your profile data accurately reflects your status.

Passing information between your computer and the server

When you login to Wellness Checkpoint®, you start a private session between your browser and the server hosting your application. For the period of time that you are actively involved in your session, you will be issued a "session cookie". Session cookies are text files that let the server know with which computer it is having the interaction. The server accepts your answer or request and presents you with the next applicable question or information you have requested. As soon as you close or log out of your Wellness Checkpoint® session, this cookie is destroyed. If your system blocks the use of cookies, it will not be possible for you to take the Wellness Checkpoint®. In some implementations, at the option of the Sponsor, all transmissions between your browser and the server may be encrypted.

Group and aggregate reporting

Group and aggregate data is available to the Sponsor and InfoTech for group analysis and generation of management reports. The following measures are used as a means to protect the privacy of individual data within a group selected for analysis:

1. Exporting data for group analysis removes all three identifiers required to access individual data through Wellness Checkpoint®.

2. The number of users in a selected group must meet the minimum group size, at least 5, but could be 10, 15, 25 or more, depending on the application.

3. Access to report generation is restricted to administrators designated by the Sponsor and who have been granted express permissions to generate group reports within certain designated parameters as assigned by the Sponsor.

Passing information from your profile to other parties

The profile data from your assessment sessions is stored on the server hosting your application. It is not provided to any other external party for any reason. There are no advertisers or other external commercial interests in this site, other than the Sponsor that offers this service to you.

Optional Services

In some implementations of our products, the Sponsor may offer incentives, external services or professional resources to support you in making positive changes that can reduce your risks and improve your health. These offers may be based on your profile data and will be presented to you for your consideration in connection with your Wellness Checkpoint® experience. Where such offers require you to provide your e-mail or other contact information, you can choose to accept or decline participation. Such offers are the sole responsibility of the Sponsor and are not provided by InfoTech.

Links to other sites

This site may be linked from and linked back to a site maintained by the Sponsor who has made the Wellness Checkpoint® available for your use. It may also contain links to other sites available to the public or to provider of services to your sponsor. InfoTech does not disclose your profile data to any site outside the Wellness Checkpoint®. InfoTech is not responsible or liable for the practices of such other sites, including the privacy practices of such sites. You should read the privacy policies of each site you visit to determine what information that site may be collecting, using or disclosing about you.

Protecting and retaining the information stored on InfoTech servers

InfoTech has reasonable security standards, in line with industry "best practices" to protect our systems and the information stored on our servers against loss, unauthorized access and misuse. We appropriately manage our server environment and firewall infrastructure. Our security practices are reviewed on a regular basis and we routinely employ current technologies to ensure that your data is protected. Historical data is retained to allow you to track your progress over time.

Special Implementations of Wellness Checkpoint®

The Sponsor of your Wellness Checkpoint® application may specifically select one of the exceptional identifier options in order to meet specific requirements of their host application:

1. Where you have been provided preassigned access codes to Wellness Checkpoint®

2. Where Wellness Checkpoint® has been configured to accept identifiers and passwords from a host application

3. Where Wellness Checkpoint® has been configured to require an additional identifier known to the Sponsor

    

If you have NOT received any preassigned identifiers and have NOT be asked to identify yourself with a known identifier, the special application options are not applicable to your Wellness Checkpoint® application.

In such Special Implementations, while InfoTech does not have access to any of your "personal information" as defined under the Privacy Laws, the Sponsor or a third-party vendor may. The privacy of your information in such circumstances rests solely with those who can link such information to you. You should consult the privacy policy of the Sponsor and, if applicable, their host application, for your rights and their responsibilities. InfoTech assumes no liability or responsibility for the privacy practices of any Sponsor or external organization, whether or not such organization uses the Wellness Checkpoint® as a means of collecting your personal information.

Privacy Officer
If you have any questions or concerns about InfoTech's Privacy Policy for Wellness Checkpoint®, you can address these to InfoTech's Privacy Officer:
Mike Hicks, Counsel, Chief Privacy Officer
Phone: 204 788-1500 Fax: 204 788-1600
mike.hicks@wellnesscheckpoint.com

© 1990-2012 InfoTech Inc.
"Wellness Checkpoint" is a registered trademark of InfoTech Inc.
200-52 Donald Street, Winnipeg, MB, Canada, R3C 1L6