Reading the fine print
In today’s digital world where many of us have a personal social media presence, we have become accustomed to simply clicking on the “I agree” to the terms of service button when signing up for our favorite social media sites.
By Jessica Foster
In today’s digital world where many of us have a personal social media presence, we have become accustomed to simply clicking on the “I agree” to the terms of service button when signing up for our favorite social media sites. Often, we do not even read them. The thinking is that there is very little to worry about since we are simply sharing photos and personal experiences with family and friends. After all, everyone is doing it – so it must be ok.
While this approach may be fine for personal web services – it becomes concerning if this thought process is brought into your business practices. Clearly, this is unacceptable when the ownership and treatment of your clients’ health-care data is at stake.
Using web-based appointment booking and practice-management services has now become mainstream for massage therapists in Canada. However, when you subscribe to an online service, you are accepting to be bound by that service provider’s “terms of service”.
It is extremely important that you fully read and understand what you are agreeing to, as it will directly affect how your clients’ health-care data will be cared for. While this article is not intended to offer you legal advice, it will give you some helpful insight into the importance of understanding what you agree to online.
Below are examples of some of the terms of service that Canadian massage therapists could be agreeing to with some online service providers (note that they have been summarized in plain English for clarity).
Your clients’ stored personal health-care data is the legal property of the software service provider – not your client nor you.
Your clients’ health-care records may be subject to sale, by the online service provider. They may also rent or sell your clients’ contact information.
You have given your legal power-of-attorney over the health-care data to your service provider, or even another unnamed third-party company that provides aspects of your service provider’s data management services.
The health-care records may be stored or transferred to any third-party company, at anytime and without notice to or agreement by you.
Without notice, you can be denied access to the health-care files – permanently.
You agree that any employee of the service provider that you communicate with is not authorized to advise you in any manner with respect to your terms of service, account details, the disposition, condition, storage or possible sale of the client data contained in the records.
Your agreement is subject to the privacy laws of foreign countries, often the U.S.A. or European countries.
Why would a health-care professional agree to these types of terms? One can only assume that they were never read or understood by the practitioner.
These sorts of terms of service clauses are often found in “one-size-fits-all” online data services. These generic online appointment booking and data service providers offer their same services to businesses ranging from hair stylists to lawn care companies – often their data management policies do not account for the special needs of health-care professionals.
Below are some terms of service that are more appropriate for health-care providers (again, these have been summarized in plain English for clarity).
- All data created or stored on the service provider’s system shall at all times be owned by the registered user.
- All created and stored data will be treated as confidential and only authorized service provider personnel will access the data – upon the request of the registered user.
- Upon termination of services the service provider shall return all data to the registered user when requested and all data is then removed from the system.
- The service provider will not, under any circumstances, use, disseminate or transfer any user data, unless required by law to do so.
The terms of service are subject to the laws of the (XYZ) province in Canada.
As a regulated health-care professional you are obligated to securely manage your clients’ health-care data, including their contact information and appointment records. Finding the right service provider to partner with is key. Often, provincial associations have already researched solutions and can advise you on recommended practice management systems. This can save you a lot of time and potential problems.
There are other very important data privacy considerations with respect to your clients’ data. This column has detailed these concerns and remedies in past issues so there is no need to restate them here.
The bottom line is to read and understand what you are committing to. There are service providers out there that specialize in the health-care industry with solutions that will meet your needs. Run, don’t walk, to review the terms of service on the online systems you are presently using.
Until next time, be well.
Jessica Foster writes on behalf of mindZplay Solutions Inc., a provider of massage therapy websites and practice management solutions. To learn more about mindZplay solutions and for massage therapists visit www.massagemanedger.com or call toll free 888-373-6996.