Loading...
Logo

PHIPA Privacy Policy

How we protect, use, and manage your health information

Organization: DoctorNote Health LLC

Effective Date: October 16, 2025

Website: https://doctornote.health

Email: support@doctornote.health

1. Introduction

This PHIPA Privacy Policy explains how DoctorNote Health LLC ('we,' 'our,' 'us') protects, uses, and manages Personal Health Information (PHI) when providing telehealth, medical documentation, and related digital health services to users located in Ontario, Canada. We act as a Health Information Custodian (HIC) or an Agent of a HIC, depending on the service provided, as defined under the Personal Health Information Protection Act, 2004 (PHIPA). By using our platform, you consent to the collection, use, and disclosure of your PHI in accordance with this Policy.

2. What Information We Collect

a. Personal Information

Name, email, phone, address, payment details, account details.

b. Personal Health Information (PHI) under PHIPA

Includes, but is not limited to: Medical history, symptoms, diagnoses, Consultation details and telehealth notes, Doctor's notes or medical documentation requested, Uploaded files or forms, Any information that identifies you and relates to your health. We collect PHI only when necessary to provide health services or as otherwise allowed under PHIPA.

3. How We Use Your PHI

  • Providing telehealth consultations.
  • Issuing medical documentation.
  • Verifying identity and preventing misuse.
  • Managing billing and administrative operations.
  • Meeting legal and regulatory obligations.
  • Quality improvement and service enhancement.

We do not use PHI for marketing and do not sell PHI under any circumstances.

4. Consent Requirements

We follow PHIPA's rules regarding express and implied consent.

Implied Consent Applies When:

  • You voluntarily provide PHI for the purpose of receiving healthcare.
  • PHI is shared among authorized healthcare professionals involved in your care.

Express Consent is Required When:

  • Sharing PHI with third parties not directly involved in your care.
  • Sending PHI outside Ontario.
  • Using PHI for a purpose not directly related to care or operations.

You may withdraw your consent at any time, subject to legal or operational limits.

5. Disclosure of PHI

We only disclose PHI in accordance with PHIPA, including:

  • To healthcare professionals involved in your care.
  • To agents performing duties on our behalf.
  • To comply with court orders, legal obligations, or regulatory requirements.
  • To reduce risk of serious harm.
  • With your express consent.

Any third-party providers handling PHI must sign PHIPA-compliant confidentiality agreements.

6. Safeguards and Security

We use administrative, physical, and technical safeguards to protect PHI. These include:

  • Encryption in transit and at rest.
  • Strict access controls and role-based permissions.
  • Secure storage and audit logs.
  • Confidentiality agreements for staff and agents.
  • Routine security monitoring and risk assessments.

Despite strong safeguards, no system is completely secure. Users assume reasonable risks associated with digital communication.

7. Access and Correction Rights

Under PHIPA, you have the right to:

  • Access your PHI.
  • Request a copy of your records.
  • Request corrections to inaccurate or incomplete PHI.
  • Inquire how your PHI has been used or shared.
  • Withdraw or restrict consent for use or disclosure.

To exercise these rights, email: support@doctornote.health. We will respond promptly in accordance with PHIPA timelines.

8. Retention and Destruction

PHI is retained only for as long as required:

  • To provide services.
  • To comply with medical record retention laws.
  • To meet financial and regulatory obligations.

Once retention periods expire, PHI is securely destroyed or anonymized according to PHIPA standards.

9. Use of Service Providers Outside Ontario

Some secure cloud systems or service providers may store data outside Ontario. When doing so:

  • We use vendors with strong healthcare security standards.
  • We ensure contractual compliance with PHIPA.
  • We inform you when PHI may be stored outside Canada.
  • You may request more information about cross-border data flows.

10. Privacy Breach Protocol

In the event of a breach, loss, or unauthorized disclosure of PHI:

  • You will be notified promptly.
  • A full investigation will be conducted.
  • The Information and Privacy Commissioner of Ontario (IPC) will be notified when required.
  • Steps will be taken to prevent future incidents.

11. Complaints and Inquiries

If you have concerns about how your PHI is handled, contact us at:

Email:

support@doctornote.health

Mailing Address:

DoctorNote Health LLC
30 N Gould St, STE R
Sheridan, WY 82801, USA

If you are not satisfied, you may file a complaint with the Information and Privacy Commissioner of Ontario (IPC)
www.ipc.on.ca

12. Changes to This PHIPA Policy

We may update this PHIPA Privacy Policy periodically. Updates will include a revised 'Effective Date.' Continued use of our services constitutes acceptance of the updated Policy.

DoctorNote Health LLC 2025. © All Rights Reserved.