Privacy Policy
CoreMD Insights - CoreMD Clinic

(Toronto, Ontario, Canada)

CoreMD Insights is a digital health information platform operated by CoreMD Clinic, a medical organization based in Toronto, Ontario, Canada. CoreMD Clinic acts as the data controller for personal information collected through this platform.

We are committed to protecting your personal and personal health information in accordance with applicable privacy laws, including the Personal Health Information Protection Act, 2004 (PHIPA) and other relevant Canadian privacy standards.

By using CoreMD Insights, you agree to the collection, use, and disclosure of information as described in this Privacy Policy.

1. Information We Collect

We collect information in the following categories:

a) Personal Information Provided by You

• Name, email address, contact details

• Billing and payment information

• Health-related documents (e.g., laboratory results, imaging reports, specialist letters)

• Any additional information voluntarily submitted through the platform

b) Automatically Collected Information (Device Information)

• IP address

• Browser type and version

• Time zone and device identifiers

• Pages visited and interaction data

• Referring URLs and search terms

This information is collected to support platform functionality, security monitoring, and service improvement.

2. Purpose of Data Processing

We collect and process personal information for the following purposes:

• To provide CoreMD Insights services (structured interpretation and educational summaries)

• To operate, maintain, and improve platform performance

• To ensure platform security and prevent misuse or unauthorized access

• To comply with legal and regulatory obligations

We limit data collection to what is reasonably necessary for these purposes.

3. Health Information and PHIPA Compliance

Health-related information submitted to CoreMD Insights is treated as personal health information (PHI) under PHIPA.

CoreMD Clinic applies safeguards consistent with PHIPA requirements, including:

• Restricted access to authorized personnel only

• Confidential handling of all health-related data

• Use of secure digital infrastructure for storage and processing

Use of this platform alone does not necessarily establish a formal physician–patient relationship or ongoing custodial care relationship under PHIPA.

4. Technology Infrastructure and Security (Healthie Platform)

CoreMD Insights operates using Healthie (GetHealth Technologies Inc.), a secure digital health platform widely used by healthcare organizations.

Healthie provides a robust, industry-aligned infrastructure that includes:

• Encrypted data transmission (HTTPS / TLS protocols)

• Encrypted data storage (at rest and in transit)

• Role-based access controls to limit data access to authorized users

• Secure authentication systems for providers and users

• Audit logs and activity tracking for accountability and monitoring

• HIPAA-aligned and industry-standard security practices, which support high levels of data protection

All data processed through CoreMD Insights is handled within this secure environment.

While CoreMD Clinic selects technology providers carefully, no digital system can guarantee absolute security. By using the platform, you acknowledge and accept this inherent risk.

5. Data Storage and Retention

Your information is stored on secure servers with appropriate administrative, technical, and physical safeguards.

We retain personal and health information only for as long as necessary to:

• Provide services

• Maintain records as required by law

• Fulfill regulatory obligations

You may request deletion of your data, subject to legal and professional retention requirements.

6. Disclosure of Information

We do not sell or rent your personal information.

We may disclose information:

• To trusted service providers (such as Healthie) who support platform operations under strict confidentiality agreements

• When required or permitted by law

• With your explicit consent

7. International Data Transfers

Depending on the infrastructure used by our service providers, data may be processed or stored outside of Canada, including in the United States.

In such cases, data may be subject to foreign laws. CoreMD Clinic ensures that appropriate safeguards are in place to maintain privacy and security standards.

8. Your Rights

Subject to applicable law, you have the right to:

• Access your personal information

• Request corrections to inaccurate data

• Withdraw consent for future data use (where applicable)

Requests may be made by contacting us directly.

9. Cookies and Tracking Technologies

CoreMD Insights uses cookies and similar technologies to:

• Improve user experience

• Analyze website usage

• Enhance platform performance

You may adjust your browser settings to refuse cookies; however, some features may not function properly.

10. Third-Party Links

Our website may contain links to external websites. CoreMD Clinic is not responsible for the privacy practices of those third parties.

11. Legal Disclosure

We may disclose personal information if required to do so by law or if necessary to:

• Comply with legal obligations

• Protect our rights and safety

• Prevent fraud or misuse

12. Updates to This Policy

We may update this Privacy Policy periodically. Continued use of the platform constitutes acceptance of any updates.

13. Contact Information

For privacy-related questions, requests, or concerns, please contact:

CoreMD Clinic
Toronto, Ontario, Canada
Email: hello@coremdclinic.ca

CoreMD Clinic is committed to maintaining the highest standards of privacy, security, and ethical handling of personal health information.