Terms and Conditions

Data Security, Privacy & Platform Compliance

CoreMD Insights is committed to maintaining the highest standards of data protection, confidentiality, and ethical handling of personal health information.

All user-submitted data, including medical documents and personal information, is handled in accordance with applicable privacy legislation and industry best practices.

1. Secure Data Handling

All data transmitted through the platform is encrypted using industry-standard encryption protocols (including encryption in transit and at rest).

User information is accessible only to authorized personnel involved in the processing of submitted documents for the purpose of generating educational insights.

CoreMD Clinic does not sell, rent, or distribute personal health information to third parties.

2. Platform Infrastructure & HIPAA-Aligned Standards

CoreMD Insights operates using third-party digital health infrastructure providers that are designed to meet HIPAA-compliant standards for data security and storage.

This includes the use of secure electronic medical record (EMR) and client portal systems such as Get Healthie (Healthie platform), which provide:

• Encrypted data storage and transmission

• Secure user authentication and access controls

• Audit trails and controlled data access

• Infrastructure designed in accordance with HIPAA security frameworks

While CoreMD Clinic is based in Toronto, Canada, these systems may utilize secure cloud-based servers that can be located in the United States or other jurisdictions, depending on the infrastructure provider.

3. Cross-Border Data Considerations

By using this service, you acknowledge and consent that your information may be processed and stored on secure servers outside of Canada, including in jurisdictions such as the United States.

CoreMD Clinic ensures that all third-party providers used maintain high standards of data protection, confidentiality, and regulatory compliance, consistent with international healthcare data security practices.

4. Compliance with Canadian Privacy Standards

CoreMD Clinic operates in accordance with applicable Canadian privacy legislation, including:

• Personal Health Information Protection Act (PHIPA) (Ontario)

• Personal Information Protection and Electronic Documents Act (PIPEDA)

All reasonable steps are taken to ensure that personal health information is:

• Collected only when necessary

• Used solely for the intended purpose of the service

• Protected against unauthorized access, disclosure, or misuse

5. User Responsibility & Digital Communication Risks

While all reasonable safeguards are in place, users acknowledge that:

• No digital system can be guaranteed to be 100% secure

• Transmission of information over the internet carries inherent risks

By using this platform, you consent to the use of secure digital communication tools for the submission and delivery of your information.

6. Ethical Commitment

CoreMD Clinic is committed to:

• Maintaining strict confidentiality of all patient data

• Applying physician-level ethical standards in handling medical information

• Ensuring transparency in how data is used, stored, and protected

Addendum — Privacy, Data Protection, and PHIPA Compliance

CoreMD Clinic is committed to protecting the privacy and confidentiality of personal health information in accordance with applicable Canadian privacy legislation, including the Personal Health Information Protection Act, 2004 (PHIPA) of Ontario.

1. Collection of Personal Health Information

By using CoreMD Insights, you acknowledge and consent to the collection of personal health information that you voluntarily submit, including but not limited to:

• Laboratory results

• Imaging reports

• Specialist letters

• Other health-related documents

This information is collected solely for the purpose of providing structured educational insights through the CoreMD Insights platform.

2. Use of Information

Personal health information is used exclusively for:

• Generating structured interpretations and educational summaries

• Supporting your understanding of submitted medical information

• Maintaining continuity within your CoreMD Insights account

Your information will not be used to provide medical diagnosis, treatment, or clinical management.

3. Disclosure of Information

CoreMD Clinic does not sell, rent, or disclose your personal health information to third parties, except:

• When required or permitted by law

• When necessary to operate the platform using secure, contracted service providers (e.g., hosting, data processing), who are bound by confidentiality obligations

• With your explicit consent

All third-party services used are selected with attention to privacy, security, and compliance standards.

4. Data Storage and Security

CoreMD Clinic takes reasonable administrative, technical, and physical safeguards to protect personal health information against:

• Unauthorized access

• Loss, theft, or misuse

• Disclosure or alteration

This includes the use of encrypted systems, secure servers, and controlled access protocols.

However, no digital platform can guarantee absolute security, and users acknowledge this inherent risk.

5. Data Retention

Personal health information is retained only for as long as necessary to:

• Provide the CoreMD Insights service

• Meet legal, regulatory, and operational requirements

Users may request deletion of their data, subject to any legal obligations requiring retention.

6. User Rights

In accordance with PHIPA, you have the right to:

• Request access to your personal health information

• Request corrections to inaccurate or incomplete information

• Withdraw consent for future use of your information (subject to limitations)

Requests can be made by contacting CoreMD Clinic directly.

7. Cross-Border Data Considerations

Depending on the technology infrastructure used, some data may be processed or stored on servers located outside of Canada. In such cases, information may be subject to the laws of those jurisdictions.

CoreMD Clinic ensures that appropriate safeguards are in place to maintain confidentiality and security standards.

8. Not a Health Information Custodian Relationship

While CoreMD Clinic operates as a medical organization, use of the CoreMD Insights platform alone does not necessarily establish a Health Information Custodian (HIC)–patient relationship under PHIPA.

Users acknowledge that the platform is designed for informational purposes and does not constitute formal clinical care.

9. Privacy Contact

For questions, concerns, or requests related to privacy and personal health information, please contact:

CoreMD Clinic
Toronto, Ontario, Canada
hello@coremdclinic.ca

CoreMD Clinic remains committed to maintaining the highest standards of privacy, transparency, and ethical handling of personal health information.