Lumeca Health Inc Policy On The Collection, Use And Disclosure Of Personal Information

Objective and Scope of Policy

Lumeca Health Inc. (“Lumeca”) is a national provider of healthcare services to corporations, insurance companies, and individuals. Consistent with our obligations as healthcare professionals, we are dedicated to maintaining high standards of confidentiality with respect to all information that has been provided to us, with a particular focus on health information. This policy statement (the “Policy”), has been prepared to affirm our commitment to maintaining the privacy of our clients and others and to inform you of our practices concerning the collection, use and disclosure of Personal Information (as defined below) collected by Lumeca. This Policy not only applies to Lumeca but also to our subsidiary companies.

At Lumeca, safeguarding your confidentiality and protecting your personal and health information is fundamental to the way we do business. This commitment has not changed with the arrival of new technologies such as the Internet and online services. Instead, it has been extended to ensure your experiences with us online are as private, secure and as safe as your dealings with us have been in traditional business.

Our obligations as health professionals are governed, in part, by the national and provincial regulations that govern each of our healthcare professionals as members of their applicable regulatory bodies and associations (e.g. Canadian Medical Association, College of Family Physicians of Canada). The obligations set out in this Policy apply to all professionals, employees, contractors and agents who provide services in connection with our delivery of services to our clients. Other applicable laws and internal policies govern the protection of Personal Information of partners, associates and employees of Lumeca.

For the purposes of this Policy, “Demographic Information” means any information other than personal Health Information (as defined below), recorded in any form, about an identified individual, or an individual whose identity may be inferred or determined from the information. This policy does not cover any information, recorded in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred from the information (“Aggregated Information”). Lumeca retains the right to use Aggregated Information in any way that it determines appropriate.

For the purposes of this Policy, “Health Information” with respect to an individual, recorded in any form, means (a) information concerning the physical or mental health of the individual; (b) information concerning any health service provided to the individual; (c) information concerning the donation by the individual of any bodily substance or information derived from the testing or examination of a body part or bodily substance of the individual; (d) information that is collected in the course of providing health services to the individual; or (e) information that is collected incidentally to the provision of health services to the individual.

Demographic Information and Health Information are referred to collectively in this document as “Personal Information”.

Protecting Your Privacy - Our Commitment To You

At Lumeca, protecting your privacy means that (i) we keep your information and the business you do with us in strict confidence; (ii) your information is not sold; (iii) you have control over how we obtain, use, and give out information about you; (iv) you have access to the information we have about you; and (v) we respect your privacy when we market our products and services.

We are committed to meeting or exceeding the privacy standards established by federal and provincial regulations and industry bodies. All of our information-handling practices comply with federal and applicable provincial laws including the Personal Information Protection and Electronic Documents Act (widely known either as “Bill C-6”, “PIPEDA” or the “PIPED Act”), an initiative designed to further protect the privacy of Canadian consumers.

PIPEDA has as its core, 10 guiding principles, as also set out in the Canadian Standards Association’s Model Code for the Protection of Personal Information, which is incorporated into the PIPED Act.

These principles are:
Identifying Purposes
Limiting Collection
Limiting Use, Disclosure and Retention
Safeguarding Customer Information
Customer Access
Handling Customer Complaints and Suggestions
We have designed this Policy to address all of these 10 guiding principles.

What Information is Collected? Why does Lumeca Collect Personal Information?

Having up-to-date and accurate information helps us provide you with the best possible service and recommendations and, in certain cases, to offer additional services we believe might be of benefit to you.

At Lumeca, we generally collect two types of information from our clients and from web site visitors. With your consent, we collect Personal Information. We may also collect anonymous/non-personal information.

Personal Information is information that refers to you specifically, whether factual or subjective. With your consent, we may gather personal information from you in person, over the telephone or by corresponding with you via mail or the Internet.

The types of Personal Information that we usually collect and maintain in your file may include, but is not limited to your:

Demographic Information
Mailing Address
Email Address
Telephone Number
Fax Number
Social Insurance Number
Provincial Health Insurance Number
Date of Birth
Place of Employment, etc.
Health Information
Personal Medical History
Family Medical History
Results of Diagnostic Tests (blood tests, x-rays, MRI, CT, etc.)
Dates of Consultations
Results of Medical Examinations, etc.
For every consultation, whether in person, over the telephone or by corresponding with you via mail or the Internet, physicians must collect, organize, hold and maintain a medical chart with information relevant to the medical problem or incident expressed.

Lumeca collects only such information from individuals or organizations as is required for the purposes of providing services or information to them, marketing other services or products to them (as applicable), and for aggregated statistical analyses. To the greatest extent possible, we will collect Personal Information directly from the individual concerned. In certain cases, we will require to collect Personal Information from other sources, including but not limited to your employer, treating physician, consulting physicians, and insurers. In those cases, we will request your consent to obtain information from those sources.

As outlined in the PIPED Act, personal information does not include the name, title, business address or telephone number of an employee of an organization.

We collect Personal Information for different purposes, depending on the type of service we are providing to you, your employer, or your insurer, as applicable.

These purposes include, but are not limited to:

Providing you with executive health services;
Providing you with occupational health services (including pre-placement examinations, periodic medical examinations, independent medical evaluations);
Providing you with travel health services (including vaccinations and medical consultations;
Collecting information for the underwriting requirements of insurance companies to which you are applying for life or health insurance;
Providing you with medical imaging services (including MRI, CT, x-ray, ultrasound);
Providing disability management services to you or your employer;
Providing you with other services or products in the future;
Internal quality control processes; and
Aggregated statistical analyses.

Anonymous/Non-Personal Information

At Lumeca, we routinely collect anonymous/non-personal information. Anonymous/non-personal information is information that cannot be associated with or traced back to a specific individual or business entity. For example, our web servers collect some anonymous/non-personal information automatically when you visit our web sites. Gathered electronically, this information may include the pages you visited, the type of web browser you are using, the level of encryption your browser supports and your Internet Protocol address. The anonymous/non-personal information collected may be used for research and analytical purposes. For example, we are able to determine how many times our online privacy policy has been visited but we do not know any specific information about those visitors.

When you visit our web sites, information is not collected that could identify you personally unless you choose to provide it voluntarily. You are welcome to browse these web sites at any time anonymously and privately without revealing any personal or health information about yourself.

To help us better understand our markets, we may also gather information for analytical purposes by conducting anonymous customer surveys, by extracting demographic information from existing files and from Statistics Canada.

Ownership of Personal Information

It is important to note that as a client, you own your Personal Information. This Policy outlines how you can make changes to, request access to, or obtain copies of your Personal Information. However, the format in which your Personal Information is kept, including but not limited to the medical records, charts, film, software, databases, applications, methodologies and processes for gathering, processing and storing such Personal Information belongs to Lumeca and/or our physicians (as it applies to certain Health Information), as applicable.

How does Lumeca Obtain Consent to use and Disclose Personal Information?

At Lumeca, we are obliged to keep your Demographic Information and Health Information confidential except when authorized by you. We use Personal Information for the purposes described above.

In some cases, your consent to the use and/or disclosure of your Personal Information will be obtained verbally or in writing, through an informed consent form. In other cases such as when you book an appointment over the Internet, your consent will be obtained electronically. In providing healthcare services, as outlined in the Canadian Medical Association’s discussion on privacy in medical practices, consent is implied for the collection, use and disclosure of Personal Information needed for care and treatment.

Your provision of Personal Information to Lumeca means that you agree and consent that we may collect, use and disclose your Personal Information in accordance with this Privacy Policy. If you do not agree with these terms, you are requested not to provide any Personal Information to Lumeca.

Remember, the choice to provide us with Personal Information is always yours, and your consent for us to use your Personal Information can be withdrawn in writing at any time. However, in providing healthcare services, your decision to withhold particular details may limit the services we are able to provide and make it more difficult for us to advise you, provide services to you, ensure the follow-up required by certain conditions, or suggest appropriate alternatives.

If we are unable to accommodate your request based on the information that has been provided, we may ask for additional details in order to identify other ways to be of assistance. In some instances, we may also maintain a file containing contact history that is used for customer inquiry purposes.

Our Employees

In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. For example, when you call us, visit our offices, or email us, our designated employees will access your information to assist you in providing services to you. It is important to note that only medical professionals (nurses, physicians, technicians, etc.) or others on a need-to-know basis will have access to your Health Information.

As a condition of their employment, all employees of Lumeca are required to abide by the privacy standards we have established. They are also required to work within the principles of ethical behaviour as set out in our internal employee rules and must follow all applicable laws and regulations. Employees are well informed about the importance of privacy and they are required to sign either a code of conduct or a confidentiality agreement that prohibits the disclosure of any Personal Information to unauthorized individuals or parties.

Unauthorized access to and/or disclosure of client information by an employee of Lumeca is strictly prohibited. All employees are expected to maintain the confidentiality of Personal Information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

Outside Service Suppliers

At Lumeca, in order to provide certain services, we sometimes contract outside organizations or health professionals to perform specialized services such as independent medical evaluations, paramedical examinations, or data processing. Our trusted service suppliers may at times be responsible for processing and handling some of the information we receive from you. For example, in order to perform an independent medical evaluation, we are required to provide the independent physician with enough Personal Information for them to be able to perform their role. Another example would be referring you to a specialist physician for additional tests – we need to be able to provide them with enough Personal Information to be able to assist you.

In these cases, Lumeca may disclose Personal Information to organizations that perform services on behalf of the Firm. Personal Information will only be provided to such organizations if they agree to use such information solely for the purposes of providing services to Lumeca and under the instruction of Lumeca and, with respect to that information, to act in a manner consistent with the relevant principles articulated in this Policy.

When Would we use your Personal Information Without your Consent?

Please note that there are circumstances where the use and/or disclosure of Demographic Information and/or Health Information may be justified or permitted or where Lumeca is obliged to disclose information without your consent. Such circumstances may include:

Where required by law or by order or requirement of a court, administrative agency or other governmental tribunal (in this case, only the information specifically requested is disclosed and we take precautions to satisfy ourselves that the authorities that are making the request have legitimate grounds to do so);
Where Lumeca believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group, including for the purpose of acting in respect of an emergency that threatens the life, health or security of an individual;
Where it is necessary to establish or collect monies owning to Lumeca (in this case, we would only disclose Demographic Information and not Health Information)
For billing purposes for provincially-covered services
Where it is necessary to permit Lumeca to pursue available remedies or limit any damages that Lumeca may sustain; or
Where such information is already in the public domain.
Where obliged or permitted to disclose information without consent, Lumeca will not disclose more information than is required, and when disclosed in the context of an emergency that threatens the life, health or security of an individual, we will inform the individual afterwards in writing regarding the disclosure.
Lumeca does not sell, trade, barter or exchange for consideration any Personal Information it has obtained.

Personal Information may also be subject to transfer to another organization in the event of a merger or change of ownership of all or part of Lumeca. This will occur only if the parties have entered into an agreement under which the collection, use and disclosure of the information is restricted to those purposes that relate to the business transaction, including a determination whether or not to proceed with the business transaction, and is to be used by the parties to carry out and complete the business transaction.

Accuracy of your Personal Information

At Lumeca, decisions, including healthcare recommendations, are often made based on the information we have. Therefore, it is important that your personal and health information is accurate and complete. We endeavour to ensure that any Personal Information provided and in our possession is as accurate, current and complete as necessary for the purposes for which Lumeca uses that information.

As a client, you can request to check your information to verify, update and correct it (where applicable).

Requests for access to your Personal Information should be made in writing (see the Contact Us section in this document for the information). After receiving the request, we will provide you with a reasonable cost estimate that reflects the cost of photocopying and staff time for generating the photocopied records. When the request is to see Health Information, in certain cases, the physician will review the record with those staff entrusted with this task.

If you only wish to view the original record, one of our staff must be present to maintain the integrity of the record. Again, a request to do so must be made in writing, and we will provide you with a reasonable cost estimate that reflects the cost of staff time.

As per our obligations as healthcare providers, we will only refuse access to medical records in extremely limited circumstances; for example, when the information could reasonably be expected to seriously endanger the mental or physical health or safety of the individual making the request or another person, or if disclosure of the information would reveal personal health information about another person who has not consented to the disclosure. In this case, we will do our best to separate out this information and disclose only what we can.

If you have a sensory disability, we will give you access to your personal information in any alternative format you request if we already have it in that format or if its conversion into that format is reasonable and necessary in order for you to be able to exercise your rights under applicable legislation. Again, a request to view your Personal Information in an alternative format must be made in writing, and we will provide you with a reasonable cost estimate that reflects the cost for such conversion.

Fees/Physician Payment/ Payment Options

Like certain other health professional services, Healthcare Services are provided for a fee. The fees for Healthcare Services are only for those elements of Healthcare Services not covered by the provincial health plan in your Province or Territory of residence. We do not charge for services that are covered by provincial health plans. Where you have questions about fees charged for Healthcare Services, please contact us.

You understand that you will be charged a fee for any Healthcare Services and/or Informational Services you receive from an Authorized Physician, unless the fees are paid by someone else (e.g. your employer) as permitted under these Terms. There are two options available for payment: pay-per-visit or membership. These options are described below.

We charge Authorized Physicians a service fee for using the Lumeca Platform which we deduct from the fees paid for Healthcare Services and Informational Services. Lumeca facilitates payment of the fees to the Authorized Physician. Payment of the fees through the credit card validation and processing arrangement described below shall be considered the same as payment made directly to the Authorized Physician. All fees for Healthcare Services and Informational Services are in Canadian dollars and inclusive of all applicable taxes.

Pay-per-visit option: You may pay the fees for Healthcare Services and Informational Services (“Fees”) at the time you request Healthcare Services and/or Informational Services. Lumeca requires you to submit credit card information prior to any Healthcare Services or Informational Services being provided to you for the purpose of validation of the card. You will not be able to begin accessing Healthcare Services or Informational Services through the Lumeca Platform if the credit card information you provide is inaccurate and/or if your credit card is declined at the point of validation. You agree that Lumeca, on behalf of Authorized Physicians, may validate your credit card and put a hold on it in the amount of the Fees. Lumeca will notify you of any applicable Fees and will only have the charge processed to your credit card after you have obtained the corresponding Healthcare Services or Informational Services. Lumeca will provide you with a receipt for the Fees you pay.

Membership option: Lumeca may allow you to purchase unlimited access to certain specified Healthcare Services or Informational Services during a fixed membership term for a flat fee (“Membership Fee”). Lumeca will notify you of the applicable Membership Fee and the Healthcare Services and Informational Services that are covered by the Membership Fee in any given year, and will have the Membership Fee processed to your credit card before the first time you obtain Healthcare Services or Informational Services under your membership. For the duration of your membership, you will not be charged additional fees for any Healthcare Services or Informational Services covered by your membership. The only additional fees would be for Healthcare Services or Informational Services you request that are outside of your membership and accordingly not covered by your Membership Fee. For access to Healthcare Services or Informational Services not covered by your membership, you must use the pay-per-visit-option. Your membership will automatically renew until cancelled by you in the Billing section of your Account Settings. In the event of an increase in the Membership Fee, we will notify you in advance, and ask whether you want to continue your membership. Your Membership Fees are non-refundable, except where Lumeca terminates your access to the Lumeca Platform, in which case Lumeca will give you a pro rata refund of your Membership Fee. For clarity, Lumeca will refund the portion of your Membership Fee corresponding to the number of months remaining on your membership on the date of termination.

Correcting your Personal Information

To help us keep your Personal Information up-to-date, we encourage you to amend inaccuracies and make corrections as often as necessary. Despite our best efforts, errors sometimes do occur. Should you identify any incorrect or out-of-date information in your file(s), we will make the proper annotations and provide you with a copy of the corrected information. Where appropriate and/or applicable, we will communicate these changes to other parties who may have unintentionally received incorrect information from us.

For corrections to your Health Information, you can request changes to be made to your record and this request will be documented by an annotation in the record. However, we will only make changes to reflect factual inaccuracies, rather than correcting medical opinions, diagnoses, laboratory evaluations or other medical evidence, which we as healthcare providers are required to keep.

All requests to access or to make corrections and changes to your Personal Information must be made to us in writing.

We will deal quickly with your request to see your information, and always respond to you within 30 days. If we need to extend the time, or we have to refuse your request, we will tell you why, subject to any legal restrictions, and we will notify you of the new deadline, the reasons for the extension, and your rights under applicable legislation respecting the extension.

Lumeca Referral Program, Lumeca Purchasing Credit Program

The Lumeca Referral Program allows Users to earn credits towards future Fees (“Lumeca Referral Credits”) by referring friends to Lumeca. Credits can also be purchased in exchange for cash directly through the Lumeca Platform as part of the Lumeca Purchasing Credit Program (“Lumeca Cash Credits“).

How to earn Lumeca Referral Credits: Users can earn Lumeca Referral Credits if: (i) a referred friend clicks on their referral link to create a valid Lumeca account; and (ii) the referred friend provides and verifies their email address and phone number as part of the Lumeca registration process. The referring User will be credited with Lumeca Referral Credits in the amount described in the Credits section in the User’s Lumeca Account Settings. There is no maximum amount of credits a User can earn.

Redeeming Lumeca Referral Credits and Lumeca Cash Credits: Lumeca Referral Credits and Lumeca Cash Credits will automatically appear as a coupon on the checkout page at any time Fees are due for Healthcare Services and/or Information Services. Lumeca Referral Credits must be used within 24 months from the date they are issued. After 24 months, the Lumeca Referral Credits will expire. Lumeca Cash Credits do not expire. Lumeca Referral Credits and Lumeca Cash Credits may not be transferred or exchanged for any cash or money. Lumeca Referral Credits may not be earned by creating multiple Lumeca accounts. Lumeca Referral Credits and/or Lumeca Cash Credits accrued in separate Lumeca accounts may not be combined into one Lumeca account.

Sharing referral links: Referrals should only be used for personal and non-commercial purposes, and only shared with personal connections that will appreciate receiving these invitations. Referral links should not be published or distributed where there is no reasonable basis for believing that all or most of the recipients are personal friends. The Lumeca referral process does not send an electronic message from an electronic address.

Referred friends: Referred friends that have created a Lumeca account using a valid referral link will also receive Lumeca Referral Credits towards Fees. The standard Lumeca referral credit is $5.00 (five Canadian dollars), but may vary in some cases, for example if the referred friend signed up as part of a special promotion. The applicable credit amounts and additional terms and conditions will be provided in the referral invitation or accompanying materials.

Multiple referrals: A referred friend may only use one referral link. If a referred friend receives referral links from multiple Users, only the User who sent the referral link used by the referred friend will receive Lumeca Referral Credits.

Termination and Change: Lumeca may suspend or terminate the Referral Program or a User’s or referred friend’s participation and/or right to participate in the Referral Program at any time for any reason. We reserve the right to suspend accounts or remove Lumeca Referral Credits if we notice any activity that we believe is abusive or fraudulent. Lumeca has the right but not the obligation to monitor referral activities, and to suspend accounts or modify referrals as deemed fair and appropriate. Lumeca accepts no liability as a result of either monitoring or not monitoring referral activities.

Retention and Disposal of Personal Information

Lumeca keeps Personal Information only as long as it is required for the reasons it was collected. The length of time we retain information varies, depending on the product or service and the nature of the information. This period may extend beyond the end of a person’s relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date.

For Health Information, depending on the particular service offered, we retain patient medical records at least as long as required by law and provincial health regulations. In certain cases, this is 3 to 7 years after the examination, or 7 years after the last entry in the medical record.

Currently, the principal places in which Lumeca holds Personal Information are in the cities in which Lumeca has offices and nearby municipalities where off-site storage facilities may be located, or, in instances where Lumeca uses third-party contractors to provide services to you (e.g. Physicians who perform independent medical evaluations, or nurses who perform paramedical examinations), at such premises for those third-party contractors.

When your Personal Information is no longer required for Lumeca’ purposes, we have procedures to destroy, delete, erase or convert it into an anonymous form.

We destroy our records in a way that protects patient privacy in accordance with regulations made under appropriate provincial legislation. We use supervised shredding contractors who must adhere to contractual privacy obligations.


At Lumeca, we use technology and maintain security standards to ensure that your Personal Information is protected against unauthorized access, disclosure, inappropriate alteration or misuse. All safety and security measures are also appropriate to the sensitivity level of your information. Lumeca further protects Personal Information by restricting access to it to those employees that the management of Lumeca has determined need to know that information in order that Lumeca may provide its services.

Client Files

Electronic client files are kept in a secured environment with restricted access. Paper-based files are stored in locked fire-resistant filing cabinets or filing rooms equipped with sprinkler systems. Access to these areas is also highly restricted.

Electronic Security

We manage our server environment appropriately and our firewall infrastructure is strictly adhered to. Our security practices are reviewed on a regular basis and we routinely employ current technologies to ensure that the confidentiality and privacy of your information is not compromised.

Our computer-security specialists build security into all our computer systems. For information stored in electronic format, this protects your information at all times, when it is stored in data files or handled by our employees. Our systems also protect your information if and when it is transmitted, for example, between our offices.

Our web sites or web applications where Personal Information is collected or stored use Secure Socket Layer (SSL) and 128 bit encryption technologies to enhance security when you visit the secured areas of these sites. SSL is the industry standard tool for protecting and maintaining the security of message transmissions over the Internet. When we access or send information from secured sites, encryption will scramble your data into an unreadable format to inhibit unauthorized access by others. To safeguard against unauthorized access to your accounts, you are required to “sign-on” using an encrypted password to certain secured areas of our web sites (where applicable). If you are unable to provide the correct password, you will not be able to access these sections.

Your password information is encrypted which is presently the most effective way to secure electronic data.

Amendment of Lumeca Practices and this Policy

This statement is in effect as of January 1, 2017. Lumeca will from time to time review and revise its privacy practices and this Policy. In the event of any amendment, an appropriate notice will be posted on Lumeca’ web site. Policy changes will apply to the information collected from the date of posting of the revised Policy to Lumeca’ web site as well as to existing information held by Lumeca.

Contacting us / Questions / Suggestions About this Policy

In the event an individual has questions about (a) access to Personal Information; (b) the collection, use, management or disclosure of your Personal Information; or (c) this Policy, that person should contact the Chief Privacy Officer in writing.

At Lumeca, we are committed to maintaining and protecting the Personal Information under our control. In fulfilling this mandate, we have designated an individual (and in certain cases, individuals) who are accountable for our compliance with this Policy.

If you have any concerns, inquiries or suggestions regarding this Policy, please submit them in writing (either by fax, mail or email) to:


Attention of: Chief Privacy Officer

Lumeca Health Inc.

302-3001 Tutt Street

Kelowna, British Columbia

V1Y 2H4


We will deal quickly with your request to see your information, and always respond to you within 30 days. If we need to extend the time, or we have to refuse your request, we will tell you why, subject to any legal restrictions, and we will notify you of the new deadline, the reasons for the extension, and your rights under applicable legislation respecting the extension.

Individuals who feel that their privacy rights have been infringed upon can complain to the Privacy Commissioner of Canada. The Commissioner’s role is that of an ombudsman, trying to find solutions to privacy problems, and resolving complains through negotiation and persuasion, and using mediation and conciliation if appropriate.

Please visit the Privacy Commissioner of Canada’s website at for details.