Privacy Policy — Orthopaedic Access

Privacy policy

Orthopaedic Access Privacy Policy

Last updated: June 8, 2026

Orthopaedic Access ("we," "us," or "our") is committed to protecting your privacy. This policy explains how we collect, use, disclose, and protect personal information, including personal health information, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

ABOUT US AND OUR PRIVACY OFFICER

We are a private patient navigation and coordination service based in Toronto, Ontario. We are not a health information custodian under Ontario's PHIPA. Our Privacy Officer is responsible for our compliance with this policy and can be reached at: Brendan Gillmore, info@orthopaedicaccess.ca.

INFORMATION WE COLLECT

Depending on the service, we may collect:

  • your name, address, email, phone number, and date of birth;
  • health information you provide, including medical history, symptoms, existing imaging (such as MRI, X-ray, or CT) and reports, referral letters, diagnostic information, medications, and relevant medical history;
  • your OHIP number, collected only for identity verification and to correctly link your records on referral documentation — never for OHIP billing;
  • payment information, which is processed by our third-party payment processor and not stored in full by us; and
  • information you submit through booking forms and consultations.

WHY WE COLLECT IT

We use your information to:

  • provide our navigation and coordination services, including assessing your situation, preparing referral materials, helping identify appropriate provider options, coordinating imaging, and following up;
  • communicate with you;
  • share information, with your consent, with the providers and parties described below;
  • enable our clinical advisor to review your file for the purpose of identifying appropriate provider options; and
  • process payment and maintain business records.

CONSENT

We collect, use, and disclose your personal information only with your consent. Because health information is sensitive, we obtain your express, written consent before collecting or sharing it. You may withdraw your consent at any time, subject to legal and contractual restrictions, by contacting our Privacy Officer. We will explain the consequences of withdrawal, which may include our being unable to continue providing the service.

WHO WE SHARE IT WITH

With your express consent, we may share your information with:

  • your family physician or a telehealth physician;
  • orthopaedic surgeons and their offices;
  • imaging clinics and facilities;
  • our clinical advisor; and
  • the service providers listed below who help us operate.

We do not sell your information. We do not accept or pay referral fees, and we never share your information with any provider in exchange for compensation.

WHERE YOUR INFORMATION IS STORED, AND CROSS-BORDER TRANSFERS

We rely on third-party platforms to operate. Some store information in Canada and some in the United States:

  • TitanFile (Canadian-hosted) is our primary, encrypted channel for exchanging health information documents;
  • Doxy.me is used for video consultations and is peer-to-peer encrypted, with no health information stored on its servers;
  • SignWell (United States) is used for e-signature of consent forms and agreements;
  • Squarespace (United States) hosts our website and booking;
  • Google Workspace is used for email; and
  • our payment processor handles payments.

When personal information is stored or processed in another jurisdiction, such as the United States, it may be accessible to the courts, law enforcement, and national security authorities of that jurisdiction.

HOW WE PROTECT YOUR INFORMATION

We use encrypted platforms, limit access to authorized personnel only, and require those handling your information to maintain its confidentiality. We use TitanFile, a Canadian-hosted encrypted platform, as the primary channel for exchanging health information documents.

HOW LONG WE KEEP IT

We retain personal information only as long as necessary for the purposes described above or as required by law. Because applicable limitation periods in Ontario can extend several years, we may retain certain records for up to 15 years, after which we securely destroy them.

ACCESS AND CORRECTION

You may request access to the personal information we hold about you and request corrections. Contact our Privacy Officer; we will respond within 30 days.

PRIVACY BREACHES

If a breach of your personal information creates a real risk of significant harm, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA, and we maintain records of breaches.

COMPLAINTS

If you have a privacy concern, please contact our Privacy Officer first. You also have the right to complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca, 1-800-282-1376).

CHANGES TO THIS POLICY

We may update this policy from time to time. Changes take effect when posted on this page.

CONTACT

Privacy Officer, Orthopaedic Access — info@orthopaedicaccess.ca.