Effective as of February 24, 2026
“HEALWELL” refers to HEALWELL AI Inc. and its business units or subsidiaries, when referenced collectively (“we, “us”, or “our”). These business units include companies that HEALWELL AI Inc. has acquired or may acquire as part of its healthcare technology and services business. This Privacy Policy explains how HEALWELL collects, uses, discloses, retains, and protects personal information (“PI”) and personal health information (“PHI”) in connection with the use of HEALWELL’s platform, which includes HEALWELL’s websites, software applications, tools, and related services.
HEALWELL takes its privacy and data protection obligations very seriously and is committed to ensuring that any personal information shared with us when using HEALWELL’s platform is protected and used only in accordance with applicable data protection laws.
The HEALWELL platform is primarily intended for use by healthcare providers and organizations. Patients access services supported by the platform ideally through their healthcare provider or an authorized health system.
Our Privacy Policy forms part of our Terms and sets out our practices to meet our privacy and data protection obligations. Unless stated otherwise, all defined and capitalized terms in this Privacy Policy have the same meaning as in the Terms.
A. HEALWELL’s Business Units, Products and Services
HEALWELL operates through five business units (BUs) that provide specialized digital health products and services. While these BUs operate under the HEALWELL brand and align their practices with the fair information privacy principles, each business unit may deliver distinct services and process PI and PHI in ways specific to its products and contractual arrangements. HEALWELL’s current business units include:
- AI and Data Sciences Function
- Intrahealth Systems Limited
- Orion Health
- VeroSource Solutions Inc.
Product offerings across these five (5) business units include:
- A Clinical Decision Support (CDS) tool that analyses electronic medical record (“EMR”) data to support guideline-based insights, disease detection, risk stratification and patient care optimization for healthcare providers.
- Data Analytics and Real-World Evidence solutions that supports quality improvement, research, and evidence generation using structured, unstructured, de-identified, or pseudonymized data, as authorized by health information custodians (“custodians”).
- EMR and Practice Management Solutions that supports clinical documentation, scheduling, billing, and operational workflows.
- Interoperability and Health Information Exchange platforms that enable secure exchange of PHI between healthcare systems, providers, and authorized government entities, support longitudinal health records, and facilitate services such as virtual care, digital triage, call-centre interactions, and ministry-directed health programs, where authorized.
- Patient Access and Digital Health Portal solutions that enable patients and authorized users to securely access their PHI from provincial or government health systems, support digital front-door services, and facilitate system-to-system interoperability and public-facing health information services, where authorized by the applicable health information custodian.
For detailed information about how a specific product collects, uses, and processes PI and PHI, please refer to the applicable business unit privacy policy.
B. Information collected by HEALWELL
In most cases, HEALWELL acts as an agent/ service provider/ information manager or a data processor (in the EU and UK) on behalf of healthcare providers or other health information custodians (“custodian”) or data controllers (in the EU and UK). Except where explicitly stated, HEALWELL does not act as a custodian for patient PI and PHI.
a) Information related to healthcare providers and their authorized users
HEALWELL may collect PI relating to healthcare providers, their organizations, and authorized users, including:
- Account and contact information (e.g., full legal name, business address, email address, phone number, credentials to manage user accounts) necessary for registration and communication,
- Professional, administrative, and organizational information required to configure and manage services,
- Clinic’s financial and other payment information, such as your credit card information for billing and invoicing,
- Staff information entered by providers for scheduling, task management, or operational purposes,
- Communications with HEALWELL, including emails, support tickets, and recorded calls, where permitted by law,
- Usage information and diagnostic data like device identifiers, IP addresses, browser type, and session logs to maintain and improve our platform.
b) Information related to patients
HEALWELL does not typically collect PI or PHI directly from patients, except in rare circumstances. Instead, healthcare providers or other health information custodians may input or make patient PI or PHI available to HEALWELL through our products or platform so that HEALWELL may provide services on their behalf. Where HEALWELL processes patient PI or PHI, we do so on the instructions of, and in reliance on the lawful authority and authorization or consent obtained by, the applicable custodian. Patient PI and PHI that may be processed by HEALWELL includes:
- Patient EMR data: Clinical, administrative and demographic information contained within the EMR, including diagnoses, clinical notes, laboratory results, and other health information relevant to disease detection and analysis,
- Program or study-specific datasets, such as diagnosis, treatment, and outcome data required by clinicians, hospitals, or research sponsors,
- Unstructured clinical text necessary for data structuring and enrichment,
- Aggregated or de-identified datasets used for analytics or reporting,
- Clinical documentation, notes, and care records,
- Information generated through clinical interactions (e.g., call-centre, virtual visit, or chat interactions),
- Identifiers and administrative data required for care delivery, reporting, interoperability, or system operation.
Note: HEALWELL does not knowingly collect PI or PHI directly from children except where such information is made available by a custodian for the purposes of delivering healthcare services.
C. How HEALWELL uses the information it collects
a) Information relating to healthcare providers is used for purposes, that include the following:
- Deliver, configure, and administer services and user accounts,
- Authenticate users and manage access controls,
- Operate, secure, and maintain HEALWELL’s platform,
- Process billing and payments,
- Provide customer support, onboarding, training, and service communications,
- Monitor usage, troubleshoot issues, and maintain audit and security logs,
- Improve platform performance, reliability, accessibility, and security,
- Meet applicable legal, regulatory, and contractual obligations.
b) Information relating to patients
All patient PI and PHI processed by HEALWELL in its capacity as an agent/ service provider, information manager, data processor is done so under the authority and direction of a relevant custodian. Processing of patient PI and PHI is based on the lawful authority of the applicable custodian under applicable health information legislation.
HEALWELL does not use patient PI/PHI for its own purposes, unless it has express written consent from the patient. HEALWELL applies strict data-minimization standards and uses pseudonymized, de-identified, anonymized, or aggregated data whenever possible. PHI is accessed only to the extent required to fulfill contractual obligations, and HEALWELL does not retain identifiable PHI longer than necessary to perform the services requested by the custodian.
HEALWELL does not use PHI for advertising, direct marketing or product development unrelated to a custodian’s instructions and does not disclose identifiable information to third parties without authorization from the custodian. Some of the purposes for which HEALWELL uses patient PI and PHI include the following:
§ Supporting clinical care, coordination, and decision-making by healthcare providers,
- Enabling EMR access for providers, system interoperability, and continuity of care,
- Supporting quality improvement, public health reporting, and research ethics board (REB) authorized research activities (as authorized under contracts with hospitals, clinicians, or research investigators),
- Accessing and using PI or PHI as necessary to resolve product issues, respond to service requests, and assist users with configuration, onboarding, and training,
- Facilitating early disease detection, risk identification, and clinical analysis,
BU-specific privacy policies detail how patient PI and PHI is used by their respective product/ solution.
D. Sharing of PI and PHI
HEALWELL is committed to minimizing the disclosure of personal information. We do not disclose patient PI or PHI unless we are instructed to do so by the applicable custodian or are otherwise required or permitted to do so by law. In order to deliver our services to healthcare providers and health system partners, we may share the information we collect with third parties, including, but not limited to those listed below. In doing so, we respect and protect privacy by using reasonable measures to minimize the amount of information disclosed, including providing only de-identified information where possible, and with strict contractual provisions:
- Third-Party applications: we may share information with third-party applications or services that healthcare providers choose to integrate with HEALWELL’s platform, for the purpose of enabling data exchange or functionality requested by the provider.
- Service providers: we may engage third-party providers to support us in the delivery of services, including hosting technology infrastructure, analytics, and payment processing. These providers are contractually required to protect personal information and to use it only for the purposes of providing services to HEALWELL.
- Public authorities: we may disclose personal information to authorized law enforcement agencies, regulators, courts, or other public authorities in response to lawful requests or to protect the rights, safety, or security of HEALWELL, our users, or others.
- Business partnerships and corporate transactions: we may disclose personal information as permitted by law for strategic business transactions, financings, reorganizations, or the sale or acquisition of all or part of our business, subject to appropriate confidentiality safeguards.
- Professional advisors: we may share limited personal information with our legal, accounting or other professional advisors where necessary to obtain advice or comply with legal or regulatory obligations.
E. Data Use and Artificial Intelligence (AI)
HEALWELL offers the latest health technology and data services that support and enhance medical practices to improve patient care, including those featuring the use of artificial intelligence. Should a healthcare provider choose to subscribe to and use any AI-based services, their user data and patient data may at times be processed and analyzed in order to provide insights into patients’ care, including highlighting potential diagnoses and treatment options to consider as well as potential eligibility for clinical research studies or clinical trials that may benefit the health of patients. Healthcare providers always remain in control of clinical care decision-making and communication with patients regarding their care.
F. Data Retention
HEALWELL retains PI and PHI for only as long as necessary to provide services, to meet applicable legal, regulatory and contractual obligations, and as otherwise set out in the applicable terms of service. Where permitted by law and subject to applicable contractual arrangements and customer instructions, HEALWELL does not de-identify patient PI/PHI without authorization from the applicable custodian or customer. HEALWELL applies secure retention, anonymization (where authorized), and deletion protocols, and securely deletes information once it is no longer required for the permitted purposes.
G. Data Security
HEALWELL employs reasonable technical, physical and administrative security measures, as required under applicable privacy and data protection laws, to protect all provider and patient related information, including information pertaining to providers’ staff. These measures help HEALWELL to protect information from unauthorized access, disclosure, modification, accidental loss, or destruction. No system is completely secure; however, HEALWELL uses industry best practices including encryption (at rest and in transit), access controls, and contractual safeguards to provide an appropriate level of protection to the information held by us. In the event of a privacy or security incident, HEALWELL follows established incident response protocols and will promptly notify the applicable custodian in accordance with contractual and legal obligations.
H. International Transfers
To deliver our services to providers and patients, we may use technology that stores or processes PI and PHI outside of the jurisdiction in which the provider provides services. As a result, such information may become subject to the laws of another jurisdiction, which may differ from those in the providers’ own jurisdiction. By using our services, healthcare providers acknowledge and consent to the transfer of personal information concerning them, their patients and staff outside of the jurisdiction where care is delivered, when necessary and as permitted by law, unless otherwise agreed upon contractually.
I. Privacy Rights
Subject to certain limitations and depending on the applicable privacy laws, providers, patients and staff, as applicable, may have the following legal rights concerning their personal information:
i. The right to access their personal information held by HEALWELL and, in certain circumstances, to have that information provided in a structured, commonly-used, and machine-readable format for portability,
ii. The right to have errors or inaccuracies in their PI or PHI corrected,
iii. The right to have certain PI or PHI that is held by HEALWELL disposed or removed,
iv. The right to object to the processing of PI or PHI, as permitted by applicable law, and
v. Where processing is based on consent, the right to withdraw or decline consent at any time. Where processing is based on other lawful authorities (such as contractual necessity or statutory authority), the right to withdraw consent may be limited. Please note that withdrawal of consent may affect a provider’s ability to access or use certain services.
In most cases, HEALWELL acts as an agent, service provider, information manager or data processor on behalf of a healthcare provider or other relevant health information custodian, or data controller which remains responsible for responding to privacy rights requests relating to patient PI/PHI. HEALWELL works closely with custodians to ensure that privacy rights requests are handled appropriately, efficiently, and in compliance with applicable privacy legislation based on what has been contractually agreed to between HEALWELL and custodians. Where a patient or other individual submits a privacy rights request directly to HEALWELL, we may redirect the request to the appropriate health information custodian or take steps to support and facilitate the request on behalf of the custodian, in accordance with our contractual arrangements and applicable law.
For any questions or concerns about HEALWELL’s privacy practices or to access or correct PI or PHI, please use the contact details provided in the “Contact Us” section at the end of this policy. We encourage providers to contact us first so that we may address any concerns directly. If HEALWELL is unable to satisfactorily resolve concerns, providers also have the right to file a complaint about how HEALWELL uses or processes PI and PHI with the Office of the Privacy Commissioner of Canada or other data protection/ oversight authority as may be applicable to your jurisdiction. Provincial Canadian privacy commissioners, depending on the jurisdiction include:
- Ontario – Information and Privacy Commissioner of Ontario
- Alberta – Office of the Information and Privacy Commissioner of Alberta (OIPC)
- British Columbia – Office of the Information and Privacy Commissioner for B.C.
- Quebec – Commission d’accès à l’information du Québec
- Other Provinces and Territories – Information about applicable privacy oversight bodies is available through the Office of the Privacy Commissioner of Canada or the relevant provincial government websites.
Providers remain responsible for respecting and assisting patients and staff to exercise their privacy rights in relation to the PI and PHI that they collect from them in connection with the use of HEALWELL’s platform and services.
J. Cookies and Similar Technologies
HEALWELL uses cookies and similar tracking technologies on our website and the HEALWELL platform to enhance user experience. HEALWELL uses cookies for essential functionality and, where applicable, analytics and performance monitoring. Users may manage cookie preferences through browser settings.
If you wish, you may opt out of being tracked by Google Analytics by disabling or refusing the cookies, by disabling JavaScript within your browser or by using the Google Analytics Opt-Out Browser Add-On. Disabling Google Analytics or JavaScript will still permit you to access comparable information or services from our website. https://tools.google.com/dlpage/gaoptout?hl=en
K. Third-party Services and Links
The HEALWELL platform and/or website may contain links or enable users to link to other websites that are not under our control, and we assume no responsibility for those links, or the privacy practices of the websites should a healthcare provider or patient choose to navigate to them.
L. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to how HEALWELL handles the information held by us. A healthcare provider’s continued use of our website, the HEALWELL platform or services will be deemed acceptance by them of the updated Privacy Policy.
M. Contact Us
HEALWELL has appointed a Global Chief Privacy Officer who is accountable for HEALWELL’s compliance with applicable privacy and health information legislations. For any questions or concerns about HEALWELL’s privacy practices or this policy, please contact our Privacy Office by using the information below
HEALWELL AI Inc. Privacy Office
Email: privacy@healwell.ai