PHIPA

If you are a health information custodian in Ontario — for example, a regulated health professional operating a practice — you remain the custodian of the PHI you enter into AcuClient. Effect Wellness Inc. operates as your agent and electronic service provider within the meaning of PHIPA, handling PHI only as permitted by you and only to provide the service.

Technical, physical, and administrative safeguards are summarized on the Security page, including AES-256 encryption at rest, TLS 1.2+ in transit, role-based access control, session management, and vendor due diligence.

Under PHIPA, custodians are responsible for managing consent and for honoring consent directives (“lock-box” instructions) from patients. AcuClient provides the access-control and note-locking primitives practitioners need to respect these directives. Full consent-capture workflows at the client level are being finalized as part of the launch release.

PHIPA and the College rules that apply to most regulated Ontario professions require custodians to retain PHI for a minimum period (for adult clinical records, typically 10 years from the last interaction, or longer for records involving minors). AcuClient retains your data for the life of your subscription and for a 90-day post-cancellation export window. If you are an Ontario custodian, you are responsible for exporting and archiving records within the retention period required by law before the end of the export window.

AcuClient is currently hosted on Supabase infrastructure in the United States (Oregon). PHI entered into the service therefore leaves Canada, which may be inconsistent with your obligations or your patients' reasonable expectations. Canadian-region hosting is planned for a future platform upgrade. We state this directly so that Ontario custodians can make an informed decision and, if appropriate, wait for the Canadian-region migration before onboarding clinical data. Please contact us to discuss your situation.

Effect Wellness Inc. maintains an incident-response procedure. If we discover that PHI under your custodianship has been stolen, lost, or accessed without authorization, we will notify you at the first reasonable opportunity so that you can meet your PHIPA obligations to affected individuals and the Information and Privacy Commissioner of Ontario.

PHIPA gives patients a right of access to their PHI and a right to request correction. AcuClient includes client-portal access and practitioner-driven export and correction tooling to support those rights. Audit-log tooling covering access and modification of PHI is being enabled in regulated deployments as part of the launch release.

See the Privacy Policy, PIPEDA page, and Compliance overview.