Introduction

Hyperion Exercise and Health Ltd. ("Hyperion," "we," "us," or "our") is dedicated to protecting your privacy and the confidentiality of your personal information. This Privacy Statement outlines our practices regarding the collection, use, disclosure, and safeguarding of your personal information and personal health information ("PHI") when you engage with our services, including Exercise Physiology, Kinesiology, Physiotherapy, Occupational therapy, Dietician services, and Physician services. Our services are provided through various channels, including telehealth, mobile home health, and in-office visits within the province of Alberta.

This Privacy Statement is designed to comply with applicable privacy legislation, including the Health Information Act (HIA), Personal Information Protection Act (PIPA), and Personal Information Protection and Electronic Documents Act (PIPEDA). It also aligns with the guidelines and standards set forth by relevant professional regulatory bodies, including the Alberta College of Physicians and Surgeons, Alberta College of Physiotherapists, Alberta College of Occupational Therapists, Alberta College of Dietitians, the Canadian Society for Exercise Physiology, and the Alberta Kinesiology Association.

Collection of Personal Information

We collect personal information to deliver high-quality healthcare services tailored to your needs. This information includes, but is not limited to:

• Contact Information: Your name, address, telephone numbers, email addresses, and emergency contact details.
• Health Information: Medical and health history, records of consultations, assessments, treatments, diagnoses, test results, medications, allergies, and any other relevant clinical notes.
• Demographic Information: Age, gender, occupation, and other relevant personal details that assist us in providing personalized care.
• Insurance and Payment Information: Insurance provider details, policy numbers, credit card information, and billing address, which are used for processing payments and managing insurance claims.
• Communications and Preferences: Information from your communications with us, including emails, appointment requests, survey responses, and your preferences regarding service delivery and communication methods.
• Website Data: Information collected automatically when you visit our website, including IP addresses, browser types, device identifiers, referring URLs, and data collected through cookies and other tracking technologies.
  

Purpose of Collecting Personal Information

We collect your personal information for various purposes necessary for the delivery of healthcare services and operational, legal, and administrative functions. Specifically, your information is used to:

• Provision of Healthcare Services: To assess your health, develop individualized treatment plans, provide ongoing care, monitor your progress, and communicate relevant information to you regarding your treatment and appointments.
• Coordination of Care: To share information with other healthcare providers involved in your care (e.g., physicians, specialists, allied health professionals) to ensure a collaborative approach to your treatment.
• Billing and Payment Processing: To facilitate payment for services rendered, including processing claims with insurance companies or third-party payers.
• Administrative Purposes: To manage clinic operations, including scheduling appointments, responding to inquiries, maintaining accurate and up-to-date records, and managing your patient file.
• Regulatory Compliance and Quality Assurance: To comply with professional and legal obligations, including regulatory audits, reporting requirements, and quality assurance programs to ensure the highest standards of care.
• Marketing and Educational Communications: To inform you about our services, upcoming events, health tips, or educational content, with your express consent. You can opt out of receiving these communications at any time.
• Website Functionality and Improvement: To understand how visitors use our website, improve the user experience, and enhance the security and functionality of our online services.

Disclosure of Personal Information

Your personal information will not be disclosed to third parties without your consent, except as permitted or required by law under the HIA and PIPA. We may disclose your information in the following circumstances:

• Healthcare Providers: To other healthcare professionals involved in your care for the purpose of providing seamless and coordinated services.
• Third-Party Service Providers: To trusted third-party service providers who assist us in operating our clinic, including telehealth platform providers, electronic medical record systems, payment processors, and IT service providers. All third-party service providers are bound by confidentiality agreements and must adhere to privacy legislation.
• Regulatory Bodies and Legal Obligations: To professional regulatory bodies for audit or quality assurance purposes, or as required by court orders, subpoenas, or other legal processes.
• Emergency Situations: To relevant authorities or emergency contacts if it is believed you are at risk of harm or require urgent medical assistance.

Consent for Collection, Use, and Disclosure of Health Information

Under PIPA, we require your explicit consent to collect, use, and disclose your personal health information for the purposes outlined above. However, in certain circumstances allowed by law, such as emergencies or compliance with legal orders, we may disclose your health information without consent. These situations are detailed in sections 27 to 38 of PIPA.



For patients treated under the Diagnostic Treatment and Care Information (DTPR) regime, your personal health information falls under the HIA. In such cases, your health information may be disclosed to other custodians (such as healthcare providers or facilities) without your explicit consent for diagnostic, treatment, and care purposes under HIA guidelines​.

Data Storage

• Electronic Medical Records: Our electronic medical records (EMR) are securely stored in Canada at JaneApp’s data centers, located at 120 West 8th Avenue, Vancouver, BC, Canada, V5Y 1N2.
• Fax Communications: Our fax communications are stored in Canada through SRFax, located at 4170 Still Creek Drive, Suite 200, Burnaby, BC, Canada, V5C 6C6.
• VO2max Data: Any VO2max data collected through our services is securely stored on PNOE servers, located at PNOE, Thiseos 16, Marousi 15124, Athens, Greece.

Retention of Records

General Retention:

• Records are retained for a minimum of 10 years from the last patient visit in accordance with HIA.
• For minors, records are retained for 10 years past the age of majority (18 years), in compliance with both PIPA and HIA.
• Electronic records will be retained within JaneApp for the entire retention period.

Record Disposal

Electronic Records:

• After the required retention period, records will be permanently deleted from JaneApp using secure deletion protocols.

Paper Records:

• Any paper documents that are scanned and uploaded to JaneApp must be immediately shredded using a cross-cut shredder to ensure secure disposal.
• The Chief Privacy Officer will maintain a log of disposed records, documenting the type of records, disposal date, and method of destruction.

Protection of Personal Information

We are committed to safeguarding your personal information through a combination of physical, technical, and administrative security measures. These measures include:

• Access Control: Limiting access to personal information to authorized personnel who require it to perform their duties. Access is managed through secure login credentials, role-based permissions, and ongoing monitoring.
• Data Encryption: Employing encryption technologies to protect data during transmission and storage, ensuring that your information is securely transferred, particularly when using telehealth platforms and online communication tools.
• Secure Storage: Storing personal information in secure electronic medical record systems that are regularly updated and monitored to prevent unauthorized access, data breaches, or loss.
• Confidentiality Agreements: Requiring all employees, contractors, and third-party service providers to sign confidentiality agreements and adhere to our privacy policies and legal obligations.
• Regular Privacy Audits: Conducting regular audits, privacy impact assessments, and training sessions to ensure compliance with privacy legislation and best practices in data security.

Website Data, Cookies, and Analytics

When you visit our website, we may use cookies and other similar technologies to enhance your browsing experience. These technologies help us understand how our website is used, improve site functionality, and tailor content to your preferences.

• Cookies: Cookies are small data files stored on your device that allow us to recognize your browser and remember certain information. We use different types of cookies, including:
• Essential Cookies: Necessary for the basic functioning of our website.
• Analytical Cookies: Used to collect information about how visitors interact with our site, allowing us to make improvements based on user behavior.
• Marketing Cookies: Used with your consent to deliver relevant advertising and measure the effectiveness of marketing campaigns.
• Consent and Control: You can manage your cookie preferences through your browser settings, where you can choose to disable cookies entirely or be notified when cookies are being used.
• Third-Party Analytics: We may use third-party analytics services, such as Google Analytics, to help us understand website traffic and usage patterns. These services collect data in an aggregated form and do not identify individual users. For more information, you can review the privacy policies of these third-party services.

Access, Correction, and Retention of Personal Information

You have the right to access your personal information held by Hyperion, request corrections if necessary, and inquire about how your information is used and disclosed. To exercise these rights, please contact us using the details provided below.

• Retention of Information: We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. When information is no longer needed, it is securely destroyed, deleted, or anonymized.
• Fees for PIPA, FOIP, or HIA information requests apply to the cost of producing the copy:
• Basic Fee: $25 for file preparation, clarifying the request, obtaining consent, retrieving the record, preparing the record, AND photocopying the record.
• Photocopies and computer printouts: $0.25/page if the cost of photocopying the chart, when calculated at $0.25/page, exceeds $5 (chart greater than 20 pages long, $0.25/page for pages 21 onwards).
• Producing a record from an electronic record:
• Computer processing: actual costs.
• Computer report generation: $10 per 0.25 hour.

Your Rights and Choices

You have the following rights regarding your personal information:

Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. However, withdrawing consent may affect our ability to provide certain services.

Right to Access and Correct: You have the right to access the personal information we hold about you and request corrections to ensure its accuracy and completeness.

Right to File a Complaint: If you have concerns about how your personal information is being handled, you have the right to file a complaint with Hyperion or with the relevant privacy regulatory authority.

Contact Us

If you have any questions, concerns, or requests related to this Privacy Statement or the handling of your personal information, please contact us at:

• Hyperion Exercise and Health Ltd.
  157 Nolancrest Common NW, T3R0Y1, Calgary AB, Canada
  (587) 355-1723
  privacy@hyperionhealth.ca
• Chief Privacy Officer
• Callie Boyce, COO
• (403) 796-2473

Changes to This Privacy Statement

We may update this Privacy Statement periodically to reflect changes in our practices, legal requirements, or regulatory guidelines. The latest version will always be available on our website, and significant changes will be communicated to you as necessary.

Acknowledgement

By using our services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Statement. Your continued use of our services constitutes your acceptance of any updates to this policy.