More simply put
Different types of information that you share through the Lumeca Platform is collected and stored only when necessary for the purpose of providing good service to the users. Each table lists examples of information and their type. Each piece of information has a purpose why it was collected and how it is represented in our system.
Different types of information that you share through the Lumeca Platform is collected and stored only when necessary for the purpose of providing good service to the users. Each table lists examples of information and their type. Each piece of information has a purpose why it was collected and how it is represented in our system.
Having up-to-date and accurate information helps us provide you with the best possible service, recommendations and, in certain cases, to offer additional services we believe might be of benefit to you.
At Lumeca, we collect two types of information from our clients either remotely or in-person and from website visitors. With your consent, we collect Personal Information. We may also collect Anonymous/Non-personal Information.
The types of Personal Information that may be collected and maintained in your file for the purposes of providing healthcare and emergency services to you may include, but are not limited to:
Table 1 – Information that you provide to Lumeca |
Information Provided |
Type of Information |
Purpose of Collection |
Description (how the information is represented in our system) |
Patient User: Name, Email, Phone Number, Address, Date of Birth, Display Picture, Provincial Health Services Number, Gender, Emergency Contact
Clinical User: Name, Email, Phone Number, Date of Birth, Professional License Number, Electronic Signature. |
Demographic Information |
Used as a method of communication with the individual (email and phone number). |
The data elements are unique identifiers of the account holder and the dependent(s). The e-signature would be used by the Clinical User for authorization. |
Used for the security of access to the Lumeca Platform to protect Patient User PI & PHI, and Clinicians’ PI. |
To accurately identify the individual to provide access to the Lumeca Platform and coordinate health care services. |
Height, Weight, Allergies, Photographs of Skin Conditions, Reason for Consultation, Chat Message Content |
Personal Health Information |
To provide accurate health care services to the individual. |
The data elements are unique identifiers and health information of the account holder and the dependent(s). These data elements are collected before, during and after the process of a consultation. |
Test Forms, Diagnostic Test Results, ICD Code, Prescriptions, Consent Forms from Doctors, Consultation Notes |
To maintain records of consultation for clinical management. |
Family Doctor: Name, Phone Number, Province; Name and Contact Information of Preferred Pharmacy, Other Providers’ Names and Contact Information |
To co-ordinate with the Clinical User(s) to provide accurate health care services. |
The data elements are unique identifiers associated with the Patient Users. |
To maintain the security and safety of all parties involved with the Lumeca Platform. |
Global Positioning System (GPS) Coordinates*
*Only pertains to emergency medical service responder use cases |
Personal Information |
To locate an individual in order to dispatch emergency response teams to the individual’s location for timely care. |
The data element is a point-in-time location provided by the individual to the other participants of the call that reflects a specific geographic point by communicating longitude and latitude coordinates to the participants. |
Consent Form |
Consent Logging Information |
Provision of authority to Lumeca to collect, store, use and retain Personal Information to provide health care services to the individual. |
The checkmark beside the consent form for the individual to click to indicate provision of consent. |
To maintain the security and safety of all parties involved with the Lumeca Platform. |
Biometric Data (fingerprints, facial patterns, iris scans, voiceprints, & hand geometry) |
Personal Information for authentication |
This data is neither collected nor stored. It will solely be used during the authentication process. |
The biometric data strictly as a validation method for its mobile applications. Users have the option to utilize their preferred biometric method to open/log in to their account. |
|
Table 2 – Information collected and/or stored by Lumeca |
Information Collected |
Type of Information |
Purpose of Collection |
Description (how the information is represented in our system) |
Date/Time of Appointment, Which Users are present, Type of Appointment (Virtual or In-Person; Audio or Video; Synchronous [Real-Time] or Asynchronous) |
Clinical Information – Scheduling |
To provide accurate and safe health care service. |
These data elements are collected during the process of scheduling an appointment with a Clinical User/Patient User through Lumeca. It would allow an individual to gain the health care service(s) requested. |
To maintain the security and safety of all parties involved with the Lumeca Platform. |
To schedule and maintain records of appointments for management and security reasons |
Who Accessed Consultation, Device Data of Patient & Clinical User(s), Duration of Access, IP Addresses, Video Call Data, Phone Call Data, ICD Code |
Clinical Information – Encounter Logging |
To maintain logs of user access to confirm privacy & security of health information |
These data elements are collected during the process of scheduling an appointment with a Clinical User/Patient User through the Lumeca Platform. |
To support billing information processing for remuneration |
To audit in the event of a data breach and routine auditing by trustees/custodians |
For every consultation, whether in person, over the telephone or by corresponding with you via mail or the Internet, health providers must collect, organize, hold, and maintain a medical chart with information relevant to the medical problem or incident expressed. They maintain and safeguard this information in trust. For more information related to their obligations, see “Trustees/Custodians” below.
While Lumeca facilitates the provision of healthcare services as described above, Lumeca itself collects only such information from individuals or organizations (such as a medical clinic) as is required for the purposes of providing services or information to them, marketing other services or products to them (as applicable), and for aggregated statistical analyses. To the greatest extent possible, we will collect Personal Information directly from the individual concerned. Our system also may communicate with other health systems that house your Personal Information, such as a clinical electronic medical record in a family doctor’s office, or the comprehensive provincial health record. When we push information to another system, it may be to link your health record from Lumeca to another health record. Authentication and identity verification steps take place to confirm that both systems are referring to the same person. We may also pull information from another system for this same purpose. This is done to satisfy coordination of your care to improve the safety and efficiency of your health care service coordination.
In certain cases, we will be required to collect Personal Information from other sources, including but not limited to your treating physician, consulting physicians, psychologists, pharmacists, public health related data contained in the provincial comprehensive electronic health record, and insurers. In those cases, we will request your consent to obtain information from those sources or make known to you that this information was shared with us for the purpose of providing health services to you. We will also establish Information Sharing Agreements with these groups that detail the collection, use and disclosure, as well as the data protection of the information that is shared between parties.
We collect Personal Information for different purposes, depending on the type of service we are providing to you, as applicable.
These purposes include opening an account through the Lumeca platform, and providing the Lumeca platform services to you, which may include:
- Creating a Patient User and/or Clinical User account on the Lumeca Platform;
- Authenticating your identity;
- Pushing notifications to your mobile phone to notify you about appointments and consultation activity;
- Supporting your access to primary or emergency health services with a medical professional or organization;
- Providing you with other services or products in the future;
- Using your usage data on the Lumeca Platform to tailor our marketing and communication with you;
- Internal quality control processes, including continuous improvement analysis and/or following up with customer concerns; and
- Aggregated statistical analyses.
Biometrics
Definition: Biometric data refers to measurable physical or behavioral characteristics of an individual that can be used for identification or verification purposes. These characteristics include, but are not limited to, fingerprints, facial patterns, iris scans, voiceprints, hand geometry, and DNA. Biometric data is often utilized in security systems, access control, identity verification, and authentication processes. For the purposes of this policy, “biometrics” specifically refers to fingerprints, face IDs, iris scans, and voiceprints.
Biometrics Use
Lumeca employs biometric data strictly as a validation method for its mobile applications. Users have the option to utilize their preferred biometric method—fingerprint or face ID—to gain access to the Lumeca app on their mobile devices. The device performs the verification of the user and communicates a success or failure status to the Lumeca app, which then logs the user into their account based on this status.
Important Notes:
- Lumeca does not collect, store, or process any biometric information from users at any stage of this process.
- The biometric features are native to the user’s mobile device and are not accessed or stored by Lumeca.
- The mobile device uses biometric data solely for the purpose of user verification.
Legal and Privacy Considerations:
- Lumeca is committed to protecting user privacy and complies with all relevant data protection and privacy laws, including but not limited to:
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA), and relevant provincial laws.
- United States: Health Insurance Portability and Accountability Act (HIPAA).
- Users retain full control over their biometric data, which remains within the confines of their mobile devices.
- Lumeca does not have access to or responsibility for the biometric data stored on users’ devices.
No Liability for Devices Used to Access Your Account
Lumeca assumes no liability for users’ devices, or the information stored on them. In instances where the device and/or its biometric processes are used for unauthorized access (e.g., unauthorized use of biometrics to log into the account), Lumeca is not responsible. Users are responsible for the safekeeping and security of their mobile devices to prevent unauthorized access.
For additional details on safeguarding yourself while using electronic devices, please refer to Lumeca’s Terms of Use.