Privacy policy.

Tables

 

Table 1 - Information that you provide to Lumeca 

Information Provided  Type of Information  Purpose of Collection  Description (how the information is represented in our system) 
Patient User: Name, Email, Phone Number, Address, Date of Birth, Display Picture, Provincial Health Services Number, Gender, Emergency Contact  Clinical User: Name, Email, Phone Number, Date of Birth, Professional License Number, Electronic Signature.  Demographic Information  Used as a method of communication with the individual (email and phone number).  The data elements are unique identifiers of the account holder and the dependent(s). The e-signature would be used by the Clinical User for authorization. 
Used for the security of access to the Lumeca Platform to protect Patient User PI & PHI, and Clinicians' PI. 
To accurately identify the individual to provide access to the Lumeca Platform and coordinate health care services. 
Height, Weight, Allergies, Photographs of Skin Conditions, Reason for Consultation, Chat Message Content  Personal Health Information  To provide accurate health care services to the individual.  The data elements are unique identifiers and health information of the account holder and the dependent(s). These data elements are collected before, during and after the process of a consultation. 
Test Forms, Diagnostic Test Results, ICD Code, Prescriptions, Consent Forms from Doctors, Consultation Notes  To maintain records of consultation for clinical management. 
Family Doctor: Name, Phone Number, Province; Name and Contact Information of Preferred Pharmacy, Other Providers' Names and Contact Information  To co-ordinate with the Clinical User(s) to provide accurate health care services.  The data elements are unique identifiers associated with the Patient Users. 
To maintain the security and safety of all parties involved with the Lumeca Platform. 
Global Positioning System (GPS) Coordinates*  *Only pertains to emergency medical service responder use cases  Personal Information  To locate an individual in order to dispatch emergency response teams to the individual's location for timely care.  The data element is a point-in-time location provided by the individual to the other participants of the call that reflects a specific geographic point by communicating longitude and latitude coordinates to the participants. 
Consent Form  Consent Logging Information  Provision of authority to Lumeca to collect, store, use and retain Personal Information to provide health care services to the individual.  The checkmark beside the consent form for the individual to click to indicate provision of consent. 
To maintain the security and safety of all parties involved with the Lumeca Platform. 
Biometric Data (fingerprints, facial patterns, iris scans, voiceprints, & hand geometry)  Personal Information for authentication  This data is neither collected nor stored. It will solely be used during the authentication process.  The biometric data strictly as a validation method for its mobile applications. Users have the option to utilize their preferred biometric method to open/log in to their account.  
      Access Clipboard information on mobile device          Link for appointments copied to device clipboard  This data is not collected, stored, used, or disclosed.  Clipboard access occurs solely on your device, and the content that is not relevant to your appointment is neither transmitted to our servers nor shared with any third parties. No clipboard information is retained after use. 
  

Table 2 - Information collected and/or stored by Lumeca 

Information Collected  Type of Information  Purpose of Collection  Description (how the information is represented in our system) 
Date/Time of Appointment, Which Users are present, Type of Appointment (Virtual or In-Person; Audio or Video; Synchronous [Real-Time] or Asynchronous)  Clinical Information - Scheduling  To provide accurate and safe health care service.  These data elements are collected during the process of scheduling an appointment with a Clinical User/Patient User through Lumeca. It would allow an individual to gain the health care service(s) requested. 
To maintain the security and safety of all parties involved with the Lumeca Platform. 
To schedule and maintain records of appointments for management and security reasons 
Who Accessed Consultation, Device Data of Patient & Clinical User(s), Duration of Access, IP Addresses, Video Call Data, Phone Call Data, ICD Code  Clinical Information - Encounter Logging  To maintain logs of user access to confirm privacy & security of health information  These data elements are collected during the process of scheduling an appointment with a Clinical User/Patient User through the Lumeca Platform. 
To support billing information processing for remuneration 
To audit in the event of a data breach and routine auditing by trustees/custodians 
Table 3 – Service Suppliers
Service Supplier Country Data Processed Length Stored Safeguards
Zendesk  United States of America  First Name, Last Name, Device Info, Email, Phone  12 months – Ticket Reporting SLAs  Encryption; ‘Do not share PHI’ warnings at all points of tech support ‘Contact Us’ pages; No PHI collected or disclosed; Lumeca contracted and employed Customer Support Managers sign annual Confidentiality Oaths & commit to all SOC2 safeguards. 
Daily  United States of America  Masked IP addresses, where the last two octets are removed example of masked IP address: 192.168.xxx.xxx. Also collects call metrics and logs.  2 weeks   No PHI or PI are included. These elements are used for de-bugging purposes only.