MI Health ("we", "us") provides an application that lets you store your personal health information and share the medical portion of it with health-care providers you explicitly authorize. This policy explains what we collect, how we use it, and the choices you have. We treat your health information as sensitive personal information under Canadian privacy law (including PIPEDA and Ontario's PHIPA where applicable).
Information we collect
- Account information: your email address and a securely hashed password.
- Identity & contact details: name, date of birth, gender, address, and (if you choose to enter them) attributes such as ethnicity and occupation.
- Health information: Ontario Health Card number, medical history and conditions, allergies, current medications, and lifestyle information.
- Insurance & emergency contacts: insurance provider and policy details, and the emergency contacts you add.
- Access records: a log of when a provider you authorized accessed or updated your medical records, including a timestamp and the provider's identity, for your transparency.
You provide this information directly. The Health Card scanner processes card images on your device to fill in fields; the image itself is not uploaded.
How we use your information
- To operate the app and store your health profile so it is available to you.
- To share the medical portion of your profile (and your name) with a clinic only after you grant that clinic access by scanning its QR code and confirming with Face ID.
- To notify you when an authorized provider accesses your records.
- To secure the service and maintain the access audit log.
We do not use your health information for advertising, and we do not sell it or share it with data brokers or advertising networks.
What providers can and cannot see
When you grant a clinic access, that clinic can view and update your medical history, allergies, and current medications, and can see your name so staff can find your record. Clinics cannot see your date of birth, Health Card number, address, insurance information, or emergency contacts. Access lasts until it expires or until you revoke it.
Sharing & disclosure
We share your information only: (a) with health-care providers you explicitly authorize; (b) with service providers that host our infrastructure, under confidentiality obligations; or (c) where required by law. We do not otherwise disclose your information.
How we protect your information
- All data in transit is encrypted using TLS.
- Your session credential is stored in the device Keychain and can be protected by Face ID / device passcode.
- Access to your medical records by providers is authenticated and recorded in an audit log.
Your rights and choices
- Access & correct: view and edit your profile at any time in the app.
- Revoke access: withdraw a clinic's access at any time from Settings.
- Delete your account: permanently delete your account and associated health data from within the app (Settings → Delete Account).
Data retention
We retain your information for as long as your account is active. When you delete your account, your health profile, insurance, emergency contacts, and access grants are deleted. Audit-log entries may be retained in anonymized form to maintain a tamper-evident record of past access, as required for health-data safeguards.
Children
MI Health is not directed to children and is intended for users aged 16 and older.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the "Last updated" date above.
Contact us
Questions about this policy or your data? Contact privacy@mihealth.milent.me.
MI Health is a personal health-information tool and is not a medical device or a substitute for professional medical advice.