Search

CARE EHR Privacy Policy

Home 9 Privacy Policy 9 CARE EHR Privacy Policy

Last updated: March 14, 2026

INTRODUCTION

Okaki Health Intelligence Inc. (Okaki) is a Canadian health informatics company. We build and operate the Community Assessment, Response and Empowerment (CARE) platform — a secure electronic health record and clinical documentation system designed for First Nations and Indigenous home and community care programs.

This Privacy Policy explains how we handle personal health information within the CARE platform, including CARE Mobile (our companion app for point-of-care documentation) and CliniQuill (our AI-assisted documentation scribe).

We wrote this policy to be straightforward and easy to understand. If you have questions after reading it, please contact our Privacy Officer — we are happy to help. Contact details are at the end of this document.

Who this policy is for. This policy is for the health care organizations that use CARE, the care providers who use it day-to-day, and anyone who wants to understand how Okaki handles health information on behalf of those organizations. It is also intended to support formal vendor certification and regulatory review processes.

What this policy does not cover. This policy covers how Okaki operates the CARE platform. It does not cover the privacy practices of the health organizations that use CARE — each of those organizations is responsible for its own privacy policies and, where required, its own Privacy Impact Assessment (PIA).

 

KEY TERMS

We use a few specific terms throughout this policy. Here is what they mean:

Custodian means the health care organization that is legally responsible for the health information in CARE. In Ontario, this is called a Health Information Custodian under the Personal Health Information Protection Act (PHIPA). In Alberta, it is called a Custodian under the Health Information Act (HIA). Other provinces use similar terms. In plain language, the Custodian is the health centre or organization that owns and is accountable for their patients’ records.

Authorized User means a person the Custodian has approved to use CARE in the course of delivering health services. In Ontario, these individuals are called agents of the Custodian under PHIPA. In Alberta, they are called affiliates under the HIA. Other provinces use similar terms. Authorized Users can only see and do what their assigned role allows — they cannot access information beyond what they need to do their job, and this is enforced by the system.

Personal Health Information (PHI) means any information about a person that relates to their health or the health care they receive, where that person can be identified. This is a legal term used across Canadian health privacy legislation.

Information Manager means an organization that handles health information on behalf of a Custodian to provide a service. Okaki acts as an Information Manager for each Custodian that uses CARE. This means we follow the Custodian’s direction — we do not use health information for our own purposes.

Information Manager Agreement (IMA) means the written contract between Okaki and each Custodian that sets out our mutual privacy and security obligations. Every organization that uses CARE signs an IMA before going live.

CARE Mobile means our secure mobile app for iOS and Android that lets care providers document care in the field, including when they are offline.

CliniQuill means Okaki’s AI-assisted documentation tool that uses audio transcripts and other media to help care providers generate chart notes.

OKAKI’S ROLE — WE WORK FOR THE HEALTH CENTRE, NOT FOR OURSELVES

3.1 What This Means in Practice

Okaki is a technology provider. We build and run CARE, but the health information in the system belongs to the Custodian — not to us. We handle that information only to provide the services the Custodian has contracted us for.

This means:

  • We never use health information for our own purposes.
  • We never sell health information.
  • We do not use health information for advertising, marketing, or to build profiles of patients or providers.
  • We only share health information when the Custodian directs us to, when it is necessary to deliver our services, or when we are required to by law.

3.2 How We Are Held Accountable

Every Custodian that uses CARE signs an Information Manager Agreement (IMA) with Okaki before the system goes live. This agreement sets out exactly what we can and cannot do with health information, and it holds us legally accountable.

We also maintain a Health Information Governance Manual that documents all of our internal privacy and security policies and procedures. This manual is available to any Custodian upon request.

Okaki has a designated Privacy Officer who oversees our compliance with privacy laws and is available to answer questions.

3.3 Privacy Laws We Follow

Depending on where a Custodian is located, CARE operates under different provincial privacy laws. Currently, those include:

  • The Personal Health Information Protection Act, 2004 (PHIPA) in Ontario
  • The Health Information Act (HIA) in Alberta
  • The Personal Information Protection and Electronic Documents Act (PIPEDA), where applicable

Where a Custodian serves a First Nations community, we also design and operate CARE in a manner consistent with the Ownership, Control, Access and Possession (OCAP) principles for First Nations data governance.

As Okaki expands into new provinces, we will update this policy to reflect the applicable legislation in each jurisdiction.

WHAT INFORMATION WE HANDLE

Okaki only handles health information that Authorized Users enter into CARE in the course of delivering care. We do not collect health information directly from patients.

Here is what may be in the system, depending on what care providers enter:

4.1 Registration and Demographic Information

This is the basic information needed to create and maintain a client record, such as name, date of birth, gender, address, phone number, email address, Personal Health Number, Treaty Number (where applicable), and emergency contact information.

4.2 Clinical Health Information

This is the health information that care providers document during visits and assessments, including allergies and adverse reactions, medical history and chronic conditions, vital signs, medications, diabetes assessments, immunization records, homecare and safety assessments, wound care documentation, care plans, and chart notes. Clinical photographs, audio recordings, and video recordings may also be captured where an Authorized User chooses to use those features.

4.3 Administrative and Operational Information

This includes information that supports the day-to-day running of the care program, such as appointment records, homecare equipment records, service tracking, referral letters, scanned documents, and correspondence generated from the client record.

4.4 Audit and System Information

Every action taken in CARE is automatically logged — who accessed a record, when, what they did, and why (in cases where a reason is required, such as accessing a masked note). These logs are accessible to Program Managers and System Administrators and support accountability and compliance obligations.

4.5 What We Do Not Collect

CARE does not collect financial or billing information — no patient billing takes place in the programs CARE supports. Health information is never collected directly from patients; it is always entered by an Authorized User on behalf of the Custodian.

WHY WE HANDLE THIS INFORMATION

We handle health information only to help Authorized Users deliver better, more coordinated care and to give health organizations the tools they need to manage their programs effectively.

Specifically, we use the information to:

  • Help care providers create and maintain accurate client records.
  • Support documentation at the point of care, including during home visits and in areas without internet access.
  • Make sure the right information is available to the right people at the right time, based on their role.
  • Help health organizations track chronic disease management and homecare programs at a population level.
  • Generate letters, referrals, and correspondence using information already in the client record.
  • Support the optional submission of interRAI assessment data to the Canadian Institute for Health Information (CIHI) for national homecare reporting, where the Custodian has agreed to do so.
  • Back up all information securely so it is never lost.
  • Maintain detailed audit logs so the Custodian can monitor who is accessing health information and why.

We never use health information for research, to improve our own products, for advertising, or for any purpose that goes beyond delivering the services the Custodian has contracted us for.

HOW INFORMATION MOVES THROUGH CARE

6.1 Day-to-Day Use

When a care provider logs into CARE, they are authenticated using their organizational credentials. Once in the system, they can only see and do what their assigned role permits.

All information entered into CARE is sent securely to Okaki’s servers using strong encryption. Once there, it is stored in encrypted form. If a care provider is working in CARE Mobile while offline, their documentation is encrypted and stored securely on their device until they reconnect and sync. After a successful sync, all clinical health data is permanently deleted from the device — only limited demographic information (like the client list) may remain locally to support ongoing workflows.

Every access event — every time someone views, creates, edits, or deletes a record — is automatically captured in the audit log.

6.2 Clinical Photos, Audio, and Video — How They Are Processed

If a care provider chooses to capture a clinical photograph, record audio, or record video within CARE Mobile, here is exactly what happens:

The file is encrypted and stored on the device until the provider syncs. When they sync while online, the file travels securely through Okaki’s systems to our secure Microsoft Azure environment in Canada, where it is processed.

  • Audio recordings are transcribed using Microsoft Azure Speech to Text (Canadian regions). The transcript is then sent to CliniQuill to help generate a chart note draft.
  • Clinical images are sent to the CARE record and may also be sent to CliniQuill to support documentation.
  • Video recordings are sent to CliniQuill to support documentation.

CliniQuill does not write anything directly into the CARE record and does not send anything back to the mobile app. Any documentation it generates must be reviewed and manually added to the client record by an Authorized User.

CliniQuill and any service providers that support it are contractually prohibited from keeping, reusing, selling, or sharing information beyond what is needed to deliver the service. CliniQuill has its own privacy policy that governs how it handles information within that system.

6.3 Provincial Integrations — Alberta Only

The following integrations are available only to organizations in Alberta, and only where the required authorizations and agreements are in place:

Pharmaceutical Information Network (PIN) Real-Time Integration (RTI) Authorized Netcare users can view read-only medication and prescription information from Alberta’s PIN directly within CARE. Accessing PIN through CARE requires the same two-factor authentication as the Netcare web portal. Nothing is written back to PIN from CARE.

CII CPAR eNotifications Authorized health care providers and program managers can receive read-only notifications about key health events for their paneled patients — such as emergency room visits or hospital admissions — through the Clinical Information Integration / Client and Provider Administration Registry (CII CPAR).

Integrated Alberta Netcare Portal Authorized Netcare users can open the Alberta Netcare Portal in a separate encrypted browser window directly from CARE, using their Netcare credentials.

All Alberta provincial integrations follow the requirements of the Health Information Act and the applicable data sharing agreements.

6.4 Integrated interRAI Reporting System (IRRS) — National

CARE includes an IRRS module that allows Authorized Users to complete interRAI Homecare and interRAI Contact Assessments and, where applicable, submit that data to CIHI for national homecare reporting.

Submission to CIHI is entirely optional and is triggered manually by the care provider for each individual assessment. A Custodian can only submit data to CIHI if their organization has a data sharing agreement in place with CIHI — Okaki is not a party to that agreement. Once submitted, data held by CIHI is governed by federal privacy law, which prevents it from being shared with anyone other than the individual the record is about.

WHERE WE STORE YOUR INFORMATION AND HOW LONG WE KEEP IT

7.1 All Data Stays in Canada

All health information in CARE is stored and processed entirely within Canada. We never send health information outside the country.

Our primary servers are physically located at the Rogers data centre in Edmonton, Alberta. Encrypted backups are stored at a secondary off-site facility, also in Alberta. Both locations are locked, access-controlled environments — only designated Okaki technical staff can get in.

Audio and video processing for CARE Mobile takes place in Microsoft Azure’s Canadian regions and is configured to stay within Canada.

7.2 How Long We Keep Information

We keep health information for as long as the Custodian’s IMA requires. Each Custodian is responsible for setting a retention schedule that meets the requirements of their provincial legislation.

In Ontario, adult client records must be kept for at least ten (10) years from the date of the last entry. For minors, records must be kept for ten (10) years from the last entry, or until two (2) years after the person turns 18, whichever is longer.

In Alberta, disclosure records and system logs must be kept for at least ten (10) years.

7.3 When a Custodian Ends Their Subscription

If a Custodian decides to stop using CARE, we want to make sure the transition is handled responsibly and that health information is protected throughout.

Here is what Custodians can expect:

Your data belongs to you. Health information in CARE always remains under the legal custody and control of the Custodian. When a subscription ends, we will work with the Custodian to return their data in a usable format within a mutually agreed timeframe.

We do not hold data indefinitely. Once a Custodian confirms they have received their data and no longer require access, we will securely destroy all remaining copies of their health information from our systems — including backups. We will provide written confirmation when this is complete.

Legally required records are handled appropriately. Some audit logs and system records may be subject to mandatory retention periods under provincial health information legislation regardless of subscription status. Where this applies, we retain only what is legally required, for only as long as required, and destroy it securely once the retention period expires.

We will support the transition. We understand that moving away from an electronic health record system requires careful planning. Our team will work with the Custodian to support a smooth transition and ensure continuity of care is not disrupted.

HOW WE KEEP INFORMATION SAFE

Protecting health information is one of our most important responsibilities. Here is how we do it.

8.1 We Are ISO/IEC 27001:2022 Certified

Our Information Security Management System is independently audited and certified to the ISO/IEC 27001:2022 international standard. An independent third-party auditor reviews our risk register and security controls every year as part of this certification.

8.2 We Encrypt Everything

  • Information stored on our servers is encrypted using AES-256.
  • Information travelling between CARE and our servers is protected using TLS 1.2 or higher with AES-256 encryption.
  • Information stored on a mobile device while offline is encrypted using AES-256, with the encryption keys held securely in the device’s hardware-backed vault.
  • All backups are encrypted with AES-256 before they leave our primary servers.

8.3 Our Data Centre Is Physically Secure

The Rogers data centre in Edmonton where our servers live is monitored around the clock, every day of the year. Access requires a biometric scan and keycard, and our servers sit in individually locked cabinets that only designated Okaki staff can open. The facility meets Tier 3 standards for fire safety and power and internet redundancy, and holds SOC 2, SSAE 16, CSAE 3416, ISAE 3402, and PCIDSS certifications.

When Okaki staff need to connect to our servers remotely, they do so over an encrypted VPN using Microsoft Active Directory authentication — there is no open internet access to our hosting environment.

8.4 We Control Who Can Access What

  • Every user has their own unique username and password — shared accounts are not permitted.
  • Multi-factor authentication (MFA) is required for every login to the CARE desktop application.
  • Role-based access controls mean each user can only see and do what their role requires.
  • The CARE desktop application automatically locks after 30 minutes of inactivity. CARE Mobile locks after 90 minutes of inactivity, requiring a PIN (offline) or account password (online) to unlock.
  • When a staff member leaves an organization, the Custodian notifies us and we revoke their access immediately.

8.5 We Log Everything

Every action taken in CARE is automatically recorded in the audit log — who did it, when, what record was affected, and what they did. This gives the Custodian a complete and reliable record of all activity in the system, which supports accountability under privacy legislation.

8.6 Our Staff Are Trained and Vetted

  • Every Okaki employee, contractor, and volunteer goes through a criminal record check before they start.
  • Everyone signs a Confidentiality and Non-Disclosure Agreement that remains in effect even after they leave.
  • All staff are trained on their privacy and security obligations when they start and every year after that.
  • Staff can only access information they need to do their specific job.

WHEN WE SHARE INFORMATION — AND WHEN WE DO NOT

We do not share health information except in these three situations:

  1. When the Custodian directs us to — for example, when information needs to be submitted to CIHI through the IRRS module.
  2. When it is necessary to deliver our services — for example, transmitting audio files to Microsoft Azure for transcription, or sending media to CliniQuill for documentation support.
  3. When we are required to by law.

Any third-party service provider we work with to deliver CARE is bound by contract to keep health information confidential, use it only for the agreed purpose, and never sell or re-use it.

We do not share health information with Indigenous Services Canada or any other government body unless the Custodian specifically directs us to and applicable law permits it. Right now, no health information from CARE is routinely shared with any provincial or federal government body. If that ever changes, we will update this policy before any new sharing begins.

PATIENT AND CLIENT RIGHTS

If you are a patient or client of a health centre that uses CARE and you want to access, correct, or ask questions about your own health information, please contact your health centre directly. The health centre — as the Custodian — is responsible for responding to those requests under privacy law.

Okaki does not hold health information in our own right and cannot fulfill individual access or correction requests directly. If we hear from a patient directly, we will point them to the right place.

IF THERE IS A PRIVACY BREACH

We take privacy breaches seriously and have a clear process for handling them.

If we become aware of an actual or suspected breach involving health information in CARE, we will notify the affected Custodian right away. The Custodian is then responsible for assessing the risk, notifying affected individuals if required, and reporting to the applicable privacy regulator — such as the Information and Privacy Commissioner of Ontario or the Office of the Information and Privacy Commissioner of Alberta — in accordance with their provincial legislation.

We will cooperate fully with the Custodian throughout their investigation and response.

If a breach involves Okaki’s own systems or staff, we manage it through our internal breach response process and escalate immediately to our Privacy Officer and senior management.

PRIVACY IMPACT ASSESSMENTS

A Privacy Impact Assessment (PIA) is a formal review of how a system handles health information and whether it complies with privacy law. We have completed PIAs for CARE in each province where it is deployed:

  • Alberta: Submitted to the Office of the Information and Privacy Commissioner of Alberta (OIPC) under the Health Information Act.
  • Ontario: Completed under PHIPA and aligned with applicable Ontario certification and regulatory requirements. Participating Custodians in Ontario submit this PIA as part of their own regulatory obligations.

We review and update our PIAs at least once a year, whenever we make significant changes to CARE, when privacy laws change, or when we add new features, integrations, or data elements. If we expand into new provinces, we will complete a PIA for each new jurisdiction before going live.

Each Custodian is responsible for reviewing and accepting the applicable PIA for their jurisdiction and for maintaining their own organizational privacy policies.

WE ARE OPEN ABOUT WHAT WE DO

We believe health organizations and the people they serve have a right to know how health information is being handled. This policy is publicly available on our website.

If you are a Custodian and want more detail — including our Health Information Governance Manual or Privacy and Security Charter — just ask. We are happy to share that documentation.

Our Privacy Officer is available to answer any questions about this policy or how CARE handles health information.

WE KEEP THIS POLICY UP TO DATE

We review this policy at least once a year. We will also update it whenever we make significant changes to CARE, when privacy laws change, or when we expand into new provinces or add new features. The “last updated” date at the top of this page will always reflect the most recent version.

CONTACT US

If you have questions or concerns about this Privacy Policy or how health information is handled within the CARE platform, please reach out to us:

Privacy Officer — Okaki Health Intelligence Inc.

Email: privacy@okaki.com

Phone: 1-877-MYOKAKI (1-877-696-5254) | +1 587 409-0031

Mailing Address: PO Box 84210, Market Mall, Calgary, AB T3A 5C4

 

If you are a patient or client of a health centre that uses CARE and have questions about your own health information, please contact your health centre directly. Your health centre is responsible for handling access and correction requests — not Okaki.

 

Looking for a different privacy policy?

Visit our full Privacy Policies page

Privacy Policies