Search

Mobile Privacy Policy

Home 9 Privacy Policy 9 Mobile Privacy Policy

Last updated: February 24, 2026

This Privacy Policy explains how CARE Mobile collects, uses, and protects personal and health information when you use the app for clinical documentation.

1. Introduction and Scope

OKAKI CARE Mobile is a secure companion app to the OKAKI Home & Community Care (CARE) platform. You use this app as an authorized member of a home and community care team operating under an active organizational subscription to OKAKI CARE.

The app supports point-of-care documentation during community-based visits, including in clinics, client homes, and remote or rural settings. With OKAKI CARE Mobile, you can:

  • Record vital signs
  • Create chart notes
  • Document immunization records
  • Capture clinical observations in the field
  • Capture optional audio and video recordings to support CliniQuill (OKAKI’s AI Scribe)

You can use the app online or offline. When you are offline, you can continue documenting care. Once Wi‑Fi or cellular connectivity is available, you can securely synchronize your data with the OKAKI CARE electronic medical record (EMR).

This Privacy Policy explains how OKAKI CARE Mobile handles personal and health information within the mobile app. It does not apply to general use of OKAKI websites, which are covered by a separate website privacy policy.

2. Data We Collect

We collect only the information you need to document care and synchronize records with the OKAKI CARE EMR.

Demographic Information

To create and maintain a client chart, you are required to enter:

  • First name
  • Last name
  • Date of birth
  • Gender
  • Personal health number

You may also choose to enter optional demographic information, including:

  • Middle name
  • Email address
  • Home phone number
  • Mobile phone number
  • Business phone number
  • Address

Health Information

Depending on your workflows and what you choose to enter, the app may process:

  • Allergies
  • History of vaccine adverse events
  • Vital sign measurements
  • Clinical chart notes
  • Immunization records
  • Clinical photos (for example, wound images or safety assessments)
  • Audio recordings used for transcription and documentation support
  • Video recordings used for documentation support

If you choose to record audio, OKAKI CARE Mobile creates an encrypted audio file that is stored locally on your device. The audio file is encrypted using AES-256, and the encryption keys are managed within the device’s hardware-backed secure vault until you choose to sync. When you sync while online, media files (including audio recordings and photos) are transmitted securely to OKAKI’s Mobile Web API and then to OKAKI’s secure Azure-based Services and Utilities (ASU) environment in Canada.

Within this secure integration environment, media objects are sanitized and processed. Audio recordings are transcribed using Microsoft Azure Speech to Text (Canadian regions). After processing:

  • Clinical images are transmitted to the CARE EMR and may also be transmitted to CliniQuill to support documentation workflows.
  • Transcripts generated from audio recordings are transmitted only to CliniQuill.
  • Videos are transmitted only to CliniQuill.

CliniQuill does not send results back into CARE Mobile and does not write anything directly into the CARE EMR.

3. Why We Collect This Information

We collect the minimum information necessary to help you:

  • Create and maintain accurate client charts
  • Replace paper-based notes in community or offline settings
  • Complete documentation more efficiently and accurately
  • Reduce administrative burden
  • Support better care coordination and continuity of care

For example:

  • Demographics help ensure documentation is linked to the correct client record
  • Vitals, chart notes, and immunization records allow information to be added to the client’s EMR
  • Photos allows you to scan vaccine 2D barcodes or document clinical observations
  • Audio recordings allow you to capture client encounter audio and/or staff dictation for transcription and documentation support when you sync online
  • Videos allow you to capture the client encounter visually for documentation support when you sync online

3A. How We Use Health Data

We process health information only to support clinical documentation and care delivery within authorized home and community care organizations.

Your health data:

  • Is used only to provide the core functionality of the OKAKI CARE platform
  • Is never sold
  • Is not used for advertising, marketing, or profiling
  • Is shared only as necessary to deliver clinical documentation services on behalf of your organization

Important Medical Disclaimer

OKAKI CARE Mobile is a clinical documentation and record-keeping tool. It is not a medical device and is not intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease. It does not provide medical advice, diagnosis, or treatment, and it is not intended to replace the clinical judgment of a licensed healthcare provider.

OKAKI CARE Mobile is used solely to collect, document, and transmit clinical information entered by authorized home care team staff.

4. How Your Data Is Used

You can collect data while you are online or offline.

  • When you are offline, local application data (including clinical entries and media) is encrypted using AES-256, with encryption keys managed in the device’s hardware-backed secure vault
  • When connectivity is available, you decide when to sync your data
  • Once synced, your documentation is added to the appropriate fields in the client’s EMR
  • After a successful sync, clinical health data (including chart notes, immunizations, vitals, and media) is permanently removed from your device. Limited demographic information may be retained locally to support a persistent patient list and provider workflow.

You remain in control of when documentation is submitted to the EMR.

5. App Permissions

Immediately after you enter your username and password for the first time, CARE Mobile displays a prominent disclosure explaining how local storage, and the optional use of the camera and microphone, support clinical documentation. To use the app, you must acknowledge and accept the local storage conditions and acknowledge the potential use of the camera and microphone. If you do not agree to all three items (local storage, camera, and microphone), you cannot use the app.

Local Storage: Local application data; including clinical entries and media, is encrypted using AES-256, with encryption keys managed in the device’s hardware-backed secure vault until synchronization occurs.

We request only the permissions needed to support clinical documentation.

Camera

You may grant camera access so you can:

  • Scan vaccine vial 2D barcodes
  • Capture clinical images such as wound photos
  • Capture videos such as mobility assessments

Microphone

You may grant microphone access if you choose to record audio and/or video to support charting and CliniQuill.

  • Audio is captured only when you actively start an audio recording or video
  • Audio and video recordings are encrypted
  • using AES-256 and stored locally on the device, with encryption keys managed in the device’s hardware-backed secure vault, until you sync (see Section 8 for details)
  • After secure processing in OKAKI’s integration environment, transcripts from the audio files may be sent to CliniQuill for documentation generation

Important: Transcription occurs after you sync while online (Wi‑Fi or cellular data is required).

The app does not access your contacts or email. If you choose, you can upload images, videos, and audio files by selecting them from your device; we only access the specific files you select.

If you upload an audio or video file, it is stored locally on your device and encrypted using AES-256, with encryption keys managed in the device’s hardware-backed secure vault, until you sync. When you sync while online, the encrypted file is transmitted securely through OKAKI’s Mobile Web API to the secure Azure-based Services and Utilities (ASU) environment for sanitization. Audio files are transcribed using Microsoft Azure Speech to Text.

6. Data Storage, Retention, and Residency

Offline Storage

When you work offline, local application data is encrypted using AES-256, with encryption keys managed in the device’s hardware-backed secure vault, so you can continue documenting care without an internet connection. To minimize the local footprint, all clinical health data—including immunizations, vital signs, media, and chart notes—is purged from the device immediately following a successful sync. Limited demographic data may be retained locally to support a persistent patient list and provider workflow.

Synchronization and Device Purge

When connectivity is available, you decide when to sync your data.

  • Once synced, your documentation is added to the appropriate fields in the client’s EMR
  • After a successful sync, clinical health data included in the sync is permanently deleted from your device. Limited demographic information may continue to be stored locally to maintain a persistent patient list.

EMR Retention

Records stored in the CARE EMR are retained according to your organization’s policies and applicable health information laws.

Data Residency

We design OKAKI CARE Mobile and its transcription services to support Canadian health information privacy requirements. Audio recordings and clinical images transmitted for processing, and the resulting transcripts, are handled within Canadian-based cloud infrastructure.

We use Microsoft Azure because it offers Canadian regions, and our services are configured so that transcription data remains in Canada.

For additional details about transcription workflows and CliniQuill processing, see Section 8.

7. Security

Certified Security & Compliance

OKAKI prioritizes the protection of sensitive health data through a rigorous, audited security framework:

  • ISO/IEC 27001:2022 Certified: Our Information Security Management System (ISMS) is independently audited and certified to international standards.
  • Encryption at Rest and In Transit: Personal health information (PHI) is encrypted at rest and in transit using industry-standard encryption (AES-256 at rest and TLS 1.2+ in transit, including TLS 1.3 where supported).
  • Canadian Data Residency for Media Processing: Audio recordings and clinical images transmitted for processing, and the resulting transcripts, are handled within Canadian-based infrastructure and are configured to remain in Canada (see Section 6 and Section 8 for details).
  • Local Encryption and Key Management: When you work offline, local application data is encrypted using AES-256, with encryption keys managed in the device’s hardware-backed secure vault. Clinical health data is automatically purged from the device once it is successfully synced, while limited demographic data may be retained locally to maintain a persistent patient list.
  • Comprehensive Audit Logging: Access, entry, and synchronization events are logged to support security monitoring, transparency, and regulatory accountability.
  • Privacy First: We design the app to support compliance with Canadian health information privacy laws (including PHIPA/HIA). The app uses native platform media pickers so it only accesses the specific images or audio files you choose to upload.

Authentication and Access Controls

You sign in using your authorized OKAKI CARE organizational account. We apply access controls and password security requirements consistent with healthcare industry standards.

Your access is limited to the CARE facility or facilities you are authorized for and to the functions allowed by your assigned role.

Offline Access

When you use the app offline, you must unlock it using a minimum four-digit PIN that you set while online.

Session Security and Device Practices

To further protect your data, the app automatically locks after 90 minutes of inactivity. When this happens, no data is visible and you must re-authenticate to continue:

  • Enter your PIN when offline
  • Enter your account password when online

While we secure the app itself, the security of information on your device also depends on how you use and protect that device. You are responsible for following your organization’s mobile device policies.

At a minimum, we strongly recommend (and your organization may require) that you:

  • Enable biometric authentication (Face ID, Touch ID, fingerprint) or a strong device passcode
  • Never leave your device unattended while the app is open
  • Immediately report a lost or stolen device to your local IT administrator and to helpdesk@okaki.com so your access can be revoked

 

8. Media Processing and CliniQuill Integration

If you choose to capture clinical photos or record audio within CARE Mobile, those media files are encrypted and stored locally on your device, with encryption keys managed in the device’s hardware-backed secure vault, until you initiate synchronization.

When you sync while online:

  • Media files are transmitted securely through OKAKI’s Mobile Web API to OKAKI’s secure Azure-based Services and Utilities (ASU) environment hosted in Canadian regions.
  • Within this environment, media objects are sanitized and processed.
  • Audio recordings are transcribed using Microsoft Azure Speech to Text.

After processing:

  • Clinical images are transmitted to the CARE EMR to ensure the client record is complete and may also be transmitted to CliniQuill to support documentation generation.
  • Transcripts generated from audio recordings are transmitted only to CliniQuill.
  • Video files are sent directly to CliniQuill.

CliniQuill does not write information directly into the CARE EMR and does not send documentation back to the mobile app. Any documentation generated using CliniQuill must be reviewed and manually incorporated into the client record by authorized staff.

All processing occurs within Canadian-based infrastructure configured to support Canadian health information privacy requirements.

CliniQuill and any supporting service providers act solely on OKAKI’s behalf and are contractually prohibited from retaining, reusing, selling, or disclosing information beyond the delivery of the contracted service.

CliniQuill operates under a separate privacy policy that governs how information is processed, retained, and protected within that system.

9. Your Rights

You access CARE Mobile through your home and community care organization. Requests to access, correct, or delete personal information are managed by your organization in accordance with applicable laws and agreements.

We support organizational administrators in responding to privacy‑related requests.

10. Account Deletion and Data Requests

You can request deletion of your user account at any time.

How to Request Deletion

To protect patient records and meet regulatory requirements, account deletion requests are handled by the OKAKI Helpdesk.

You may request deletion by:

  • Calling 1‑877‑MYOKAKI (1‑877‑696‑5254) or +1 587 409‑0031
  • Emailing helpdesk@okaki.com from the address associated with your account with the subject line “Account Deletion Request”

Important Clinical Records Note

Because CARE is a professional healthcare platform:

  • Your user identity information (such as login credentials and contact details) will be removed from active systems
  • Patient records, chart notes, and immunization logs you created are part of the legal medical record and cannot be deleted at an individual user’s request

These records must be retained by the home and community care organization in accordance with Canadian health information laws (such as HIA and PHIPA).

Process and Timeline

  • We verify your identity before processing any request
  • Once verified, your account is deactivated and your personal user data is removed from active systems within 30 days

 

11. Contact Us

If you have questions about this Privacy Policy or how your information is handled, contact us at:

Privacy Team
Email: privacy@okaki.com

Looking for a different privacy policy?

Visit our full Privacy Policies page

Privacy Policies