Patient Terms of Use

Effective Date: 10/29/2025

Last Updated Date: 10/29/2025

Version: 1.0

These Terms of Use (“Terms”) govern your use of the HEAL Access platform (“Platform”) when your healthcare provider, clinic, or health organization (“Organization”) sponsors your access.

By using the Platform, you acknowledge that you have read and agree to these Terms and provide your consent to the processing of your personal and health information as described in the Patient Consent Form.

Definitions

For clarity, the following terms are used throughout these Terms:

“Platform” – The HEAL Access digital platform, including web and mobile applications, providing communication tools, health assessments, AI-powered features, and related services.
“Organization” – The healthcare provider, clinic, or health organization that has sponsored your access to the Platform and remains responsible for your medical care.
“Patient” / “You” – The individual user of the Platform, whether accessing through a Organization sponsorship or independently.
“Organization Originated Data” – Health information entered the Platform by your Organization or its authorized providers (e.g., medical notes, test results, referrals).
“Patient Originated Data” – Information you provide directly, such as self-reported symptoms, uploaded documents, or AI conversations.
“Data Custodian/Controller” – Your Organization, which is legally responsible for Organization-Originated Data under applicable privacy laws (e.g., PHIPA, HIA, FIPPA, GDPR).
“Processor/Information Manager” – HEAL Access, which processes Organization-Originated Data on behalf of your Organization in compliance with applicable laws.
“AI Features” – Artificial intelligence tools within the Platform that may generate health insights, summaries, or suggestions, but do not provide medical advice.
“Personal Data Access” – The built-in feature that allows you to control whether your Patient-Originated Data is processed by AI for personalized responses.
“Subprocessors” – Third-party service providers contracted by HEAL Access to deliver technical services (e.g., hosting, identity management, AI infrastructure).

1. About the Platform

The Platform is a digital health tool provided through your Organization.
It enables secure communication with your care team, access to health assessments and care plans, and AI-powered features to help you better understand your health.
HEAL Access does not provide healthcare, medical advice, diagnosis, or treatment.
Your Organization and its healthcare providers remain fully responsible for your medical care, treatment decisions, and clinical outcomes.
For emergencies, call 911 or your local emergency services immediately. Do not use the Platform for emergency situations.

2. Eligibility & Account Ownership

You must be at least 18 years old to create and manage your own account.
If under 18, you may use the Platform only with parental/guardian consent or as authorized by your healthcare provider under applicable healthcare consent laws.
Your account is personal to you. It is not owned or controlled by your Organization.
Your account is linked to your organization and will be permanently deleted if the organization’s contract with HEAL Access ends or your association with the organization is terminated. Any information already shared with your Organization will remain part of their record.

3. Account Security

Keep your login credentials secure and confidential.
Accounts are non-transferable and may not be shared.
Multi-factor authentication (MFA) may be required.
If you suspect unauthorized access, contact both your Organization and HEAL Access at info@healaccess.com.

4. Data Privacy & Processing

4.1. Who Controls Your Data

Organization originated data (e.g., clinical notes, test results, referrals): your Organization acts as custodian/controller under privacy laws.
Patient originated data (e.g., AI chats, self-reported symptoms, uploaded documents): controlled by you.
Assessment data collected through the Platform is shared automatically with your Organization.
AI chats and self-entered notes remain private to you and are not visible to your Organization.
The Platform does not currently support patient document uploads. Future features may expand sharing options, but you will always be notified and able to control what is shared.

4.2. Where Data is Stored

Your data is hosted in secure cloud infrastructure located in the region chosen by your Organization (e.g., AWS Canada Central, AWS US East, or another supported region).
Data is encrypted in transit and at rest.

4.3. Cross-Border Access

Occasionally, HEAL Access technical staff outside the country of use may access data for technical support, system maintenance, or emergency troubleshooting.
Any such access is strictly controlled, encrypted, logged for audit, and limited to the minimum necessary.
No persistent storage of your personal health information occurs outside your Organization’s selected region without explicit Organization authorization.

4.4. Data Use

Data is used only to deliver Platform services to you and your Organization.
Your health information is never used to train AI models without your explicit consent.
De-identified, aggregated data may be used internally by HEAL Access for system monitoring and improvement.

5. AI-Powered Features

5.1. What AI Does

The Platform may provide:
- Summaries of health information
- Symptom understanding and next-step suggestions
- General health insights and reminders
- Predictive or risk assessments (if enabled/shared by your Organization)

5.2. AI Limitations

AI outputs are advisory only and not medical advice.
AI may not account for complete medical history or Organizational context.
AI outputs may contain errors, limitations, or bias.
All medical decisions must be validated by your licensed healthcare provider.

5.3. AI Consent & Toggle

You control whether AI may use your personal data via a built-in Personal Access Data toggle in your account settings.
When Personal Data Access toggle is ON, AI can access your personal data to generate personalized responses.
When Personal Data Access is OFF, AI will provide only generic responses and will not use your personal data.
You can change this setting anytime.

5.4. Sharing AI Data with Your Organization

When you complete a health assessment, symptom questionnaire, or clinical survey assigned by your Organization, your responses are automatically shared with your care team. This sharing enables your providers to review your results and provide appropriate care.
Conversations with AI features are private and are not shared with your Organization. These interactions remain under your control only.
Depending on how your Organization has configured the Platform, certain wellness data (such as activity tracking, vitals, mood logs, or health journals) may be shared with your care team. You can review your sharing preferences in your account settings.
Any information that you choose or agree to share with your Organization becomes part of your medical record and is governed by your Organization’s custody and retention policies.

6. Rights, Deletion & Account Status

6.1. Access & Correction

You may request access to your data and corrections to inaccurate information.
Requests related to Organization originated data should be directed to your Organization.
Requests related to patient-originated data (such as account information, contact details, or AI chat history) may be made directly to HEAL Access as the data processor.
All requests will be processed in accordance with applicable privacy and healthcare record retention laws.

6.2. Account Deletion:

Patients may request deletion of their account at any time, even if sponsored by their Organization.
Deletion requests will be completed within 30 days, depending on technical and backup requirements.
Account deletion is permanent and cannot be undone.
Any information already shared with the Organization will remain part of the Organization’s medical record and cannot be deleted.
Independent or unshared data will be securely deleted.
If the Organization’s agreement with HEAL Access ends, all associated patient accounts will be deleted according to the Organization’s retention and transition procedures.

6.3. Data Portability:

Patients may request their data in a structured, electronic format for their own records or to share with another healthcare provider of their choice.

7. Acceptable Use

You may use the Platform only for lawful, health-related purposes. You agree not to:

Share your account with others.
Upload malicious content or software.
Misuse AI features for non-health purposes.
Attempt unauthorized access to other users’ data.
Harass or abuse providers or other users.

8. Platform Availability & Support

HEAL Access strives to maintain high availability but does not guarantee uninterrupted service.
Scheduled maintenance will be communicated in advance.
Technical support is available via Service Portal.

9. Subprocessors & Third Parties

HEAL Access uses trusted third-party service providers such as:
- Amazon Web Services (AWS) (hosting)
- Microsoft Entra ID (identity/security)
- AI model providers via AWS Bedrock
All subprocessors are contractually bound to strict privacy and security requirements.

10. Disclaimers & Liability

The Platform is provided “as is” without warranty.
HEAL Access is not responsible for medical decisions, diagnoses, or outcomes.
AI outputs are for informational purposes and must be clinically validated.
HEAL Access’s liability is limited to direct damages where legally required and excludes indirect or punitive damages.

11. Governing Law

These Terms are governed by the laws of the province/state where you reside, subject to applicable federal and provincial health privacy laws (HIPAA, PIPEDA, PHIPA, HIA, FIPPA, Law 25, GDPR).

12. Contact Information

For questions or support:

Email: info@healaccess.com
Service Portal: https://healaccess.atlassian.net/servicedesk/customer/portal/3

Patient Terms of Use

A HEAL Group Company