← Back to Home

Privacy Policy

Last updated: April 8, 2026

1. Who We Are

Concord Health Inc. ("Concord," "we," "us") operates the clinical trial matching platform at concordhealth.ca. We are a federally incorporated Canadian company. Our Privacy Officer can be reached at andrew@concordhealth.ca.

2. What This Platform Does

Concord is an informational tool that helps patients discover clinical trials that may be relevant to their medical situation. It does not determine eligibility, make diagnoses, or provide medical advice. Only a qualified healthcare provider and the trial site can assess eligibility after proper screening.

3. Applicable Laws

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario's Personal Health Information Protection Act (PHIPA). If you are located in Quebec, the provisions of Law 25 (Act respecting the protection of personal information in the private sector) also apply.

4. Information We Collect

Patient Information

  • Contact information (email, name)
  • Age and sex
  • Medical diagnosis and condition details
  • Cancer stage, biomarkers, and prior treatments (if applicable)
  • Performance status (ECOG score)
  • Province, city, and travel preferences
  • Patient goals and preferences for trial participation

Clinician Information

  • Name, email, and clinic affiliation
  • Professional license number (for verification)

Automatically Collected

  • Session tokens (expire after 24 hours)
  • IP address hashes (not raw IP) for security purposes
  • Consent records with timestamps

5. How We Use Your Information

  • Trial matching: We compare your medical profile against published clinical trial eligibility criteria from ClinicalTrials.gov to identify potentially relevant trials.
  • Clinician communication: When you choose to share results with your doctor, we send a summary via fax or email to the clinician you designate.
  • eReferral: If your clinician initiates a referral through OCEAN (Ontario's eReferral network), your information is transmitted electronically to the receiving trial site.
  • Service improvement: Aggregate, de-identified data may be used to improve matching accuracy.

6. How We Protect Your Information

  • All data is stored on servers located in Canada (Toronto)
  • Data is encrypted in transit (TLS/HTTPS)
  • Sensitive health fields are encrypted at rest (AES-256-GCM)
  • Authentication uses secure, hashed passwords and time-limited sessions (24 hours)
  • Access is role-based (patient, clinician, admin)
  • We maintain audit logs for compliance purposes

7. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • With your clinician: Only when you explicitly initiate a share
  • With trial sites: Only when your clinician submits a referral on your behalf
  • ClinicalTrials.gov: We retrieve trial data from this public database. No patient data is sent.
  • Email delivery (Resend): Email addresses are processed by our email service provider to deliver notifications
  • Fax delivery (SRFax): Referral documents are transmitted via a HIPAA-compliant fax service
  • Law enforcement: Only if required by law or a valid court order

8. Data Retention

  • Patient health data: Retained for up to 2 years after your last activity, then securely deleted
  • Consent records: Retained for 7 years (PHIPA compliance)
  • Audit logs: Retained for 6 years
  • Session data: Automatically deleted after 24 hours
  • IP address hashes: Deleted after 30 days

9. Your Rights

Under PIPEDA and PHIPA, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Withdraw consent at any time (this may limit our ability to provide the service)
  • Request deletion of your personal information
  • File a complaint with the Office of the Privacy Commissioner of Canada or the Information and Privacy Commissioner of Ontario

To exercise any of these rights, contact our Privacy Officer at andrew@concordhealth.ca. We will respond within 30 days.

10. Consent

Before using the trial matching service, you are asked to provide informed consent acknowledging how your health information will be collected and used. Consent is versioned and recorded with a timestamp for audit purposes. You may withdraw consent at any time by contacting us.

11. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be posted on this page with an updated date. If you have an account, we will notify you by email of significant changes.

12. Contact

Privacy Officer

Andrew Stephen

Concord Health Inc.

andrew@concordhealth.ca

Terms of ServiceHome