Legal
PHIPA Addendum
Published: June 20, 2026 · Customer-review version; effective only when signed or incorporated
1. Status and Scope
This PHIPA Addendum is for Ontario tenant businesses that may be health information custodians, or that handle personal health information through Merba, and need written service-provider terms for PHIPA-oriented use. It supplements the Terms, Privacy Policy, and DPA. It is not a signed contract by itself unless Merba and the customer execute it or incorporate it into an agreement.
Merba does not decide whether a tenant is a health information custodian or whether a record is personal health information. The tenant must make that determination with qualified counsel or professional guidance.
2. Roles and Instructions
When a regulated tenant uses Merba to store or process personal health information, Merba acts as a service provider supporting the tenant's purposes. The tenant remains responsible for consent, notices, privacy contact, access and correction decisions, staff authorization, professional retention rules, and complaint handling.
Merba will process PHI-capable records only to provide, secure, support, audit, approve, export, retain, delete, or troubleshoot the Service, or as otherwise required by law. Those records are handled through protected platform workflows, not through ad, market, or media-generation AI features.
3. PHI-Capable Records
PHI-capable records can include chart notes, treatment notes, appointment notes, intake content, approvals, signatures, chart PDFs, client profiles, appointment history, invoices, and notification content when a tenant uses those fields for health-related services.
Tenants should avoid entering PHI into ad prompts, public booking descriptions, SMS subject-like text, support messages, or other fields not intended for charting or regulated records.
4. Safeguards, Auditability, and AI Boundary
- Tenant-scoped access using authenticated memberships, roles, permissions, and plan gates.
- Audit logging for selected chart and client-profile access, creation, update, deletion, and denied attempts.
- Audit metadata sanitization so logs do not intentionally duplicate note content, contact details, or signatures.
- Deterministic processing for charting, approvals, exports, appointment context, invoices, notifications, and related operational records.
- Provider-boundary controls that keep PHI-labeled payloads out of host AI provider calls.
Merba does not intentionally route chart notes, clinical records, chart PDFs, approval signatures, payment card details, or broad client lists into ad generation, market intelligence, public marketing workflows, or third-party model training.
5. Breach, Access, Correction, and Retention Support
If Merba becomes aware of unauthorized access, disclosure, loss, or misuse involving PHI-capable records, Merba will investigate and provide available information to the affected tenant so the tenant can assess notification duties.
Merba will provide reasonable technical support for tenant-managed access, correction, export, retention, and deletion workflows. The tenant remains responsible for legal and professional decisions about those records.
6. Official PHIPA Reference
This Addendum references Ontario's official Personal Health Information Protection Act, 2004, including its rules for collection, use, disclosure, safeguards, accountability, access/correction, and electronic audit log requirements.
7. Contact
PHIPA-related questions should be sent to privacy@merba.app.