Lena Medical Aesthetics Inc. operates in accordance with Ontario's Personal Health Information Protection Act (PHIPA, 2004) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). The practice's Registered Nurse acts as the Health Information Custodian.
We collect only the personal health information necessary to provide safe, individualised aesthetic care: identification, medical history, medications, allergies, treatment records and clinical photography with explicit written consent.
Patient records are stored within Canadian-hosted, PIPEDA-compliant systems (Jane App). Records are logically isolated per patient, encrypted in transit (TLS 1.2+) and at rest (AES-256), with role-based access limited to the treating RN.
Clinical records are retained for a minimum of ten (10) years from the date of last service, in line with CNO documentation standards.
You may request access to, correction of, or withdrawal of consent for the use of your personal health information at any time by contacting the practice in writing.
Suspected privacy breaches are investigated and disclosed in accordance with PHIPA s. 12(2) and the Information and Privacy Commissioner of Ontario's mandatory reporting framework.