PA Cornerstone Medical Clinic (PACMC)
Effective Date: February 21, 2026

1. Introduction

PA Cornerstone Medical Clinic (“PACMC,” “we,” “our,” or “us”) is a medical clinic operating in Saskatchewan, Canada.

We are committed to protecting personal information and personal health information (PHI) in accordance with:

• The Health Information Protection Act (HIPA), Saskatchewan
• The Personal Information Protection and Electronic Documents Act (PIPEDA)
• Applicable Canadian privacy regulations
  Industry-recognized safeguards aligned with HIPAA security standards
• SOC 2 Trust Service Criteria (Security, Confidentiality, Availability).

This Privacy Policy explains how we collect, use, protect, and disclose your information when you visit our website, communicate with us, or opt in to SMS communications.

2. Definitions

Personal Information – Information that identifies an individual.

Personal Health Information (PHI) – As defined under Saskatchewan’s HIPA, includes information about an individual’s physical or mental health, health services provided, registration status, or health history.

3. Information We Collect

A. Information You Provide:

• Name
• Phone number
• Email address
• Appointment requests
• Messages submitted through forms
• Comments on website
• SMS opt-in consent

B. Automatically Collected Information:

• IP address
• Browser and device information
• Access timestamps
• Website usage data
• Cookies and session data

C. Personal Health Information

• PACMC may collect personal health information in the course of providing healthcare services.

However:

• PHI is NOT transmitted via SMS.
• SMS communications contain only general notifications (e.g., appointment reminders, general test status notifications).
• No diagnostic, medical, or sensitive health details are sent by text message.

4. Purpose of Collection

We collect information to:

• Provide medical care and clinical services
• Schedule and confirm appointments
• Send appointment reminders and general notifications
• Maintain medical records in compliance with HIPA
• Improve clinic operations
• Maintain website functionality and security
• Meet regulatory and legal obligations

We do not use SMS communications for marketing.

5. SMS Communications & Mobile Privacy

If you opt in to receive text messages from PACMC:

• Message frequency varies (up to approximately 12 messages per year).
• Message and data rates may apply.
• You may opt out at any time by replying STOP.
• For assistance, reply HELP or contact us at moa@pacmc.com.

Mobile Information Non-Sharing Statement

Mobile phone numbers, SMS opt-in data, and consent will NOT be shared, sold, rented, or disclosed to third parties or affiliates for marketing or promotional purposes.

All categories of personal data exclude SMS opt-in information and consent. This information is not shared with any third parties.

This statement complies with Microsoft Teams SMS and CTIA carrier requirements.

6. Disclosure of Personal Health Information (HIPA Compliance)

Under Saskatchewan’s Health Information Protection Act (HIPA), PACMC may disclose personal health information only:

• With patient consent
• To other healthcare providers involved in care
• For billing or insurance processing
• For regulatory reporting as required by law
• In medical emergencies
• As otherwise authorized or required under HIPA

We do not sell personal health information.

7. Data Security (HIPA, HIPAA-Aligned, SOC 2 Controls)

PACMC implements administrative, physical, and technical safeguards appropriate for healthcare environments, including:

• Role-based access controls (RBAC)
• Multi-factor authentication where applicable
• Encryption in transit (TLS/HTTPS)
• Secure cloud infrastructure
• Secure data hosting environments
• Access logging and monitoring
• Device and endpoint protection
• Vendor risk management procedures
• Regular system updates and patching
• Incident response planning

These safeguards align with:

• HIPA security requirements
• HIPAA Security Rule principles (Administrative, Physical, Technical safeguards)
• SOC 2 Trust Service Criteria (Security & Confidentiality)

While no system can guarantee absolute security, we take reasonable and appropriate measures to protect personal and health information.

8. Data Retention

We retain:

• Medical records in accordance with Saskatchewan regulatory retention requirements.
• Website logs and security records as necessary for operational and legal compliance.
• SMS consent records as required by carrier compliance regulations.

When information is no longer required, it is securely destroyed or anonymized.

9. Cookies & Website Technologies

We use cookies to:

• Maintain login sessions
• Improve website performance
• Enhance user experience
• Support security monitoring

Users may disable cookies through browser settings, though functionality may be limited.

10. Comments & Media

When visitors leave comments, we collect information entered in the form along with IP address and browser user agent to assist with spam detection.

Users should avoid uploading images containing embedded location data (EXIF GPS).

11. Third-Party Service Providers

We may use third-party service providers for:

• Website hosting
• Cloud infrastructure
• Spam detection
• SMS message delivery via Microsoft Teams infrastructure
• IT security support

All service providers are required to maintain appropriate confidentiality and security safeguards.

12. Your Rights Under Saskatchewan HIPA

Under HIPA, patients have the right to:

• Request access to their personal health information
• Request corrections to inaccurate records
• Withdraw consent for certain disclosures
• File a complaint with the Saskatchewan Information and Privacy Commissioner

Requests may be submitted to:
moa@pacmc.com

13. Cross-Border Data Processing

Certain technology providers (such as Microsoft infrastructure services) may process limited data outside Saskatchewan or Canada.

All such processing is conducted under contractual and security safeguards consistent with Canadian privacy standards.

14. Children’s Privacy

We do not knowingly collect information from children without appropriate guardian involvement, consistent with healthcare regulations.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised effective date.

16. Contact Information

PA Cornerstone Medical Clinic
Saskatchewan, Canada
Email: moa@pacmc.com
Website: https://pacmc.com

For privacy-related inquiries, please contact us at the email above.