Homni Health is committed to protecting personal information. This policy describes how we handle data across our services, including the HomniScan assessment platform used by care teams and families.
HomniScan is designed with privacy as a first principle. We minimize data collection, use boolean-only flags for eligibility signals, and never store patient identifiers like OHIP numbers, SIN, or income figures. Our architecture is built to align with Ontario's Personal Health Information Protection Act (PHIPA) requirements for healthcare technology.
Eligibility signals are stored as true/false flags (e.g., "has OHIP coverage", "is homeowner"). We never store OHIP numbers, WSIB claim numbers, income figures, or government identifiers.
We collect only what the assessment requires: patient name, age, height, mobility level, and clinical conditions. Room photos are analyzed in real time and can be deleted after assessment.
Data is encrypted in transit (TLS) and at rest. Our database is hosted on Neon (PostgreSQL) with SOC 2 compliance. Authentication is handled by Auth0 with industry-standard OAuth 2.0.
Assessment runs are logged with timestamps and user IDs for accountability. Funding coordinator runs maintain a complete audit trail of eligibility decisions and document processing steps.
HomniScan is actively working toward full PHIPA compliance for deployment in Ontario healthcare environments. Our current architecture (boolean-only PHI, encrypted storage, Auth0 authentication, audit trails) is designed to meet PHIPA requirements. We are pursuing formal compliance review as part of our partnership with Ontario health organizations.
Patient information contained in assessments and reports is confidential and should be handled in accordance with applicable privacy legislation (PIPEDA / PHIPA).
For privacy-related inquiries, data access requests, or to report a concern, contact privacy@homniscan.com.
Last updated: April 2026