Privacy
Privacy Policy
How ClinicFees may collect, use, disclose, retain, and protect personal information across ClinicFees.ca, portal.clinicfees.ca, and related clinic services.
At a glance
ClinicFees is a product of Dr. Plus Physician Services Inc. In this Privacy Policy, "ClinicFees," "we," "us," and "our" refer to Dr. Plus Physician Services Inc. in connection with the ClinicFees service.
This Policy explains how personal information may be collected, used, disclosed, retained, and protected in connection with clinicfees.ca, clinic applications and accounts, portal.clinicfees.ca, clinic-entered patient and billing information, invoices and receipts, secure billing links and documents, verification messages, payment functions, and our relationships with vendors, advisers, and business contacts.
Participating clinics remain responsible for their own privacy notices, clinical records, professional practices, and patient relationships. This Policy does not replace a clinic's privacy notice. Just-in-time notices presented in secure-access, consent, or payment workflows supplement this Policy for those interactions.
Who this Policy is for
This Policy may apply to public website visitors, prospective and participating clinics, clinic administrators and staff, platform administrators and support personnel, patients and clients whose information is entered by clinics, recipients of secure billing links, and vendors, consultants, and professional advisers who interact with ClinicFees.
1. Scope of This Policy
This Privacy Policy describes how Dr. Plus Physician Services Inc., through ClinicFees, may collect, use, disclose, retain, and protect personal information in connection with clinicfees.ca, portal.clinicfees.ca, ClinicFees clinic onboarding, authenticated clinic accounts, secure patient billing pages hosted as part of the ClinicFees service, ClinicFees-operated email and SMS notifications, support and business communications, and associated security, administrative, and operational processing.
This Policy does not govern independent clinic websites, a clinic's electronic medical record, clinical care, a clinic's independent privacy practices, third-party services not controlled by ClinicFees, or third-party payment-provider pages except for information ClinicFees receives from them. Links to third-party services are subject to those third parties' own policies.
2. ClinicFees' Role and the Role of Clinics
ClinicFees is a technology product of Dr. Plus Physician Services Inc. Through ClinicFees, Dr. Plus Physician Services Inc. provides technology and related services used by participating clinics. ClinicFees is a technology platform, not a clinic or health-care provider, and does not provide medical care, medical advice, or establish a physician-patient relationship.
Participating clinics are separate organizations that remain responsible for their own clinical services, patient relationships, clinic records, professional obligations, fees, refunds, and clinic policies. Participating clinics determine why they use ClinicFees and what patient or billing information their authorized users enter. Clinics remain responsible for their clinical practices, legal authority, accuracy of clinic-entered information, records, and responses to patient requests. Dr. Plus Physician Services Inc. does not become a participating patient's clinic merely because it provides ClinicFees.
Dr. Plus Physician Services Inc. processes information through ClinicFees to provide, secure, support, and administer its services and may also have independent responsibilities for account administration, security, legal compliance, business operations, and protection of the platform.
The precise privacy and legal responsibilities of Dr. Plus Physician Services Inc. may vary according to the service, information, agreement, clinic instructions, and applicable law. Nothing in this Policy changes obligations imposed by law or agreements. ClinicFees is not the appropriate destination for medical-record access or correction requests relating to records maintained by a clinic.
Ontario clinics may have obligations under health privacy legislation. ClinicFees and clinics must address their respective responsibilities through applicable law, contracts, privacy notices, and operational practices. This Policy does not state that Dr. Plus Physician Services Inc. or ClinicFees is or is not a health information custodian, agent, electronic service provider, or similar role in every situation.
3. People Covered by This Policy
The principal groups covered by this Policy include:
A. Public website visitors
Individuals who visit clinicfees.ca for general educational information.
B. Prospective clinics and business contacts
Organizations and individuals who inquire about, apply for, or maintain a business relationship with ClinicFees.
C. Clinic administrators and clinic staff
Authorized users who access portal.clinicfees.ca on behalf of a participating clinic.
D. Platform administrators and support personnel
Authorized ClinicFees personnel who administer, secure, and support the service.
E. Patients and clients entered by clinics
Individuals whose billing or contact information is entered by a participating clinic for administrative billing purposes.
F. Recipients of secure billing links
Individuals who receive or use a secure billing notification, verification message, or secure billing document.
G. Vendors, consultants, and professional advisers
Third parties who provide services to ClinicFees or interact with ClinicFees in a business capacity.
One person may fall into more than one category.
4. Information Collected from Public Website Visitors
When someone visits clinicfees.ca, ClinicFees may process technical and operational information such as:
- IP address;
- browser type;
- device type;
- operating-system information;
- pages and files requested;
- referral source;
- date and time;
- error logs;
- performance information;
- security-event information;
- general interaction or diagnostic data.
The public website currently directs clinic and provider inquiries through email rather than a patient intake form. If a person voluntarily emails ClinicFees, the message may include name, email address, telephone number, clinic or organization, professional role, message contents, and any attachments voluntarily sent. Patients must not send patient records, medical information, verification codes, or billing documents to ClinicFees by ordinary email.
5. Clinic Application, Onboarding, and Business Information
ClinicFees may collect information from prospective or participating clinics, including:
- clinic name;
- legal or operating name;
- business contact information;
- clinic address;
- administrator and authorized-contact details;
- professional role;
- signup and application information;
- review, approval, activation, and subscription status;
- agreements and acknowledgements;
- clinic settings;
- payment and subscription administration;
- support correspondence;
- onboarding and configuration records.
ClinicFees may verify information, communicate about an application, assess eligibility, activate or decline an account, and retain an appropriate application record. Approval is not automatic.
6. Clinic-User Account and Authentication Information
ClinicFees may process account and authentication information such as:
- name;
- business or professional email;
- external identity-provider identifier;
- identity-provider name;
- clinic membership;
- clinic role;
- platform role where applicable;
- account and membership status;
- clinic affiliations;
- active clinic selection;
- invitations;
- authentication and authorization results;
- support and security activity.
Authentication may be provided by Microsoft or another configured identity provider. Where an external provider handles authentication, ClinicFees may receive identity claims and related authentication results rather than the user's password. Authorized clinic users may belong to more than one clinic, and the portal may display their eligible clinic memberships. Role-based access is used to determine which functions a user may access.
7. Patient, Client, and Billing Information Provided by Clinics
Participating clinics and authorized users may enter information such as:
- patient or client name;
- email address;
- telephone number;
- mailing or billing address;
- patient or client type;
- clinic and provider association;
- invoice number;
- invoice date;
- due date;
- products or services;
- descriptions;
- quantities;
- fees;
- taxes;
- discounts or adjustments;
- balance;
- payment status;
- payment method;
- receipt information;
- notes entered for administrative billing purposes;
- other information reasonably necessary to prepare and administer a bill.
ClinicFees is not intended to be a complete electronic medical record. Clinics should not enter unrelated clinical records or unnecessary medical information. Billing descriptions, service names, clinic identity, or invoice documents may nevertheless reveal information about an individual's health-care relationship and may be sensitive or constitute personal health information depending on the context. Clinics are responsible for limiting information to what is reasonably necessary and legally authorized.
8. Invoices, Receipts, Payments, and Reconciliation
ClinicFees may process information to create draft or issued invoices, calculate totals, record fees and taxes, record payments, generate receipts, reconcile clinic transactions, report outstanding balances, and maintain financial and audit records.
Payment method information may include general categories such as cash, debit or credit, electronic transfer, or other enabled methods. ClinicFees may store transaction status, amount, dates, references, and provider identifiers. ClinicFees does not ask users to send payment-card details by email.
If online payment functionality is enabled, payment-card or bank information may be collected directly by a third-party payment processor under its own privacy terms. ClinicFees may receive transaction identifiers, status, amount, timing, account status, and other information necessary to associate the payment with the applicable invoice.
9. Secure Billing Links and Documents
A clinic may prepare a secure billing document and send the patient or recipient a unique secure-access link. Information processed may include clinic identity and contact information, recipient email and telephone number, invoice and patient association, secure-link status, link creation, expiry, replacement, and revocation information, document type, document version, document size and integrity information, document availability and retention information, first and last access times, view count, access events, and related security records.
Secure documents may contain clinic information, patient or client name, invoice details, billing address, line items, fees, taxes, balance, and other billing information included by the clinic. Secure billing documents are stored separately from ordinary notification email and are intended to be accessed through the secure workflow.
Secure links may expire, be replaced, or be revoked. Continued availability is not guaranteed, and a secure link or document may be forwarded, scanned, intercepted, or accessed from another device despite safeguards designed to reduce misuse.
10. Email Notifications
ClinicFees may use an email-delivery service to send a secure billing notification. An email notification may contain clinic name, clinic contact information, a secure-access link, link-expiry information, and instructions about verification and consent. The ordinary email is intended to be a notification and not the secure billing document itself.
The current secure billing notification is designed not to include a PDF attachment, detailed line items, service descriptions, invoice number, patient name, or amount due. Future service emails may contain different fields where appropriate and permitted.
Email is not guaranteed to be private or secure. Email providers and network operators process email traffic, and link scanners or security services used by email providers may inspect links. Recipients must not forward secure links. A misdirected recipient should not use the link and should contact the clinic. ClinicFees may retain delivery status, provider message identifiers, and failure records. Acceptance by the email service does not necessarily confirm final inbox delivery or that the intended person read the message.
11. SMS Verification
ClinicFees may send a one-time code by SMS to the telephone number maintained by the clinic. The SMS may contain ClinicFees branding, clinic name, one-time verification code, and a warning not to share the code. The current OTP SMS is designed not to include patient name, invoice number, amount, service description, secure link, or medical information.
SMS verification is intended to confirm access to the telephone number on file. It is not a comprehensive verification of legal identity. Anyone with access to the telephone and secure email link may potentially gain access. Recipients must not share codes. A recipient who did not request or expect a code should not use it and should contact the clinic.
Mobile providers may process and retain SMS routing and delivery data. Message and data rates may apply depending on the recipient's mobile plan. Provider acceptance does not necessarily prove handset delivery.
Information processed may include recipient telephone number, sender number, code, masked-number display, request time, expiry, number of attempts, challenge status, delivery-provider identifier, failure reason, IP address, and browser information.
12. Electronic Billing Consent
A patient or recipient may be asked to actively confirm consent to receive or access electronic billing information. Consent evidence may include clinic and patient association, communication channel, purpose, consent status, source, consent-text version, risk-notice version, acceptance date and time, verification method, verified telephone or email snapshot, secure-link association, IP address, browser or user-agent information, and evidence metadata.
This consent concerns electronic billing communications and secure access. It is not consent to medical treatment, is not a comprehensive confirmation of legal identity, and does not replace any separate authorization required for disclosure to another person. A patient may contact the clinic about withdrawing or changing communication preferences, subject to legal, operational, recordkeeping, and security requirements. Withdrawal does not necessarily delete previous records or audit evidence.
13. Technical, Device, Security, and Audit Information
ClinicFees may collect technical, device, security, and audit information such as:
- IP address;
- browser and device information;
- user-agent string;
- date and time;
- event type;
- access status;
- login and authorization context;
- clinic membership and selected clinic;
- link-open events;
- verification attempts;
- consent events;
- document-view events;
- payment events;
- changes made by clinic users;
- security failures;
- diagnostic information;
- message-provider identifiers;
- audit metadata.
This information may be used for authentication, access control, tenant separation, fraud prevention, abuse prevention, troubleshooting, incident investigation, support, accountability, legal compliance, and protecting clinics, patients, and the platform. Some information may be collected before a patient completes consent because it is required to protect and operate the access workflow. An IP address does not by itself establish identity.
14. Support, Incident, and Business Communications
ClinicFees may process support tickets, email correspondence, investigation notes, screenshots voluntarily supplied, clinic and user identifiers, technical diagnostics, incident reports, privacy complaints, and legal and business correspondence.
Users should remove or minimize patient information before sending support materials unless a secure and authorized method is provided. Authorized ClinicFees personnel and service providers may access information where reasonably necessary for support, security, incident response, legal compliance, system maintenance, and authorized service delivery.
15. Sources of Information
Information may come from:
- the individual;
- a participating clinic;
- clinic administrators;
- authorized clinic users;
- the identity provider;
- a patient's interaction with a secure link;
- the individual's browser or device;
- email and SMS providers;
- payment providers;
- professional advisers;
- security and infrastructure providers;
- public or lawful sources where appropriate.
Clinics are responsible for having appropriate authority to provide information to ClinicFees.
16. Purposes for Collection, Use, and Disclosure
ClinicFees may collect, use, and disclose personal information for purposes including:
- providing and operating the public website;
- assessing clinic signup applications;
- establishing and administering clinic accounts;
- authenticating users;
- managing roles and memberships;
- maintaining tenant separation;
- creating and administering invoices and receipts;
- recording and reconciling payments;
- preparing secure documents;
- sending secure notifications;
- providing SMS verification;
- capturing communication consent;
- responding to inquiries;
- providing technical and customer support;
- maintaining security and preventing fraud or misuse;
- investigating incidents;
- maintaining audit and accountability records;
- monitoring availability and performance;
- improving usability and service quality;
- administering subscriptions and business relationships;
- enforcing agreements and Terms of Use;
- protecting legal rights and safety;
- complying with laws, court orders, regulatory requirements, and professional obligations;
- conducting a business transaction;
- creating and using aggregated or de-identified information where permitted;
- carrying out another purpose disclosed at collection or permitted by law.
ClinicFees will not use clinic-entered patient billing information for unrelated behavioural advertising.
17. Consent and Other Lawful Authority
Consent may be express or implied depending on sensitivity, purpose, context, and applicable law. Some processing is necessary to provide a requested service, perform an agreement, protect security, comply with law, maintain records, or exercise legal rights.
A clinic is responsible for obtaining the consent or other authority necessary for information it enters or directs ClinicFees to process. A clinic user's use of the portal authorizes processing reasonably necessary to provide and secure the requested account functions. Patient secure-access consent is obtained through the applicable workflow where required.
Consent may be withdrawn where legally available, subject to legal, contractual, security, evidentiary, and operational limits. Withdrawal does not invalidate handling that occurred lawfully before withdrawal, and some services may no longer be available if necessary information cannot be processed.
19. Service Providers
ClinicFees uses third-party infrastructure and service providers. Categories may include, such as:
- Microsoft Azure for hosting, computing, databases, and storage;
- Azure Communication Services for email and SMS;
- Microsoft or another configured identity provider for authentication;
- a payment provider such as Stripe if online payments are enabled;
- professional, security, support, and operational providers.
Not every listed provider is involved in every interaction. The current list may change. ClinicFees remains responsible for selecting and managing providers in accordance with applicable responsibilities. Service providers may retain information as permitted by their own practices and agreements.
20. Processing Locations and International Access
Information may be processed in Canada or in another jurisdiction where ClinicFees or a service provider operates. Support, redundancy, backups, telecommunications, email delivery, SMS routing, identity services, and payment services may involve processing outside Ontario or Canada. Information processed elsewhere may be subject to the laws and lawful-access requirements of that jurisdiction.
ClinicFees uses contractual, administrative, and technical measures appropriate to the service and information. ClinicFees does not represent that every server, support operation, backup, or network route is located exclusively in Ontario or Canada.
22. Communications and Marketing
ClinicFees may send operational notices, security notices, verification messages, secure billing notifications, account and subscription notices, support communications, and optional promotional or business communications.
Operational and security communications may be necessary to provide the service and may continue even where a person opts out of optional marketing. ClinicFees does not use patient billing details for marketing. Business contacts may unsubscribe from optional promotional messages through the mechanism provided or by contacting ClinicFees, subject to lawful exceptions.
23. Data Accuracy
Clinic users are responsible for entering accurate and current clinic, patient, billing, and recipient information. Patients should contact their clinic to correct clinic-entered patient or invoice information. ClinicFees may correct account or business-contact information that it controls and may require verification before making a correction. Some historical, financial, audit, consent, or security records may be preserved rather than overwritten.
24. Retention
Retention depends on purpose, sensitivity, clinic instructions, account status, contractual requirements, financial and tax obligations, professional recordkeeping, security needs, investigation requirements, limitation periods, litigation or legal holds, and backup and recovery processes.
A. Public and business inquiries
Retained for the inquiry, relationship, security, and legal requirements.
B. Clinic accounts and memberships
Retained while active and afterward as required for administration, disputes, security, contracts, and law.
C. Invoices, receipts, and payment records
Retained according to clinic instructions, business needs, accounting requirements, applicable professional or legal requirements, and agreements.
D. Secure links and OTP challenges
Links and codes are intended to be time-limited. Security, challenge, delivery, and access records may be retained longer.
E. Secure billing documents
Documents are assigned limited availability or retention periods. Expiry of access does not necessarily mean every associated metadata, audit record, backup, or legal record is immediately erased.
F. Consent and authorization evidence
May be retained to demonstrate what was presented, accepted, declined, withdrawn, or relied upon.
G. Audit, security, and incident records
May be retained for accountability, investigation, abuse prevention, and legal obligations.
Information may be deleted, destroyed, de-identified, or anonymized when no longer reasonably required, subject to technical, legal, contractual, backup, audit, and evidentiary limitations.
25. Security Safeguards
ClinicFees uses safeguards that may include role-based access, clinic membership controls, authentication, secure-access links, time-limited verification codes, access and security logging, private document storage, integrity checking, encryption and secure transport where appropriate, configuration and secret management, backups and recovery, vendor management, incident response, administrative policies and training, and access based on operational need.
No security measure is perfect. No website, email, SMS, network, authentication system, or storage system can be guaranteed completely secure. Users must safeguard login credentials, email accounts, telephones, secure links, and verification codes; must not forward secure links or share codes; should sign out and protect shared devices; and clinics must promptly remove access for former or unauthorized staff. Suspected unauthorized access should be reported promptly.
26. Privacy and Security Incidents
ClinicFees may investigate suspected unauthorized access, loss, misuse, or disclosure; preserve relevant logs and evidence; contain and remediate incidents; work with affected clinics and service providers; notify individuals, clinics, regulators, insurers, or authorities where required or appropriate; and maintain incident and breach records where required.
Notification decisions depend on the facts, applicable law, contractual roles, and the party with legal responsibility for the information. ClinicFees does not promise that it will directly notify every patient in every case.
27. Individual Access, Correction, and Privacy Rights
Rights depend on the information, relationship, and applicable law and may include requesting access, requesting correction, withdrawing consent where available, asking how information was used or disclosed, raising a concern or complaint, requesting account closure, or requesting deletion where legally available.
A. Patient and clinic-held information
Patients must contact the clinic responsible for the invoice or record. The clinic is generally the appropriate party to verify identity, determine access rights, correct clinic-entered information, and respond to requests concerning its records. ClinicFees may assist the clinic as permitted by agreements and law.
B. Clinic-user account information
Clinic users may contact their clinic administrator or ClinicFees regarding eligible account information.
C. Public-site and business-contact information
A person may contact ClinicFees directly at privacy@clinicfees.ca regarding privacy rights or concerns. Do not include personal health information or medical records in the email.
Identity verification may be required. Requests may be limited by another person's privacy, legal privilege, security, fraud prevention, recordkeeping, contractual duties, or law. Records may not be deleted where retention is required, and historical audit records may be supplemented rather than erased.
28. Complaints and Regulators
ClinicFees will review privacy concerns relating to its services. Patients should first contact the clinic for concerns relating to clinic records, invoice contents, clinic disclosures, clinic staff access, or clinic policies.
A person may also have the right to complain to the applicable privacy regulator, which may include the Information and Privacy Commissioner of Ontario, the Office of the Privacy Commissioner of Canada, or another provincial or territorial regulator. This Policy does not provide legal advice about which regulator has jurisdiction.
29. Minors and Authorized Representatives
The public website and clinic portal are not intended for children to create clinic-user accounts without authorization. A clinic may issue a bill relating to a minor. A parent, guardian, substitute decision-maker, estate representative, or other authorized person may act where permitted.
The clinic is responsible for determining authority and consent in the clinical and record context. ClinicFees may require verification or clinic confirmation before acting on a representative's request. Minors or guardians should contact the applicable clinic rather than sending health information to ClinicFees by ordinary email.
30. Third-Party Websites and Services
ClinicFees may link to government resources, professional associations, clinics, identity providers, payment providers, or other third-party services. ClinicFees does not control their policies or security. Their terms and privacy notices apply. A link is not necessarily an endorsement, and third-party availability is not guaranteed.
31. Service Changes, Business Transfers, and Account Closure
Features and service providers may change. Clinics may close or transfer accounts subject to agreements and law. Information may be transferred in connection with a merger, financing, acquisition, restructuring, insolvency, asset sale, or similar transaction involving Dr. Plus Physician Services Inc., the ClinicFees business or product, or related assets, and appropriate confidentiality and use restrictions will be sought.
Account closure does not require immediate deletion of every invoice, audit log, backup, consent record, security event, or legally required record.
32. Changes to This Privacy Policy
ClinicFees may update this Policy for changes in services, technology, legal requirements, vendors, business operations, or privacy practices. The updated Policy will be posted with a revised date. Material changes may be communicated through the portal, email, or another appropriate method.
A material change will not override a legal consent requirement merely because the policy was posted. Continued use may be subject to the updated Policy and applicable Terms, but consent will be obtained where law requires it.
33. Contact
Privacy inquiries:
Privacy inquiries concerning ClinicFees may be submitted to Dr. Plus Physician Services Inc. through this address. Do not send medical records, patient documents, health card information, secure links, passwords, verification codes, or payment-card details by email. Patients must contact their own clinic about medical care, records, invoices, receipts, refunds, fee disputes, and corrections. This privacy address is not a patient-support address and is not monitored as an emergency service. ClinicFees cannot provide medical advice or emergency assistance.
Use of ClinicFees is also subject to our Terms of Use.