and Privacy Guidelines. If you do not wish to consent, please do not proceed with creating an
account. You can, at any point, delete the account created. Your site administrator will be
notified of your choice.
The platform and all mobile applications are developed and operated by ForaHealthyMe Inc.
ForaHealthyMe Inc., a registered corporation in Ontario, Canada. The company delivers Digital,
Virtual & Artificial Intelligence Simulation technologies to treat & manage patients with
complex chronic, acute & mental health care issues.
Risks and Benefits
THERE ARE NO GUARANTEED OUTCOMES TO USING THIS PLATFORM. IF YOU EXPERIENCE A MEDICAL EVENT, CALL
YOUR LOCAL EMERGENCY MEDICAL SERVICE.
The information and tools on the platforms are designed to be used based on a recommendation
from your health provider. The tools are intended to complement,
NOT replace your required interactions with your health provider. Always listen to the advice
and recommendations given by your health provider.
ForaHealthyMe Inc. is a Microsoft partner. The company stores all data and assets on Microsoft
Azure Cloud service. Azure is a cloud computing platform that helps secure data, protects data
privacy and support compliance with global standards. ForaHealthyMe Inc. uses Azure to manage
all applications, data content, virtual machines, access credentials, and compliance with
regulatory requirements applicable to Canadian privacy laws including the seven foundational
principles Privacy by Design (PbD) document laid out under the Information Privacy Commission of
Information on Microsoft Azure, its security and privacy framework can be found at the Microsoft Trust Center
ForaHealthyMe Inc. uses Microsoft’s Kinect sensor in combination with its camera, microphone,
and infrared sensor to enable motion tracking in its pre/post-op exercise protocols.
To learn more about Kinect, for Xbox 360, see Kinect
and Xbox 360 privacy
. For Xbox One, see Kinect
and Xbox One Privacy.
This policy and the ForaHealthyMe platform have been modified (April 15, 2017) to reflect the 10
privacy principles of the Canadian Standards Association’s Model Code for the Protection of
Personal Information (CAN/CSA-Q830-96) and the Personal Health Information Protection Act
(Canada) and its regulations as well as the United States of America Health Insurance
Portability and Accountability Act of 1996 (HIPAA), which was enacted August 21, 1996 to
protects personal health information (PHI).
This Act was modified in 2000 by the US Department of Health and Human Services (HHS) to include
the “Privacy Rule,” to address the use and disclosure of individuals’ health information, and
provides standards for individuals’ privacy rights under HIPAA.
Changes to Policy
On an ongoing basis, site modifications are made to reflect best practice and guidelines from
Privacy Commissioner of Canada, with respect to emerging Consumer Health Applications (CHA) and
Consumer Health Platforms (CHP). Consumer Health Applications (CHA) and Consumer Health
Platforms (CHP) are categorized under a broad range of health IT systems that serve the patient
or individual, and allow them to access the health system via some computing device. The device
could be a person’s/patient’s home computer, laptop, tablet, mobile phone or other networked
Any changes to the way that data is handled by ForaHealthyMe Inc., or new data collected, as
ForaHealthyMe Inc’s. functionality develops and the applications grow, will be posted here.
Appropriate notifications will be posted when modifications are made. It is the intention that
ForaHealthyMe Inc. will always hold true to its principal objective regarding data privacy, as
detailed above. If the ownership or management of the organization changes, every effort will be
made to ensure that the principles outlined above are adhered to.
Our storage devices are protected behind firewalls. Security and boundary devices, are in place
to monitor and control communications at the external boundary of the network and at key
internal boundaries within the network. These boundary devices employ rule sets, access control
lists (ACL), and configurations to enforce the flow of information to specific information
We use the same SSL protocol used by millions of e-Business providers to protect their
customers, ensuring their online transactions remain confidential. As a security protocol, SSL
encryption is utilized to transmit confidential data, passwords or any personal
Microsoft Azure employs a risk-management model of shared-responsibility between ForaHealthyMe
Inc. and Microsoft. Microsoft is responsible for the platform including services offered, and
seeks to provide a cloud service that can meet the security, privacy, and compliance needs of
its customers. Microsoft Azure services are audited by independent external auditors under
industry standards, including ISO 27001. Microsoft’s ISO 27001 audit scope includes controls
that address HIPAA security practices as recommended by the U.S. Department of Health and Human
To protect the confidential information of our users, the platform was built using technology
and certifications used by international health systems. The standards include HL7. HL7 is the
standard for the exchange, integration, sharing, and retrieval of electronic health
Our video and voice streams employ Advanced Encryption Standard (AES) end-point encryption to
secure data as it travels over the network infrastructure. AES is a symmetric key algorithm that
is an accepted encryption standard in North America.
With the creation of an account, an email address is entered and stored in ForaHealthyMe Inc.
virtual machines. In addition, a password is kept in an encrypted format in the ForaHealthyMe
Inc. database. Personal data collected by ForaHealthyMe under this privacy statement is
processed according to the provisions of this statement and the requirements of applicable law
wherever the data is located.
Information that Members enter into certain fields when registering to use or using the Site
will not be shared (“Restricted Data”). The type of Restricted Data that Members may submit at
the Site may include:
- Name, location as collected as part of registration or in a Member’s Account
- Access Number issued by researchers and clinical support teams
- Email address, as collected and verified as part of registration or in a Member’s
- Password, as collected as part of registration or in a user’s Account Information;
- Date of birth, as collected in My Profile; and
- Private messages.
- Video Chats and group discussions with a health provider.
When a Member enters Personal Information, including name and email address, as part of
registering to use ForaHealthyMe.com, that Personal Information is treated as Restricted
Email addresses are used to help you maintain your own account on ForaHealthyMe.com. It serves
as a unique identifier to log in and out of your ForaHealthyMe.com account, and for
communications with our site administrators where necessary to help with the maintenance of your
As the creator and owner of that information, you are responsible for any information
this information consent to sharing & receiving this information.
You may also opt to have data sent to you via email should you wish, and may at some time in
Email addresses and names are not shared with, or sold to any third party provider. Email
addresses and names are not used for marketing purposes, except in instances where a user may
opt in to receive additional information or register for products and services offered by a
Examples of Shared Data that Members may submit to the Site, including through their health
profile (“My Profile”), may include:
- Demographic data gender, age
- Online Assessment Results, Height, Weight
- Treatment information e.g. treatment option, treatment interventions & evaluations
- Communications with a health provider or patient
- Information gathered from virtual rehab assessments
None of your identifiable personal information will be associated with the aggregated data. To
protect the privacy of our Members, we have taken all reasonable and technological possible
steps to de-identify information used for research purposes. Steps include Data Suppression,
i.e. Removing directly identifying fields; Using Filters; Pseudonymization i.e. Replacing direct
identifiers with unique keys that cannot be reversed and Randomization i.e. Replacing direct
identifiers with random values (e.g. random names).
The data will be determined using specific metrics to find trends and patterns in usage,
frequency of use etc...
If a Member creates a ForaHealthyMe.com account said Member may choose to be automatically
logged on to ForaHealthyMe.com when their return to the site. This functionality utilizes a
cookie which is stored on the Member's local computer.
It is not advised that a user select the check box for automatic log on when using publicly
available computers. The cookie is not used for any other purpose other than the automatic log
on to ForaHealthyMe.com accounts.