LexieHealth

By Physicians, For Physicians

Privacy Policy

Effective Date: 2025-07-26  |  Last Updated: 2026-04-22

LexieHealth (“LexieHealth”, “we”, “our”, “us”) provides an AI-powered medical billing platform for physicians and clinics. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when providing our services.

1. Scope

This policy applies to:

  • healthcare practitioners and clinics that use LexieHealth;
  • patient-related data entered by authorized users into the LexieHealth platform;
  • visitors to LexieHealth websites and support channels.

2. Information We Collect

2.1 Practitioner and Account Information

We may collect:

  • name, clinic/organization details, contact information;
  • account credentials and authentication metadata;
  • subscription, billing, and support records.

2.2 Patient and Clinical/Billing Information

When authorized users use LexieHealth, we process data provided by the clinic/practitioner, including patient visit notes and related information needed to generate billing suggestions.

2.3 Technical and Usage Information

We collect operational and security data such as logs, device/browser metadata, and service performance metrics.

3. How We Use Information

We use information to:

  • provide, secure, maintain, and improve LexieHealth services;
  • generate billing-related outputs and related workflow support;
  • provide customer support and account administration;
  • monitor, detect, and investigate security or privacy incidents;
  • comply with legal and contractual obligations.

4. AI and Product Improvement

  • LexieHealth does not use identifiable patient information for AI model training.
  • LexieHealth may use de-identified/anonymous data to improve service quality, reliability, and performance.

5. Customer Responsibilities

Healthcare practitioners and clinics are responsible for:

  • obtaining any required patient notices/consents/authorities;
  • using LexieHealth in accordance with professional and legal obligations;
  • ensuring appropriate local recordkeeping practices.

6. Data Storage and Transfers

  • LexieHealth uses a Canada-primary data handling model.
  • Some limited processing may occur outside Canada by approved subprocessors or support providers.
  • Where cross-border processing occurs, we use contractual and technical safeguards designed to provide comparable protection.

7. Disclosure of Information

We do not sell personal information. We may disclose information:

  • to service providers/subprocessors supporting our services;
  • where required by law, court order, or lawful authority;
  • in connection with a corporate transaction (subject to appropriate safeguards);
  • to protect rights, safety, and security of LexieHealth, customers, and the public.

8. Security Safeguards

LexieHealth maintains administrative, technical, and organizational safeguards, including:

  • role-based access controls and MFA for privileged access;
  • encryption in transit and at rest for sensitive data;
  • monitoring, logging, and incident response procedures;
  • workforce confidentiality and security/privacy training;
  • vendor due diligence and contractual protections.

9. Retention and Deletion

  • We retain information only as long as needed for service delivery, legal obligations, and legitimate operational requirements.
  • We apply documented retention and disposal procedures.
  • Upon contract termination, data return/deletion is handled according to contract terms and legal requirements.

10. Privacy Rights and Requests

Subject to applicable law, individuals may have rights to request access or correction of personal information.

Request channels:

For patient-related requests, patients should generally contact their healthcare provider first, as providers are typically primary custodians/controllers in clinical workflows.

11. Breach and Incident Notifications

LexieHealth maintains incident response and breach management procedures. Where required, we notify affected customers and regulators without undue delay once a reportable breach is confirmed.

12. Browser Extension

The LexieHealth browser extension is available exclusively to authorized practitioners with an active LexieHealth account. It is designed to support billing workflows within the practitioner’s existing Electronic Medical Record (EMR) environment.

  • The extension does not automatically read or scrape web pages. It only accesses content when a practitioner manually selects text or a specific area and triggers an action provided by LexieHealth extension.
  • Only the specifically selected content is processed; no other page content, metadata, browsing history, or background data is collected or monitored.
  • To support compatibility with various EMR and practice management systems, the extension requires permission to interact with specific host domains.
  • The extension operates only on domains authorized by the practitioner’s organization and remains inactive on all other websites, with no impact on any other sites the user visits.
  • Practitioners authenticate using their existing LexieHealth credentials. The extension does not handle or store passwords.
  • Session data is stored locally in secure browser storage and is purged automatically upon sign-out or uninstallation.

13. Cookies and Similar Technologies

LexieHealth websites may use cookies and similar technologies for essential operations, analytics, and service improvement. Browser settings may allow users to limit some cookies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the “Last Updated” date and provide notice of material changes where appropriate.

15. Contact

Privacy Officer
LexieHealth
privacy@lexiehealth.com

If you are not satisfied with our response to a privacy concern, you may contact the relevant privacy regulator, including the Information and Privacy Commissioner of Ontario, as applicable.