Which countries and regulations do you support?
We support healthcare organizations in Canada (PHIPA, PIPEDA, Quebec Law 25), the United States (HIPAA, HITECH), the European Union and United Kingdom (GDPR, UK GDPR, country-specific extensions such as Germany's KHZG and France's HDS), and Australia (Privacy Act 1988, Australian Privacy Principles, My Health Records Act). We also support custom jurisdictional reviews for organizations operating across multiple regions.
Where is our data stored — can we choose our jurisdiction?
Yes. Data sovereignty is a core part of our offering. We host patient data in the jurisdiction you require: Canadian data centres for PHIPA/PIPEDA clients, US-based HIPAA-eligible infrastructure for American clients, EU/UK data centres for GDPR clients, and Australian infrastructure for AU Privacy Act compliance. We never transfer personal health information across borders without proper legal mechanisms in place.
How long does implementation take?
A typical healthcare website project takes 4–6 weeks from kickoff to launch. This includes security architecture, design, development, accessibility testing, and compliance review. Complex multi-site or multi-jurisdiction projects may take 8–12 weeks.
What encryption standards do you use?
We use AES-256 encryption for data at rest and TLS 1.3 for data in transit. All database connections are encrypted, and backup files are encrypted before storage. Encryption keys are managed through a dedicated key management service.
Do you maintain audit trails?
Yes. Every access event, modification, data request, and disclosure is logged with timestamps, user identity, and action type. Audit logs are immutable, retained for the period required by your applicable regulation (e.g. 72 hours for PHIPA, 60 days for HIPAA, 30 days for GDPR), and available for compliance reviews.
How does onboarding work?
Onboarding starts with a free security consultation where we assess your needs, jurisdiction, and current infrastructure. We then provide a detailed proposal within 3 business days. Once approved, you'll have a dedicated project manager and regular check-ins throughout the build.
What support do you provide after launch?
We provide ongoing managed hosting, security monitoring, patch management, compliance audits, and dedicated support. Monthly security health reports are included, and our team is available for urgent security issues 24/7.
What happens if there's a security breach?
We maintain a documented, tested breach response protocol aligned to your jurisdiction's requirements — 72 hours for PHIPA/GDPR, 30 days for the Australian NDB Scheme, 60 days for HIPAA. This includes immediate containment, forensic investigation, regulatory notification, and a post-incident remediation plan.