We know that health data security is a rather nebulous subject that scares many of our customers. Some of them even mentioned that they doubted using file management software.
That's why we wanted to demystify this subject in this short article!
The Personal Information Protection and Electronic Documents Act (PIPEDA)
All health and physical activity professionals are subject to PIPEDA because they collect data as part of the delivery of health services.
This law is rather broad as for the indications to be respected in the choice of a management software. Indeed, the law only mentions that reasonable measures must be put in place to protect users' data. Here are some examples:
1. The data must be hosted in Canada or another country with a similar protection policy
2. Your access to the software must be secured by a password
3. Data must be encrypted (minimum required: 256-bit AES encryption);
4. The data must be on secure servers with automatic backups;
5. Check the ownership of the data in the supplier's terms and conditions of use. It is better for you to remain the owner.
In short, before using customer tracking software or a tool in your daily activities, it is important to ensure that it complies with the PIPEDA law.
For more information on the law: https://www.priv.gc.ca/en/for-businesses/
The regulations in France are essentially the same. However, it is necessary for the data to be hosted in the country and by a host approved by ASIP as a "health data hosting" provider (the complete list available here: http://esante.gouv.fr/services/referentiels/securite/hebergeurs-agrees)
Other countries : The regulations may be similar to those listed, but it is important that you check for yourself what the law is in your country.
Compliance with the organization surrounding your profession (Order, Association, Federation)
All organizations have essentially the same good file management practices. Here are some common examples:
1. You must keep the file archived for 5 to 7 years from the date of the last professional service provided;
2. You cannot change the content of a note on file without leaving a signed and dated record;
3. You must not delete data without leaving a trace and have a history;
4. You are required to record all actions taken with the client.
5. You must provide access to the data in the event that you no longer use the software
All these rules have been written to protect you in the event of a complaint, a professional error, or any other situation requiring verification of the actions taken. Several solutions, such as Hexfit, allow you to manage your customers and centralize health data without fear.
At Hexfit, your data is safe and secure and we make it our priority🔐
Being a software for health professionals and partner with several professional associations including FKQ (Fédération des kinésiologues du Québec) , CKA (Canadian Kinesiology Alliance) and AQP (Association québécoise de la physiothérapie), we respect the highest standards of security, compliance and confidentiality. We care about data security!
For more information on legality, compliance and data privacy at Hexfit: https://www.myhexfit.com/en/compliance/
*The content of this article is for informational purposes only. It should not be considered a legal opinion. Please refer to the regulations and law applying to you for details.