PIPEDAPHIPAHIPAASOC 2

Healthcare Compliance
Built Into Everything

CareNucleus is designed from the ground up to meet the strictest healthcare privacy and security requirements across Canada and internationally.

Request Compliance Documentation Security Overview

🇨🇦

100% Canadian Data Residency

All patient data stored exclusively in Canadian data centers

Canada Central

Toronto, Ontario

Canada East

Quebec City, Quebec

Regulatory Frameworks

Comprehensive Compliance Coverage

We meet or exceed requirements across Canadian federal, provincial, and international healthcare privacy regulations.

🇨🇦

PIPEDA

Compliant

Personal Information Protection and Electronic Documents Act

Canada (Federal)

Federal privacy law governing collection, use, and disclosure of personal information.

Key Requirements

✓Accountability & designated Privacy Officer
✓Meaningful consent for data collection
✓Individual access rights (30-day response)
✓Mandatory breach notification
✓Data minimization principles

🏥

PHIPA

Compliant

Personal Health Information Protection Act

Ontario

Ontario's health privacy law governing personal health information.

Key Requirements

✓Health Information Custodian framework
✓Agent agreements for processors
✓Patient access within 30 days
✓Breach reporting to IPC Ontario
✓Audit trail requirements

⚜️

Quebec Law 25

Compliant

Act Respecting the Protection of Personal Information

Quebec

Quebec's modernized privacy framework with enhanced requirements.

Key Requirements

✓Privacy by default
✓Privacy impact assessments
✓Enhanced consent requirements
✓Cross-border transfer restrictions
✓Designated privacy officer

🇺🇸

HIPAA

Compliant

Health Insurance Portability and Accountability Act

United States

US federal law protecting sensitive patient health information.

Key Requirements

✓Business Associate Agreements
✓Administrative safeguards
✓Physical safeguards
✓Technical safeguards
✓Breach notification rules

🛡️

SOC 2 Type II

Certified

System and Organization Controls

International

AICPA framework for managing customer data.

Key Requirements

✓Security controls audit
✓Availability commitments
✓Processing integrity verification
✓Confidentiality protections
✓Privacy practices review

Security Controls

Enterprise-grade security measures protecting your data

🔐

Encryption at Rest

AES-256-GCM encryption for all stored data

🔒

Encryption in Transit

TLS 1.2+ for all data transmissions

👤

Access Control

Role-based access with MFA requirement

📋

Audit Logging

Immutable logs retained for 10+ years

🔄

Backup & Recovery

Real-time replication, < 4hr RTO

🕵️

Monitoring

24/7 security monitoring and alerting

Certifications & Compliance Status

ISO 27001

2026

In Progress

SOC 2 Type II

2025

Certified

PIPEDA

2025

Compliant

PHIPA

2025

Compliant

HIPAA

2025

Compliant

Incident Response Protocol

Structured 72-hour breach response in compliance with PIPEDA requirements

Contain

0-4 hrs

Isolate affected systems, preserve evidence

Assess

4-24 hrs

Determine scope, identify affected individuals

Notify

24-72 hrs

Report to regulators and affected parties

Prevent

Ongoing

Root cause analysis, remediation

Regulatory Authorities

Key regulatory contacts for privacy matters in Canada

Office of the Privacy Commissioner of Canada

PIPEDA oversight

1-800-282-1376priv.gc.ca

Information and Privacy Commissioner of Ontario

PHIPA oversight

1-800-387-0073ipc.on.ca

Office of the Information and Privacy Commissioner of Alberta

HIA oversight

780-422-6860oipc.ab.ca

Office of the Information and Privacy Commissioner of BC

PIPA oversight

250-387-5629oipc.bc.ca

📋

Need Compliance Documentation?

Our compliance team can provide detailed documentation, security questionnaire responses, and support your due diligence process.

Request Compliance Documentation ctaPrivacy

ctaPrivacy ctaTerms Security Overview

Healthcare ComplianceBuilt Into Everything

100% Canadian Data Residency

Comprehensive Compliance Coverage

PIPEDA

Key Requirements

PHIPA

Key Requirements

Quebec Law 25

Key Requirements

HIPAA

Key Requirements

SOC 2 Type II

Key Requirements

Security Controls

Encryption at Rest

Encryption in Transit

Access Control

Audit Logging

Backup & Recovery

Monitoring

Certifications & Compliance Status

ISO 27001

SOC 2 Type II

PIPEDA

PHIPA

HIPAA

Incident Response Protocol

Contain

Assess

Notify

Prevent

Regulatory Authorities

Office of the Privacy Commissioner of Canada

Information and Privacy Commissioner of Ontario

Office of the Information and Privacy Commissioner of Alberta

Office of the Information and Privacy Commissioner of BC

Need Compliance Documentation?

Healthcare Compliance
Built Into Everything