Privacy/Security

When it comes to privacy and security, SeamlessMD complies with HIPAA, PHIPA, PIPEDA, PHIA and other privacy legislation. We are SOC2 Type II certified and maintain SOC2 compliance through annual audits by a certified auditor (CPA). Please note that U.S. data is stored in U.S. data centres while Canadian data is stored in Canadian data centres.

Who will have access to SeamlessMD data?

The following groups have access to SeamlessMD data:

The healthcare team
SeamlessMD staff that have passed through security checks and have received security training
- SeamlessMD staff will only access the data for the proper management and administration of the Service

What does SeamlessMD's information security program include?

It includes policies for SOC2 and HIPAA/PIPEDA compliance, including:

Annual security and privacy training for staff
Audit logging system
Internal assessments (HIPAA Risk Assessments)
External assessments (3rd party penetration testing by a certified CISSP and SOC2)

What enterprise-security features does SeamlessMD include?

Intrusion Detection Systems and firewalls
Anti-virus and malware protection
Audit logging
Fully managed regular patching and updates
Load balancing and redundancy
Two-factor authentication
SSO (Single Sign On) with SAML/Active directory

What privacy policy and terms of use are available to patients?

Upon sign-up, patients will be able to read through the privacy policy and terms of use policy as linked below.