The Personal Health Information Protection Act (PHIPA) is an Ontario law that establishes rules for the collection, use, and disclosure of personal health information. At VitaScribe, we implement robust measures to ensure full compliance with PHIPA and Ontario Regulation 329/04.

How We Comply with PHIPA

Consent Management

We obtain explicit consent before collecting, using, or disclosing personal health information. Our platform includes clear consent mechanisms that:

Allow patients to provide or withdraw consent
Document consent decisions
Respect consent limitations

Security Safeguards

We implement robust security measures to protect personal health information from unauthorized access, disclosure, and misuse:

End-to-end encryption for all data in transit and at rest
Role-based access controls
Detailed audit logging and monitoring
Secure cloud infrastructure with geographic data residency controls

Access & Correction Rights

PHIPA gives individuals the right to access and request corrections to their personal health information. Our platform supports these rights by providing:

User-friendly access request mechanisms
Processes for correction requests
Audit trails of all access and changes

Ontario Regulation 329/04

In addition to PHIPA, we comply with Ontario Regulation 329/04, which provides additional requirements for:

Electronic Health Records

Our platform meets all specific requirements for electronic health records, including consent directives, access controls, and audit logs.

Data Transfer Agreements

We maintain appropriate agreements with all service providers who may have access to personal health information.

Notification Requirements

We have established protocols for breach notification in compliance with regulatory requirements.

Privacy Impact Assessments

We conduct regular privacy impact assessments to identify and mitigate potential privacy risks.

PHIPA Compliance