Canada: PHIPA Compliance

  • 0
  • 5
  • Idea
  • Updated 9 months ago
  • (Edited)
It would be great if RingCentral was PHIPA compliant and had data servers in Canada. I am a healthcare provider and after using RingCentral for 2 years I was sad to learn that the RingCentral terms of use have a clause specifically stating that RingCentral Canada is not PHIPA compliant and not to be used for healthcare purposes, so my Electronic Medical Records service provider will not support it. I love the service and I'll keep using it for my phones because I haven't found anything better, but unfortunately for data security purposes it looks like I will have to start using another fax service.
Photo of Albert Allen

Albert Allen

  • 120 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 5
Photo of Mark H

Mark H

  • 60 Points
Albert, to be PHIPA compliant - is the requirement to just have the servers in Canada?
Photo of Albert Allen

Albert Allen

  • 120 Points 100 badge 2x thumb
I think the requirement to have the servers in Canada is not specified by law but in order to meet the requirements of PHIPA I imagine it would be necessary to be able to keep the data within the country. The information I could find from the Information and Privacy Commissioner of Ontario (www.ipc.on.ca) indicates the requirements of an IT service provider are:

• notification of any privacy breach to the custodian as soon as possible,
•a plain language description of their services,
•an audit trail feature to track the use of the database,
•a written risk assessment of the system, and
•their own written privacy policies.

IT providers and custodians must enter into written agreements that describe the services
being provided, describe the safeguards in place and require the IT provider to comply with
PHIPA and the regulations(s. 10 of PHIPA and s. 6 of the regulations).

If the data are not located on a server within Canada then it seems difficult to make a written agreement that the company will comply with Canadian privacy laws. I am not an expert on this law, though. The main barrier I see now to using RingCentral is the clause in the service agreement that specifies the service is not to be used for purposes covered by PHIPA. It seems like RingCentral USA is introducing compliance with American privacy laws but this does not really help the Canadians.

Thanks,

Albert
Photo of Doctor Carl Adrian

Doctor Carl Adrian

  • 82 Points 75 badge 2x thumb
This reply was created from a merged topic originally titled When will you be offering PHIPA compliance (ie. for Canada)?.
Photo of Matthew Austria

Matthew Austria, Employee

  • 1,092 Points 1k badge 2x thumb
This reply was created from a merged topic originally titled Privacy Compliance for Canadian Users.

US Accounts have HIPAA Conduit Settings that ensures that customer calls and messages are secure with encryption in transit and at-rest, along with other features, protecting patient data and guarding against unauthorized access to protected health information. Canadian Account does not have this feature and would want to request adding this on future release.