ResolvMD Privacy Policy

ResolvMD Privacy Policy

Request our Privacy Impact Assessment


ResolvMD Privacy Policy

ResolvMD is on the forefront of the latest developments and best practices for privacy and security. All aspects of our system were designed to keep patient and personal information secure from the outset. We meet or exceed the specification outlined in the Health Information Act and conform to Personal Information Protection and Electronic Documents Act (PIPEDA). All of your data is stored within Canada and is encrypted in transit via HTTPS and at rest (256-bit AES encryption).

Commonly Asked Questions

How is patient data protected?

All patient data in our platform is encrypted in transit and at rest. All communication between our web application and our servers occurs via HTTPS.
Our servers encrypt patient information, including all identifiable characteristics, using strong industry standard encryption before persisting to our databases. All data is encrypted at rest with 256-bit AES encryption.
Our cloud based infrastructure is designed with security in mind and includes many redundant layers of protection to ensure your data is safe.
Any on premise data is stored within secure storage systems with a three layered security protocol.

How is personal data protected?

Your data is subject to the same rigour that we treat patient data with. All forms signed via our electronic signature partner are encrypted using strong industry standard encryption and then stored in our cloud infrastructure which uses 256-bit AES encryption. We do not store any billing information. All information related to payments is processed by our third party partner Stripe. Stripe is a world leading payments company that is on the cutting edge of security and privacy. See the Stripe documentation for more information.

Who can access this data?

In short, only the absolute minimum number of people have access to data in controlled environments under strict protocols. Data within ResolvMD is only accessible by select users who are responsible for processing billing data. If your billing is facilitated by a billing specialist, processed data is only available for entry and processing by an authorized billing clerk. Supervisors have access in order to facilitate any issues with claims. Select ResolvMD support staff can also help agents and clerks if necessary. If you bill directly (self-serve) with our system, your data is only accessible to authorized ResolvMD support personnel.
We adhere to the principle of least privilege. Access to infrastructure and data, as well our users access to data within the platform is restricted to only the information and resources that are necessary for that users role. Our application includes role based authorization that allows us to restrict access to patient data to only those who really need it.

Do you share this data with anyone?

We do not share data with anyone. The data is processed by H-Link or other provincial adjudication platforms for payments. Once a claim is deemed to be complete, it is stored in accordance with regulation.

How long is claim data stored for?

To comply with provincial health regulations, we store encrypted claim data for at least 7 years.

Is ResolvMD owned by another company?

ResolvMD is an independent company and is not owned by another company.

Do I need a Privacy Impact Assessment?

You might. Get in touch with us to discuss whether or not you need to legally have a PIA in place. If you do, we can help, contact us