Protect Yourself from Liability
Healthcare information and personally identifiable information is the most sensitive data and is a high value target for
hackers and other bad actors. Many physicians are not aware that they have direct liability for data leaks or
breaches, even if it was caused by a service provider. If you hire an entity to manage or process your data, the burden
of care lies with you to ensure they have adequate measures in place to manage the risks. You already have enough on
your plate to worry about - don’t let data security be one of them. ResolvMD is committed to providing you with full
peace of mind when it comes to your data. We adhere to the highest standards in the industry and continually review
guidance so you don’t have to.
The 10-Step Checklist
- Ensure your provider has an up to date Privacy Impact Assessment. These are reviewed by regulatory agencies for
adequacy of procedures and controls in place. It’s a good starting point to make sure they are engaging at this level
with regards to privacy.
- Ask for their Health Information Privacy & Security Manual… and read it! Here you can find basic information on
how they approach privacy and security.
- Ensure they have never experienced a data breach before. A clean track record is an important data point that can
indicate whether there have been issues in the past and what remedial action was taken.
- Find out if their systems have been tested for vulnerabilities by an Independent 3rd Party (this includes
penetration tests). This provides a very useful and unbiased source of information regarding the strength of the
systems and controls.
- Talk with them about access controls and employee privacy training. Less is more and those who do have access
need to be trained.
- Find out if their systems are protected with multiple layers of security (i.e. 2FA). Only people who need to see
or enter data should be able to do so.
- Ask if they use their own servers and local infrastructure. Local storage on owned servers can add significant risk
factors versus cloud infrastructure.
- Determine what procedures are in place for destroying confidential data. Both you and those who you contract with
are liable for data breaches.
- Ask for proof of insurance which can help absorb some of the costs incurred in the event of a breach. At a
minimum they should have:
a. Cyber insurance coverage (>$2mm)
b. Errors and Omissions coverage (>$2mm)
- How will they be receiving and processing your data? All bases need to be covered, whether it’s directly integrating
with an EMR, secure remote access, secure email / fax or otherwise.
Check out the Alberta HIA
for more information on regulations and best practices.
ResolvMD is Built on Secure Frameworks from End-to-End
A unique link is sent directly to each physician to create a profile. During the onboarding, secure digital signatures
are used and payment information is captured through Stripe - the leading payment services provider - and not held by
To access any parts of our system, a strong password is required and paired with two-factor authentication for layered
All of your data is stored within Canada and is encrypted in transit via HTTPS and at rest (256-bit AES encryption).
Providers We Work With
ResolvMD relies on some of the largest providers of technology services in the world. These entities set the standard
for privacy and security.