Trust & Security

We built OpsMed knowing that earning trust is harder than building technology. Here's exactly how we protect your clinic's data.

PHIPA Agent Framework

OpsMed operates as an "agent" under PHIPA s. 17, acting on behalf of health information custodians (physicians). This classification drives every compliance obligation we meet.

Written Agent Agreement

Every clinic engagement starts with a formal PHIPA agent agreement reviewed by Ontario health privacy counsel, defining permitted purposes, breach notification, data handling, and audit rights.

Azure Canada Central

All personal health information is stored and processed exclusively in Azure Canada Central (Toronto). No cross-border transfers. No exceptions.

AES-256 Encryption

Data encrypted at rest with AES-256 and in transit with TLS 1.2+. Encryption keys managed through Azure Key Vault with strict access controls.

Full Audit Logging

Every PHI interaction is logged: date, time, user, data accessed, modifications. Logs are immutable and available for custodian audit on request.

No PHI Training

Your clinic's personal health information is never used to train AI models. This commitment is contractually guaranteed in every agent agreement.

Breach Response

Documented incident response plan with PHIPA notification cascade: OpsMed notifies custodian immediately, custodian notifies individual and IPC per O. Reg. 224/17.

Compliance Checklist

Separating legal requirements (PHIPA-mandated) from best practice expectations so you know exactly where we stand.

Tier A — Legal Requirements

  • PHIPA agent agreement (s. 17)
  • Breach notification procedures
  • PHI used only for permitted purposes
  • Reasonable safeguards standard met
  • Confidentiality agreements for all staff with PHI access
  • Data return/destruction upon termination

Tier B — Best Practice / Procurement

  • Canadian data residency (Azure Canada Central)
  • AES-256 at rest, TLS 1.2+ in transit
  • Multi-factor authentication
  • Role-based access controls (least privilege)
  • Privacy Impact Assessment
  • Business continuity & disaster recovery plan

Backed by CyberLeda

OpsMed's security infrastructure is built and maintained by CyberLeda, a cybersecurity-focused managed services provider serving businesses across Ontario's Golden Horseshoe.

This isn't a bolt-on security partnership — it's the same team, the same infrastructure, the same standards we apply to every business we protect. When you work with OpsMed, you get enterprise-grade cybersecurity as a structural advantage.

Request Our Trust Kit