Act Respecting the Protection of Personal Information in the Private Sector (APPIPS)
For private practitioners in Québec, the Act Respecting the Protection of Personal Information in the Private Sector
(APPIPS) will be of relevance. It is private sector law that has been deemed “Substantially Similar” to PIPEDA
Owl and APPIPS
Practices have a number of responsibilities under APPIPS
, and here we’ve listed some of the ways Owl helps you meet these expected duties and responsibilities:
- A person carrying on an enterprise must take the security measures necessary to ensure the protection of the personal information collected, used, communicated, kept or destroyed and that are reasonable given the sensitivity of the information, the purposes for which it is to be used, the quantity and distribution of the information and the medium on which it is stored: At Owl, we use bank-level encryption (SSL) to encrypt all data that moves between our secure and dedicated servers and the device and browser on which a clinician accesses their Owl Practice account. Data that is encrypted between our secure and dedicated servers and the device and browser on which a clinician accessing their Owl account is done using SHA256 with RSA. We continuously test our systems to ensure all of our encryption layers have the most up-to-date patches for any vulnerabilities that surface over time (example: Heartbleed/CVE-2014-0160).
- Every person carrying on an enterprise who holds a file on another person must, at the request of the person concerned, confirm the existence of the file and communicate to the person any personal information concerning him: Finding all the information and documents you need to supply to an individual in this situation is easy, thanks to extensive export options that make exporting Client information out of Owl simple. Notes can be exported from the Client profile, all financial and Client data can be exported and individual historical receipts and invoices can also be downloaded. Exports of secure messages are not currently possible, but Clients already have access to this information through their Client Portal.
Other acts that may be potentially relevant to clinics in Québec are:
The Commission d’accès à l’information can be reached through the contact details on this website