Skip to main content
All CollectionsLegal Policies
MedMe Privacy Impact Statement
MedMe Privacy Impact Statement

How MedMe makes sure we are PHIPA-compliant

Nick Hui avatar
Written by Nick Hui
Updated over 4 months ago

This document outlines MedMe's PIPEDA and PHIPA-compliant infrastructure and protocols to ensure that patient data is stored and accessed securely.

Data Storage and Security

MedMe's back-end data infrastructure is built and stored using Amazon Web Services (AWS) cloud servers, ensuring PHIPA and PIPEDA compliance per specifications outlined in this white paper. This is the same infrastructure being used by the likes of world-renowned healthcare organizations such as the Canadian Pharmacist Association, 3M, and Thermofisher. In addition to ensuring that our servers are hosted within Canada across several provinces, we use the following measures to ensure that data is encrypted and safe, both at rest and during transit:

  • AWS NACL and Security Groups - Every single database request on MedMe’s platform must pass through these 2 firewalls to access the data. MedMe defines a set of IP addresses that are allowed to access our applications and database in these firewalls, as described here.

  • AES 256 - All EC2 instances and databases are encrypted with AES 256 at rest and in transit. The secrets are maintained by AWS Key Management Service and are cycled periodically by AWS.

  • AWS Certificate Manager - All requests and responses are sent over https(443) - the internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site adopted by most sites. Automatic redirect of http to https is enabled, and the SSL certificate is managed by AWS Certificate Manager.

MedMe uses Twilio for 1) Video Conferencing (P2P Rooms), 2) SMS Messaging (Programmable SMS), and 3) Emails (Sendgrid). Twilio does not store or access any of its customers' (MedMe) video calls (as per WebRTC security protocols which allows secure connection between two users) and SMS Messages (as MedMe stores them on AWS). Emails are stored by Sendgrid following SOC 2 Type II certificates. The only information we pass to Twilio are: the patient's first name, the pharmacist's first name, and consultation time.

User Access to Data

MedMe's data can be separated into 3 categories:

  1. Personal Information (PI)

  2. Personal Health Information (PHI)

  3. Analytics Data (de-identified system-level insights such as average consultation times and correlations between two fields)

PI and PHI stored on MedMe can only be accessed by the patient and their pharmacist or other legal data custodian associated with the pharmacy (i.e. pharmacy technician). Users of these groups must go through at least 2 levels of authentication to access the data:

  1. Patients must verify their phone number and health card number. 

  2. Pharmacists must provide the correct username, password, and verification code sent to their phone.

Analytics data is used by MedMe to improve the product and to provide system-level insights to our constituents for service improvements. This means the data cannot be accessed and is not used for the following:

  • Individual PI and PHI cannot be accessed and viewed by MedMe and its constituents (including its developers, 3rd-party software providers, contractors, and any other parties involved with MedMe's product and services), except for select members of our team (see Select Users below). In order to troubleshoot errors in software, our pharmacy clients must give explicit permission for MedMe to access the specific instance of the platform, and by extension, any related PHI

  • MedMe does not share and sell any PI and PHI to its customers, including: private organizations, academia, government bodies, and non-profit organizations.

  • MedMe will not directly engage with any patients or promote other services unless it is a part of the MedMe platform as confirmed by the pharmacy (i.e. consultation confirmation, reminders, post-consultation notes, etc.)

Organizational Procedures

MedMe employs the following internal protocols and procedures to ensure secure access to PHI stored on our production servers:

  • Select User Access - Only highly selected MedMe team members have access to the production databases, and therefore by extension, PHI. All team members are fully aware of responsibilities pertaining to this degree of access, go through annual security training, use company-secured devices, and have surrendered the following information available upon request: copy of passport, copy of government ID, and criminal record check.

  • Privacy Officer - Purya Sarmadi is MedMe's single point-of-contact for all privacy and security-related questions/concerns (anonymous). Purya is in charge of providing documents and presentations on ongoing compliance related topics (upon government requirements updates) to the team as well as all new hires

  • Select Laptops - Laptops used by Select Users (see above) are company property and fully controlled by MedMe via software with mandatory login credential requirements (i.e. new password every 6 months). All traffic can be monitored by MedMe, and all data on the laptops can be remotely wiped in case of theft. Select users must also use "Security Screens" in office (the content of the screen cannot be viewed from a side angle).

  • Segregated Networks - MedMe's production network is completely segregated from regular internal networks and can only be accessed by Select Users (see above) through Select Laptops (see above) differentiated by serial number. Select Users must use a secured VPN when accessing the production network outside of the office network.

  • Changes to Production Environment - all change requests to the production environments (i.e. databases, servers, microservices, codebase, etc.) require sign-offs from the Privacy Officer and the CTO

  • Accidental PHI leaks by clients - When clients accidentally share PHI to any MedMe team member through email, text, or by any other means, a specific procedure is followed to destroy all PHI that was leaked and educate the client to prevent repeating the same mistake.

Incident Detection and Response

In addition to compliance with PHIPA/PIPEDA best practice guidelines, we have further strengthened our incident detection and response. MedMe implements the Detection, Containment, and Iteration gold standard protocols as set by the National Institute of Standards and Technology. This includes the following services to audit and track access to our databases and detect potential breaches:

  • AWS CloudTrail - Monitors and logs all activity that takes place in MedMe's AWS account (i.e. authenticate users with AWS Cognito, read or upload files from Amazon S3 servers)

  • AWS Config - Monitors all the configurations in place and notifies MedMe if there are any changes in the configurations (i.e. new IP addresses added to the firewalls)

  • Amazon CloudWatch - Monitors all the resources and application logs and triggers an alarm if there is any unusual activity (i.e. it triggers an alarm if the application is down or any data is deleted from the database). It maintains all the application logs and can be used in audits by regulatory bodies

  • VPC Flow Logs - Records all the traffic going to and from our virtual private cloud

  • Amazon GuardDuty - A threat detection service that continuously monitors for malicious activity and unauthorized behaviour in our databases and workloads

In the case of a security breach, MedMe employs the following protocols to ensure that the breach is immediately contained and further damage is prevented:

  • Installing patches to resolve viruses and technology flaws to prevent additional servers from becoming exposed

  • Resetting passwords for user accounts that may have been compromised and advising users to change other accounts on which they use the same password.

  • Disabling network access for computers known to be infected by viruses or other malware so they can be quarantined, and blocking the accounts of users that may have been involved in the data breach

  • Recalling/deleting information such as recalling emails, asking unintended recipients to destroy copies, and/or disabling erroneous links

  • System shutdown, as a last resort, to completely eliminate any possibility for a further data breaches in cases where we are unable to immediately identify the impact and extent of the breach

After containment, MedMe conducts the following analysis to mitigate and prevent future data breaches:

  • Evidence gathering - MedMe identifies all the information that has been compromised and traces the data breach to help with auditing procedures and feed into the Incident Post-mortem.

  • Eradication - MedMe eliminates all components of the incident, such as deleting malware and disabling breached user accounts, as well as identifying and mitigating all vulnerabilities that were exploited

  • Incident Post-mortem - MedMe conducts a full post-mortem analysis to summarize lessons learned from the breach, replicate the breach, identify the root causes of the breach, and implement measures/changes to the platform to prevent further similar breaches

If there are any questions about this Privacy Statement, please reach out to our Privacy Officer and CEO - Purya Sarmadi - at purya@medmehealth.com

You can also view our Privacy Policy, or request our SOC2 Type II report upon request.

Did this answer your question?