A comprehensive guide on how Dermi Atlas Professional features support Canadian healthcare practices in meeting PIPEDA, PHIPA, and other provincial privacy obligations.
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to private-sector organizations collecting personal information. Additionally, provinces like Ontario (PHIPA), Alberta (HIA), and Quebec (Act Respecting the Protection of Personal Information in the Private Sector) have specific health privacy laws.
This guide explains how Dermi Atlas Professional features support compliance with these Canadian privacy frameworks.
Under Canadian privacy laws, the healthcare provider is typically the "Health Information Custodian" (HIC) or "Trustee."
Dermi's Role: Dermi acts as a software vendor. Because Dermi Atlas Professional is self-hosted, Dermi Inc. does not have custody or control of your patient's personal health information (PHI). Your practice remains the sole custodian.
Dermi Atlas Professional provides tools that align with the core principles of PIPEDA:
Feature: Consent Management
Dermi Atlas Professional includes a configurable consent workflow. You can set the system to "Require" or "Recommend" consent before images are uploaded.
Feature: Security Architecture
The system provides technical safeguards appropriate to the sensitivity of health information:
Your feedback helps us improve our documentation
Contact our support team for personalized help
Feature: Audit Trails
To demonstrate accountability, the system maintains detailed logs of who accessed or modified patient data. This is critical for responding to patient inquiries or privacy commissioner investigations.
Feature: Export Capabilities
If a patient requests access to their medical images, Dermi Atlas Professional allows you to:
PHIPA requires custodians to take reasonable steps to ensure that personal health information is protected against theft, loss, and unauthorized use. Dermi Atlas Professional's local storage model and audit logging features directly support these requirements by keeping data off third-party clouds and tracking all access.
These jurisdictions have stringent requirements regarding information location and safeguards. Since Dermi Atlas Professional data resides on your physical hardware within your clinic, it mitigates cross-border data transfer concerns often associated with US-based cloud services.
Canadian privacy laws typically require reporting breaches that create a "Real Risk of Significant Harm" (RROSH).
How Dermi Atlas Supports Response:
If a device is lost or a user account is compromised, the Dermi Atlas Professional audit logs help you assess the scope of the breach to determine if it meets the reporting threshold. You can verify exactly which records were viewed or downloaded during the compromised session.
To maximize privacy compliance when using Dermi Atlas Professional:
Disclaimer: This document provides technical guidance on software features. It is not legal advice. Practices should consult with a privacy officer or legal counsel regarding specific obligations.