Privacy Impact Assessment, Threat Risk Assessment, and Penetration Testing
We believe that data security and privacy is an ongoing function of a healthy business. We also know that you can’t just take our word for it. We have engaged an experienced external consultant to help us prove our systems are safe and secure.
MDBilling.ca has completed a rigorous Privacy Impact Assessment (PIA) and Threat Risk Assessment (TRA). The PIA looks to ensure that we are meeting or exceeding privacy rules set in Canada. We have passed the assessment and have installed policies and processes to ensure we maintain our compliance.
The TRA analyses our software to determine vulnerabilities and places where an attacker may be able to gain access to our systems. Using a third-party, we have performed penetration testing and gone through our platform to find vulnerabilities and mitigate any of these risks. As part of our assessment, we have implemented the following:
- Your data is hosted at Microsoft Azure, a secure and reliable data centre located in Ontario.
- Your data is encrypted both in transit and at rest.
- We conduct frequent vulnerability and malware scanning
- We have implemented two-factor authentication (2FA) for our clients. How do I enable this?
- We have implemented granular audit logs to see who has accessed your patient records.
- We have implemented an advanced Web Application Firewall (WAF).
Read more about our privacy and security practices.