Designed to Deliver you Peace of Mind

Protect Yourself from Liability

Healthcare information and personally identifiable information is the most sensitive data and is a high value target for hackers and other bad actors. Many physicians are not aware that they have direct liability for data leaks or breaches, even if it was caused by a service provider. If you hire an entity to manage or process your data, the burden of care lies with you to ensure they have adequate measures in place to manage the risks. You already have enough on your plate to worry about - don’t let data security be one of them. ResolvMD is committed to providing you with full peace of mind when it comes to your data. We adhere to the highest standards in the industry and continually review guidance so you don’t have to.

The 10-Step Checklist

1. Ensure your provider has an up to date Privacy Impact Assessment. These are reviewed by regulatory agencies for adequacy of procedures and controls in place. It’s a good starting point to make sure they are engaging at this level with regards to privacy.
2. Ask for their Health Information Privacy & Security Manual… and read it! Here you can find basic information on how they approach privacy and security.
3. Ensure they have never experienced a data breach before. A clean track record is an important data point that can indicate whether there have been issues in the past and what remedial action was taken.
4. Find out if their systems have been tested for vulnerabilities by an Independent 3rd Party (this includes penetration tests). This provides a very useful and unbiased source of information regarding the strength of the systems and controls.
5. Talk with them about access controls and employee privacy training. Less is more and those who do have access need to be trained.
6. Find out if their systems are protected with multiple layers of security (i.e. 2FA). Only people who need to see or enter data should be able to do so.
7. Ask if they use their own servers and local infrastructure. Local storage on owned servers can add significant risk factors versus cloud infrastructure.
8. Determine what procedures are in place for destroying confidential data. Both you and those who you contract with are liable for data breaches.
9. Ask for proof of insurance which can help absorb some of the costs incurred in the event of a breach. At a minimum they should have:
   a. Cyber insurance coverage (>$2mm)
   b. Errors and Omissions coverage (>$2mm)
10. How will they be receiving and processing your data? All bases need to be covered, whether it’s directly integrating with an EMR, secure remote access, secure email / fax or otherwise.

Check out the Alberta HIA and PIPEDA for more information on regulations and best practices.

ResolvMD is Built on Secure Frameworks from End-to-End

Secure Onboarding

A unique link is sent directly to each physician to create a profile. During the onboarding, secure digital signatures are used and payment information is captured through Stripe - the leading payment services provider - and not held by ResolvMD.

Secure Login

To access any parts of our system, a strong password is required and paired with two-factor authentication for layered access control.

Secure Storage

All of your data is stored within Canada and is encrypted in transit via HTTPS and at rest (256-bit AES encryption).

Providers We Work With

ResolvMD relies on some of the largest providers of technology services in the world. These entities set the standard for privacy and security.