Important Notice
Please check if MediSign is compliant with regulations applied in your country before using the application. While MediSign adapts to many regulations as time passes, it is not yet compatible with all of them.
Indicative List of Regulations for EHR Applications by English-Speaking Country
This list serves as a guideline and is not exhaustive. It is important to verify the current and specific regulations applicable in each country as they may change or have additional requirements.
- United States
- United Kingdom
- Canada
- PIPEDA (Personal Information Protection and Electronic Documents Act)
- Applicable Provincial Regulations (varies by province, e.g., Ontario’s Personal Health Information Protection Act)
- Australia
- New Zealand
- Ireland
- Cyprus
- South Africa
- POPIA (Protection of Personal Information Act)
- Philippines
- Data Privacy Act of 2012
- India
- IT Rules 2011
- Personal Data Protection Bill (once enacted)
- Singapore
- Jamaica
- Data Protection Act 2020
- Barbados
- Data Protection Act 2019
- Trinidad and Tobago
- Data Protection Act 2011
At a Glance
MediSign is registered with the Information Commissioner’s Office (ICO). Registration reference: ZB011445.
MediSign is compliant with:
- General Data Protection Regulation (GDPR)
- Data Protection Act 2018
- PDPA (Personal Data Protection Act)
MediSign has not yet received Health Insurance Portability and Accountability Act (HIPAA) certification but utilizes tools and frameworks that work in a compatible way:
GDPR
At MediSign, we prioritize the privacy and protection of our users’ personal data in accordance with the General Data Protection Regulation (GDPR).
MediSign is registered with the Information Commissioner’s Office (ICO). Registration reference: ZB011445.
Below is an overview of the key actions we undertake to ensure compliance with GDPR requirements:
1. Data Processing and Transparency
- Lawful Basis for Processing: We process personal data based on lawful grounds, including user consent, contract performance, legal obligations, and legitimate interests.
- User Consent: We obtain explicit consent from users before collecting and processing their personal data. Users can withdraw consent at any time.
- Transparency: We provide clear and concise information about our data processing activities through our Privacy Policy and user notifications.
2. Data Minimization and Purpose Limitation
- Data Minimization: We collect and process only the personal data that is necessary for the specific purposes outlined in our Privacy Policy.
- Purpose Limitation: Personal data is processed solely for the purposes for which it was collected, and it is not used in a manner that is incompatible with those purposes.
3. Data Subject Rights
- Right to Access: Users can request access to their personal data and obtain a copy of the data we hold about them.
- Right to Rectification: Users can request corrections to their personal data if it is inaccurate or incomplete.
- Right to Erasure: Users can request the deletion of their personal data under certain circumstances, such as when the data is no longer needed for the original purpose.
- Right to Restrict Processing: Users can request the restriction of data processing under specific conditions.
- Right to Data Portability: Users can request the transfer of their personal data to another organization in a structured, commonly used, and machine-readable format.
- Right to Object: Users can object to the processing of their personal data based on legitimate interests or direct marketing purposes.
4. Data Security and Integrity
- Technical and Organizational Measures: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, and access controls.
- Data Breach Notifications: In the event of a data breach, we promptly assess the impact and notify the relevant supervisory authority and affected users as required by GDPR.
Please visit our Security Page.
5. Data Retention
- Retention Policy: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our data retention policy.
- Regular Review: We regularly review our data retention practices to ensure compliance with GDPR requirements.
6. Third-Party Processors
- Due Diligence: We conduct thorough due diligence on third-party processors to ensure they comply with GDPR requirements.
- Data Processing Agreements: We have data processing agreements in place with all third-party processors to ensure they handle personal data in compliance with GDPR.
For secure data storage, we use Amazon Web Services, which are compatible with the GDPR standard. See more here. See also the privacy policy for services we use such as Mailgun for sending emails, Stripe, and Paypal for online payments.
Data Protection Act 2018
At MediSign, we are committed to protecting personal data in accordance with the UK’s Data Protection Act 2018. Here are the key measures we implement to ensure compliance:
1. Data Processing Principles
- Lawfulness, Fairness, and Transparency: We process personal data legally and transparently, with clear information provided in our Privacy Policy.
- Purpose Limitation and Data Minimization: We collect data for specified purposes only and ensure it is adequate and relevant.
2. Individual Rights
- Right to Access and Rectification: Users can request access to and correction of their personal data.
- Right to Erasure: Users can request deletion of their data when it is no longer necessary.
- Right to Restrict Processing and Object: Users can limit processing and object to certain types of data use.
- Right to Data Portability: Users can receive their data in a commonly used format.
3. Data Security
- Technical and Organizational Measures: We use encryption, access controls, and regular security assessments to protect personal data.
- Data Breach Response: We have procedures to promptly respond to data breaches and notify relevant authorities and affected individuals when necessary.
Please visit our Security Page.
4. Accountability and Governance
- Data Protection Impact Assessments (DPIAs): We conduct DPIAs for high-risk processing activities.
- Record Keeping: We maintain detailed records of data processing activities.
5. Third-Party Processors
- Due Diligence and Agreements: We ensure third-party processors comply with the Act through thorough due diligence and data processing agreements.
PDPA (Personal Data Protection Act)
At MediSign, we are committed to protecting the personal data of our users and ensuring compliance with the Personal Data Protection Act (PDPA). We have implemented comprehensive data protection measures to safeguard the privacy and security of personal data processed through our Electronic Health Record (EHR) solution.
- Appointment of a Data Protection Officer (DPO):
- We have appointed a dedicated Data Protection Officer responsible for overseeing and ensuring our compliance with PDPA requirements. Our DPO regularly reviews our data protection policies and practices to ensure they align with legal obligations and best practices.
- Transparent Data Collection and Use:
- MediSign collects and processes personal data only with explicit consent and for legitimate purposes. We ensure that our users are informed about how their data is collected, used, and shared, and we offer clear options to manage their privacy preferences.
- Robust Security Measures:
- We employ industry-standard security technologies, including encryption, access controls, and regular security audits, to protect personal data from unauthorized access, use, or disclosure. Our infrastructure is designed to maintain the confidentiality, integrity, and availability of personal data at all times.
- Data Protection Impact Assessments (DPIA):
- We conduct regular Data Protection Impact Assessments to evaluate the risks associated with our data processing activities and implement effective strategies to mitigate identified risks. This proactive approach ensures that data privacy is integral to our operations and product development.
- Data Breach Response Plan:
- MediSign has established a comprehensive data breach response plan to address potential incidents promptly and effectively. In the unlikely event of a data breach, we are committed to notifying the Personal Data Protection Commission (PDPC) and affected individuals promptly and transparently.
- User Rights and Access:
- We respect and uphold our users’ rights to access, correct, and manage their personal data. Users can easily request access to their data or make corrections through our platform, ensuring transparency and control over personal information.
- Regular Training and Awareness:
- Our team receives regular training on data protection principles and PDPA compliance requirements. We foster a culture of privacy and data protection awareness, ensuring that every employee understands their role in safeguarding personal data.
- Commitment to Continuous Improvement:
- At MediSign, we are committed to continuous improvement and regularly review our data protection practices to ensure compliance with evolving legal standards and industry best practices.
For any inquiries or concerns about our data protection practices, please contact our Data Protection Officer.