Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            What data security and compliance measures does Colib offer?

            Created by Thibault Breboin, Modified on Thu, 31 Jul at 3:53 AM by Thibault Breboin

            Colib's security features protect your data at every level and meet your PHIPA, PIPEDA, LPRPSP, PIPA and La loi 25 (Québec) requirements.


            Colib is compliant with PIPEDA (Personal Information Protection and Electronic Documents Act), specifically in regard to the protection of Personal Health Information (PHI). In other words, we have implemented a series of technical and human security protocols, which include:

            • Hosting of all Data on Canadian Territory: All data is hosted within Canadian borders.
            • Encryption of Our Servers: Our servers are encrypted to ensure data security.
            • Website Encryption: Our website is encrypted, and all Personal Health Information is protected by practitioner user logins and passwords. It is decrypted with each page load for authorized access.
            • Annual Employee Training: We conduct annual training sessions for all company employees.
            • Clear Incident Handling Procedures: We have clear procedures in place to handle and report any suspicious or doubtful situations to our Chief Privacy Officer.



            Note about HIPAA compliance

            While Colib is a Canadian-based platform and not directly subject to HIPAA (the U.S. Health Insurance Portability and Accountability Act), we have implemented technical and organizational safeguards that align with key HIPAA requirements. These include:

            • Breach Notification Procedures: We have internal protocols in place for detecting, documenting, and reporting any unauthorized access to personal data, following processes similar to HIPAA breach notification requirements.

            • User Access Logs: Colib maintains detailed access logs for practitioner accounts, ensuring traceability of data access and activity within the platform. These logs are accessible at any time by the administrators of each clinic. 

            • Contingency and Incident Response Plans: We have well-defined incident response and business continuity plans, including clear escalation protocols and involvement of our Chief Privacy Officer.

            • Data Security by Design: Encryption, secure authentication, and privacy controls are implemented at every level of the platform, from data hosting in Canada to practitioner access.

            While HIPAA certification is not formally issued by any governing body, Colib follows best practices consistent with HIPAA standards and remains committed to supporting U.S.-based practitioners who require HIPAA-aligned safeguards.



            Breach Notification Procedures

            Colib has established internal protocols to detect, assess, and respond to any unauthorized access to Personal Health Information (PHI) or other sensitive data. These procedures include:

            • Detection and Monitoring
              Our systems use automated security monitoring tools to continuously track and analyze user activity across the platform. These tools help us detect anomalies such as irregular login attempts, unauthorized access, or unusual data flows.

            • Incident Documentation
              Every suspected or confirmed breach is documented in detail: time of detection, type of incident, data affected, systems involved, and steps taken. All logs are retained for audit and review purposes.

            • Risk Assessment
              We perform a structured risk assessment to determine the likelihood and severity of harm. This includes evaluating the sensitivity of the data, whether it was encrypted, and whether it was accessed or disclosed inappropriately.

            • Notification of Affected Individuals
              When applicable, we notify the individuals concerned with clear, timely communication that includes the nature of the incident, data involved, and suggested steps for protection.

            • Notification of Authorities
              In line with PIPEDA, La loi 25, and other applicable Canadian regulations, we notify regulatory authorities when an incident meets the threshold for reporting.

            • Corrective Measures and Prevention
              After an incident, we take corrective action such as adjusting system configurations, reinforcing internal procedures, and providing targeted employee retraining.

            • Oversight by Chief Privacy Officer
              The entire process is supervised by Colib’s Chief Privacy Officer, who ensures that our response complies with legal obligations and reflects best practices in privacy and data security.



            Visit our security page if you need more information:

            https://www.colib.io/Security



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0