Share this page:

Share
Share
Print Email
  1. Forum
  3. Communities
  5. Cybersecurity
  7. Regulation and certification process

question-circle Regulation and certification process

  • Posts: 9
2 years 11 months ago #6906 by Ann-Marie Westgate
Replied by Ann-Marie Westgate on topic Regulation and certification process
Good afternoon, each province and territory will have its own certification process.

Many jurisdictions recognize and require vendors to have an Information Security Management program that aligns with known standards, such as ISO/IEC 27001 or NIST. You may need to obtain third party validation of your security program. As a service provider, providing an independent SOC2 report can give additional assurances.

For cloud services, many jurisdictions will reference the Cloud Security Alliance cloudsecurityalliance.org/ and you may be asked to complete documentation of your controls against the CSA framework. Data residency will be a consideration, so as a cloud vendor it is important to know which regions the data is stored, including temporary storage.

Additionally, you may wish to reference the following document which covers Privacy and Security Requirements and Considerations for Digital Health Solutions including cloud-based services.

It is available in English:
www.infoway-inforoute.ca/en/component/edocman/resources/technical-documents/architecture/2154-privacy-and-security-requirements-and-considerations-for-digital-health-solutions

And in French:
www.infoway-inforoute.ca/fr/component/edocman/ressources/documents-techniques/architecture/2155-enjeux-et-exigences-de-securite-et-de-protection-des-renseignements-personnels-des-solutions-de-sante-numeriques?Itemid=189

Please Log in or Create an account to join the conversation.

  • Posts: 1
3 years 4 days ago #6838 by Julia Alcaz
Regulation and certification process was created by Julia Alcaz
Good day dear Community.

I am looking for general information on the certification process and requirements for digital health software.

Our company created a platform (dashboard) that integrates with existing hospital's EHR and core IT systems to provide retrospective, prospective and predictive analytics – at both management and frontline staff level.

As we are moving it on Cloud, the Quebec Regulatory body is asking us to obtain their certification to insure that Personal Identifiable Information (PII) and PHI are well respected.

From a first glance the requirements are very similar to ISO 27001.

While is pretty clear the certification and regulation procedures in Quebec province, I am looking to find more information on other provinces certification requirements.

I hope somebody can guide me to find the right source of information and the regulatory body that is governing this process in your province.

Thanks

Please Log in or Create an account to join the conversation.

  1. Forum
  3. Communities
  5. Cybersecurity
  7. Regulation and certification process

InfoCentral logo

Improving the quality of patient care through the effective sharing of clinical information among health care organizations, clinicians and their patients.

Contact Us