Category Archive Uncategorized

PIPEDA – Canada’s Version of HIPAA

If you’re here, you’re likely already familiar with HIPAA. But did you know that the act created to establish a set of national standards for protecting health information has a Canadian counterpart called the PIPEDA, or the Personal Information Protection and Electronic Documents Act? While both laws are designed to protect consumer data from being accessed by unauthorized third parties, there are some critical differences between the two. We’ll look through all those similarities and differences in this article. 

What is PIPEDA?

PIPEDA is Canada’s version of HIPAA, and it is broader than HIPAA, covering more than just health information. It also includes banking, telecommunications, and other industries where personal data can be collected or stored. 

PIPEDA’s mission is to ensure that organizations are responsible and accountable for protecting all data collected, regardless of province, industry, or kind. Individuals also have the right to privacy over their information. They need to be able to view any information an organization collects and have the right to appeal the validity of the collected data. 

Organizations must be transparent during the collection process when obtaining this information and explain why it’s collected and how the organization will use it.

It is important to note that each province may additionally have its own laws, rules, and regulations regarding the gathering of this data.

PIPEDA’s 10 Main Principles

While HIPAA has its own principles for the collection, storage, and destruction of personal data, PIPEDA mandates:

  1. An organization is held responsible for personal information under its management and must choose a designated individual or small team to manage the organization’s PIPEDA compliance. This information includes all data shared with third-party processors.
  2. An organization will explicitly state when personal information is being collected at the time of its collection.
  3. Individuals must give their permission to have that information collected, used, or disclosed unless such action is unjustified.
  4. The organization will only collect the minimal amount of personal information required for their stated purposes.
  5. There is complete transparency over the use of that personal information. It cannot be utilized or disclosed for any other reason than for which it’s collected unless the individual gives consent (as required by law). After being collected, this information is stored only for as long as necessary to achieve the stated intended purpose.
  6. Personal information must be accurate, comprehensive, and up to date for the purpose for which it is being used.
  7. Personal information must be safeguarded by security measures that are appropriate to the information’s sensitivity level.
  8. An organization must be accessible and willing to provide individuals with information about its policies and procedures that pertain to how personal information is handled.
  9. An individual has the right to access, on request, the existence, use, and disclosure of their personal information. An individual has the right to correct and verify any inaccurate or incomplete information disclosed to them.
  10. If an individual has a concern over how their information is being used, they can address that issue with those responsible for the organization’s PIPEDA compliance.

What is HIPAA?

On the other hand, HIPAA is primarily concerned with health information and only covers certain entities such as healthcare providers and their related organizations (e.g., billing companies, health plans, pharmacies, etc).

Under HIPAA, any business that handles personal data must follow specific procedures outlined in the bill. The legislation establishes stringent standards that must be met by any organization engaged with personal data to safeguard patients and allow businesses to make informed judgments based on that information. 

The collection, use, and sharing of health information in the United States is also covered by state laws. Still, when any data is sent outside the country, it is no longer protected under HIPAA.

HIPAA Main Principles Overview

The HIPAA Act includes similar principles to PIPEDA. Including respecting individuals’ privacy, protecting the confidentiality/security of health records, disclosing only limited data without a patient’s consent or authorization (except in certain situations), providing patients with access to their medical records upon request & waiving fees when patients themselves request records.

HIPAA also allows individuals who believe there has been an invasion of privacy or unauthorized use of their protected health information (PHI) to file suit against the violator.

What Information is Protected By Each Law?

Protected Health Information (HIPAA) 

HIPAA covers any individually identifiable health information held or transmitted by a covered entity (or its third-party associate) in any form or medium, whether electronic, on paper, or oral. These types of personal information can include:

  • Names (Full or last name and initials)
  • Addresses
  • Dates directly related to identity or service provided
  • Contact Information (phone & fax numbers, email addresses)
  • Social Security numbers
  • Medical record information (including account numbers and personal & beneficiary health insurance information)
  • Certification/license numbers
  • Vehicle identification information (including license plate numbers)
  • Device identifiers and serial numbers
  • Web Uniform Resource Locators (URLs)
  • Internet Protocol (IP) address numbers
  • Biometric identifiers (finger, retinal, and voice prints)
  • Full-face photos and all comparable images
  • Any other unique identifying characteristics or numbers

Personal Information (PIPEDA)

The definition of personal information under PIPEDA is broader than that provided by HIPAA. The term “personal information” refers to any data that, on its own or when linked to other data, may identify you:

  • Demographic information (including name, age, social security & identification numbers, nationality, race, ethnicity, and marital status)
  • Contact information (phone & fax numbers, and email address)
  • Financial information (income, banking, credit & loan records, and any merchant & consumer disputes)
  • Medical information (history, DNA identifiers, blood type, and any records and personal data)
  • And personal history information (educational, employment, disciplinary actions, evaluations, intentions, opinions, or comments)

How are HIPAA and PIPEDA alike?

Both laws govern how organizations can collect and use personal data from individuals or customers for business purposes.

Each also sets guidelines around how information should be protected throughout its lifespan. Including when it’s being collected/used by an organization, kept in storage, and once it has been destroyed.

Both HIPAA and PIPEDA require organizations to be accountable for the personal data they have under their management.

And, both laws state that individuals must consent before an organization can collect, use, or share any of their information unless it’s legally required (HIPAA) or doing so is unjustified (PIPEDA).

How are they different?

HIPAA is a national law in the United States. Therefore it only applies to organizations located within the U.S. or those doing business with American consumers while operating outside of America (e.g., Canadian healthcare providers).

The most significant difference between HIPAA and PIPEDA, however, lies more in what each act protects. HIPAA’s primary concern is protecting health information, while PIPEDA focuses on all types of personal data, including health information.

PIPEDA also covers information uploaded directly by individuals and not just reported by an entity.

HIPAA is also more specific about the types of entities it applies to, whereas PIPEDA covers a larger spectrum of organizations that collect or use personal data.

Who does PIPEDA apply to?

PIPEDA applies to organizations that collect or store personal information to provide commercial services and focus on all types of personal data, including healthcare records.

Commercial activity” is defined as conducting any act or transaction that is regularly considered commercial in nature, including bartering, leasing, and selling. 

PIPEDA protects the privacy of all Canadians, and it’s important to know that these laws apply in any industry when  the individuals involved are engaging in commercial services. Covered entities include private organizations like businesses or non-profit organizations, and they can also be government agencies such as ministries with jurisdiction over various areas–like health care delivery or labor relations legislation.

In comparison to HIPAA, which more specifically applies to healthcare providers and their related organizations, PIPEDA has a broader range of organizations under its jurisdiction.

Who are Canadian Health Custodians?

Doctors, nurses, hospitals, homes for special care, pharmacies, medical laboratories, local medical officers, ambulance services, community & long-term care centers (nursing homes), mental health programs (insurance programs), and the Ministry of Health are all considered Custodians.

Custodians of personal data operating in Ontario have additional obligations under the Personal Health Information Protection Act (PHIPA) on how to protect the data they collect on their clients or patients.

The difference between the PHIPA and PIPEDA is that PIPEDA (a federal law) applies to any company that collects, uses, and discloses personal information while engaging in commercial activities. In contrast, the PHIPA (a provincial law) applies to health custodians who collect, use, and disclose personal health information regardless of whether or not they conduct commercial activities.

PIPEDA’s provisions continue to apply to all commercial activities involving the transfer of personal health information between provinces and territories, as well as international information transfers.

To Recap: 

Both PIPEDA and HIPAA define “personal information” somewhat differently, but both play their roles in safeguarding confidentiality, trustworthiness, and accessibility. 

Because these laws interact internationally where personal data crosses borders, it would be worthwhile for organizations operating in more than one country — especially those who collect medical records electronically at home and abroad — to make sure they understand all policies governing their collecting & handling sensitive customer information.

While the list of criteria is long, there are many solutions and strategies to guarantee that you meet the standards for both and ensure that your business is 100% PIPEDA compliant.

Why Does Your Business Need an Online Presence?

In the digital age, it is absolutely essential for your business to have an online presence. Whether it’s a website, an e-commerce platform, a social media page or a combination of all three, getting your company online will reap major benefits. Even if your company does not conduct business online, customers and potential customers are expecting to see you online. If they don’t see you there, you could be losing out on the opportunity to increase your customer base and get the word out about your business.

Here are just a few of the many reasons why your business needs to establish its online presence:

Make it Easier for Potential Customers Come to You

Today, if someone wants more information about a company, they’re most likely to do their research online. Whether they’re specifically looking for your company, or they just want to find any company that offers the products or services that your company offers, having an online presence will give you a competitive edge. Potential customers will not put a lot of effort into finding you, and they should not have to. A simple Google search should provide them with all the information they seek.

Real life example: Your business distributes seafoods, meats, fine wines and other spirits. A potential customer is having an impromptu family get-together and needs a few bottles of Cabernet Sauvignon and some shrimp. She uses her smartphone to search for “wine and seafood in Jamaica”. Your company’s website is listed in the search results. After browsing your website, she’s satisfied that you can provide her with what she needs. You’ve just earned another customer!

Make it Easier to Showcase Your Products and Services

The Internet gives businesses an effective platform for showcasing what they have to offer. Whether it’s a portfolio and testimonials from clients on a website, or an album on a Facebook page with photos of your newest products, it has never been easier to let the world know what you have to offer. With a few simple clicks, your customers can see what you’re all about. They can even do this outside of business hours! An online presence is an extension of your brand that never sleeps.

Make it Easier to Build Relationships with Customers and Potential Customers

Social media is all about building relationships. This is true for both individuals and businesses. Social media gives your brand a voice – it makes your company more “human” and relatable. Customers and potential customers can interact with your brand on a more personal level. It also gives you the opportunity to truly get to know your customers. If everyone is on social media except you, you are missing out on an invaluable opportunity to connect and communicate with your target audience. Social media is one of the simplest, yet most effective ways to get persons interested in your company and to form real relationships with real people.

Make it Easier to Market Your Brand

Websites and social media platforms are excellent marketing tools. They are also some of the most cost effective methods of sending out information to thousands of people. Online marketing is extremely important for all businesses because it has a huge influence on the way consumers make purchasing decisions. Moderns consumers have even indicated that they look at companies in a negative light if they cannot find them online. Using the internet for marketing purposes allows you to overcome distance barriers. Persons thousands of miles away can be learning all about your business with just a few keystrokes. The “shareability” of social media allows your customers to easily spread the word about your business to all their friends. Ultimately, online marketing gives you the opportunity to market your brand in creative and exciting ways.

Modern businesses must ensure that they are not left behind. An online presence is one of the most important investments that a business can make. The benefits are endless!

Echoplex Group specializes in graphic design, website development, ecommerce and social media management for clients throughout the Waterloo region and beyond. We provide distinctive quality and creativity, backed by unparalleled customer service and support to clients both locally and internationally. We exhibit irreproachable ethical standards and strive to gain the respect and trust of our valued clients, suppliers, partners and peers in the industry.

For more information on how we can help your business build its online presence, please contact us. We’d love to chat!

Open Source Software for Business — yes, you guessed it — big business.

According to Gartner, businesses will likely spend $503 billion on enterprise software in 2020, 10.5 percent more than last year. With business application expenses taking an ever-larger share of their IT budgets, many organizations are looking for ways to cut costs, and that leads many to consider open source software. In fact, a survey conducted by Black Duck Software found that 65 percent of companies were increasing their use of open source software in 2020.

Thanks to their lower licensing costs, many open source applications offer lower total cost of ownership than similar proprietary software. Open source business software also offers other benefits, such as the ability to customize the source code to meet a company’s exact needs. In addition, many of the best open source applications offer features that can’t be duplicated by closed source applications, and some feel that open source offers better security because of the number of people involved in writing and revising the code. Open source also helps organizations avoid vendor lock-in.

The open source community has created literally hundreds of applications for business users, and as with proprietary software, the quality of this software can vary greatly. For this slideshow, we’ve selected twelve of the most popular and well-known open source applications for businesses. They come from a variety of categories, including enterprise resource planning (ERP), customer relationship management (CRM), project management (PM), business intelligence (BI) and business server software. Many of the organizations behind these projects also offer paid support and services for organizations that would like to purchase them.