“…About Your PHR”: A Response
A little over a month ago a post, written by Michael Martineau and Michael Power, was published on this blog (as well as eHealth Musings and ITWorld Canada) entitled “Dear McGill University Health Centre … About Your PHR”. Shortly after it appeared, the authors were contacted by Philippe Panzini, Chief Technology Officer at MEDICAL.MD EHR INC., the company which developed and operates Unani. Mr. Panzini responded with the following letter and we think it merits publication – if only to indicate that the company does indeed take privacy and security very seriously. We weren’t expecting this and Mr. Panzini is to be commended not only for the letter but also the indicated actions.
We, Medical.MD EHR INC, would like to extend to you our appreciation for taking the time to look at Unani in detail, and to write this informative letter. As you may know, we are the developers and distributors of Unani as well as the website managers for www.unani.ca.
We have put great care into the conception of Unani, and we will continue to do so for the entire lifespan of this service. The core concept of Unani being a PHR designed with the needs of the public in mind, our priorities are entirely governed by the goal of meeting our users’ expectations.
With respect to our hosting services, we have entered into written agreements with reputable IT suppliers, which contain confidentiality provisions and provisions to ensure that the information collected via Unani is used solely for performing the hosting contracts.
In particular, we have entered into an agreement with a Canadian IT supplier to host and support Unani by the end of this year, in the Province of Québec and in the rest of Canada. The information relating to Canadian users will be collected and held on servers located in Canada.
Unani will continue to operate as a world-wide service provider, using various hosting facilities throughout the world, in accordance with the applicable legislation. Before releasing our users’ information to any foreign suppliers, we will ensure that such information will receive an equivalent protection as that granted under Canadian privacy laws.
Until the services of our Canadian IT supplier are made available later this year, all accounts of Unani users, regardless of their geographical origin, will be hosted by a well-known, reputable IT facility located in the Republic of Ireland. Once the Canadian hosting platform is available, all existing and future accounts belonging to Canadian residents will be hosted by the Canadian service, on Canadian territory. The migration of the existing Canadian residents’ accounts will be done transparently, and no trace will remain on the foreign hosting service.
In addition, we would like to share with you the following details regarding Unani:
- Through a very simple, two-click procedure, our users can delete their account, and all of their data, without any backup copy being kept by us. Deleted accounts are no-longer recognized by our system.
- To further improve on the confidentiality of data storage, we keep in separate databases the users’ demographic information, from their medical data. Both databases being encrypted.
- We regularly retain the services of an independent security firm to audit our source code and to conduct database penetration tests.
We hope you will find these precisions satisfactory, and we invite you to maintain your interest in Unani. This project has only begun, and we are planning the release of many exciting features for our users in the course of the upcoming months.
For any additional enquiries, please do not hesitate to contact our Privacy Officer at the following address :
Medical.MD EHR Inc. 1035 Laurier Avenue West, Suite 100, Montreal, QC H2V 2L1, Canada
Chief Technology Officer
MEDICAL.MD EHR INC.