Trust & Compliance
Paige is built with healthcare compliance at its core. We maintain the highest standards of security and regulatory compliance to protect your practice and patients.
PHIPA ComplianceFull compliance with Ontario's Personal Health Information Protection Act
- Encrypted data transmission and storage
- Access controls and audit logging
- Patient consent management
- Data retention and disposal policies
- 24-hour breach notification protocols
CRPO StandardsAligned with College of Registered Psychotherapists of Ontario requirements
- Professional documentation standards
- Clinical record keeping requirements
- Supervision and oversight protocols
- Continuing education compliance
- Professional boundary maintenance
SOC 2 Type IIThird-party audited security and operational controls
- Security controls and monitoring
- Availability and performance standards
- Processing integrity verification
- Confidentiality safeguards
- Privacy protection measures
Healthcare Data SecurityEnterprise-grade security measures for protected health information
- AES-256 encryption at rest and in transit
- Multi-factor authentication
- Role-based access controls
- Regular security assessments
- Employee background checks
Data Handling & Protection
Every stage of data handling follows strict healthcare compliance protocols
1Collection
Data is collected only with explicit consent and for defined therapeutic purposes
- Clear consent forms and processes
- Purpose limitation enforcement
- Minimal data collection principles
- Patient right to withdraw consent
2Processing
All data processing follows strict healthcare compliance protocols
- Encrypted processing environments
- Access logging and monitoring
- Data minimization practices
- Regular compliance audits
3Storage
Secure storage with healthcare-grade encryption and access controls
- AES-256 encryption at rest
- Geographically distributed backups
- Access control matrices
- 10-year retention compliance
4Disposal
Secure deletion and disposal following healthcare regulations
- Cryptographic erasure protocols
- Physical media destruction
- Disposal certification
- Audit trail maintenance
Regulatory Framework
Cross-Border Data Processing
When using AI services that process data outside of Ontario, explicit patient consent is required under PHIPA regulations.
- Clear consent forms for AI processing
- Business Associate Agreements with AI providers
- Data processing location transparency
- Right to opt-out of cross-border processing
Audit & Documentation
Comprehensive audit trails and documentation support regulatory compliance and professional oversight requirements.
- Complete access logging
- Data modification tracking
- Compliance reporting tools
- Professional supervision support
Incident Response & Breach Notification
In the unlikely event of a security incident, we follow strict healthcare breach notification protocols as required by PHIPA.
Questions About Our Compliance?
Our compliance team is available to answer questions about our security measures, regulatory compliance, or data handling practices.