Your patient data is handled with care.
Your data is kept separate, every action is logged, and your team reviews the setup with us before anything goes live.
Demo data and your real patient data never mix. We can scope Canadian hosting and data residency before you launch.
Access, reviews, and workflow events are recorded. Roles, sign-in, and break-glass access are set up for your team.
Your legal, privacy, and security teams review the setup with us. Nothing goes live until you approve it.
Built for Canadian healthcare with PHIPA-aware deployment planning. Ask about Canada / PHIPA readiness
What we review before you launch
Separate demo vs production data. Vitruviana can support Canada / PHIPA-oriented deployment review artifacts, but final compliance depends on customer-specific hosting, retention, subprocessors, agreements, clinic policies, safeguards, audit logging, and legal/privacy/security review before production use.
Deployment review can cover role-based access control (RBAC), MFA options, audit logging, and break-glass procedures for sensitive workflows.
Retention windows and deletion workflows are configured by deployment, contract, and applicable jurisdiction.
Infrastructure and AI subprocessor disclosure available during security review with deployment-specific data handling summaries.
BAA review can be scoped for eligible U.S. production deployments. Canadian deployments can review privacy, data-processing, hosting, applicable PHIPA and provincial privacy role mapping for health information custodian, agent, electronic service provider, or HINP roles only where customer counsel determines those roles apply, plus customer-specific agreements; readiness materials are not certification, legal advice, or a compliance determination.
Incident response planning, notification workflow, and monitoring posture are planned and scoped during production deployment review.
Canada / PHIPA deployment readiness
Scoping materials for your legal, privacy, security, and operational review.
Canada / PHIPA deployment scoping materials for customer legal, privacy, security, and operational review. These are customer-specific readiness materials, not compliance certification.
Vitruviana can support Canada / PHIPA-oriented deployment review artifacts. For customer-specific pilots, that means the review can scope a Canadian hosting option, data residency, configurable retention and deletion, subprocessor disclosure, agreements, encrypted transport, role-based access, audit logs, privacy impact and security assessment inputs, breach/incident workflow, consent/disclosure workflows, clinic operating policies, and applicable PHIPA and provincial privacy role mapping for health information custodian, agent, electronic service provider, or HINP roles only where customer counsel determines those roles apply.
PHIPA-oriented here means readiness materials for customer review, not certification. Final compliance depends on the selected hosting environment, retention settings, subprocessor approvals, agreements, clinic operating policies, audit logging, legal/privacy/security review, and the deployment-specific implementation. This page provides readiness language for customer-specific review only. It does not certify or determine PHIPA compliance for any customer deployment and is not a blanket compliance claim, certification, legal advice, or substitute for customer legal, privacy, security, and operational approval.
Public demos are sample-data demos only. Production personal health information or HIPAA PHI/ePHI where applicable should not be entered until the customer-specific deployment, agreements, hosting, retention, access model, audit logging, and operating procedures have been reviewed and approved.
Tell us about your workflow, jurisdiction, and hosting needs, and we'll connect you with the right pilot and security review path.