Privacy Policy
Learn how we protect your data and ensure your privacy while using BridgeMed Health services.
Privacy Policy
Learn how we protect your data and ensure your privacy while using BridgeMed Health services.
BridgeMed Health
Privacy Policy (Updated Feb 2025)
BridgeMed Health allows health care providers to enhance their service with secure video consultations, and patients to consult health care providers from the privacy and convenience of the location they choose. This means personal information and personal health information is collected by BridgeMed Health. This information is highly sensitive and protected by the is protected by The Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all applicable provincial and territorial personal health information protection legislation throughout Canada including the Personal Health Information Protection Act of Ontario.
BridgeMed Health is committed to safeguarding all such sensitive information at the corresponding level. This Privacy Policy describes the physical, technological and administrative measures we implement to safe-guard personal and personal health information. We comply with privacy law and we honor the trust of our users by taking every necessary measure to protect personal and personal health information.
By law, personal information is information that relates to an identifiable individual, to the exclusion of business contact information (name, title, work address, work phone number or work email address). Personal health information includes information that relates to an identifiable individual’s health, physical or mental, health history including family health history, or medical treatment.
If we update this Privacy Policy, we will notify you. Read on to learn more, and if you have questions, feel free to reach our Designated Privacy Contact, Chief Privacy and Security Officer, Niral Merchant: niral@bridgemedhealth.com, 1-416-917-6002.
Our commitment
BridgeMed Health will never collect, use or disclose personal or personal health information without the consent of the individual it relates to.
BridgeMed Health safeguards personal and personal health information on the basis of risk assessments and industry standards regarding physical security, technological security and administrative policies and processes, as explained further below.
BridgeMed Health complies with all applicable personal health information legislation where it operates.
Information we collect
From health care providers:
We collect name, business contact information as well as specialization.
From patients:
When consulting their own health care provider registered with BridgeMed Health, we collect:
• the name and email of the patient.
• Date and time of the appointment
• Any written instructions by the provider added to the "notes for patient" after the appointment
• Files attached by the provider or patient during or after the appointment inside the platform, usually as PDF or Word documents
How we protect the information we collect
BridgeMed Health protects personal and personal health information through integrated physical, technological and administrative safeguards:
Physical safeguards:
BridgeMed Health premises are divided into secure areas where electronic equipment and personal and personal health information cannot be accessed without authorization.
Access is controlled by a code and monitored in a manner that keeps all personal and personal health information secure from unauthorized access.
BridgeMed Health electronic equipment does not include portables that leave the premises. All necessary backups are safely locked away.
BridgeMed Health does not keep personal or personal health information on paper.
Technological safeguards:
BridgeMed Health stores all personal and personal health information in Montreal, Canada, with Amazon Web Services Secure Cloud (AWS). AWS is certified as compliant with ISO/IEC Standard 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. In addition to the independent certification process under ISO/IEC 27018:2014, this Standard also includes the right to audit AWS for compliance.
The secure video and/or text consultation is encrypted with the AES cipher using 256-bit AES-GCM keys. Here are the details of our encryption:
• The basic voice, video, and text traffic are encrypted on an end-to-end basis using 256-bit AES-GCM key encryption between all authenticated meeting participants. The cryptographic keys are known only by the devices of the authenticated meeting participant, and as a result cannot be understood by anyone except authenticated authorized parties.
• The conversion is done with random keys that change from the beginning to the end of the conversation to make it even more secure.
• The keys last a short period of time and are neither stored nor persistent anywhere
• The secure video/text provider adheres to PIPEDA/PHIPA requirements and has updated SOC 2 Type II reports on an annual basis to confirm adherence.
BridgeMed Health destroys or anonymizes all personal and personal health information when it is no longer necessary to deliver service.
BridgeMed Health employees can only gain technological access to personal information or personal health information collected by BridgeMed Health:
• With a robust password, based on required elements and 2FA
• Upon authorization, granted strictly on a need-to-know basis, defined according to job requirements.
Access is monitored through technological audit trails.
Audit trails are regularly reviewed to ensure compliance.
Administrative measures:
BridgeMed Health has appointed a Designated Privacy Contact, mentioned above, who acts as Chief Privacy and Security Officer (CPSO) responsible for information systems monitoring and information security policy and procedure management.
The CPSO is responsible for compliance with BridgeMed Health’s privacy program including:
• Undertaking threat and risk assessments on a regular basis and as systems are approved
• Adopting policies and procedures on the basis of threat and risk assessments to mitigate all identified risks, and updating these policies and procedures as necessary.
BridgeMed Health users may access their personal information by accessing their account and, should they require assistance, by contacting our CPSO.
Upon the express request of a user, BridgeMed Health will immediately close the user’s account and destroy or anonymize all personal information related to that account.
BridgeMed Health completes background checks on all its employees before they start employment. As soon as employment starts, BridgeMed Health trains, supports and supervises all its employees on its Privacy Policy and procedures.
Contractors are held to the same high level of protection of personal and personal health information as BridgeMed Health through contractual agreements, including audits, based on BridgeMed Health’s Privacy Policy and procedures, as and when required.
BridgeMed Health senior management receives regular reports on privacy compliance and, in turn, reports to the Board for oversight.
BridgeMed Health sanctions a regular audit of it's third-party software to ensure we are meeting our privacy obligations by reviewing their SOC 2 Type II reports. This is part of a process for BridgeMed Health to reassess all policies and procedures on an ongoing basis to ensure that legal requirements are met and personal and personal health information is highly secure.
How we use the information we collect
BridgeMed Heath will never use personal or personal health information for purposes other than those for which it is provided – with express consent – and those necessary to deliver the service requested by the user.
BridgeMed Health will never sell the personal information or personal health information it collects, nor otherwise make any such information available to a third party in exchange for remuneration.
BridgeMed Health will never disclose personal or personal health information, except as required by law and upon demonstrated lawful authority.
Should BridgeMed Health conduct market or product research, it will never use personal nor personal health information, which is traceable to any individual; rather, it will fully anonymize in-formation, meaning the risk of this information being traced back to a given individual is reduced to the greatest extent possible.
Should BridgeMed Health offer users the opportunity to receive relevant information on products or services, or promotions, BridgeMed Health will seek the users’ explicit consent to exercise that option.
Breach response
Experience tells us that there is no total guarantee against data breaches. However, as de- scribed above, BridgeMed Health has taken all reasonable measures to prevent breaches. In the event of a breach, BridgeMed Health maintains a log of such breaches outlining the date, general description, nature of information involved and whether this breach was reported to the Office of the Privacy Commissioner of Canada. In accordance with PIPEDA guidelines, an assessment is made as to whether the breach creates a real risk of significant harm to an individual or individuals that are impacted by the breach.
Furthermore, in the event of a breach, BridgeMed Health would immediately mitigate its impact by:
• Notifying users at the first reasonable opportunity, namely as soon as we identify the breach
• Applying remedial measures immediately
• If necessary and deemed appropriate, notifying the Office of the Privacy Commissioner of Canada of said breach using the required PIPEDA breach report form.
Ensuring patients’ meaningful consent
To ensure BridgeMed Health patients’ meaningful consent, BridgeMed Health provides relevant information in this Privacy Policy, as well as through the availability of our Designated Privacy Contact, niral@bridgemedhealth.com, 1-416-917-6002, and subjects the use of BridgeMed Health secure video consultations to the following patient consent form.
To proceed with registration for BridgeMed Health secure video consultations, a patient must expressly agree to the terms of the following consent form.
BridgeMed Health Secure Consultation
Patient Consent Form
I agree to BridgeMed Health secure video or text consultations with a health care provider on the basis of the following information:
BridgeMed Health will collect my name, the name and contact information of the health care provider (including their specialization), as well as the time of our appointments.
BridgeMed Health consultation will occur on a secure video feed, safeguarded as described in the BridgeMed Health Privacy Policy.
BridgeMed Health will not use my personal or personal health information without my consent except as necessary to provide its services.
BridgeMed Health will never sell my personal or personal health information, nor otherwise make any of my personal information available to a third party in exchange for remuneration.
BridgeMed Health will never disclose my personal information except as required by law and upon demonstration of lawful authority.
Upon my express request, BridgeMed Health will immediately close my account and destroy or anonymize all personal information related to my account.
Privacy Policy
Learn how we protect your data and ensure your privacy while using BridgeMed Health services.
Privacy Policy
Learn how we protect your data and ensure your privacy while using BridgeMed Health services.
BridgeMed Health
Privacy Policy (Updated Feb 2025)
BridgeMed Health allows health care providers to enhance their service with secure video consultations, and patients to consult health care providers from the privacy and convenience of the location they choose. This means personal information and personal health information is collected by BridgeMed Health. This information is highly sensitive and protected by the is protected by The Personal Information Protection and Electronic Documents Act (Canada) (PIPEDA) and all applicable provincial and territorial personal health information protection legislation throughout Canada including the Personal Health Information Protection Act of Ontario.
BridgeMed Health is committed to safeguarding all such sensitive information at the corresponding level. This Privacy Policy describes the physical, technological and administrative measures we implement to safe-guard personal and personal health information. We comply with privacy law and we honor the trust of our users by taking every necessary measure to protect personal and personal health information.
By law, personal information is information that relates to an identifiable individual, to the exclusion of business contact information (name, title, work address, work phone number or work email address). Personal health information includes information that relates to an identifiable individual’s health, physical or mental, health history including family health history, or medical treatment.
If we update this Privacy Policy, we will notify you. Read on to learn more, and if you have questions, feel free to reach our Designated Privacy Contact, Chief Privacy and Security Officer, Niral Merchant: niral@bridgemedhealth.com, 1-416-917-6002.
Our commitment
BridgeMed Health will never collect, use or disclose personal or personal health information without the consent of the individual it relates to.
BridgeMed Health safeguards personal and personal health information on the basis of risk assessments and industry standards regarding physical security, technological security and administrative policies and processes, as explained further below.
BridgeMed Health complies with all applicable personal health information legislation where it operates.
Information we collect
From health care providers:
We collect name, business contact information as well as specialization.
From patients:
When consulting their own health care provider registered with BridgeMed Health, we collect:
• the name and email of the patient.
• Date and time of the appointment
• Any written instructions by the provider added to the "notes for patient" after the appointment
• Files attached by the provider or patient during or after the appointment inside the platform, usually as PDF or Word documents
How we protect the information we collect
BridgeMed Health protects personal and personal health information through integrated physical, technological and administrative safeguards:
Physical safeguards:
BridgeMed Health premises are divided into secure areas where electronic equipment and personal and personal health information cannot be accessed without authorization.
Access is controlled by a code and monitored in a manner that keeps all personal and personal health information secure from unauthorized access.
BridgeMed Health electronic equipment does not include portables that leave the premises. All necessary backups are safely locked away.
BridgeMed Health does not keep personal or personal health information on paper.
Technological safeguards:
BridgeMed Health stores all personal and personal health information in Montreal, Canada, with Amazon Web Services Secure Cloud (AWS). AWS is certified as compliant with ISO/IEC Standard 27018:2014 Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. In addition to the independent certification process under ISO/IEC 27018:2014, this Standard also includes the right to audit AWS for compliance.
The secure video and/or text consultation is encrypted with the AES cipher using 256-bit AES-GCM keys. Here are the details of our encryption:
• The basic voice, video, and text traffic are encrypted on an end-to-end basis using 256-bit AES-GCM key encryption between all authenticated meeting participants. The cryptographic keys are known only by the devices of the authenticated meeting participant, and as a result cannot be understood by anyone except authenticated authorized parties.
• The conversion is done with random keys that change from the beginning to the end of the conversation to make it even more secure.
• The keys last a short period of time and are neither stored nor persistent anywhere
• The secure video/text provider adheres to PIPEDA/PHIPA requirements and has updated SOC 2 Type II reports on an annual basis to confirm adherence.
BridgeMed Health destroys or anonymizes all personal and personal health information when it is no longer necessary to deliver service.
BridgeMed Health employees can only gain technological access to personal information or personal health information collected by BridgeMed Health:
• With a robust password, based on required elements and 2FA
• Upon authorization, granted strictly on a need-to-know basis, defined according to job requirements.
Access is monitored through technological audit trails.
Audit trails are regularly reviewed to ensure compliance.
Administrative measures:
BridgeMed Health has appointed a Designated Privacy Contact, mentioned above, who acts as Chief Privacy and Security Officer (CPSO) responsible for information systems monitoring and information security policy and procedure management.
The CPSO is responsible for compliance with BridgeMed Health’s privacy program including:
• Undertaking threat and risk assessments on a regular basis and as systems are approved
• Adopting policies and procedures on the basis of threat and risk assessments to mitigate all identified risks, and updating these policies and procedures as necessary.
BridgeMed Health users may access their personal information by accessing their account and, should they require assistance, by contacting our CPSO.
Upon the express request of a user, BridgeMed Health will immediately close the user’s account and destroy or anonymize all personal information related to that account.
BridgeMed Health completes background checks on all its employees before they start employment. As soon as employment starts, BridgeMed Health trains, supports and supervises all its employees on its Privacy Policy and procedures.
Contractors are held to the same high level of protection of personal and personal health information as BridgeMed Health through contractual agreements, including audits, based on BridgeMed Health’s Privacy Policy and procedures, as and when required.
BridgeMed Health senior management receives regular reports on privacy compliance and, in turn, reports to the Board for oversight.
BridgeMed Health sanctions a regular audit of it's third-party software to ensure we are meeting our privacy obligations by reviewing their SOC 2 Type II reports. This is part of a process for BridgeMed Health to reassess all policies and procedures on an ongoing basis to ensure that legal requirements are met and personal and personal health information is highly secure.
How we use the information we collect
BridgeMed Heath will never use personal or personal health information for purposes other than those for which it is provided – with express consent – and those necessary to deliver the service requested by the user.
BridgeMed Health will never sell the personal information or personal health information it collects, nor otherwise make any such information available to a third party in exchange for remuneration.
BridgeMed Health will never disclose personal or personal health information, except as required by law and upon demonstrated lawful authority.
Should BridgeMed Health conduct market or product research, it will never use personal nor personal health information, which is traceable to any individual; rather, it will fully anonymize in-formation, meaning the risk of this information being traced back to a given individual is reduced to the greatest extent possible.
Should BridgeMed Health offer users the opportunity to receive relevant information on products or services, or promotions, BridgeMed Health will seek the users’ explicit consent to exercise that option.
Breach response
Experience tells us that there is no total guarantee against data breaches. However, as de- scribed above, BridgeMed Health has taken all reasonable measures to prevent breaches. In the event of a breach, BridgeMed Health maintains a log of such breaches outlining the date, general description, nature of information involved and whether this breach was reported to the Office of the Privacy Commissioner of Canada. In accordance with PIPEDA guidelines, an assessment is made as to whether the breach creates a real risk of significant harm to an individual or individuals that are impacted by the breach.
Furthermore, in the event of a breach, BridgeMed Health would immediately mitigate its impact by:
• Notifying users at the first reasonable opportunity, namely as soon as we identify the breach
• Applying remedial measures immediately
• If necessary and deemed appropriate, notifying the Office of the Privacy Commissioner of Canada of said breach using the required PIPEDA breach report form.
Ensuring patients’ meaningful consent
To ensure BridgeMed Health patients’ meaningful consent, BridgeMed Health provides relevant information in this Privacy Policy, as well as through the availability of our Designated Privacy Contact, niral@bridgemedhealth.com, 1-416-917-6002, and subjects the use of BridgeMed Health secure video consultations to the following patient consent form.
To proceed with registration for BridgeMed Health secure video consultations, a patient must expressly agree to the terms of the following consent form.
BridgeMed Health Secure Consultation
Patient Consent Form
I agree to BridgeMed Health secure video or text consultations with a health care provider on the basis of the following information:
BridgeMed Health will collect my name, the name and contact information of the health care provider (including their specialization), as well as the time of our appointments.
BridgeMed Health consultation will occur on a secure video feed, safeguarded as described in the BridgeMed Health Privacy Policy.
BridgeMed Health will not use my personal or personal health information without my consent except as necessary to provide its services.
BridgeMed Health will never sell my personal or personal health information, nor otherwise make any of my personal information available to a third party in exchange for remuneration.
BridgeMed Health will never disclose my personal information except as required by law and upon demonstration of lawful authority.
Upon my express request, BridgeMed Health will immediately close my account and destroy or anonymize all personal information related to my account.