SeamlessMD complies with HIPAA, PHIPA, PIPEDA, PHIA and other privacy legislation. SeamlessMD maintains SOC 2 Type II compliance through annual audits by a certified auditor (CPA). SeamlessMD’s information security program includes policies for SOC 2 and HIPAA/PIPEDA compliance, including annual security and privacy training for staff, audit loggings system, internal assessments (risk assessments on NIST-800-88 standard), external assessments (3rd party penetration testing by a certified CISSP and SOC 2) and more. All data collected is encrypted and stored on secure privacy-compliant servers with our hosting provider, who are ISO 27001 compliant and HITRUST certified. The data center for data storage and backup is physically located in Canada for Canadian clients and the United States for US-based clients.