The protection of personal data that passes through the LeoMed platform is of paramount importance.

In order to comply with the highest security standards in the field, we have put the necessary measures in place, both in the programming of our interface and in the mechanisms for managing customer success and technical support.

These measures adhere to strict requirements, namely of the well-known HIPAA standard (USA), as well as PIPEDA (Canada), and GDPR (Europe).

Please find below some important questions you might have. We hope you will find the answers satisfying and reassuring, and invite you to communicate with us for any further inquiries.


How does LeoMed Technologies Inc. manage privacy compliance?

LeoMed’s security requirements are powered by MedStack, a leading privacy compliance hosting platform built specifically for the needs of the digital health industry.

LeoMed’s application environment has been wrapped with all of the technical controls and safeguards required for compliance. Each element of our security architecture ties back to a specific policy of ISO 27001. These policies are then mapped to the corresponding privacy frameworks and industry standards where LeoMed operates. MedStack’s Active Compliance Monitoring System provides code-generated and machine-readable privacy policies, allowing us to demonstrate proof of meeting these requirements at any given point in time.

What is MedStack?

MedStack is a privacy compliance automation platform that builds, measures, and actively manages compliance atop the public cloud. MedStack provides secure, flexible, single-tenant cloud infrastructure tailored to LeoMed’s unique requirements, with pre-written, code-generated and real-time auditable privacy policies around complex frameworks such as HIPAA, NIST, PHIPA, PIPEDA, and HITECH. MedStack successfully completed its Service Organization Control (SOC) 2 Type I audit in January 2020, now making easier and faster for LeoMed to complete their own SOC 2 audit.

What compliance commitments are made?

Encryption, network security, monitoring, audit logging, backups, and certificate and key management are each among the various controls implemented, enforced, and documented by MedStack’s platform.

Supported policies:

  • Access control

  • Asset management

  • Awareness, training, and reminders

  • Backup

  • Compliance

  • Continuity

  • Cryptography

  • Definitions

  • Disciplinary process

  • Documentation

  • Human resource security

  • Information classification

  • Information privacy

  • Information security

  • Information security incidents

  • Logging and monitoring

  • Malware protection

  • Media handling

  • Mobile devices and teleworking

  • Network security management

  • Risk management

  • Secure areas

  • Software development and operations

  • Suppliers

  • Workstation

Division of responsibilities

LeoMed leverages MedStack’s platform to create and modify our desired cloud resources and services. Application images are deployed to environments created via MedStack’s automation system, while all underlying security and compliance aspects are untouchable and remain intact.

Data centers and jurisdictions

MedStack supports Azure data centers around the world and is currently live in Canada, the United States, Latin America, Netherlands, Singapore and Australia.

PIA/TRA

Up-to-date Privacy Impact Assessment (PIA) and Threat Risk Assessment (TRA) have been undertaken for the United States, Canada, Singapore, the United Kingdom, Western Europe, South America and Australia.



Did this answer your question?