FAQs

Brightsquid Secure Communications Corp. delivers modern communications services that help healthcare teams share patient information more quickly and easily than ever before. We offer our privacy expertise to assist clinics and organizations with on-going privacy compliance in the form of Privacy Impact assessments, training, breach assessment and reporting, and more.  To more fully protect your clinic, as a Brightsquid subscriber, you also qualify for discounted rates on Cyber Liability Insurance through Lloyd’s of London.

Closely modeled after email, Brightsquid Secure-Mail connects all members of any healthcare team including patients, to accelerate care through increased access to information. The result is greater access to care and increased care quality.

Brightsquid is the trusted leader in secure communication, providing a secure, compliant email service for all healthcare providers including medical offices, dentists, allied health, specialists, labs, and patients.

Brightsquid was born from the need to share medical images with colleagues around the world in a way that was fast and compliant with privacy laws that protect patient information. One of our founders, a radiologist, drew a diagram of his idea and saw that it resembled either a spider or a tentacled sea creature. Around that time he became aware of a bioluminescent squid. As Secure-Mail was bringing illumination to healthcare by making information more accessible, the name Brightsquid just made sense.

Yes. Brightsquid is audited several times a year by third parties and partners to ensure continued compliance with HIPAA, PIPEDA, and the HIA as well as other important regulations. Our service is also accepted as compliant by the OIPC in Alberta.

Yes. Brightsquid is a web-based service accessible anywhere through modern web browsers including on your mobile phone or tablet.

Yes. Our sales or support team can arrange a demonstration of Secure-Mail, and we can give you access to your own free account to test alignment of our service with your processes. Anyone invited to collaborate with a current subscriber gets free access to our service as well.

Training is part of every new subscription. Most users discover that our secure email service is very user friendly as it is closely modeled after some of the most widely used email services in the world. Our support center and knowledge base provide detailed guides on how Brightsquid service and features are used.

A PIA is an in depth look at how an organization, office, or clinic proposes to use and handle patient information and lays out your plan to address potential risks to patient privacy. It is a declaration that your clinic understands how, and has sufficient processes in place, to protect the information of your patients and serves as a blueprint for protecting your clinic against breaches.

In Alberta, Section 64 of the Health Information Act (HIA) mandates submission of a Privacy Impact Assessment for review by the Office of the Information and Privacy Commissioner (OIPC).

Every clinic can benefit from the security of a PIA.

In Alberta, Canada, every custodian of patient data (any person or organization involved in the collection, use and disclosure of health information) is required by section 64 of the Health Information Act to prepare a privacy impact assessment.

No. A PIA is a declaration that your clinic understands its responsibilities and will implement the enclosed policies and procedures. However, simply having an approved PIA does not make your clinic compliant. You will need to enact the policies and procedures outlined within your PIA.

Yes. Anyone can complete a PIA given enough time to dedicate toward learning the requirements, understanding the document, and writing the clinic’s declaration of patient privacy control in alignment with the expectations of the OIPC or regional regulatory body.

Depending on the clinic, a PIA can be 350 pages or more. The document must cover all aspects of how patient information is handled including staff training and access, physical and digital chart storage and destruction, software used and more. Time to completion can vary. Inexperienced individuals have reportedly taken hundreds of hours to complete a clinic PIA.

In Alberta, fines for non-compliance can range from $2,000 to $500,000.

Elsewhere, you are at greater risk of suffering a privacy breach. Recovering from a privacy breach costs on average $408/patient record involved.

A PIA is an internal document that can be used to defend the actions of a clinic in the event of a breach if that clinic was operating within the approved processes and procedures established within the PIA.

The OIPC has not been conducting audits of individual clinics. Investigations are launched upon receipt of a complaint. If a patient, collaborating clinic, or employee feels compelled to report a mishandling of patient information, the OIPC will examine that clinic’s policies and procedures as well as the reported incident.

The Health Information Act specifically states that:

“An individual who makes a request to a custodian for access to or for correction or amendment of health information may ask the Commissioner to review any decision, act or failure to act of the custodian that relates to the request.”



The average cost of a breach beyond fines is $408 for each patient chart lost. That cost is made up of required notifications and includes identity monitoring for two years to each affected patient. Some statistics indicate that clinics publically known to have suffered a loss of patient information will see a 40-70% reduction in returning and new patients.

A breach is any unauthorized access to protected patient information and can result from loss or theft of equipment such as cell phones or computers, improper disposal of charts or files, staff error, or system infiltration by hackers just to name a few.

Healthcare is the only industry in which more breaches happen from internal sources rather than external sources. However, increasingly, breaches are a result of outside hackers rather than internal error.

Ransomware attacks are becoming common in healthcare and there have already been a number of cases involving Alberta based clinics falling victim to ransomware attacks that rendered patient data inaccessible until a ransom was paid.

There is minimal privacy breach insurance included in some professional association coverage. The Canadian Dental Association covers up to $4,000 in losses resulting from a breach, or the equivalent cost of losing 8 patient charts.

Brightsquid subscribers are entitled to participating in a discounted Cyber Liability insurance that clinic up to $500,000 in coverage (or more).

Research shows that only 5% of patients do not care about the safety of their privacy. Almost 40% of Canadians are willing to travel up to 50km for care if they believe local clinics aren’t safe with their information.

Subscribe