DRAFT — DO NOT PUBLISH. Certification claims on this page are unverified placeholders. Niral V. Merchant must confirm in writing that BridgeMed Health has achieved the named certifications before this page is published to a production domain. — Veydros Consulting
Security and compliance information for case managers, IT teams, and plan administrators.
BridgeMed Health takes the security of plan member data seriously. Our platform is built to meet the highest standards in Canadian and North American health data protection — the same standards expected by enterprise insurers, third-party administrators, and disability case management teams across the country. This Trust Centre is the single source of truth for our certifications, compliance posture, and platform security controls.
The pages in this Trust Centre describe the legal frameworks BridgeMed Health operates under, the technical controls that protect plan member data at every stage of the care journey, and the points of contact for case managers and IT teams who need formal documentation for procurement reviews, security questionnaires, or vendor onboarding.
We treat every plan member interaction — from the first intake call, through the Functional Psychiatric Assessment, through RTW psychotherapy sessions, and through ongoing case manager communication — as a transaction involving protected health information. The standards on these pages apply uniformly, regardless of whether the encounter takes place by video, by secure messaging, or in writing.
For audit reports, Business Associate Agreements, or security questionnaire responses, please contact our security & privacy team at info@veydros.com.
Each page below covers a specific framework or platform control area. They are written for IT and procurement teams, but case managers and plan administrators will also find them useful as a summary of how plan member data is handled at BridgeMed Health.
The gold standard for SaaS and digital health security. Independent, ongoing audit of our security, availability, processing integrity, confidentiality, and privacy controls.
Ontario’s Personal Health Information Protection Act. Governs the collection, use, and disclosure of personal health information for every Ontario plan member we treat.
Canada’s federal private-sector privacy law. Governs commercial collection, use, and disclosure of personal information. Anchored by the ten fair information principles.
U.S. Health Insurance Portability and Accountability Act. Canadian-owned BridgeMed Health is built to HIPAA standards, with Business Associate Agreements available for U.S. partners.
Technical controls: AES-256 encryption at rest, TLS 1.2/1.3 in transit, end-to-end encrypted video, role-based access, comprehensive audit logging, and native multi-platform delivery.
Reach the BridgeMed Health security and privacy team. Audit reports, BAA requests, security questionnaires, and breach notifications.
BridgeMed Health is built on a simple operational rule: we collect, retain, and share only the personal health information necessary to deliver the clinical engagement at hand. Every system in the platform — from the intake form, to the Functional Psychiatric Assessment workflow, to the case manager update queue — is designed against a documented minimum-necessary standard, and that standard is reviewed annually against the legislative obligations we operate under.
Plan member identifiers are pseudonymised in our internal analytics where the underlying business need does not require direct identification. Reports that leave the platform — whether to a case manager, an insurer, or a family physician — carry the minimum scope authorised by the plan member at intake, expressed in plain English in the consent record. This is not a marketing claim; it is encoded in the platform’s access-control rules and audited on a recurring basis.
The result is a platform that is auditable end-to-end. Every clinical document, every secure message, every video session, and every file transfer is logged with the plan member identifier, the actor, the action, and the timestamp. Procurement teams who need to satisfy a vendor due-diligence questionnaire can ground their answers in this controls model.
The pages in this Trust Centre are written to serve three distinct readers. The same document does not necessarily fit all three, so the reference is structured to make it easy to skim to the section you need.
Need to confirm that BridgeMed Health is an appropriate clinical referral for a plan member with sensitive disability claim circumstances. Start with PHIPA and Platform Security; SOC 2 backs both.
Completing a vendor security questionnaire (CAIQ, SIG, HECVAT, or a custom format). Start with Platform Security and SOC 2; request the audit report for evidence.
Need a one-pager for the board, the broker, or the reinsurer. The landing page summary plus the Platform Security table is usually enough; the rest is on-request.
Our privacy and security team responds to all enterprise inquiries within two business days. For SOC 2 Type II audit report requests, please use the subject line “SOC 2 Report Request”.
SOC 2 Type II audit reports are available to enterprise partners and insurers upon request — [VERIFY WITH NIRAL — DO NOT PUBLISH UNTIL CONFIRMED].
