5 DEC 2021
WonderMD Ltd puts your security and privacy first.
We understand that trust is a sacred bond that is the basis to building a successful relationship between WonderMD Ltd and our users. This includes families, children, doctors, therapist and our community. Our commitment to you begins here, in our WonderMD Trust Center. Our Trust Center is a repository of our up to date current state that describes that commitment to you the user so we can build that foundation of trust.
The WonderMD Trust Center contains 4 key documents that describe the privacy and security controls we have put in place to earn that trust. They include 1. this document, the WonderMD Security by Design page, 2. the WonderMD Terms of Service 3. The WonderMD Privacy Notice and 4. WonderMD Compliance page.
This page, the WonderMD Security by Design page, provides an overview of the multiple layers of controls we have implemented to ensure a safe and secure online experience. We know that your information, such as your child’s private health information and your banking information, is very important to you. As part of that trust, we have developed a system that meets and exceeds all industry standards and regulatory guidelines. We recognize, no online system is 100% secure, but our commitment to you is to build a system that meets the same standard you would have with similar online services with highly critical and sensitive information such as online banking. This would be the same expectation we would have for our own use of WonderMD Ltd and we would expect you to have nothing less either.
The Security by Design approach begins with the planning and development of the platform itself and is governed by internal policy rules that require security considerations and a structured approach to the process. This process started right from the beginning of WonderMD Ltd and started with a review of our legal obligations. The following standards were therefor applied to our business:
- Personal Health Information Protection Act
- Ontario Telehealth Network Virtual Solution Requirements
- College of Physicians and Surgeons of Ontario
- Payment Card Industry Data Security Standard
- ISO 27001
The design of the platform then incorporated multiple security, privacy and auditing features. These include multi factor authentication, encryption of data, auditing of platform access and usage among many other features.
Once designed, a lengthy process was undertaken to harden cloud hosting servers, end user devices of administrators and receive certified encryption of website access. Finally, our Terms of Service and Privacy Notice informs our customers of their own obligations to ensure security and privacy of the platform.
These security and privacy features are largely governed by the above regulations and legal obligations but are also guided by our own internal policies and controls. WonderMD Ltd takes all of these obligations seriously and to show our commitment to this approach, we commit ourselves to continuous scanning, regular testing and regular external auditing from multiple security experts in the field.
Our platform is backed by our personal guarantee to you. We recognize that no software system is 100% secure however we commit to doing the best possible to provide you with the most secure and safe service for your use.
Hubert Wong, MD FRCPC