Privacy Built Into Every Product

Ava EMR

Ava is built from the ground up with privacy and security at the core of its design. Here's how we safeguard clinical workflows and patient data:

• Encryption First
  All data is encrypted in transit and at rest. We use secure AWS hosting in Canada to protect your health information from the moment it leaves your device until it is stored.
• Role-Based Access Control
  Patients have access to their own information, while clinic staff see what they need to do their job. Clinics configure permissions so that sensitive data is only visible to authorized roles such as physicians, nurses, or administrative staff. This ensures privacy and limits exposure of patient records.
• Audit Logs
  From chart access to a nurse reviewing a lab result, activity is recorded in immutable audit logs. Clinics can review these logs to ensure compliance and maintain trust through internal accountability.
• Canada-Based Data Hosting
  We host all data securely on AWS infrastructure located in Canada. You remain in full control of your data. We do not sell, share, or expose patient records to external parties.
• Continuous Monitoring & Governance
  Security is not set it and forget it. Ava’s security team conducts regular reviews, and our team receives regular privacy and security training to ensure processes improve continuously.
• PIPA Compliance
  Ava is fully compliant with the Personal Information Protection Act. We ensure all personal health information is collected, used, and disclosed only with valid consent, stored securely within Canada, and accessible only to authorized individuals. Our workflows support transparency and data accuracy.

Ava Connect

Ava Connect gives patients a private, encrypted gateway to interact with their clinic. Every element of the experience is built on security and simplicity:

• Encrypted Data Flow
  Whether viewing lab results, sending messages to your care team, or booking appointments, data is encrypted from the moment it leaves your device until it is securely stored on our servers. This ensures that personal health information remains confidential and unaltered during transmission and at rest.
• Audit Logs
  From a patient uploading a document to a nurse reviewing a lab result, activity is recorded in immutable audit logs. Clinics can review these logs to ensure compliance and maintain trust through internal accountability.
• No Selling or Sharing
  We don’t sell, rent, or trade your data. Patient records always stay under your clinic’s control. We don’t share data with advertisers or third parties. Your records are used solely to support care.
• Fully Integrated with Ava EMR
  Ava Connect is part of the Ava ecosystem. Patient data flows seamlessly between the portal and your clinic, stored securely in the same AWS Canada-based infrastructure and governed by the same privacy and access controls.

Ava AI

Ava AI brings powerful AI tools directly into Ava EMR, without compromising on security or privacy.

• De‑identification
  We remove identifiable details from prompts before AI processing. This protects patient privacy and prevents risks.
• Secure Processing Environment
  De‑identified text is processed securely and within Ava's ecosystem. We host on AWS Canada with encrypted pipelines and may isolate workflows within trusted execution environments (TEEs), ensuring security even during active processing.
• AI Model Isolation
  Data processed by Ava AI are never used to train or adjust underlying AI models. Model improvements are driven by abstracted performance metrics, not sensitive clinical data.
• Healthcare-Specific AI Agreement
  Ava’s AI systems, including LLM (Large Language Model) models, operate under a dedicated Business Associate agreement tailored for healthcare privacy. It ensures secure data handling, strict protections, and compliance with industry regulations.
• Privacy by Design
  We build AI features with encryption and privacy at the core, never as an afterthought.