Medexa and Law 25

Medexa is firmly committed to complying with Law 25 and ensuring the confidentiality and security of each patient’s personal information recorded in its databases, while adhering to legal provisions regarding the collection, use, and storage of personal information via information and communication technologies.

In this regard, Medexa has established rigorous practices and procedures in line with the requirements of Law 25. Firstly, Medexa ensures that each clinic can comprehensively inform its patients about the use of their personal data through information technologies. To this end, each clinic has the opportunity to create its own consent form for the collection, use, and storage of personal information. These forms are designed to be clear and informative and can be directly submitted to This enables patients to be fully aware of the purposes of the collection, the protective measures in place, as well as their rights regarding access to and rectification of their clinical data. We highly recommend seeking assistance from your professional order, association, or a lawyer to ensure the legal compliance of these forms, as Medexa cannot be held responsible for the choice of the form.

Regarding the security of personal information, Medexa implements strict measures to protect them. All data is stored on servers located in Quebec, in compliance with Law 25 regulations. Data is transmitted to and from servers via secure and encrypted communication channels. Remote access to data servers is rigorously restricted through IP filtering, ensuring protection against potential cyberattacks. Furthermore, unique passwords are used to secure access to information, and every action performed in patient records is logged and archived, ensuring complete traceability. Through the ‘MANAGEMENT’ tab, then ‘ACTIVITIES,’ every action in the records is recorded and archived, guaranteeing comprehensive traceability of all operations. This approach allows the detection of any unusual or suspicious activity in the records.

Medexa also implements measures to restrict access to personal information only to those who need it to provide healthcare services. This includes clinic staff, competent authorities, or law enforcement when required by law, as well as external service providers who have signed confidentiality agreements, encompassing all Medexa employees.

Finally, Medexa respects patients’ rights regarding access, rectification, and withdrawal of their consent at any time. Patients have the right to request access to their personal data from their clinic, request corrections if necessary, and withdraw their consent to the collection and storage of their data at any time. The clinic’s personal information protection officer has access to Medexa to make necessary corrections and revocations.

In summary, Medexa places compliance with Law 25 at the core of its practices to ensure the confidentiality, security, and rights of patients regarding their personal information collected via information and communication technologies. Please note that additional charges may apply in case of exceeding the included number of forms, with a cost of $50 per additional page, in accordance with the service agreement with Medexa.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.