Privacy Policy

Last Updated: May 18, 2026

Introduction

SQL Server PHIPA Auditor ("the Application") is committed to protecting your privacy and ensuring the security of personal health information (PHI) in accordance with the Personal Health Information Protection Act (PHIPA) and other applicable privacy legislation.

This application is designed to monitor and audit SQL Server databases containing personal health information. We take data protection seriously and implement industry-leading security measures.
Information We Collect
1. Audit Data

The Application collects and processes the following types of audit data:

Database access logs (user logins, failed login attempts, privileged access events)

SQL Server security events (permission changes, role modifications)

Compliance assessment results and control evaluations

Database encryption status and backup verification data

Threat detection alerts and incident correlation data

2. User Information

For authorized users of the Application, we collect:

User account credentials (usernames, encrypted passwords)

Role and permission assignments

Application usage logs and activity history

IP addresses and session information

Important: The Application does NOT directly access or store personal health information (PHI) from your databases. It only monitors access patterns, security events, and compliance metrics.
How We Use Information

We use collected information for the following purposes:

Compliance Monitoring

Assess and report on PHIPA compliance status of your SQL Server environments

Security Monitoring

Detect and alert on suspicious activities, failed logins, and potential security threats

Audit Trail

Maintain comprehensive audit logs for regulatory compliance and forensic investigation

Reporting

Generate compliance reports and dashboards for stakeholders and auditors

Data Security Measures

We implement robust security measures to protect your data:

Security Control Implementation
Encryption at Rest All audit data is encrypted using AES-256 encryption
Encryption in Transit TLS 1.2+ for all network communications
Access Controls Role-based access control (RBAC) with least privilege principle
Authentication Multi-factor authentication (MFA) for administrative access
Audit Logging Comprehensive logging of all system access and changes
Data Retention Configurable retention periods aligned with PHIPA requirements
Data Retention

Audit data is retained in accordance with PHIPA requirements and your organization's data retention policy:

Audit Logs: Retained for a minimum of 7 years (PHIPA compliance)

Compliance Reports: Retained for a minimum of 10 years

Security Incidents: Retained indefinitely for forensic purposes

User Activity Logs: Retained for 2 years

Your Rights

Under PHIPA and applicable privacy legislation, you have the following rights:

Right to Access

Right to Correction

Right to Restrict Processing

Third-Party Disclosure

We do NOT sell, trade, or transfer audit data to third parties. Data may be shared only in the following circumstances:

Legal Requirements: When required by law, court order, or government regulation

Health Information Custodians: With proper authorization under PHIPA

Security Incidents: With law enforcement in case of security breaches

Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

Privacy Officer

Email: privacy@PhipaAudit.com

Phone: 1-800-PHIPA-AUDIT

Address: [Your Organization Address]

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes through the Application and update the "Last Updated" date at the top of this page.

Continued use of the Application after changes to this Privacy Policy constitutes acceptance of the updated policy.
Return to Home
An unhandled error has occurred. Reload 🗙