How does Community Care Connection manage privacy compliance? 

Our security requirements are powered by MedStack, a leading privacy compliance platform built specifically for the needs of the digital health industry.  


Our application environment has been wrapped with all of the technical controls and safeguards required by today’s healthcare enterprise systems. Each element of our security architecture ties back to a specific policy of ISO 27001. These policies are then mapped to the corresponding privacy frameworks and industry standards where we operate.

What is MedStack?

MedStack is a privacy compliance automation platform that builds, measures, and actively manages compliance atop the public cloud. MedStack provides secure, flexible, single-tenant cloud infrastructure, with pre-written, code-generated and real-time auditable privacy policies around complex frameworks such as HIPAA, NIST, PHIPA, PIPEDA, and HITECH. MedStack successfully completed its Service Organization Control (SOC) 2 Type I audit in January 2020.

What compliance commitments are made? 

Encryption, network security, monitoring, audit logging, backups, and certificate and key management are each among the various controls implemented, enforced, and documented by MedStack’s platform.  When providers receive compliance audits pertaining compliance and data organization, C3 will assist its customers by providing all documentation and data needed to demonstrate that all privacy requirments are being met.   


Supported policies:


  • Access control

  • Asset management

  • Awareness, training, and reminders

  • Backup

  • Compliance

  • Continuity

  • Cryptography

  • Definitions

  • Disciplinary process

  • Documentation

  • Human resource security

  • Information classification

  • Information privacy

  • Information security

  • Information security incidents

  • Logging and monitoring

  • Malware protection

  • Media handling

  • Mobile devices and teleworking

  • Network security management

  • Risk management

  • Secure areas

  • Software development and operations

  • Suppliers

  • Workstation


Division of responsibilities

We leverage MedStack’s platform to create and modify our desired cloud resources and services. Application images are deployed to environments created via MedStack’s automation system, while all underlying security and compliance aspects are untouchable and remain intact.

Data centers and jurisdictions 

MedStack supports Azure data centers around the world and is currently live in Canada, the United States, Latin America, Netherlands, Singapore and Australia. 

Security Camera

Knowing your confidential information is secure and compliant is important for both  the healthcare provider and the individuals they serve . C3's platforms are HIPPA, PHIPA and PIPEDA compliant!