Security & Compliance

Clinical-Grade Security, Privacy & Regulatory Standards
Your data is protected with the same rigor, precision, and integrity that define our science. GenTraceDx is built to meet — and exceed — the highest standards in health data security, clinical compliance, and genomic information governance across Canada and the U.S.
Our Commitment

Security and privacy are fundamental to everything we do.

GenTraceDx handles highly sensitive clinical and genomic data.
We operate under a strict, multi-layered security and compliance framework that includes:

  • Clinical accreditation (CAP/CLIA/DAP)
  • Health Canada and FDA requirements
  • ISO 13485 / GMP manufacturing
  • Canadian privacy laws (PIPEDA, PHIPA, FOIPPA)
  • HIPAA-equivalent safeguards (for U.S.-aligned workflows)
  • Genome Canada data governance guidelines
  • Ethics & REB oversight for the national pilot

We treat data security as a core clinical responsibility, not just a technical feature.

Data Security

Secure. Encrypted. Audited. Controlled.

Encryption
  • Data encrypted in transit (TLS 1.2+/HTTPS)
  • Data encrypted at rest (AES-256)
  • All genomic and clinical data stored in secure Canadian cloud infrastructure
Access Control
  • Multi-factor authentication for all clinician portals
  • Least-privilege, role-based access control (RBAC)
  • Access logs with continuous monitoring
  • Segregated environments for clinical vs research workflows
  • Strict internal authorization standards
Network Security
  • Firewalled, monitored environments
  • Zero-trust security architecture
  • Intrusion detection & prevention systems
  • Continuous vulnerability scanning
  • Regular penetration testing
Data Integrity
  • Redundant storage with integrity checks
  • Version control inside the reanalysis engine
  • Signed audit trails for all clinical updates
Privacy Protection

Designed to exceed Canadian & international privacy laws.

GenTraceDx fully complies with:
Canadian Privacy Laws
  • PIPEDA (federal)
  • PHIPA (Ontario)
  • FOIPPA (British Columbia)
  • Provincial health privacy frameworks
  • Genome Canada data governance and stewardship rules
U.S. Privacy Safeguards

For U.S.-aligned workflows (CLIA/CAP), we apply:

  • HIPAA-equivalent controls
  • Secure clinical-grade storage
  • Encrypted data handling
  • Minimum necessary access
Patient Protections
  • No personal information collected through the public website
  • PHI only collected through authorized clinical processes
  • No PHI used for marketing
  • No sale, sharing, or external use of PHI
  • Full de-identification for research
Clinical Laboratory Compliance

Accredited. Audited. Clinical-grade sequencing.

Sequencing and analysis for GenTraceDx are conducted at the Michael Smith Genome Sciences Centre (GSC) and Genetrack Biolabs under:
Clinical Accreditations
  • CAP (College of American Pathologists)
  • CLIA (U.S. Clinical Laboratory Improvement Amendments)
  • DAP (Diagnostic Accreditation Program – BC)
Kit Manufacturing & Handling
Genetrack Biolabs adheres to:
  • ISO 13485 (medical device quality management)
  • GMP-compliant manufacturing
  • Health Canada MDEL compliance
  • FDA Class I Exempt device requirements
Sample Handling
  • Chain-of-custody tracking
  • Secure barcode tracking
  • FFPE handling protocols
  • Quality-controlled DNA/RNA QC procedures
Data Governance & Ethics

Ethically governed. Transparently managed.

GenTraceDx operates under robust ethical and governance frameworks:
Research Ethics Board (REB) Compliance
  • All national pilot activities approved by provincial REBs
  • De-identified data used for research under approved protocols
  • Consent-driven participation
Data Governance
  • Canadian server storage by default
  • Controlled partner access (GSC & Genetrack only)
  • Comprehensive audit logs
  • Governance aligned with Genome Canada standards
De-identification
  • All research datasets are fully de-identified
  • No unique identifiers shared externally
  • No genomic data shared without consent and REB oversight
Transparency in AI

AI that clinicians can trust — with transparent evidence behind every update.

Our longitudinal AI engine is designed for:
Explainability
  • All AI-triggered updates include evidence citations
  • Each new therapeutic suggestion includes a mechanistic rationale
  • Clinicians remain fully in control
Auditability
  • Logs maintained for all reanalysis triggers
  • Version-controlled evidence graphs
  • Clinical-grade review pathways
Safety
  • AI does not make autonomous treatment decisions
  • It identifies evidence, clinicians make decisions
Compliance Certifications & Audits

Independently audited. Continuously monitored.

Current compliance includes:
  • ISO 13485 (Genetrack)
  • CAP/CLIA/DAP (GSC sequencing)
  • MDEL compliance (collection kits)
  • Quarterly internal audits
  • Annual external audits (SCC/ISO)
  • Continuous cybersecurity monitoring
Future certifications (planned):
  • SOC 2 Type II (for U.S. expansion)
  • HIPAA attestation (for U.S. CLIA workflows)
Reporting a Concern

Security & Compliance Contact

If you have concerns, questions, or believe a security issue may exist:

Email:

security@gentrace.com

Email:

privacy@gentrace.com

Phone:

XXX-XXX-XXXX

We respond to all security inquiries within 48 hours.

Summary

  • Clinical-grade security
  • Canadian data sovereignty
  • CAP/CLIA/DAP sequencing
  • ISO 13485/GMP compliance
  • Continuous AI transparency
  • Privacy-first by design
  • Ethical, REB-backed governance

Our commitment to security and compliance is as strong as our commitment to scientific excellence.

Scroll to Top