How we work, and what we won't do.
Six commitments — about your independence, confidentiality, scope, BC fluency, and how we handle data. One place to ask questions.
Six commitments we hold ourselves to.
Independence, confidentiality, scope discipline, BC fluency, and how we handle data. These shape every engagement from the first email.
Independent — no vendor kickbacks
We don't take referral fees, affiliate commissions, or revenue shares from EMR vendors, AI tools, or any software we recommend during engagements. If we suggest a product, it's because it fits — not because someone's paying us to. Any commercial relationship gets disclosed before it touches your decision.
Confidential — NDA-standard by default
Every engagement runs under standard professional confidentiality. Your operations data, billing patterns, internal struggles, and the decisions we make together stay between us. We don't reference clients publicly without explicit written permission, and we never name specifics — even anonymized — without your sign-off.
Scope-disciplined — we tell you what NOT to fix
Most consultants scope work as wide as possible. We scope as narrow as helpful. If your Practice Support Program coach already covers it, we route you there. If a free tool would solve it, we say so. If you don't actually need a paid engagement, we say that. We'd rather skip the next sale than start work that isn't worth the money.
BC-fluent — PIPA, MSP, ICBC, WSBC, GPSC, LFP
We work inside BC's regulatory and payment landscape, not around it. PIPA-BC for privacy. MSP and GPSC for fee codes and incentive billing. ICBC and WSBC for insurer rules. The LFP payment model and its February 2026 schedule changes. PSP and Division supports for what's already free for BC physicians. We know what's local because we live it.
No third-party cloud AI for patient data
When engagements touch patient data — through a TOSC tool we deploy or a client tool we configure — the AI behind those workflows runs on infrastructure we control, hosted in Canada. We don't route patient data through OpenAI, Anthropic, Google, or any consumer AI provider. If we ever change where the AI runs, this principle stays the same.
Designed around PIPA-BC and PIPEDA
BC's Personal Information Protection Act is the strictest provincial privacy law for non-public-sector organisations. PIPEDA is the federal floor. Our consulting practice and our apps are built around both, not retrofitted to them. Most Canadian healthcare-tech sites name PIPEDA but skip PIPA-BC. We name both because that's the actual law for BC clinics.
What we build today, and how we think about patient data.
Our build scope evolves with demand. Our patient-data posture does not. Both are spelled out plainly below.
What we build today
The systems around care: intake, scheduling, documentation, billing, reporting. Anything that helps a clinician spend more time with patients and less with admin.
Outside that today: things like EMR replacement, EMR integrations, patient-facing apps, clinical decision support. Not because we're opposed. Each is a deep specialty of its own, and we'd rather ship what we're great at than dilute.
If you love what we do and want us to take on something we don't build today (an EMR integration, a patient-facing feature, a specific clinical tool), tell us. Real demand decides what's next.
Hard posture on data
These four are non-negotiable. They're what keeps the trust posture real, and what we won't quietly change later without telling you.
- ·Send patient data to third-party cloud AI
- ·Store patient records in our database
- ·Sell, share, or market clinical data
- ·Use clinic data to train models for other customers
If we can't say “no” to each of these in writing, we shouldn't be handling the data.
When we're on-site.
The Setup, Practice Tune-Up, and Multi-Clinic engagements sometimes mean we're physically in your clinic, watching how the work moves through.
Workflows, screens, processes, tools, the order in which things happen.
Patient data. If a workflow demo requires a real patient record, we ask you to use a placeholder or work from our example patients. If real PHI is incidentally visible, we don't write it down or photograph it.
What we follow, and what we don't claim.
Clear about what shapes our posture, clear about what we haven't audited. Both matter.
These shape how our apps and consulting practices handle data, not as a retrofit, but as the starting point.
We're not formally audited against these, and we'll say so plainly rather than imply otherwise. At our current scale, these aren't proportionate. We'll pursue them when scale or contracts make them material.
For questions about how we handle data.
We respond personally, usually within a business day. No ticket queue, no CRM auto-responder.