FFHO+ Billing

Security

Built with the data, not around it.

FHO+ Billing handles physicians' billing hours, not patient health information. The platform is designed so that distinction holds in practice, not just in policy.

Data scope

The platform stores hours, not encounters.

Stored

  • Physician name and OHIP billing number
  • Daily time entries by code (Q310–Q313)
  • Monthly billing cycles and submissions
  • Practice and tenant configuration

Not stored

  • Patient names, charts, or any clinical content
  • Health card numbers or patient identifiers
  • Encounter notes or visit details
  • Anything that would constitute PHI under PHIPA

Doctors log how long they worked, not who they worked on. The platform is built around that scope deliberately.

Access controls

Each practice sees only its own data.

FHO+ Billing is a multi-tenant platform. Tenant isolation is enforced at the database layer, not the application layer.

Row-level security.

Every query against patient and billing data is filtered by tenant at the database level, using PostgreSQL row-level security. Application bugs cannot accidentally cross tenant boundaries.

Magic-link sign-in.

No passwords to leak or reuse. Doctors and admins receive a single-use link by email; the session is bound to the device that requested it.

Step-up verification for elevated access.

Platform operators must complete a TOTP challenge before reaching cross-tenant tooling. Tenant admins and doctors never touch that path.

Hosting and residency

Canadian-hosted, end to end.

The platform's database and backups run in a Canadian Supabase region. The web application is delivered through a global edge network, but data at rest stays in Canada.

Email — sign-in links, internal notifications — is sent through Resend. Submission to OHIP runs through ClinicAid, an Ontario-based partner that handles MCEDT and GoSecure on behalf of physicians.

What we're not claiming

What we haven't done yet.

Plenty of platforms in this space claim certifications they don't have, or imply protections they haven't built. We'd rather be straight.

FHO+ Billing is not SOC 2 certified. SOC 2 is an auditable framework that meaningful only when an independent firm signs off on it. We'll pursue it when a customer or partner requires it; until then, claiming it would be misleading.

We are not a HIPAA-covered entity — that's a US framework. Canadian privacy law (PIPEDA federally, PHIPA in Ontario) is what applies. Because the platform doesn't handle patient health information, the PHIPA surface area is intentionally minimal.

If you have specific compliance requirements, tell us in the contact form. We'll answer them honestly.

Questions about how the data is handled?

We're happy to walk through specifics with your practice or IT lead.

Get in touch