International Privacy Regulations

Last updated June 16, 2025

At Smile Digital Health, privacy and compliance aren’t just features—they are foundational. Our platform is designed to give organizations and individuals more control over their health data, supporting patient and organization access to the right data, data exchange and interoperability, as well as ethical considerations.

Whether data is being accessed across borders or used to power clinical insights, Smile enables lawful, secure, and ethical handling of personal health information. Our privacy-by-design approach helps organizations meet their privacy requirements—while empowering patients with transparency, consent, and control.

Supporting Compliance with International Privacy Regulations

Smile’s solutions help support compliance for a wide range of regional and national frameworks, including (but not limited to):

In the United States

Health Insurance Portability and Accountability Act (HIPAA)
Health Information Technology for Economic and Clinical Health Act (HITECH)
21st Century Cures Act – Centers for Medicare & Medicaid Services (CMS)
U.S. Food and Drug Administration Quality System Regulations (FDA QSR)

In Canada

Personal Information Protection and Electronic Documents Act (PIPEDA)
Health Canada Quality Management System Regulations
Alberta : Personal Information Protection Act (PIPA)
British Columbia : Personal Information Protection Act (PIPA)
Québec : Act Respecting the Protection of Personal Information in the Private Sector
New Brunswick : Personal Health Information Privacy and Access Act
Newfoundland and Labrador: Personal Health Information Act
Nova Scotia: Personal Health Information Act
Ontario : Personal Health Information Protection Act (PHIPA)

In the European Union

General Data Protection Regulation (GDPR)
European Health Data Space (EHDS)
European Union Medical Device Regulation (EU MDR and CE Marking)

In Australia

Privacy Act of 1988 and the Privacy Act Amendment Act
Privacy and Personal Information Protection Act 1998 (PPIP Act)
Australian Capital Territory: Information Privacy Act 2014
Northern Territory : Information Act 2002
New South Wales : Privacy and Personal Information Protection Act 1998
New South Wales : Health Records and Information Privacy Act 2002
Queensland: Information Privacy Act 2009
Tasmania : Personal Information Protection Act 2004
Victoria : Privacy and Data Protection Act 2014

Across Asia

Malaysia’s Personal Data Protection Act (PDPA) 2010 and 2024 Amending Act
Malaysia’s Data Sharing Bill 2024
Indonesia’s Health Law and Personal Data Protection (PDP) Law
Indonesia’s Ministry of Health (MOH) Regulation No.24 of 2022
Saudi Arabia’s Personal Data Protection Law (PDPL)
Egypt’s Data Protection Law (DPL)

Built-in Capabilities for Trusted Health Data Exchange

Smile’s capabilities are designed to help organizations operate in compliance with today’s privacy expectations and tomorrow’s emerging standards:

Data Standardization

HL7® FHIR® ensures consistent formats that are standardized and harmonized across systems so that data is available for machine-readable analytics and AI-augmentation.

Ethics

Our platform supports ethical use by ensuring transparency, informed consent, data minimization, and ensuring data is used for agreed-upon purposes.

Interoperability

Smile’s FHIR-native architecture enables seamless, standards-based exchange across jurisdictions, and supports open APIs.

Privacy Regulations

Our privacy-by-design architecture includes consent models, encryption, and audit controls that help meet regulatory requirements.

Device Quality Management

Smile is certified under ISO 13485:2016 to support regulatory-grade quality and safety of medical devices.

Cross-Border Data Sharing

Federated exchange and localization options that support the navigation of international data transfer laws.

Patient Access

Patients gain secure digital access to their own records—aligned with global mandates for transparency, timely accurate access and control.