The Digital Health Innovation Academy (DHIA), offered in partnership with Brightsquid Secure Communications Corp., with support from CGI Inc., is a structured educational journey designed to empower up to 10 eligible digital health companies navigate the complexities of compliance and privacy for market access in Alberta, other Canadian jurisdictions, and/or USA. Through this free six-module virtual Program, the DHIA will provide a foundational understanding of compliance, risk management, and commercialization paths, and delve into practical applications of privacy principles and risk management strategies. Upon completion of the six structured modules, interested participants will have the opportunity to engage in one-on-one consulting with Brightsquid to prepare SOC 2 Compliance (international) and HIPAA Compliance (USA) documentation as well as assistance with Privacy Impact Assessment filings in Alberta.  

Who Should Apply? 

We’re looking for Alberta-based small- to medium-sized enterprises (SMEs) developing digital health technologies interested in enhancing their privacy knowledge and compliance with regulatory requirements to meet North American compliance standards. Companies meeting up to technology readiness level (TRL) 6 are encouraged to apply.  

Module Descriptions & Objectives 


Module 1 – Digital Health Launchpad: Navigating Privacy & Security in Healthcare Innovation 
  • Provides an overview of the health ecosystem focusing on compliance, risk management and commercialization paths. 
  • Covers privacy laws, patient data governance, and establishes fundamental credibility and effective information management in healthcare. 
  • Delves into the specifics of privacy and security in healthcare innovation including digital health product commercialization and legislation.  
Module 2 – Privacy in Practice: Implementing Principles for Information Protection 
  • Explores Privacy by Design principles and their application in healthcare data governance. 
  • Guides through practical application of the Health Information Act and the Personal Information Protection Act focusing on consent, minimal data collection and secure information handling. 
  • Includes workshop activities to develop privacy governance strategies focusing on healthcare information management for commercialization and exit strategies. 
Module 3 – Privacy as Power: Transforming Compliance into Competitive Advantage  
  • Emphasizes managing information privacy and security risks within regulatory compliance frameworks. 
  • Covers Fair Information Practices, including individual rights and the lifecycle of information. 
  • Workshop activities include defining privacy capabilities, mapping data processing, and using tools like National Institute of Standards and Technology (NIST) Privacy Risk Assessment Methodology. 

Advanced Modules 

Module 4 – Digital Health Compliance: Documenting Privacy & Security using NIST Frameworks        
  • Workshop-based course using NIST worksheets for system design assessment, cataloging contextual factors and identifying specific data actions. 
  • Focuses on assessing and mitigating risks to ensure technology compliance. 
Module 5 – Healthcare Innovation & Risk Management: Assessing and Cataloging Risk  
  • Workshop-based course utilizing the NIST Catalog of Problematic Data Actions and Problems. 
  • Aids in applying consequences of data processing issues and guides through risk assessment, calculation, prioritization, and response strategies. 
Module 6 – Strategic Risk Control in Digital Healthcare: Mastering NIST Frameworks 
  • Focuses on mastering risk management in digital health using NIST SP 800-53B. 
  • Teaches the application of various control types (preventive, detective, corrective, deterrent, compensating) and analyzes their effectiveness. 
  • Aligns controls with business objectives and regulatory requirements, considering scalability and integration with existing security infrastructure. 

Brightsquid Consulting Services 

Upon successful completion of the Foundation and Advanced modules, interested participants will have the opportunity to work directly with Brightsquid to prepare for SOC 2 Compliance (international) and HIPAA Compliance (USA), as well as assistance with Privacy Impact Assessment filings in Alberta.  

(Consulting Fee: $6750 per company) 

Important Dates 

  • February 8, 2024: Applications Open
  • March 10, 2024: Intake Submission Deadline
  • March 13, 2024: Expression of Interest Review and Successful Participants Notified
  • March 20, 2024: Module 1 (3 hours)
  • April 3, 2024: Module 2 (3 hours)
  • April 17, 2024: Module 3 (3 hours)
  • May 8, 2024: Module 4 (3 hours)
  • May 22, 2024: Module 5 (3 hours)
  • June 5, 2024: Module 6 (3 hours)
  • June 26, 2024: Consulting Services Begins  

How to Apply 

Alberta-based digital health companies interested in applying to the DHIA are encouraged to complete the Intake Form by no later than March 10, 2024, for consideration for the cohort that will begin on March 20, 2024. Due to limited capacity, up to 10 companies will be enrolled in the DHIA.  


Antonio Bruni, PhD, MBA

Director, Health System Transformation - Health Innovation

About Brightsquid

Brightsquid Secure Communications Corp is a leader in commercializing digital healthcare communication and data management. The company prioritizes the safeguarding of sensitive health information to comply with diverse privacy regulations.

Visit their website