We take security and privacy very seriously, and we are confident in our technical and administrative safeguards to ensure your data remains protected.
Although we are a Canadian-based company, we follow the guidelines put forward by both the Personal Information Protection and Electronic Documents Act (PIPEDA) here in Canada and the Health Insurance Portability and Accountability Act (HIPAA) in the US.
We have implemented actions to ensure the security and privacy of your data which include, but are not limited to:
- transmission of data through a Secure Socket Layer and user authentication using a token-based system and encrypted credentials
- encryption of all data in transit and at rest
- policies and procedures designed to ensure system administrative safeguards are in place with appropriate management oversight and access controls
- regular cadence of security and compliance audits against all servers
- backing up all data daily off-site through an encrypted channel
- adoption of a written set of privacy procedures and designation of a privacy officer to be responsible for developing and implementing all required policies and procedures
- restriction of access to electronic protected health information (EPHI) through clear identification of employees or classes of employees who have a need for it to complete their job function
- storage of all data in electronic format on Amazon Web Services (AWS) secure servers, protected by firewall and multiple layers of operational and physical security to ensure the integrity and safety of data
If you have any concerns, please feel free to reach out to the Privacy Officer.