We know you are entrusting us with some of your most personal and valuable information and your privacy is extremely important to us. We take this responsibility very seriously and are committed to protecting your privacy and safeguarding your personal information. This document answers some of the key questions about how Greenspace addresses the security and privacy of your personal information. If you would like to discuss in further detail, please feel free to contact our Chief Privacy Officer, Jeremy Weisz at firstname.lastname@example.org and he would be happy to provide you with more information.
Yes. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines requirements for companies that create, receive, maintain or transmit protected health information (PHI). To meet its obligations under HIPAA, Greenspace has implemented extensive technical, physical and administrative safeguards to ensure the security of the PHI that it controls. Greenspace takes its regulatory responsibilities very seriously and has also implemented a risk management and compliance framework to ensure continued compliance with HIPAA and industry standards.
The only people that can see your personal information and results are you and your therapist. In order to view your results, you are required to log in to your account using your password. The Greenspace administrator has the ability to view all participants using the platform, but each participant is identified by a unique code rather than their name. It is therefore not possible for the Greenspace administrator to ascertain the identities of patients.
The assessments that are delivered to you by email or sms don’t contain any personally identifying information or health information about you. When you complete an assessment, the data will be sent to the server through secure channels (HTTPS, SSH, etc.). No patient information in conjunction with patient names is ever sent over unsecured email or other unsecured channels.
Prior to joining Greenspace, all employees are required to sign confidentiality agreements and undergo criminal background checks. Once joining Greenspace, employees receive extensive training with regard to Greenspace’s comprehensive information security policies and procedures, which are regularly reviewed and updated.
Greenspace stores all data and information in the United States with a secure cloud storage provider called Aptible. Aptible is an industry leader in securely managing and storing confidential and highly sensitive healthcare information. Aptible has been tested and passed audits by Kaiser Permanente, MD Anderson, UnitedHealth Group, Johns Hopkins, Stanford, and many others. In addition, Aptible is certified for compliance with ISO 27001, SOC 2, and HITRUST CSF.
Greenspace’s database runs in a private subnet (hidden from the outside internet) and access is restricted to Greenspace. Database traffic is encrypted in transit, and data is encrypted at rest using modern technology standards.
All passwords and security question responses are cryptographically salted and hashed before storage. This means that they are heavily secured, never stored in plain (viewable) text, with no way to of producing the original password from the value that we store.