You are accessing Greenspacehealth.com from outside of Canada
Select Region:

security

Keeping your data safe and secure is at the core of everything we do.

SECURITY BY DESIGN

Overview

Security of patient information and privacy is the foundation of the Greenspace platform. We take this responsibility very seriously and have implemented significant measures to safeguard patients' personal health information that exceed industry standards and best practices. Greenspace is SOC 2 Type II compliant and conforms to digital and physical security protocols (including PIPEDA and PHIPA), with SSL-secured access, AES encryption at the filesystem level, and firewalls protecting all data. We take many additional precautions to protect privacy including: requiring strong passwords, automatic logouts, automatic access logging, secured data backups, two factor authentication and restrictive data access procedures. All data and information is stored in Canada.

KEEPING YOUR DATA SECURE

Security Features

Below are some of the measures that have been implemented to safeguard patient data and information.

Automatic Detection

The platform maintains a Host-based Intrusion Detection (HIDS) system that automatically detects potential intrusions and anomalous activities. We immediately investigate, respond to and resolve any issues that are discovered.

WHAT YOU NEED TO KNOW

Frequently Asked Questions

Is Greenspace compliant with Canadian privacy legislation?

Yes. Greenspace is compliant with all Canadian federal and provincial privacy legislation, including the Personal Information Protection and Electronic Documents Act, the Personal Health Information Protection Act, 2004 (Ontario), the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), and An Act respecting the protection of personal information in the private sector (Quebec). Greenspace is also AICPA SOC 2 Type II compliant, which means an independent auditing firm has reviewed and examined our control objectives and activities, and tested our controls to ensure operational excellence.

Is Greenspace SOC 2 Compliant?

Yes. As part of Greenspace's commitment to ensure best-in-class privacy and security standards, Greenspace has completed a SOC 2 Type II review by an independent AICPA auditing firm that has examined our control objectives and activities, and tested our controls to ensure operational excellence. Reach out anytime if you'd like to discuss privacy and security, learn more or review our SOC 2 Type II Report.


Does Greenspace maintain security practices in line with industry best practices?

Greenspace maintains administrative, technical and physical safeguards that meet or exceed industry best practices. Greenspace’s commitment to information security within the organization is codified in its Information Security Policy. The policy provides direction and requirements with respect to the security of personal health information to guard against theft, loss, unauthorized use, disclosure, disruption, modification or disposal. Greenspace is also AICPA SOC 2 Type II compliant, which means an independent auditing firm has reviewed and examined our control objectives and activities, and tested our controls to ensure operational excellence.


Has Greenspace been through a privacy and security review at major hospitals and/or health systems?

Yes, we've passed privacy and security reviews at many major hospitals and health systems including Sunnybrook Hospital, Mount Sinai Hospital, Sick Kids Hospital, The Royal Ottawa Mental Health Centre, and Health Canada. Greenspace supports customers through any necessary Privacy Impact Assessments (PIA) and we will work directly with security review teams to ensure compliance and provide any necessary documents for review.

Who can see patients’ personal information?

Only patients and their care providers have access to patients’ personal health information and assessment results. Since each participant is identified by a unique code rather than their name, it is not possible for a Greenspace administrator to ascertain the identities of patients. If access to identifying information is required and authorized by the patient and/or therapist, such access is logged and is prohibited from being used or disclosed for any other purpose.


Is any patient information or data shared with or sold to any third parties?

No. The only people that can see patient information or results are the patient and their therapist(s). Patient information or results are not shared with or sold to any third parties (such as a pharmaceutical or insurance company).

Is it secure for patients to complete assessments online?

The assessments that are delivered to patients in office, by email or sms don’t contain any personally identifying information or health information about patients. When assessments are completed, the data is sent to the application’s server through secure channels (HTTPS, SSH, etc.). No patient information in conjunction with patient names is ever sent over unsecured email or other unsecured channels.


Where is my information stored and is it secure?

Greenspace stores all data and information in Canada with a secure cloud storage provider called Aptible. Aptible is an industry leader in securely managing and storing confidential and highly sensitive healthcare information. Aptible has been tested and passed audits by Kaiser Permanente, MD Anderson, UnitedHealth Group, Johns Hopkins, Stanford, and many others. In addition, Aptible is certified for compliance with ISO 27001, SOC 2, and HITRUST CSF.

Greenspace’s database runs in a private subnet (hidden from the outside internet) and access is restricted to Greenspace. Database traffic is encrypted in transit, and data is encrypted at rest using modern technology standards.


Are you interested in more information about security at Greenspace?

For more information, please review our Privacy Policy, Terms of Use, or get in touch.