You are accessing greenspacehealth.com from outside of the United States
Select Region:
United States 🇺🇸

security

Keeping your data safe and secure is at the core of everything we do.

SECURITY BY DESIGN

Overview

Security of patient information and privacy is the foundation of the Greenspace platform. We take this responsibility very seriously and have implemented significant measures to safeguard patients' personal health information that exceed industry standards and best practices. The Greenspace system conforms to digital and physical security protocols, including HIPAA, with SSL-secured access, AES encryption at the filesystem level, and firewalls protecting all data. We take many additional precautions to protect privacy including: requiring strong passwords, automatic logouts, automatic access logging, secured data backups, two factor authentication and restrictive data access procedures. All data and information is stored in the United States.

KEEPING YOUR DATA SECURE

Security Features

Below are some of the measures that have been implemented to safeguard patient data and information.

Secure Encryption

Data is encrypted in transit and at rest using AES encryption with 256-bit keys, as recommended by the US National Institute of Standards and Technology and Federal Information Processing Standard.

Access Monitoring

Network access is inspected in real time and permanently logged. Intrusion attempts are automatically identified and blocked , mitigating SSH attacks and other malicious behavior.

Password Protection

All passwords and security questions are are cryptographically salted and hashed before storage. This means that they are heavily encrypted and are never stored in plain (viewable) text.

Database Backups

Database backups are automatically completed on a regular schedule. Databases are encrypted, backed up nightly, and stored in multiple locations.

Automatic Detection

The platform maintains a Host-based Intrusion Detection (HIDS) system that automatically detects potential intrusions and anomalous activities. We immediately investigate, respond to and resolve any issues that are discovered.

Internal Policies

Comprehensive internal policies have been implemented to ensure privacy is maintained from an administrative perspective. All employees undergo extensive privacy and security training.

WHAT YOU NEED TO KNOW

Frequently Asked Questions

Is Greenspace compliant with privacy legislation?

Yes. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines requirements for companies that create, receive, maintain or transmit protected health information (PHI). To meet its obligations under HIPAA, Greenspace has implemented extensive technical, physical and administrative safeguards to ensure the security of the PHI that it controls. Greenspace takes its regulatory responsibilities very seriously and has also implemented a risk management and compliance framework to ensure continued compliance with HIPAA and industry standards.


Does Greenspace maintain security practices in line with industry best practices?

Greenspace maintains administrative, technical and physical safeguards that meet or exceed industry best practices. Greenspace’s commitment to information security within the organization is codified in its Information Security Policy. The policy provides direction and requirements with respect to the security of personal health information to guard against theft, loss, unauthorized use, disclosure, disruption, modification or disposal.



Who can see patients’ personal information?

Only patients and their care providers have access to patients’ personal health information and assessment results. Since each participant is identified by a unique code rather than their name, it is not possible for a Greenspace administrator to ascertain the identities of patients. If access to identifying information is required and authorized by the patient and/or therapist, such access is logged and is prohibited from being used or disclosed for any other purpose.



Is any patient information or data shared with or sold to any third parties?

No. The only people that can see patient information or results are the patient and their therapist(s). Patient information or results are not shared with or sold to any third parties (such as a pharmaceutical or insurance company).

Is it secure for patients to complete assessments online?

The assessments that are delivered to patients in office, by email or sms don’t contain any personally identifying information or health information about patients. When assessments are completed, the data is sent to the application’s server through secure channels (HTTPS, SSH, etc.). No patient information in conjunction with patient names is ever sent over unsecured email or other unsecured channels.


Where is my information stored and is it secure?

Greenspace stores all data and information in the United States with a secure cloud storage provider called Aptible. Aptible is an industry leader in securely managing and storing confidential and highly sensitive healthcare information. Aptible has been tested and passed audits by Kaiser Permanente, MD Anderson, UnitedHealth Group, Johns Hopkins, Stanford, and many others. In addition, Aptible is certified for compliance with ISO 27001, SOC 2, and HITRUST CSF.

Greenspace’s database runs in a private subnet (hidden from the outside internet) and access is restricted to Greenspace. Database traffic is encrypted in transit, and data is encrypted at rest using modern technology standards.


Are you interested in more information about security at Greenspace?

For more information, please review our Privacy Policy, Terms of Use, or get in touch.