We know you are entrusting us with some of your most personal and valuable information and your privacy is extremely important to us. We take this responsibility very seriously and are committed to protecting your privacy and safeguarding your personal information. This document answers some of the key questions about how Greenspace addresses the security and privacy of your personal information. If you would like to discuss in further detail, please feel free to contact our Chief Privacy Officer, Jeremy Weisz at firstname.lastname@example.org and he would be happy to provide you with more information.
Yes. Greenspace is compliant with Canadian federal and provincial privacy legislation, including the Personal Information Protection and Electronic Documents Act, the Personal Health Information Protection Act, 2004 (Ontario), the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), and An Act respecting the protection of personal information in the private sector (Quebec).
The only people that can see your personal information and results are you and your therapist. In order to view your results, you are required to log in to your account using your password. The Greenspace administrator has the ability to view all participants using the platform, but each participant is identified by a unique code rather than their name. It is therefore not possible for the Greenspace administrator to ascertain the identities of patients.
The assessments that are delivered to you by email or sms don’t contain any personally identifying information or health information about you. When you complete an assessment, the data will be sent to the server through secure channels (HTTPS, SSH, etc.). No patient information in conjunction with patient names is ever sent over unsecured email or other unsecured channels.
Prior to joining Greenspace, all employees are required to sign confidentiality agreements and undergo criminal background checks. Once joining Greenspace, employees receive extensive training with regard to Greenspace’s comprehensive information security policy, which is regularly reviewed and updated. All employees are required to sign an attestation that they have read, understood and commit to comply with the Greenspace information security policy.
Greenspace stores all data and information on a secure cloud storage provider called Aptible. Aptible is specifically designed to securely manage and store meaningful, sensitive data in highly regulated industries. Aptible has passed rigorous security and compliance audits alongside its customers at the largest entities in healthcare, including: Kaiser Permanente, MD Anderson, UnitedHealth Group and Johns Hopkins. Greenspace’s database runs in a private subnet (hidden from the outside internet) and access is restricted to Greenspace. Database traffic is encrypted in transit, and data is encrypted at rest using modern technology standards.
All passwords and security question responses are cryptographically salted and hashed before storage. This means that they are heavily encrypted and are never stored in plain (viewable) text.