We know you are entrusting us with some of your most personal and valuable information and your privacy is extremely important to us. We take this responsibility very seriously and are committed to protecting your privacy and safeguarding your personal information. This document answers some of the key questions about how Greenspace addresses the security and privacy of your personal information. If you would like to discuss in further detail, please feel free to contact our Chief Privacy Officer, Jeremy Weisz at email@example.com and he would be happy to provide you with more information.
Yes. Greenspace is compliant with Canadian federal and provincial privacy legislation, including the Personal Information Protection and Electronic Documents Act, the Personal Health Information Protection Act, 2004 (Ontario), the Personal Information Protection Act (Alberta), the Personal Information Protection Act (British Columbia), and An Act respecting the protection of personal information in the private sector (Quebec).
The only people that can see your personal information and results are you and your therapist. In order to view your results, you are required to log in to your account using your password. The Greenspace administrator has the ability to view all participants using the platform, but each participant is identified by a unique code rather than their name. It is therefore not possible for the Greenspace administrator to ascertain the identities of patients.
The assessments that are delivered to you by email or sms don’t contain any personally identifying information or health information about you. When you complete an assessment, the data will be sent to the server through secure channels (HTTPS, SSH, etc.). No patient information in conjunction with patient names is ever sent over unsecured email or other unsecured channels.
Prior to joining Greenspace, all employees are required to sign confidentiality agreements and undergo criminal background checks. Once joining Greenspace, employees receive extensive training with regard to Greenspace’s comprehensive information security policy, which is regularly reviewed and updated. All employees are required to sign an attestation that they have read, understood and commit to comply with the Greenspace information security policy.
Greenspace stores all data and information in Canada with a secure cloud storage provider called Aptible. Aptible is an industry leader in securely managing and storing confidential and highly sensitive healthcare information. Aptible has been tested and passed audits by Kaiser Permanente, MD Anderson, UnitedHealth Group, Johns Hopkins, Stanford, and many others. In addition, Aptible is certified for compliance with ISO 27001, SOC 2, and HITRUST CSF.
Greenspace’s database runs in a private subnet (hidden from the outside internet) and access is restricted to Greenspace. Database traffic is encrypted in transit, and data is encrypted at rest using modern technology standards.
All passwords and security question responses are cryptographically salted and hashed before storage. This means that they are heavily secured, never stored in plain (viewable) text, with no way to of producing the original password from the value that we store.