One of the most frequent questions we get from prospective users is “How secure is my information with you?”
Let us assure you of something: the privacy and security of our users’ personal information is our top priority — from employee training to state of the art security measures. Here’s how we fulfill this promise to you.
1) With Dot Health, you control and protect your data
With the prevalence of EMRs (electronic medical records) did you realize that your data is already being stored digitally? This means that the level of security we use is identical to — or better than — that of your healthcare provider. Not only that, but we’re actually as secure or more secure than the methods you use to share and store information on a daily basis, including email, Dropbox or Google Drive.
Additionally, some providers still rely on paper medical records, especially those which are several years old. Paper records are extremely vulnerable to physical destruction, including fires and floods, and theft. Having digital copies of your records is something you can proactively do to ensure none of your important medical information is accidentally lost.
2) We implement bank-level security measures to ensure your personal health information is safe at all times, no exceptions.
You name it, we’ve thought about it — including some of our users’ top concerns, such as the threat of identity theft, mishandling of records, and data breaches. Methods we use to prevent these incidents include, but are not limited to:
- Encrypting data during transfer and storage using AES 256-bit encryption
- Maintaining access logs to ensure access is restricted to only relevant parties.
- Our infrastructure is hosted on a Google Cloud platform which has obtained ISO 27001 certification and completes annual SSAE16 / ISAE 3402 Type II audits.
“Having digital copies of your records is something you can proactively do to ensure none of your important medical information is accidentally lost.”
3) We are fully compliant with all provincial and federal privacy laws
When it comes to privacy, we take no shortcuts. We comply with all applicable provincial and federal privacy laws, including:
- Personal Information Protection and Electronic Documents Act (PIPEDA)
- Personal Health Information Protection Act (PHIPA)
- Personal Information Protection Act (PIPA)
- The Personal Health Information Act (PHIA)
- Act Respecting the Protection of Personal Information in the Private Sector (ARPPIPS)
4) We respect your right to control where and how your data is used
We view data as a matter of agency, and want our users to know that unlike some companies that sell their users’ personal information to third party companies, we never retrieve or share information without our users’ consent. In fact, everything the Dot Health platform does is centred around explicit consent; in other words, regardless of how big or popular or far-reaching Dot Health’s network becomes, without the explicit consent of the individual, our platform has no access to that individual’s personal health information unless they’ve given it to us.