Privacy and Security

Virtual Hallway takes great care to ensure that security and privacy practices are aligned with the leading industry frameworks. All of our policies and practices are fully compliant with medical licensing bodies, as well as provincial and federal privacy legislation. Furthermore, we have up to date, completed, privacy impact and threat risk assessments, which are in line with provincial and Canadian guidelines.

How Virtual Hallway Protects Your Data

All personal health information is encrypted at rest and in transit on Canadian based servers using Microsoft Azure servers. Additionally, the Virtual Hallway database is automatically backed up hourly, daily, weekly and monthly with redundant copies made on servers located on different power grids in case of natural disasters.

All users of Virtual Hallway agree to the Terms of Use and Privacy Policy upon account creation. This is facilitated through the sign-up process and is tracked in our database.

Virtual Hallway has documents outlining all security and privacy policies and procedures which can be made available upon request.

How does Virtual Hallway manage security compliance?

Our security requirements are powered by MedStack, a leading privacy compliance platform built specifically for the needs of the digital health industry (https://medstack.co/). MedStack provides secure, flexible, single-tenant cloud infrastructure, with pre-written, code-generated and real-time auditable privacy policies around complex frameworks. This includes alignment with the following frameworks:
Our application environment has been wrapped with all of the technical controls and safeguards required by today’s healthcare enterprise systems. Each element of our security architecture ties back to a specific policy of ISO 27001. These policies are then mapped to the corresponding privacy frameworks and industry standards where we operate.
We also leverage a third party privacy and security management company called Carbide (https://carbidesecure.com/) which facilitates our alignment with nationally and internationally recognized privacy and security frameworks. Carbide also facilitates privacy and security training. All staff undergo rigorous security and privacy awareness training and are required to understand all policies surrounding safety of data. All training is repeated and tracked to ensure that all staff are up to date on security and privacy issues.
Virtual Hallway is also currently compliant with relevant Canadian provincial health care privacy acts including: PHIA (Nova Scotia), PHIPA (Ontario), and HIA (Alberta).

Compliance Commitments

Encryption, network security, monitoring, audit logging, backups, and certificate and key management are each among the various controls implemented, enforced, and documented. Virtual Hallway achieves this through numerous controls as outlined in our policies (below) and through leveraging MedStack’s cloud-based platform.
Access Control
Asset management
Awareness, training, and reminders
Backup
Compliance
Continuity
Cryptography
Definitions
Disciplinary process
Documentation
Information security incidents
Human resource security
Information classification
Information privacy
Information security
Logging and monitoring
Malware protection
Media handling
Mobile devices and teleworking
Network security management
Risk management
Secure areas
Software development and operations
Suppliers
Workstation

Monitoring

Virtual Hallway employs third party monitoring and scanning on its servers on a regular basis so that we have awareness of any potential vulnerabilities, incidents, and threats. We also employ regular external penetration testing, privacy impact assessments and threat risk assessments on our application and infrastructure.

Account Security

Virtual Hallway secures your credentials by using leading industry encryption standards. In addition, multifactor authentication can be enabled by users to provide high level security to the accounts.

Incident Response

Virtual Hallway has an incident response program that will assess, and respond to, any identified vulnerabilities or security incidents and establishes remediation and mitigation actions for all events.

Background Checks

We perform background checks on all new team members in accordance with local laws.
starearthquestion-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram