Security & Privacy
We take data protection seriously.
With continuous improvements to our product, we invest time in ensuring our product keeps your data safe and secure. We’ve made a FAQ to help resolve some of your security worries.
Storage and data
Everything in terms of data transmitted within Adracare employs 256 bit AES encryption, which is the same grade of encryption used by financial institutions.
Our communication is encrypted in transit, in the database, and at rest leveraging AES 266 Bit encryption.
Our Platform maintains strict geographic boundaries, and as such, data for patients and providers in one country never crosses into another.
Your data is safe and secure. it is not transmitted to other locations. The only time your data is accessed internationally is if we are providing you with support. See below for more information.
Our platform is scanned tor vulnerabilities with every code change before getting deployed into production environments. Any potential vulnerabilities are detected and remediated immediately. Adracare has never had a breach. However, suppose a breach is ever to occur, in strict accordance with our Data Breach Policy, the Chief Compliance Officer will invoke the data breach management protocol, suspending access to users who may have been part of the incident, securing all audit logs associated with the incident, notifying all parties impacted by the breach. Our data breach and notification protocols are reviewed and tested annually by 3rd party Privacy and Security auditors. We make sure to do everything in our power to ensure breaches don't happen.
Access and visibility
Yes, we are. if you don't see your compliancy above, you can review our compliancy documentation by scrolling down to our compliance statement or clicking here
Yes - the video quality is automatically adjusted based on a user's internet speed. A quick way to check what quality you (or your patient) can expect is to visit https:/www.speedtest.net and check your download and upload speeds.
Low-quality video will be used for internet speeds between O.15 Mbps and O.54 Mbps. Medium-quality video will be used for internet speeds between O.54 Mbps and 1.5 Mbps. High-quality video will be used for internet speeds greater than 1.5 Mbps.
Our platform and policies are audited by independent 3rd party Privacy and Security auditors on an annual basis.
Yes, but only certain full-time employees of Adracare access this information on a highly regulated basis for Quality Assurance and Testing. We use realistic sample data whenever we can, but we require access to fix issues to investigate certain records.
No, we do not record any vide0 sessions. The only people who can see video appointments are the participants.
Partnerships and metadata
Yes - the video quality is automatically adjusted based on the user's internet speed. A quick way to check what quality you (or your patient) can expect is to visit https://www.speedtest.net and check your download and upload speeds.
Low-quality video will be used for internet speeds between O.15 Mbps and 0.54 Mbps. Medium-quality video will be used for internet speeds between O.54 Mbps and 1.5 Mbps. High-quality video will be used for internet speeds greater than 1.5 Mbps.
Our Platform and policies are audited by independent 3rd party Privacy and Security auditors on an annual basis.
Yes, but only certain full-time employees of Adracare access this information on a highly regulated basis for Quality Assurance and testing. We use realistic sample data whenever we can, but we require access to fix issues to investigate certain records.
HIPAA, PHIPA & PIPEDA compliance stateme
Adracare is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act (HIPAA), the Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable personal health information legislation where it operates. Adracare is committed to the continuous improvement of its policies to ensure our Products incorporate state-of-the-art information technology privacy and security measures.
Adracare deploys its solution in data centers in Canada, United States of America and, United Kingdom, and new data centers are constantly added to meet the personal health information regulations in each region. Data in one region never travels into another, and all geographic boundaries are maintained to all scoped data. All solutions are deployed with redundancies and regular backups, in accordance with Adracare’s Written Information Security Program, available on request.
Adracare protects personal health information through the following integrated administrative, physical and technological safeguards:
Administrative Safeguards. Adracare has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. Privacy training is an annual mandated event for all staff, as well as annual review of policy effectiveness during internal or third party auditing of our Products.
Physical Safeguards. The primary physical safeguard for Adracare is to not retain sensitive data in any public or private Adracare location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse and security measures are in place. Access to Adracare facilities are all independently controlled via key access preventing walk-up intrusion. Adracare data centre uses a cloud-based architecture with inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.
Technical Safeguards. To further protect sensitive data, Adracare enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, various levels of encryption (for data in rest, and in transit) and other custom architecture to further obscure sensitive data from threats.
Adracare will never share, sell, or trade Personal Identifiable Information (PI) or Personal Health Information (PHI) to third parties. Adracare does not use or disclose Personal Health Information, except as necessary in the course of providing its product and service to its clients. If disclosure of Personal Health Information is necessary at any point, it 1s Used or disclosed strictly in accordance with the Personal Health Information Protection Act.