Caredove protects all personal health information (PHI) according to Canadian and United States federal standards.
Caredove's servers are hosted on AWS in Montreal, so your personal health information never leaves Canada.
Caredove regularly has objective independent examinations & audits to ensure we are compliant up to trusted third party standards.
Yes! Caredove has implemented a comprehensive Privacy and Security program that ensures the information of our customers and patients is kept private and secure. This includes Personal Information (PI) and Personal Health Information (PHI) lifecycle management, physical, technical and process safeguards.
Yes! U.S. customers need Caredove to be HIPAA compliant. Caredove uses a fully automated managed services platform provided by an AWS Healthcare Competency Partner that provides coverage for over 200 HITRUST Common Security Framework controls mapped directly to the HIPAA regulations.
Caredove is hosted wherever you need it to be! Caredove uses Amazon Web Services (AWS) in the Canada Region for all Canadian customers. We have access to all AWS locations worldwide so for our international customers we can store data in any region required for compliance. We only use AWS Healthcare certified processes. For Canada see AWS in Canada.
We have developed a comprehensive approach to privacy and security and have created the Caredove Trust Report, an online resource that contains everything you need to know about Caredove for your PIA. You can find more information about this in our article "Ensuring Patient Privacy in the Digital Age: How Caredove Empowers Healthcare Networks to Conduct Thorough Impact Assessments"
Caredove does not directly acquire consent from patients for the collection of PHI. Gathering consent is the obligation of the person collecting the PHI and the acquisition and revoking of consent is recorded in Caredove. When a patient self-refers through Caredove the patient will be asked to provide consent in a click-through agreement.
To prevent malicious software including ransomware, Caredove has adopted a defense in depth approach, with many layers of protection that would prevent exposure or loss of data.
These measures include but are not limited to employee education, encryption, and acceptable use policies and procedures. Caredove’s systems are protected with: anti-malware scanning to stop software from attacking a server; network security including intrusion prevention which stops vulnerabilities from being exploited and the resulting potential installation of malicious software (including ransomware); system security, including integrity monitoring which can provide visibility of system changes that represent malicious software activity; Web Reputation, which blocks outbound communication to known bad domains.
Learn more about how Caredove protects client data in our Data Security Policy.
In the unlikely event that an incident or breach occurs, Caredove has processes in place to notify clients and recover any compromised data. We communicate openly with parties according to our published Privacy Incident & Breach Management policy to keep people well informed and Caredove complies with all legal requirements. To recover compromised or corrupted data we would restore from our encrypted backup server. Caredove tests the backups at least monthly to ensure the integrity of the backup and restore processes.
As an additional measure to prevent the risk of data loss, agencies can choose to synchronize their Caredove data with their local systems via an integration using Caredove’s API.
Links to our legal agreements and Privacy and Security Program can be found at the top of this page. If you wish to speak with someone at Caredove, please email us or call us at 416-655-7997, or toll free in North America at 1-833-567-3683.
You can connect Caredove service requests and search sites to any website via standard web-links or Caredove's embed widget. The embed widget uses standard secure iFrame functionality which are authorized by Caredove for approved domains.
Caredove customers can purchase a license for our WebBuilder content management system with specialized features that allow them to publish service information easily online. They can also bring their own website and their own hosting on platforms such as WordPress or Drupal. In all cases, the same approach to launching a Caredove service request is used. The Caredove referral management system is sandboxed to be entirely separate from the embedding, or referring, website.
This means that when anyone searches or requests a service from any website, it launches our Referral Management application as a separate application which is subject to all of our stringent security protocols.
No PHI information from the integrating website is provided to Caredove via an embedded Caredove widget. The only information shared with an embedded widget is widget layout, size, etc. All collection and handling of PHI is done with the launched Caredove application. Caredove’s security program documentation can be found above.
Caredove’s WebBuilder is an optional add-on feature to Caredove, that is used to build marketing-style websites. Its underlying code, hosting and management is completely separate from Caredove. It is connected to Caredove with the same methods as any other external website, only via standard weblinks or iFrames (for authorized domains). Our WebBuilder is a customization built on the Duda web platform that allows for easy integration with Caredove via custom widgets and templates. Duda is a globally reputable and leading company in web building. You can view their security measures here.