Data Security

Date of Last Revision: 4 June 2018

Caredove helps connect patients with care through an online platform to find local health and community services, book appointments and send referrals.

Caredove’s Security Policy outlines the measures and procedures undertaken by Caredove to ensure that the personal information of our customers and employees is kept private and secure, in accordance with the terms of our Privacy Policy.

PI & PHI Lifecycle Management

Caredove significantly limits the risk of a Personal Information/Personal Health Information breach by strictly limiting the information available on Caredove.

Personal Health Information - PHI (Referrals) – Personal health information sent through Caredove is stored only for as long as is needed to complete the referral. The precise amount of time is dictated by the receiving organizations privacy policy, but PHI is usually permanently removed on the day the organization receives/views/downloads the referral or the day that the related appointment is booked. PHI is never stored on Caredove indefinitely.

Personal Information (User Accounts) – Only the necessary information to contact Caredove users is stored in their user accounts (such as name, work organization & work phone number). More detailed information such as date of birth, home address, etc… are not stored. Once a user is associated with a work organization, the administrator of that organization is responsible for de-associating the user from the organization when their employment is terminated. Caredove monitors user accounts for inactivity, and at its own discretion may inactivate unused accounts at any time.

Physical Safeguards

SSAE 16 Type II Certified Data Centre – Caredove is  hosted in a state-of-the-art data centre that located in Canada, with highly secure and redundant IT infrastructure. The data centre is TYPE II certified with the standards of SSAE 16 (or equivalent CSAE 3416, and ISAE 3402). This means that the Caredove data centre has undergone independent, in-depth audits of control activities, including how hosting and network technologies are managed. PHI exists exclusively at the certified data centre (never on employee workstations).

Other data centre certifications include:

  • SOC 1/SSAE16
  • ISO 27001
  • Service Organization Controls (SOC) 2 & 3
  • PCI DSS 2.0
  • US – EU Safe Harbor
  • TRUSTe Privacy Seal

Facility Access Controls – The data centre holding PI & PHI is locked and guarded, and can only be accessed by authorized personnel. Monitored closed circuit television systems and onsite security teams vigilantly protect the data centre around the clock, while military-grade pass card access and biometric finger scan units provide even further security.

Data Centre Stability – Onsite diesel-powered generators and uninterruptible power systems (UPS) deliver redundant power if a critical incident occurs, so that all operations are uninterrupted and servers remain online. Infrastructure is regularly tested to make sure it performs as designed in the event of an emergency. The heating ventilation air condition (HVAC) systems have full particle filtering and humidity control. The climate within the data centre is maintained according to ASHRAE Guidelines. This ensures that our servers are functioning at their best.

Data Backup – Caredove stores regular backups with copies of the Caredove data, stored locally and at a secondary data centre.

Workstation Use – Caredove employee workstations never store Personal Health Information, including the workstations of the development team. All workstations are access protected with a strong password, automated timeout lock, disk encrypted & loaded with the most recent OS security patches.

Technical Safeguards

Secure Login
 – Users sign in to a secure, encrypted login page. In the event that a username & password is entered incorrectly, Caredove uses login attempt delays, # login attempt limits, and Captchas to prevent brute-force login attacks. Stored passwords are encrypted on the Caredove servers to prevent passwords from being accessed even in the event of a data breach.

Passwords – All Caredove users are required to have secure passwords to access Caredove. Users should not use combinations that can be associated with them easily. Caredove employees use highly secure passwords for accessing Caredove and all of Caredove’s supporting technology (such as servers).

Access Based on Least Privilege – This means that a user account only has privileges which are essential to that user’s work. For example, a user who is responsible for updating service listings does not have access to review received referrals.

PHI Access Controls – Access to referral PHI is strictly restricted to a) the person submitting the referral, b) the designated recipient of the referral, c) other people in the receiving organization designated by an administrator to be able to view referral PHI. Such designations should be made in accordance with the receiving organization’s privacy policies.

Audit Controls – Caredove keeps detailed logs of logged in user activities (such as sign-ins, account modifications and accessing individual PHI records). At any time users can view their own audit logs, and organization administrators can view the audit logs of all of their Caredove users and referrals. Individual referrals clearly display the access history of the referral (who booked, who received, who viewed/downloaded PHI, who made changes, etc…). Audit logs cannot be modified.

Automatic Logoff – Caredove automatically logs users off of the system after a determined period of inactivity. For additional security, Caredove also uses a “secondary timeout” where users who are inactive for a shorter period of time can continue to navigate Caredove without being logged off, but will be asked to re-enter their credentials when attempting to access PHI records.

Secure Data Transmission – Caredove uses TLS 256-bit encryption when transmitting data. This is the strongest, most secure form of encryption that is generally available in Internet browsers on the market in North America today.

Firewalls – Restrictive firewall policies ensure that only approved traffic is allowed access to our servers.

Security Software Patching – Caredove ensures that all supporting software used in Caredove (e.g., operating system) has the latest security updates at all times.

Data Intrusion Detection – Caredove uses technology to automatically identify suspicious behavior patterns, with possible threats subjected to round-the-clock expert analysis. It is integrated with leading infrastructure products to block potentially malicious activity, stopping attacks.

Secure Data Storage – In addition to the various safeguards in place to prevent access to data stored in Caredove, all referral personal information is encrypted so that in the unlikely event that the servers are accessed, any stolen data is useless without encryption keys.

Vulnerability Management – Caredove performs regular vulnerability management scans to ensure that its IT system components (OS, software, etc…) are not vulnerable to attack.

Web Application Scanning – Caredove performs regular web application scans which examine the Caredove code for vulnerabilities (such as SQL Injection, XSS, CSRF, URL redirection, etc.). Caredove performs a Web Application Scan on any new development code before it is released to the live Caredove site.

Malware Scanning –  Caredove performs regular Malware scans to ensure its servers are clean of infected files.

Code Repository –  Caredove uses a sophisticated software code management system to store and track a complete history of all code used with Caredove. This provides many benefits such as a) an ability to roll-back software code to a previous version in the event that a problem is found after a go-live, b) an audit trail of Caredove functionality at any point in time, c) continuity of code access and availability in the event of a disaster.

Process Safeguards

Organization Verification – New organizations can only be created in Caredove once approved by Caredove staff. Caredove will perform a basic check to ensure that the organization is legitimate. Accuracy of Caredove organization listings is subject to Caredove’s Terms and Conditions.

User Verification: Caredove has established role-based permissions. Roles with Administrator permissions are responsible for identity verification when inviting new users to, and otherwise managing permissions, including roles involved with viewing referral information. Caredove provides tools to aid the Administrator in fullfilling their responsibility to verify user identity within their Authorized Workforce.

Fax Verification – Faxing should only be used after taking precautions to verify that faxes sent to the number are reaching the intended target prior to sending PHI. When a new fax number is entered or an existing number is edited within a Caredove service listing, Caredove can automatically send a fax to the fax number with a special code. That code can then be entered into Caredove by a user who has edit permissions to services using that fax number. Only when this process is complete will the Caredove service listing, within the Caredove platform, change the fax number status from "Unverified" to "Verified". This helps referrers be more confident when they choose to send some information to a "Verified" fax number in Caredove. 

Breach Management – In the case that personal information or personal health information is accessed in an unauthorized manner, Caredove investigates the event, resolves the root cause of the issue, and notifies the affected persons as per Caredove's Privacy Incident & Breach Management policy.