Security

What we do to ensure online security

  • Ensure our computer systems are up to date.
  • Monitor our computer systems.
  • Use secure firewalls.
  • Use Secure Sockets Layer (SSL) when necessary to secure communications across the Internet.
  • Use authentication tokens for secure access to all private sections of our website.

What you can do to ensure online safety

  • Protect your password.
  • Use antivirus and anti-spyware software.
  • Ensure your browser and operating system are up to date.
  • Use a firewall.
  • Secure your wireless connections.

Password Policy

  • All passwords have minimum requirements for complexity (i.e., upper/lowercase characters, numbers, symbols).
  • Personnel are required to create strong, complex passwords for all computerized systems.
  • Guidelines are in place to ensure confidentiality and decrease the possibility of cyberattacks.
  • All external passwords will be stored securely by the System Administrator.

Security and Protection

  • Policy is in place to support employees and contractors in determining their responsibilities with respect to Confidential Information and assist in identifying circumstances under which the interests of the employee may conflict with interests of the Company.
  • Employment contracts contain confidentiality or non-disclosure and non-compete clauses.

Email Policy

  • Personnel are required to adhere to strict guidelines regarding the use of company email.
  • Guidelines reinforce professionalism and streamline how emails are handled.
  • All messages distributed via the company’s email system are the property of the Company.
  • Confidential information (such as Patient Health Records) is prohibited from being disclosed via email.

Laptop Encryption Policy

  • Policy ensures the security and privacy of Patient Health Information (PHI) so that Vitaliti Technologies will comply with HIPAA, PHIPAA and PHIPA regulations.
  • All laptop computers used by Vitaliti Technologies Inc. personnel must have a hard drive partition of their computer encrypted using operating system level encryption.
  • Passwords for the encrypted partitions should be saved securely, and never stored in unencrypted formats.
  • Whenever Patient Health Information is handled on a corporate laptop computer, that information is to be stored only on an encrypted volume.
  • Patient Health Information should never be stored on a portable storage device such as a USB key.
  • Once a file containing Patient Health Information is no longer needed on a computer, it is to be permanently deleted.
  • Any employee that receives corporate email on their mobile device is required to protect access to that mobile device with a strong password.
  • Any Personal Health Information received on a personal mobile device is to be deleted once discovered.
  • Vitaliti Technologies Inc. will perform audits and inspections of corporate laptop computers biannually to ensure compliance with this policy.

Backup and Retention Policy

  • Thorough backup and retention policy ensures the preservation of all critical data required to ensure the continued and uninterrupted operation of Vitaliti Technologies systems.
  • Systems that have data backed up and retained for designated time periods include: SQL Database, Internal Servers, Quality Management Systems, Email, Cloud-based Storage.
  • Backup Servers utilize encrypted hard drives that are removed and stored off-site on a monthly basis.

User Requests Policy

  • All patient requests are handled in accordance with the PHIPAA Act.
  • Patient can withdraw their consent to the collection, use or disclosure of their personal health information, after which Vitaliti Technologies shall take reasonable steps to act in accordance with the decision.
  • Patient may request to designate another individual to act on their behalf regarding their rights pertaining to their Personal Health Information.
  • Written consent must be provided and validated for disclosure of personal health information if the patient does not have a personal account.
  • If patient requires a correction to be made to records of Personal Health Information, they must submit a written request.
  • Vitaliti Technologies shall not charge a fee regarding a correction request.

Privacy Incident Response Policy

  • A procedure is in place for receiving and investigating privacy complaints in a timely manner as well as to manage and contain a privacy breach, should it occur.
  • Management reviews will be conducted for merited complaints.
  • Affected individuals will be notified directly and/or by a public announcement to communicate that there was a breach to Vitaliti Technologies’s system if deemed reasonable in accordance with the PHIPAA guidelines.
  • Vitaliti Technologies shall also inform the Privacy Officer, as per laws and regulations.
  • The individual and the Information and Privacy Commissioner must be notified at the earliest opportunity by providing specific information outlined in the PHIPAA and regulations. Virus and Malware Protection Policy (CP-008-VirusProtectionPolicy).
  • All personnel computers have virus and malware protection software installed.
  • Email attachments received from an unknown sender shall be unopened and deleted.
  • Unexpected email attachments from a known sender shall be quarantined and only opened after being reviewed and approved by Technical Director or IT staff.
  • All computer systems must be current with software updates and security patches for the applicable operating system.

Version 1.0

Last modified on November 2024