Health ExpressoHealth Expresso

Virtual Visits Solution Requirements Agreement Framework

January 2023

Release 2

  1. Background Page 6
    1. Report Objective Page 6
  2. 2.1.1 Patients and Caregiver Virtual Visit AccessPage 6
  3. 2.1.5 Technical Support for Clinic Users Page 6
  4. 2.1.7 Patient Notifications Page 7
  5. 2.3.1 Notice of information practices Page 7
  6. 2.3.3 Privacy and security program Page 7
  7. 2.3.6 Reasonable Safeguards for data Page 8
    1. Antivirus and Malware PolicyPage 8
    2. Access Management Policy Page 8
    3. Multi Factor Authentication Page 8
    4. Password Management PolicyPage 8
    5. Monitoring and Audit Policy Page 8
    6. Data Classification Policy Page 8
    7. Encryption Policy Page 8
      1. Key ManagementPage 9
    8. Amazon Web Services Page 10
      1. Technical SafeguardsPage 10
        1. Security Cloud FeaturesPage 10
          1. Encryption in Transit:Page 10
          2. Encryption at Rest:Page 10
            1. AWS WAF for detecting and preventing vulnerabilities: Page 10
          3. Data Integrity and Redundacy:Page 11
          4. DatabasesPage 11
        2. Data PrivacyPage 11
      2. Physical SafeguardsPage 12
  8. 2.3.7 Privacy Impact Assessment Page 12
  9. 2.3.8 Threat Risk Assessment Page 12
  10. 2.3.9 Vulnerability Scanning Attestation Page 12
  11. 2.3.10 Penetration Testing Page 13
  12. 2.3.11 Security and Privacy Controls Page 13
  13. 2.3.12 Agreement framework for third-party servicesPage 13
    1. Apple HealthKit Page 13
    2. Google Map Page 13
    3. Agora Page 13
  14. 2.3.13 Data Backup and Retention PolicyPage 14
  15. 2.3.14 Virtual Visit Data housed in CanadaPage 14
  16. 2.3.15 Patient alert if data is moved outsidePage 14
  17. 3.2.11 Industry Standard EncryptionPage 14
  18. 4.2.1 Message protectionPage 15
  19. Appendix APage 16

Background

Health Espresso is a healthcare organization that has developed a cutting-edge application to provide a secure communication platform for healthcare professionals to access real-time patient information. The organization is led by CEO Rick Menassa, and is focused on creating a platform that is trustworthy, private, and secure in order to protect personal health information (PHI) and personal information (PI).


By combining trust, privacy, and security, Health Espresso is able to create a platform that is secure and trustworthy for healthcare professionals to use. This is especially important when it comes to handling sensitive information such as patient vitals, medication lists, and adherence data, as these types of data require a high level of protection in order to maintain patient confidentiality.


Report Objective

This report has been created to describe how the Health Espresso Agreement Framework meets the requirements for substantiating the protection of personal health information (PHI) and personal information (PI) in the context of OTN Virtual Visits. The report discusses the various safeguards that are in place to ensure that PHI and PI are protected in compliance with applicable legislation, and how these safeguards work together to ensure the confidentiality and security of this sensitive information.


The report also describes how Health Espresso, as a solution provider, and its data processing/business partners are responsible for ensuring the protection of PHI and PI. This could include a discussion of the measures that are in place to secure data transmissions and storage, as well as any policies or procedures that are in place to prevent unauthorized access or disclosure of PHI and PI.


Overall, this report is intended to provide information on the measures that are in place to protect the confidentiality and security of PHI and PI in the context of OTN Virtual Visits, and to demonstrate that these measures are in compliance with applicable legislation.


2.1.1 Patients and Caregiver Virtual Visit Access

2.1.5 Technical Support for Clinic Users

Health Espresso has a clear support structure and guidelines in place to ensure that both clinic users and patients are adequately supported. For clinic users, this may include technical support for any issues they encounter while using the clinic's systems, as well as guidance on how to use the various tools and resources available to them. It may also include support for managing patient appointments and scheduling, as well as handling any administrative tasks.


For patients, the support structure and guidelines may include information on how to access virtual visits and other services offered by the clinic, as well as guidance on how to use these services effectively. It may also include information on how to contact the clinic with any questions or concerns, and how to get help with any issues that may arise during their virtual visit.

2.1.7 Patient Notifications

In the event of a virtual visit interruption, Health Espresso can send a mass email to all affected users through a dedicated support email address. This can be done to notify users of the issue and to provide information on when the virtual visit will be available again. The mass email may also include any relevant updates or instructions for users during the interruption. It allows us to communicate with users in a timely manner to minimize any disruption to their virtual visit experience.

2.3.1 Notice of information practices

It is important for a healthcare organization to clearly communicate its privacy policies to patients before they sign up for registration. Health Espresso does this by providing access to privacy information on both the mobile app and the web app. This allows patients to review and understand the organization's policies on how their personal and medical information will be collected, used, and shared before they agree to register.


Having the privacy information readily available before registration helps ensure that patients are fully informed and can make an informed decision about whether to register with the organization. It also helps to establish trust between the organization and the patient, as the patient can see that the organization is transparent about its privacy practices and is committed to protecting their personal and medical information.

2.3.3 Privacy and security program

The privacy policy document (Health Espresso - One Patient, One Record, One Care Plan) that has been linked outlines the rules and procedures that govern the handling of personal health information (PHI) and personal information (PI) within the organization. These rules may cover a range of topics, including the collection, use, disclosure, retention, accuracy, security, and disposal of PHI and PI. The privacy policy also includes information on breach management, and information security.

2.3.6 Reasonable Safeguards for data

Antivirus and Malware Policy

The purpose of this policy is to describe requirements for preventing and addressing computer virus, worm, spyware, malware, and other types of malicious software.

Access Management Policy

The purpose of this policy is to describe requirements for preventing and addressing computer virus, worm, spyware, malware, and other types of malicious software.

  • Defining Access Privileges
  • Assignment of Access Privileges
  • User Identification and Registration

Multi Factor Authentication

Authorized users will be assigned a user ID that in combination with other identifiers (e.g. passwords, facility or location identifiers) can uniquely identify the user.

Password Management Policy

The Password Management Policy is to provide guidance to the leadership, employees and contractors of Health Espresso on matters concerning the management of passwords. It includes certain rules as:

  • Password Creation
  • Password Change
  • Password Protection

Monitoring and Audit Policy

Health Espresso will enable audit logging functionality in all Health Espresso applications and operating systems.


Health Espresso will define audit reports to be generated by Health Espresso applications and operating systems based on the risk of unauthorized collection, use and disclosure of PHI, or risk to the confidentiality, integrity and availability of Health Espresso system assets.

Data Classification Policy

Purpose of this Data Classification Policy is to provide guidance to the leadership, employees and contractors of Health Espresso on matters concerning the classification of data assets. The policy establishes a framework for classifying data based on its level of sensitivity, value and criticality to Health Espresso and its customers.

Encryption Policy

This policy is to establish a corporate standard for using encryption technology to safeguard sensitive information in transit or at rest.

Encryption of Health Espresso Data

Confidential and restricted data as defined in the Health Espresso Data Classification Policy, must be encrypted using strong encryption. This includes:

  • All laptops and desktops that transmit, process or store confidential or restricted data.
  • All mobile devices (e.g., tablets, smartphones, etc.) that transmit, process or store confidential or restricted data.
  • All portable media (e.g., USB drives, portable hard drives, DVDs) that store confidential or restricted data.
  • All confidential and restricted data stored in a cloud or hosted environment.
  • All confidential and restricted data communicated over the Internet and other public and private networks.

Key Management

  • Procedures must be in place to change an encryption key when it has been compromised.
  • Encryption processes running on Health Espresso information resources must include centralized key recovery functions accessible only by authorized personnel.
  • Health Espresso ensures that agreements or contracts with third parties who require access to PHI, contain provisions to adequately protect PHI.

Amazon Web Services

Technical Safeguards

Security Cloud Features

Encryption in Transit:

Any data transmitted to or from the software is protected using transport layer security (TLS). Health Espresso has phased out support for TLSv1 and TLSv1.1 and only supports TLSv1.2.

Encryption at Rest:

For AWS Simple Storage Service (S3) and AWS Relational Database Service (RDS), SSE-KMS (Server-Side Encryption) is enabled using AES-256-GCM symmetric key algorithm. For mobile applications, encryption is enabled on the mobile device along with data obfuscation.

AWS Shield:

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. All AWS customers benefit from the automatic protections of AWS Shield Standard. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications.

AWS WAF for detecting and preventing vulnerabilities:

AWS WAF is a web application firewall that helps protect web applications and APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives control over how traffic reaches applications by enabling creation of security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific defined traffic patterns. The Managed Rules for WAF address issues like the OWASP Top 10 security risks. These rules are regularly updated as new issues emerge. AWS WAF includes a full-featured API that can be used to automate the creation, deployment, and maintenance of security rules.

Data Integrity and Redundancy:

All uploaded data is kept in AWS Elastic Block Storage (EBS) encrypted volumes in Data Centers geographically located within Canada. Amazon EBS volumes are designed to be highly available, reliable, and durable. EBS volumes are designed to protect against failures by securely replicating within the Availability Zone (AZ).

Databases

Health Espresso solution utilizes separate databases for development/testing and production environments. Health Espresso utilizes Amazon PostgreSQL Relational Database (RDS) service for both development/testing and production databases.

Data Privacy

Health Espresso's customer agreement with AWS identifies Data Privacy as an extension to technical safeguards. An aspect of this notion is having the choice of region for data residency. Selecting the Canadian sphere ensures Health Espresso's clients can trust in our privacy operations and compliance obligations.


In this context, AWS will not access or use content except as necessary to maintain service offerings or comply with legislated law. Further, AWS will also not disclose content to a third party or government and will not move data from the selected region. An exemption is in place where AWS must investigate fraud, abuse, or agreement violations.

Physical Safeguards

Utilizing a cloud infrastructure data stored by Health Espresso is protected by AWS Datacenter physical safeguards. These include:

  • Careful site selection by AWS
  • Limited access by AWS employees. Amazon reviews and approves requests, based on the principle of least privilege. Amazon also removes access after expiry of the requested time.
  • Third-party access is approved by AWS employees, with restricted access. Visitors are provided a guest badge, signed in and escorted by staff. CCTV monitoring of access points to server rooms.
  • Multi-factor Authentication mechanisms for access to data centres.
  • Intrusion detection methods, including alarms that sound if doors are forced or held open.
  • Ongoing risk management and third-party security review.

2.3.7 Privacy Impact Assessment

Health Espresso had a PIA completed for its organization by a certified third-party.

2.3.8 Threat Risk Assessment

Health Espresso had a TRA completed for its organization by a certified third-party.

2.3.9 Vulnerability Scanning Attestation

We have had our Vulnerability Scanning Attestation completed by a certified third party.

2.3.10 Penetration Testing

We have completed Peneration Testing completed by a certified third party.

2.3.11 Security and Privacy Controls

We have completed Security and Privacy Control verification completed by a certified third party.

2.3.12 Agreement framework for third-party services

To enhance functionality of the Health Espresso platform certain Terms of Service (ToS) agreements have been initiated thru the use API's. Such functionality includes Bluetooth management, geo location data collection and video/audio streaming

Apple HealthKit

In the Developers ToS, information channeled into HealthKit does not leave the users device and is encrypted. Additionally, Apple does not have access to the local data. HealthKit temporarily caches the data and saves it to the encrypted store.


We are reminded as Developers (via ToS) to disclose a privacy notice, which is enacted, to our clients on use of HealthKit data. In return, Health Espresso may not sell the information gained from the API to brokers, use it for advertising, or disclose information to a third party without permission from the user.

Google Map

Google requires developers to abide by an API ToS. Clients/end Users provide personally identifiable information (PII) and include such elements as search terms, IP addresses, and latitude/longitude coordinates. Google's notification requirement calls for Health Espresso to notify users of this data exchange via privacy notice, again enacted, and the user can revoke consent at any time.

Agora

Agora is a software company that creates a "Real Time" engagement platform to embed video and voice capable APIs for customer applications. Health Espresso are using Agora's Developer API kits to enhance the medical clinic/client relationship.


The Agora developer kit provides security features that can be taken advantage of. API's allow Identity Access Management for private sessions. 3rd party data encryption option for developers. Geo fencing which gives the ability of customers to select regions to meet related regulations.


In agreement with Agora ToS - Health Espresso uses Agora as a transmission bridge where no data is stored or recorded by Agora. For the enabling of service, Agora does collect the IP Address. All information in PHI and PI are collected by Health Espresso as defined by Health Espresso's Privacy Notice.

2.3.13 Data Backup and Retention Policy

Health Espresso has established a retention schedule for PHI consistent with the legal obligations of Health Espresso customers under applicable privacy and data protection, legislation and documented in Health Espresso service-level or licensing agreements.


Health Espresso has established retention schedules for backup copies of PHI databases created for disaster recovery and business continuity purposes, audit logs that contain PHI and copies of data created for other authorized purposes, based on an assessment of business requirements.


Health Espresso will ensure that any software or utilities (e.g., encryption programs) required to read or copy archived or backed-up PHI is available for the entire period in which the PHI is retained


If data is stored in an encrypted format, Health Espresso will ensure that encryption programs, algorithms and keys required to decrypt production and archived data are available during the entire retention period and retained in a secure environment.

2.3.14 Virtual Visit Data housed in Canada

All uploaded data is kept in AWS Elastic Block Storage (EBS) encrypted volumes in Data Centers geographically located within Canada. Amazon EBS volumes are designed to be highly available, reliable, and durable. EBS volumes are designed to protect against failures by securely replicating within the Availability Zone (AZ).

2.3.15 Patient alert if data is moved outside

Health Espresso patients would be promptly informed if their data ever travelled outside Canada, although that should never occur. We've built our systems to only access reliable Canadian servers, with failover servers located in Canada as well. This ensures there is never a data leak internationally and data is always stored securely.

3.2.11 Industry Standard Encryption

Health Espresso uses Agora for video capabilities. Agora has published a compliance page on their website which provides information about their compliance with various laws, regulations, and standards. This page can be accessed at the following link: https://www.agora.io/en/compliance/

4.2.1 Message protection

We have outlined our data protection policy within the “2.3.6 Reasonable Safeguards for data” section of this document.

Health Espresso is a patient centred, connected and secure communication platform that provides access to real time patient data for inter - professional virtual collaboration for better health outcomes at point of care.

Available on the App Store