Our privacy policy was developed in concordance with the Ontario Personal Health Information Protection Act (PHIPA). As described by PHIPA, we act as a trusted provider to health information custodians such as physicians and other allied health professionals.
CognisantMD’s technology is designed to provide a secure and private conduit between patients, clinicians, and trusted third parties. We never collect or view personal health information without specific consent from both patients and clinicians. As a general rule, we avoid storing patient health information on our servers whenever possible, but we sometimes do need to temporarily store encrypted information to ensure that the clinician’s systems can communicate.
Fortunately, Ocean was built from the ground up to maximize security and protect privacy. Ocean’s industry-leading security stems from our robust client-side patient encryption technology. All patient data sent to and stored within Ocean is encrypted end-to-end using the industry-standard 256-bit AES (Advanced Encryption Standard), the same technology used by financial institutions and other healthcare institutions.
To guard against any possible breach of personal health information on our Ocean servers, all patient encryption keys are kept secret to Ocean’s end-user clinicians. Encryption keys for patient data are never sent to the Ocean server and are never seen by CognisantMD. Since the encryption keys are kept private and stored locally within each individual clinic, no agent outside of the clinic can ever decrypt or read private patient information. Therefore, even if the Ocean server were to be compromised, or the data were to be intercepted en route, no unencrypted patient information would be accessible.
As a further protective step, our servers automatically delete all health information after it transfers to the targeted healthcare information custodian. Our goal is to store only the minimal amount of encrypted patient information necessary to guarantee safe passage to the destination electronic medical records system.
Thanks to our universal data encryption, we can guarantee protection against theft, unauthorized use, unauthorized disclosure, modification, or disposal.
Nevertheless, as per PHIPA policy, in the unlikely event of any theft, loss, or unauthorized access or disclosure of health information, we are obliged and prepared to immediately notify the custodian of the situation. Fortunately this has never happened and we hope it never will.
The Ocean Tablet application is designed to be completely safe and secure in the event of theft or hacking attempts. No patient health information is stored on the tablet. No patient information is accessible to the tablet without a specific one-time grant for a patient’s chart from an authorized clinician. The tablet and its interfacing EMR encrypts all patient health information end-to-end, so no patient information is ever accessible to unauthorized users.
Further information on PHIPA is available here.