Privacy and Security

With the complex cybersecurity and privacy landscape continually evolving, significant new risks and challenges arise requiring businesses to be flexible and agile. Ongoing privacy and security reviews and consultation needs to be embedded into the development life cycle to ensure the best privacy practices and compliance with relevant privacy legislation. 

VIRTUES is compliant with all Canadian healthcare privacy laws.

The VIRTUES infrastructure maintains PHIPA compliance with data-at-rest and in-transit encryption, firewall services, data backup services, and data replication to a second site for disaster recovery capabilities. The VIRTUES service delivery infrastructure is located within a tier 3 data centre that maintains all standard security and operational certifications.

VIRTUES maintains ISO 27001, 27017, 27018, and SOC II certifications and federal government security clearance level of “Secret” for data sets that require that level of protection. The infrastructure is hosted by ThinkON, a Canadian organization with established security practices that have been reviewed by both ISO and SOC II auditors. 

VIRTUES is also unique in comparison to other virtual health care models as it is built using Fast Healthcare Interoperability Resources (FHIR) standards describing data formats and elements for exchanging electronic health records in hospital systems. The standard was created by the Health Level Seven (HL7) International health-care standards organization.

During development, as VIRTUES implements the latest technologies, concurrently, privacy and security considerations and assessments are completed.

VIRTUES privacy and security strategy is to embed universal privacy principles that provide a framework for privacy laws together with Privacy by Design (PbD) principles into the system design and architecture.

The entire VIRTUES ecosystem strives to adopt the philosophy and methodology expressed by the layering and overlapping of information management principles affirmed by Privacy by Design.

Canadians value their privacy. VIRTUES privacy and security mission is to achieve the highest privacy and security protection standard. Through on-going consultation with patients, privacy and security experts, including discussions with legal counsel and Provincial Information Privacy Commissioners, VIRTUES mandate is to implement the best privacy and security practices while fulfilling all legal Canadian compliance obligations.