BioSport Health Inc. (“we,” “our,” or “us”) is dedicated to ensuring the security of patient data. This Security Policy describes the measures we have in place to protect patient data from unauthorized access, breaches, and other threats. Our goal is to maintain the highest standards of data security to safeguard patient information and comply with relevant legal and regulatory requirements.
We use advanced encryption techniques to protect patient data both in transit and at rest. This ensures that data is secure when being transmitted over networks and when stored on our servers.
Secure Protocols: We use secure protocols such as HTTPS and TLS to encrypt data during transmission, preventing interception by unauthorized parties.
VPNs: For internal communications, we employ Virtual Private Networks (VPNs) to further ensure the confidentiality and integrity of data.
Database Encryption: All patient data stored in our databases is encrypted using industry-standard encryption algorithms.
Disk Encryption: We use full disk encryption on all servers and storage devices to protect data at rest.
Strong Password Policies: We enforce strong password policies that require complex passwords, regular password changes, and the prohibition of password reuse.
Multi-Factor Authentication (MFA): All personnel accessing patient data must use multi-factor authentication to enhance security.
Role-Based Permissions: Access permissions are granted based on the role and responsibilities of the personnel. Employees only have access to the data necessary for their specific job functions.
Least Privilege Principle: We adhere to the principle of least privilege, ensuring that employees have the minimum level of access required to perform their duties.
Regular Reviews: We perform regular internal reviews of our security practices, policies, and systems to ensure they are up-to-date and effective.
Vulnerability Scanning: Automated tools are used to scan for vulnerabilities in our network and systems on a continuous basis.
Third-Party Assessments: We engage external security experts to conduct periodic audits and penetration tests to ensure compliance with industry standards and best practices.
Compliance Audits: We undergo regular audits to comply with relevant regulations such as GDPR, HIPAA, and other applicable laws.
Onboarding: New employees receive comprehensive training on our data protection policies and security practices as part of their onboarding process.
Regular Updates: Employees receive regular updates and refresher courses on data security to stay informed about the latest threats and security protocols.
Phishing Simulations: We conduct regular phishing simulations to educate employees about recognizing and avoiding phishing attacks.
Monitoring Systems: We use advanced monitoring systems and intrusion detection systems (IDS) to continuously monitor for potential breaches or security incidents.
Alerting Mechanisms: Automated alerting mechanisms notify our security team immediately upon detecting suspicious activities.
Containment: Immediate action is taken to contain and mitigate the impact of any breach, including isolating affected systems and preventing further unauthorized access.
Investigation: A thorough investigation is conducted to determine the cause of the breach, the extent of the impact, and the measures needed to prevent future occurrences.
Affected Individuals: We inform affected individuals promptly in accordance with legal requirements and provide guidance on steps they can take to protect themselves.
Regulatory Authorities: We notify relevant regulatory authorities as required by law and cooperate fully with their investigations.
Automated Backups: Regular automated backups of all critical data are performed to secure off-site locations.
Backup Encryption: All backup data is encrypted to protect it during storage and transmission.
Disaster Recovery Plan: We have a comprehensive disaster recovery plan in place to ensure business continuity in the event of a major incident.
Regular Testing: The disaster recovery plan is tested regularly to ensure its effectiveness and to make improvements as needed.
Restricted Access: Physical access to data centers and other sensitive areas is restricted to authorized personnel only.
Surveillance: Facilities are monitored 24/7 by security cameras and on-site security personnel.
Fire Suppression: Data centers are equipped with fire suppression systems to protect hardware from fire damage.
Climate Control: Proper climate control systems are in place to maintain optimal operating conditions for our hardware.
GDPR: Compliance with the General Data Protection Regulation for data subjects in the European Union.
HIPAA: Adherence to the Health Insurance Portability and Accountability Act for the protection of health information.
CCPA: Compliance with the California Consumer Privacy Act for California residents.
Data Protection Officer: We have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with regulatory requirements.
Security Policies: Comprehensive security policies are in place, outlining the responsibilities of employees and the measures taken to protect patient data.
Policy Review: Our security policies and procedures are reviewed and updated regularly to reflect changes in technology, threats, and regulatory requirements.
Feedback Loop: We maintain a feedback loop with our employees, customers, and partners to identify areas for improvement and implement necessary changes.
Email:
security@thebiosport.com
Phone Number:
+1 (587) 215-1277
Mailing Address:
1020-330 5 AVE SW, Calgary,
Alberta, Canada
T2P0L4
copyright © 2024 BioSport Health Inc. All rights reserved.