Tablets displaying the ASKmeGOC Audits page and Login page

ASKmeGOC Security & Privacy

Built with patient privacy in mind, ASKmeGOC is PHIPA-compliant and audited by an independent third party.

Secure Design

ASKmeGOC is built on a foundation of strict security measures to protect patient information while adhering to the highest industry standards. These rigorous security protocols, built on Azure's trusted technology, ensure that the privacy of patient data is consistently upheld, meeting regulatory standards.

Data Encryption

Sensitive data is encrypted during transfer and at rest in Azure’s secure cloud infrastructure, ensuring data privacy and protection from unauthorized access.

MFA

The ASKmeGOC app employs multi-factor authentication (MFA) to enhance the security of patient data, providing an additional layer of verification that surpasses standard password protection.

Mobile phone displaying the ASKmeGOC Care Plan page greyed out with lock icon

Penetration Testing

Penetration testing was performed by an independent third party to simulate real-world cyberattacks, and identify and mitigate vulnerabilities to bolster the app's security.

Code Review

All code underwent a thorough review during development by an independent third party to ensure coding best practices and minimize potential risks from errors or vulnerabilities.

Secure Data Storage

All data is stored within Azure’s Toronto-based servers, ensuring that patient information remains securely within Canadian borders, guaranteeing that all data is securely maintained in compliance with national standards.

Combination lock, metal blue cloud, and metal server

Lock composed of small grey cubes, with the half right of the lock dissolving

Third-Party Tested by Industry Experts

Penetration testing was executed by an independent third party to simulate real-world cyberattacks, systematically identifying and addressing vulnerabilities within the application. This comprehensive testing process engaged industry professionals who utilized sophisticated techniques to mimic the strategies employed by potential attackers. This ensures that the application is fortified to withstand the most prevalent cybersecurity threats.

A thorough code review was conducted by an independent third party to ensure the implementation of secure coding practices throughout the development process. This meticulous examination involved evaluating and rectifying the codebase for potential vulnerabilities, errors, and adherence to industry standards.

Priority on Privacy & PHIPA-Compliant

The ASKmeGOC team built the application to comply with the Personal Health Information Protection Act (PHIPA), safeguarding patient data through robust security measures that meet the Canadian privacy regulations.

Multi-factor authentication (MFA) has been implemented as an additional layer of protection for patient data, enhancing security and access control. This approach ensures that access to sensitive information is both secure and trustworthy, fostering confidence in the safeguarding of patient privacy.

PHIPA Regulations