Privacy and Security

Protecting the patient’s personal health information

NexJ Connected Wellness has been specifically and purpose-built to protect Personal Health Information (PHI). Our corporate, operational and support processes further ensure protection of PHI.

By default, all of the patient’s health information is private.  The patient must provide explicit access in order for anyone in the patient’s Circle of Care to see their Personal Health Information.   Once a patient provides explicit access, they can still mark any item in their Connected Wellness record as private, thereby preventing specific information from being seen by others.

Healthcare providers are only permitted access to a patient’s health information in two ways: a provider invites a patient to Connected Wellness and the patient accepts, or a patient invites a provider to their Circle of Care.  Providers using Connected Wellness cannot use the platform to search for patients.

NexJ Connected Wellness implements several privacy and security controls:

Physical Safeguards 

  • Connected Wellness is hosted in a highly secure Tier IV data centre where physical and logical access is carefully controlled and limited to a small number of trusted staff.

Logical Safeguards

  • Data is strongly encrypted at rest and in transit.
  • Hosts are identified by certificates. Certificates are signed by a recognized and trusted third-party Certificate Authority.
  • PHI accesses are logged for auditing. The product retains a detailed, ATNA-compliant audit trail of all PHI disclosures.

Procedural Safeguards

  • The product enforces explicit consent for PHI disclosures.
  • PHI access is limited to those individuals who have a “need-to-know”.
  • NexJ conducts thorough background checks on all staff who have PHI access.
  • NexJ maintains a team to deal with security exceptions on an emergency basis.
  • NexJ has defined, detailed procedures to handle security and privacy exceptions.

Regulatory Compliance

NexJ Connected Wellness implements features that enable clients to meet the regulatory requirements of North American jurisdictions, such as HIPAA in the United States and provincial regulations such as HIA and PHIPA within Canada. NexJ has successfully passed Privacy Impact Assessments (PIAs) and Threat Risk Assessments (TRAs) with various Canadian and US providers.