Privacy Compliance
How Veribook Supports Privacy Compliance
Amobius Group Inc., the operator of Veribook, takes privacy and security seriously. Veribook is designed to operate as an online scheduling service and to support customers in meeting applicable privacy and security obligations.
Where Veribook is used in Canada for scheduling patient medical appointments with direct EMR integration, Amobius Group Inc. seeks to comply with applicable Canadian privacy requirements and to support customer compliance with applicable health privacy requirements, including Ontario’s Personal Health Information Protection Act, 2004, where applicable.
Veribook is not marketed as a HIPAA-compliant service in the United States, and Amobius Group Inc. does not enter into Business Associate Agreements as part of its standard service offering.
Regardless, Amobius Group Inc. incorporates administrative, procedural, and security safeguards, including at least those detailed below. As a core organizational principle, Amobius Group Inc. considers the protection of personal information extremely important. As such, we do not sell, rent, or otherwise disclose customer information, including appointment or booking information that may be considered PHI, to third-parties except to comply with legal requirements. Our privacy policy more generally is available here.
In furtherance of our privacy policy, we have adopted a variety of administrative and technological safeguards, including at least the following:
customer information is encrypted during transmission using industry standard encryption in transit;
user accounts are secured with unique usernames and passwords having a minimum complexity;
our application security model prevents any customer from accessing another’s data;
production environments and databases are electronically secured by firewalls and limited administrator access, and physically secured by 24/7 building security and biometric access authentication;
our production environments and database are hosted in Toronto, Ontario, Canada;
off-site backups are created at least on a daily basis and stored in an encrypted state;
Amobius Group Inc. access to customer data is limited to only two senior staff members familiar with applicable privacy laws;
Selective and customizable collection of information from clients;
emergency access capabilities; and
a long-term access audit log;
Password reset functionality is designed to use standard account-recovery safeguards, such as reset links sent to the account’s registered email address.
Independent privacy impact and threat risk assessments have been completed by a qualified third-party firm, using industry recognized methodologies to identify and qualify vulnerabilities and risks.
Please do not hesitate to contact us at legal@veribook.com if there are any questions related to Amobius Group Inc.’s policies or operations.