Security and Privacy

At Innovative Imaging Technologies (IIT), we understand that security and privacy are not merely concerns for our partners and clients, they are necessities. That’s why we’ve designed the Reacts collaboration platform to adhere to the strictest medical grade communications requirements, and we’re committed to continuously maintaining and upgrading our technologies and processes in step with evolving industry needs and innovations.

Culture and Processes

Professional remote collaboration systems, medical or otherwise, are based on certain underlying requirements such as accessibility and usability, interactivity, reliability, security, confidentiality, and traceability. Building on these basic tenets, our Information Security and Compliance team ensure that we follow best practices in everything we do, including:

  • Employment practices
  • Ongoing privacy and security training
  • Strict access control and storage guidelines
  • Regular external testing and compliance audits
  • Continuous monitoring and updating

Please note that a user’s data stored in his/her Reacts library or secure messaging is not accessible to IIT employees, and that IIT does not record any of the communications or video sessions.

Design and Technology

The Reacts platform was conceived under the guidance of clinicians and visionary leaders with the needs and constraints of both healthcare professionals and patients in mind. The platform architecture was then designed by a multidisciplinary team including networking and security compliance experts.

All access points to the Reacts APIs and services require secure connections using Transport Layer Security (TLS) and industry standard encryption methods. The platform’s audio/video communications utilize the DTLS-SRTP security context to encrypt and decrypt streams from end to end, while the database and backups are encrypted at rest using Transparent Data Encryption (TDE) with AES 256 block mode encryption. Reacts also implements measures to reduce data management risks on client-owned devices.

The Reacts platform’s infrastructure, virtual machines and other cloud resources are hosted in two separate Canadian Microsoft Azure regions, using the appropriate monitoring, redundancy and automatic disaster recovery mechanisms.

Compliance and Audit

IIT has implemented appropriate technical and organizational measures regarding its security and privacy practices, including certification of Reacts by the Quebec Ministry of Health and Social Services, and regular reviews of the industry’s best practices and PIPEDA, HIPAA, GDPR and PHIPA privacy laws. Reacts’ development process includes regular penetration testing and compliance assessments by independent and specialized third parties.