How Releaf keep patient data safe

Healthcare is built on trust, and now that 76% of our waking hours are spent online, it’s more important now than it ever has been before to stay safe and responsible when using the internet.

With access to news, entertainment, shopping, banking, and even healthcare using the internet, really, it’s not entirely surprising this figure is so high. But, with so many services available online, it can be hard to know which ones are legitimate, regulated, and compliant with data protection regulations. 

At Releaf, we know how critical online safety is. We’ve implemented numerous procedures and protocols to ensure our patients remain safe, and their privacy is protected and secure, throughout every step of their journey.

Here we give a recap of those procedures, protocols and processes, so that you know your data is safe with Releaf, and ultimately - so are you. 

What is Releaf?

Releaf is a CQC regulated healthcare provider in the UK. 

Our GMC registered specialist doctors can legally prescribe medical cannabis flower, medical cannabis vape cartridges and or medical cannabis oil to adult patients here in the UK, if it's believed they may be of benefit for symptom or side effect management. 

These treatments are not routinely available through the NHS, but eligible patients can access them legally through certain private medical cannabis clinics like Releaf. 

Is Releaf a scam?

No, Releaf is not a scam. 

It’s understandable to be wary of things that seem too good to be true, and it’s crucial to do your due diligence before entering any personal details, especially those concerning your health, identity, or finances. 

One way of verifying Releaf’s legitimacy is by looking at the Care Quality Commission’s website where it states the ‘CQC register Releaf Clinics to carry out the following legally regulated services: Treatment of disease, disorder, or injury.’ 

The Care Quality Commission is the independent regulator of health and social care services in England, overseeing protocols and procedures in hospitals, GP surgeries, dentists, mental health services and private healthcare providers like Releaf.

How does Releaf protect medical cannabis patient’s data?

Before we even took on patients at Releaf, we laid the groundwork to ensure their data would always be safe. This started with ISO 27001 and ISO 9001 - the gold standard for data security, and has since evolved to also include Cyber Essentials Plus, a UK backed certification that requires independent testing of our systems to ensure they’re safe from hackers. 

Here’s a quick run down of what they are, what they mean, and how we got them:

Cyber Essentials Plus: Advanced cybersecurity certification

Because we handle sensitive data that relates to thousands of individuals on a daily basis, we like to go the extra mile when it comes to protection. An example of this is our Cyber Essentials Plus certification. 

In order to be awarded the Cyber Essentials Plus status, independent penetration tests are conducted to ensure cyberattacks remain fruitless and there are no vulnerabilities in firewalls, malware protection, patch management and user access controls. 

ISO 27001: Information security management

Next is ISO 27001, an internationally recognised standard for managing information securely. Having this accreditation is paramount to Releaf, especially considering our bespoke platform was built from the ground up by our Chief Technology Officer, Oliver Soar, and his team of developers (more on this later!). 

ISO 27001 ensures our Information Security Management Systems (ISMS) are inline with current data protection legislations, and requires regular risk assessments to systemically identify any risks in respect to storing medical records, safety encryption and access to controls. 

ISO 9001: Quality management standard 

Much like ISO 27001, ISO 9001 is a well-known international standard organisation procedure that ensures quality management. From patient onboarding, to consultations, to medication delivery, solid processes are in place to ensure data is managed appropriately. 

In order to be approved and awarded ISO 9001, the way we collect, store, and document data was reviewed, as was our Thrive network of resources, by ISO 9001 auditors to ensure we’re managing data securely and sensibly. 

And of course, we passed - but we’ve also adapted and improved our systems further thanks to the feedback from ISO9001 auditors, and will continue to do so to keep our patients, and their data, safe. 

How do Releaf protect users online?

Our bespoke state-of-the-art platform, the Releaf Patient Dashboard ensures privacy in a number of ways. Built in-house, Releaf’s is a closed system - reducing any exposure to third-party vulnerabilities. While other clinics use ‘off-the-shelf’ software that is generic and more likely to be compromised, we know how important safeguarding data is, and it was one of the main reasons why we decided to design our systems ourselves. 

Our data protection processes range from little things like having two-factor verification on patient accounts at log in, to giving patients the ability to simply provide their NHS number so we can request their health records safely and securely on their behalf, as opposed to making them manually request their records, and physically or digitally submit them like most medical cannabis clinics in the UK do. 

As standard, we also request that patients upload all their necessary documentation, such as proof off address, directly into the Dashboard to avoid any potential email interception.

In addition, every staff member at Releaf, regardless of their interaction with patients, has completed a DBS check. In addition to this, we’ve all completed data security, GDPR, and Data Protection Act training to ensure we are dealing with private and personal information in a legal, ethical, and reputable manner. 

And, as if that wasn’t enough we’ve installed two-factor verification processes on our patients medical cannabis cards. This ensures when the QR code is scanned, an email is sent to the patient so they can confirm access to their current prescription before any information is displayed, meaning these documents can only be viewed with the patient’s permission. 

Our Chief Technology Officer, Oliver Soar, comments: 

“When we built the Releaf Patient Dashboard, we made a conscious decision not to rely on third party or off-the-shelf platforms. Healthcare data is too sensitive for generic solutions, and security is never just about the software - it’s about the systems and the people behind them. 

Our tech team and Compliance Officer Rupa Shah work together to reduce third-party risks, and ensure our protocols not only meet CQC, GDPR, and data security standards, but that they exceed them on a daily basis.” 

Do Releaf protect their patients financially?

Yes.

With the digital sphere rapidly evolving and expanding every day, it's becoming even harder to protect yourself financially when issuing online payments, but at Releaf we’ve implemented Stripe payment systems, as well as a money-back guarantee on initial consultations, to keep our patients protected. 

Stripe payment system 

In the UK, we were the first medical cannabis clinic to incorporate Stripe - a payment system that prioritises security and simplicity. After an initial ID verification check, Stripe allows patients to pay for their prescriptions by entering and saving their credit or debit card details, or simply using Apple Pay and Google Pay. 

In comparison to bank transfers, card payments have many benefits, including traceable transactions, smoother refund processes, and often protections over disputes or fraudulent activity. Stripe protects this sensitive payment data using encryption, and requires all payments take place over HTTPS networks for optimal security. 

Stripe ensures these payments are processed compliantly, following UK and global regulatory guidance, such as the PSR (Payment Systems Regulator), and by complying with PSD2 (Payment Services Directive 2). Stripe also meets the highest security standard for handling payment data, minimising fraud risks, and protecting sensitive customer information, or in other words, it’s achieved PCI DSS (Payment Card Industry Data Security Standard) Level 1 certification. 

Releaf’s money-back guarantee

We’ve also introduced a money-back guarantee on our initial consultations as a risk-free proposition, to give people extra confidence, and comfort, when exploring new treatment options like medical cannabis. 

If our team decides cannabis-based medicines may not be the right fit for you during your initial consultation or MDT review, and you have supplied all the necessary information truthfully, you are entitled to your money back and these refunds are automatically issued within 14 days. 

Final thoughts

In a world where the internet plays such an integral role in our day to day lives, choosing online spaces that are safe is essential, and as an online healthcare provider we know this especially to be true. 

At Releaf, we’ve implemented these policies and procedures to prioritise the cyber security and safety of our patients and online readers. To learn more about Releaf’s commitments to patient excellence and safety, head over to our patient charter, or check out our FAQ, blog, or education section for further information.

Or, if you’d like to find out if medical cannabis might be right for you, head over to our fast and free eligibility checker. 

Releaf - let’s rethinkhealthcare.