At Releaf, we know how critical online safety is. We’ve implemented numerous procedures and protocols to ensure our patients remain safe, and their privacy is protected and secure, throughout every step of their journey.
Contents
Healthcare is built on trust, and now that 76% of our waking hours are spent online, it’s more important now than it ever has been before to stay safe and responsible when using the internet.
With access to news, entertainment, shopping, banking, and even healthcare using the internet, really, it’s not entirely surprising this figure is so high. But, with so many services available online, it can be hard to know which ones are legitimate, regulated, and compliant with data protection regulations.
At Releaf, we know how critical online safety is. We’ve implemented numerous procedures and protocols to ensure our patients remain safe, and their privacy is protected and secure, throughout every step of their journey.
Here we give a recap of those procedures, protocols and processes, so that you know your data is safe with Releaf, and ultimately - so are you.
What is Releaf?
Releaf is a CQC regulated healthcare provider in the UK.
Our GMC registered specialist doctors can legally prescribe medical cannabis flower, medical cannabis vape cartridges and or medical cannabis oil to adult patients here in the UK, if it's believed they may be of benefit for symptom or side effect management.
These treatments are not routinely available through the NHS, but eligible patients can access them legally through certain private medical cannabis clinics like Releaf.
Is Releaf a scam?
No, Releaf is not a scam.
It’s understandable to be wary of things that seem too good to be true, and it’s crucial to do your due diligence before entering any personal details, especially those concerning your health, identity, or finances.
One way of verifying Releaf’s legitimacy is by looking at the Care Quality Commission’s website where it states the ‘CQC register Releaf Clinics to carry out the following legally regulated services: Treatment of disease, disorder, or injury.’
The Care Quality Commission is the independent regulator of health and social care services in England, overseeing protocols and procedures in hospitals, GP surgeries, dentists, mental health services and private healthcare providers like Releaf.
How does Releaf protect medical cannabis patient’s data?
Before we even took on patients at Releaf, we laid the groundwork to ensure their data would always be safe. This started with ISO 27001 and ISO 9001 - the gold standard for data security, and has since evolved to also include Cyber Essentials Plus, a UK backed certification that requires independent testing of our systems to ensure they’re safe from hackers.
Here’s a quick run down of what they are, what they mean, and how we got them:
Cyber Essentials Plus: Advanced cybersecurity certification
Because we handle sensitive data that relates to thousands of individuals on a daily basis, we like to go the extra mile when it comes to protection. An example of this is our Cyber Essentials Plus certification.
In order to be awarded the Cyber Essentials Plus status, independent penetration tests are conducted to ensure cyberattacks remain fruitless and there are no vulnerabilities in firewalls, malware protection, patch management and user access controls.
ISO 27001: Information security management
Next is ISO 27001, an internationally recognised standard for managing information securely. Having this accreditation is paramount to Releaf, especially considering our bespoke platform was built from the ground up by our Chief Technology Officer, Oliver Soar, and his team of developers (more on this later!).
ISO 27001 ensures our Information Security Management Systems (ISMS) are inline with current data protection legislations, and requires regular risk assessments to systemically identify any risks in respect to storing medical records, safety encryption and access to controls.
ISO 9001: Quality management standard
Much like ISO 27001, ISO 9001 is a well-known international standard organisation procedure that ensures quality management. From patient onboarding, to consultations, to medication delivery, solid processes are in place to ensure data is managed appropriately.
In order to be approved and awarded ISO 9001, the way we collect, store, and document data was reviewed, as was our Thrive network of resources, by ISO 9001 auditors to ensure we’re managing data securely and sensibly.
And of course, we passed - but we’ve also adapted and improved our systems further thanks to the feedback from ISO9001 auditors, and will continue to do so to keep our patients, and their data, safe.
How is my data stored?
How do Releaf protect users online?
Our bespoke state-of-the-art platform, the Releaf Patient Dashboard ensures privacy in a number of ways. Built in-house, Releaf’s is a closed system - reducing any exposure to third-party vulnerabilities. While other clinics use ‘off-the-shelf’ software that is generic and more likely to be compromised, we know how important safeguarding data is, and it was one of the main reasons why we decided to design our systems ourselves.
Our data protection processes range from little things like having two-factor verification on patient accounts at log in, to giving patients the ability to simply provide their NHS number so we can request their health records safely and securely on their behalf, as opposed to making them manually request their records, and physically or digitally submit them like most medical cannabis clinics in the UK do.
As standard, we also request that patients upload all their necessary documentation, such as proof off address, directly into the Dashboard to avoid any potential email interception.
In addition, every staff member at Releaf, regardless of their interaction with patients, has completed a DBS check. In addition to this, we’ve all completed data security, GDPR, and Data Protection Act training to ensure we are dealing with private and personal information in a legal, ethical, and reputable manner.
And, as if that wasn’t enough we’ve installed two-factor verification processes on our patients medical cannabis cards. This ensures when the QR code is scanned, an email is sent to the patient so they can confirm access to their current prescription before any information is displayed, meaning these documents can only be viewed with the patient’s permission.
Our Chief Technology Officer, Oliver Soar, comments:
“When we built the Releaf Patient Dashboard, we made a conscious decision not to rely on third party or off-the-shelf platforms. Healthcare data is too sensitive for generic solutions, and security is never just about the software - it’s about the systems and the people behind them.
Our tech team and Compliance Officer Rupa Shah work together to reduce third-party risks, and ensure our protocols not only meet CQC, GDPR, and data security standards, but that they exceed them on a daily basis.”
Do Releaf protect their patients financially?
Yes.
With the digital sphere rapidly evolving and expanding every day, it's becoming even harder to protect yourself financially when issuing online payments, but at Releaf we’ve implemented Stripe payment systems, as well as a money-back guarantee on initial consultations, to keep our patients protected.
Stripe payment system
In the UK, we were the first medical cannabis clinic to incorporate Stripe - a payment system that prioritises security and simplicity. After an initial ID verification check, Stripe allows patients to pay for their prescriptions by entering and saving their credit or debit card details, or simply using Apple Pay and Google Pay.
In comparison to bank transfers, card payments have many benefits, including traceable transactions, smoother refund processes, and often protections over disputes or fraudulent activity. Stripe protects this sensitive payment data using encryption, and requires all payments take place over HTTPS networks for optimal security.
Stripe ensures these payments are processed compliantly, following UK and global regulatory guidance, such as the PSR (Payment Systems Regulator), and by complying with PSD2 (Payment Services Directive 2). Stripe also meets the highest security standard for handling payment data, minimising fraud risks, and protecting sensitive customer information, or in other words, it’s achieved PCI DSS (Payment Card Industry Data Security Standard) Level 1 certification.
Releaf’s money-back guarantee
We’ve also introduced a money-back guarantee on our initial consultations as a risk-free proposition, to give people extra confidence, and comfort, when exploring new treatment options like medical cannabis.
If our team decides cannabis-based medicines may not be the right fit for you during your initial consultation or MDT review, and you have supplied all the necessary information truthfully, you are entitled to your money back and these refunds are automatically issued within 14 days.
Final thoughts
In a world where the internet plays such an integral role in our day to day lives, choosing online spaces that are safe is essential, and as an online healthcare provider we know this especially to be true.
At Releaf, we’ve implemented these policies and procedures to prioritise the cyber security and safety of our patients and online readers. To learn more about Releaf’s commitments to patient excellence and safety, head over to our patient charter, or check out our FAQ, blog, or education section for further information.
Or, if you’d like to find out if medical cannabis might be right for you, head over to our fast and free eligibility checker.
Releaf - let’s rethinkhealthcare.
Share article
Did you like this article?
It is important to seek medical advice before starting any new treatments. The patient advisors at Releaf are available to provide expert advice and support. Alternatively, click here to book a consultation with one of our specialist doctors.
Elevate your wellness with medical cannabis
Get comprehensive care, convenience, and confidence with an all-in-one treatment plan.
Am I eligible?Authors
With five years of journalism and healthcare content creation under her belt, Lucy strives to improve medical cannabis awareness and access in the UK by producing high quality, credible content.
Editorial Policy
All of our articles are written by medical cannabis experts, guided by strict sourcing guidelines, and reference peer-reviewed studies and credible academic research. Our expert clinical team and compliance specialists provide valuable insights to ensure accuracy when required. Learn more in our editorial policy.
Need more help?
Blog Categories
Further reading
The Releaf medical cannabis card explained
Releaf offers every patient a medical cannabis card with their prescription to help ensure peace of mind when administering their medicine in public. Here’s everything you need to know about how it works.
Sarah Sinclair
Who are Releaf’s clinical team: Who can prescribe cannabis in the UK?
Curious as to who can prescribe medical cannabis in the UK? Well, meet Releaf’s team of specialists, from GPs to specialists n Neurology, Psychiatry, Oncology, Rheumatology and Palliative Care, our clinical team collaborate to create the best bespoke treatment plan possible, for each individual patient.
Lucy MacKinnon
How to get medical cannabis in the UK
Medicinal cannabis can provide excellent benefits for people suffering from many different conditions. Cannabis is a legitimate treatment for people who have found that other front-line medications have not worked for them. Medicinal cannabis is a topic that is not discussed very often in the UK, so many people will not know whether they can get it or not. In this article, we will answer your questions about how to get medical cannabis in the UK.
Lucy MacKinnon