Privacy Policy
Security and Privacy
Securing your Mobile Device and Protecting your Personal Health Information
Using Opal, you have access to some of your Personal Health Information in your electronic medical record at the McGill University Health Centre (MUHC). All communication between Opal and the MUHC is via encrypted data transfer and Opal has undergone extensive cybersecurity testing. However, encrypted data transfer does not ensure the privacy of your information once it has reached your mobile device. It is, therefore, very important that you do all that you can to ensure that only you have access to your mobile device and your Opal login information, and that others do not see your information without your permission.
Securing your Mobile Device
Your mobile device provides access to important personal information about you. You must secure it with a strong password or PIN code (at least six digits). Your password should not be known or obvious to others. If it is, change it before installing and using Opal. Do not secure access to your mobile device by gesture lock.
Updating your Mobile Operating System
You should keep your mobile operating system (Android or iPhone) up-to-date. This will help keep your device secure.
Rooted or Jailbroken Devices
Mobile devices that have been rooted (Android) or jailbroken (iPhone) are compromised and insecure. Opal should never be installed or used on a compromised device. If you are unsure, please contact your service provider or reset your device to factory settings.
Your Opal Password
Your Opal password must be at least ten characters long and contain at least one lowercase letter, one capital letter, one number and one special character. You may change it at any time from within the Account section of Opal. Your Opal password should be different to the login code of your phone.
Security Questions
As a second level of authentication, you must provide an answer to a security question on logging into Opal. You may choose three security questions at the time of registering for Opal. You should choose questions with answers that only you know. On your personal device you may choose an option to "Remember my security answer". This will allow you to log into Opal multiple times without re-answering a security question each time. We strongly recommend using this option only on your personal mobile device that you keep at home and that only you use. In any case, this mobile device must be locked with a strong password or PIN code (at least six digits).
Never share your Opal password with anybody that you do not trust. You will never be asked for your password by any employee of the MUHC. If you are asked to provide your password by somebody you do not know, by telephone, email, in person, or otherwise, do not provide it.
Auto-Logout and Simultaneous Logins
To help protect your Personal Health Information, Opal will automatically log you out after five minutes of inactivity.
You may access Opal from only one device at a time. If you log into your Opal account on a second device, you will be logged out of the first.
Downloading Personal Health Information
You do not need to use any third-party applications to view your Personal Health Information that is accessible to you using Opal. Everything may be viewed within Opal itself. However, you may choose to copy, print or share some of your information outside of Opal. Options to do so are provided. Use these options carefully so that your Personal Health Information is not seen by persons who you do not intend to see it. Your information is not encrypted and protected when exported and viewed outside of Opal.
Sharing Personal Health Information by Email
You may share your personal health information with people you trust. However, it is not recommended that you use email to share your information. Email is not secure.