Policy

Acceptable Use Policy

Version 1.0 · Effective on contract execution · Applies to all institutional deployments of GRW Healthcare.

Why this policy exists

GRW Healthcare collects sensitive self-report and biometric companion data from clinicians on the basis of voluntary participation. The credibility and safety of the program depend on a hard contractual line between wellness use and employment-affecting use. This policy draws that line.

Each Customer (the institution licensing GRW Healthcare) agrees to this policy as part of its master agreement. Breach of this policy is grounds for immediate termination of access, with notice to participants.

Prohibited uses

Customer agrees that GRW outputs (individual reports, suppression prompts, severity bands, narratives, recommendations, and any aggregate or trend data) must not be used for any of the following:

Performance management

GRW outputs must not be used in performance reviews, performance improvement plans, performance ratings, or any disciplinary process. This includes informal reference to scores or suppression flags by managers, charge nurses, or department heads.

Hiring and credentialing

GRW outputs must not be used in hiring decisions, promotions, demotions, transfers, role assignments, credentialing reviews, license renewals, or fitness-for-duty determinations.

Discipline and termination

GRW outputs must not be referenced in any disciplinary action, just-cause investigation, suspension, termination, or non-renewal of contract.

Insurance underwriting

GRW outputs must not be shared with health, life, or disability insurance carriers, nor used in underwriting, claims adjudication, or premium adjustment.

Surveillance and monitoring

GRW must not be deployed as a real-time monitoring tool, attendance tool, or productivity tool. It is a voluntary, off-shift, individual reflection instrument with consent-gated aggregation.

Re-identification

Aggregate dashboards must not be cross-referenced with rosters, schedules, badge data, or any source that could re-identify individual participants. Cohort sizes below n=5 are suppressed by the platform; institutions must not attempt to circumvent this minimum.

Coercion of participation

Participation must remain voluntary. Institutions must not require participation as a condition of employment, advancement, scheduling preference, or any benefit. Non-participation must not be tracked or noted.

Permitted uses

  • Voluntary individual reflection on burnout, recovery, and wellbeing trajectory.
  • Cohort-level (n≥5) wellness program design, intervention planning, and effect tracking.
  • Anonymized accreditation reporting (e.g. Magnet, Accreditation Canada).
  • De-identified research, with appropriate IRB / REB approval and participant consent.
  • Voluntary self-referral to EAP, PHP, peer-support, or personal healthcare providers, initiated by the individual.
  • Comparison of department-level cohorts to inform structural interventions (workload, scheduling, staffing).

Customer obligations

  1. Communicate this policy to all individuals invited to participate, including participants, supervisors, charge nurses, department heads, HR, and any person with administrative access.
  2. Provide participants with a written, plain-language summary of how their data will and will not be used, before any participation.
  3. Honor the n≥5 minimum cohort threshold built into the platform; do not attempt to circumvent it through external data joins.
  4. Maintain a designated contact (e.g. Wellness Officer or Privacy Officer) responsible for AUP compliance and participant questions.
  5. Notify GRW within five (5) business days of any actual, suspected, or attempted prohibited use.
  6. On termination of the agreement, cease use of all outputs and confirm in writing that no derivative works retain identifiable participant data.

GRW obligations

  1. Process biometric companion data on-device only. No video upload, transmission, or storage on GRW infrastructure.
  2. Enforce the n≥5 minimum cohort threshold in the platform. Suppress all aggregate output below that threshold.
  3. Log all administrative access events. Make audit logs available to Customer on request.
  4. Maintain encryption in transit (TLS 1.3) and at rest (AES-256).
  5. Notify Customer of any confirmed security incident affecting Customer data within 72 hours.
  6. Publish material changes to this policy in advance, with a minimum of 30 days notice and a right to terminate without penalty if Customer does not consent.

Enforcement

GRW reserves the right to suspend or terminate Customer access on confirmed breach of this policy, without refund of prepaid fees and with notice to participants where participants’ voluntary consent may have been materially undermined. Disputes are governed by the master agreement.

Questions?

Privacy officers, union liaisons, and counsel can request the full procurement bundle (including the master agreement and DPA) for review before contract execution.

Request the procurement bundle