Security is a core requirement for you and your clients. We have implemented several security mechanisms to keep your personal data and your clients' data safe.
We believe in transparency. The following guide highlights some of the ways Practice Better keeps your data safe and secured.
HIPAA and PIPEDA Compliance
We are fully compliant with HIPAA and PIPEDA regulations:
|Need||Practice Better Approach|
|Encryption||Data is encrypted during transfer and at rest. We also encrypt all backups and log data.|
|Minimum Necessary Access||Access controls always default to no access unless overridden manually.|
|Physical Security||Our servers are maintained by an SSAE 16 Type II provider which utilizes industry-leading security tools, and best practices.|
|Monitoring||All network requests, successful and unsuccessful, are logged.|
|Auditing||All log data is encrypted and unified, enabling secure access to full historical network activity records.|
|Vulnerability Scanning||All customer and internal networks are scanned regularly for vulnerabilities.|
|Backup||All customer data is backed up every 24 hours. Thirty (30) days of rolling backups are retained.|
A HIPAA BAA is available upon request. Contact us if you have specific concerns about regulations outlined by your governing body.
Refer to our help section about GDPR and how you as a practitioner can obtain consent and satisfy other requirements of the GDPR Act. Learn more
A signed Data Processing Agreement is available upon request. Contact us if you have specific concerns about GDPR compliance.
Payments processed through Practice Better are done in a PCI compliant manner. We process subscription payments via Stripe and payments on your behalf via integrations with Stripe and Square, which are both PCI Level 1 Service Providers. Your clients' credit card data is not stored on Practice Better's servers.
We do not persist your password in your browser cache. We use secure cookies with limited lifespans. You will be asked to re-enter your login credentials if your session is idle for the allotted timeout period.
All data sent between your browser and our servers are secured using the industry standard AES-256 bit encryption. We use TLS 1.2 to encrypt your data both between your browser and our server and between our servers and other internal networks. Data stored on our servers are also encrypted using AES encryption algorithms.
Server & Backups
We store your data on encrypted hard drives on servers in North America.
Data backups are done nightly, so you can rest assured you won't lose sensitive data in the unlikely event of a disaster. Backups are stored for 30 days, after which they are purged from our system.
We use audit logs to record account changes and communication with your clients. Account changes include updates to your password and changes to your payment information and subscriptions.
We provide you with activity logs when your clients view, sign and complete forms and waivers. The logs include your clients' IP address and location. An IP address uniquely identifies a computer or mobile device on the Internet.