Security is a core requirement for you and your clients. We have implemented several security mechanisms to keep your personal data and your clients' data safe.
We believe in transparency. The following guide highlights some of the ways Practice Better keeps your data safe and secured.
Regulatory Compliance
We are fully compliant with HIPAA, PIPEDA, PHIPA, and GDPR regulations.
| Need | Practice Better Approach |
| Encryption | Data is encrypted during transfer and at rest. We also encrypt all backups and log data. |
| Minimum Necessary Access | Access controls always default to no access unless overridden manually. |
| Physical Security | Our servers are maintained by an SSAE 18 provider that utilizes industry-leading security tools, and best practices. |
| Monitoring | All network requests, successful and unsuccessful, are logged. |
| Auditing | All log data is encrypted and unified, enabling secure access to full historical network activity records. |
| Vulnerability Scanning | All customer and internal networks are scanned regularly for vulnerabilities. |
| Backup | All customer data is backed up every 24 hours. Thirty (30) days of rolling backups are retained. |
HIPAA Compliance
A HIPAA Business Associate Agreement (BAA) is available upon request. Contact us if you have specific concerns about regulations outlined by your governing body.
GDPR Compliance
Refer to our help section about GDPR and how you as a practitioner can obtain consent and satisfy other requirements of the GDPR Act. Learn more
A signed Data Processing Agreement (DPA) is available upon request. Contact us if you have specific concerns about GDPR compliance.
PCI Compliance
Payments processed through Practice Better are done in a PCI compliant manner. We process subscription payments via Stripe and payments on your behalf via integrations with Stripe and Square, which are both PCI Level 1 Service Providers. Your clients' credit card data is not stored on Practice Better's servers.
Learn more about Stripe and Square PCI compliance:
https://stripe.com/docs/security
https://squareup.com/ca/guides/pci-compliance
Security in the browser
We do not persist your password in your browser cache. We use secure cookies with limited lifespans. You will be asked to re-enter your login credentials if your session is idle for the allotted timeout period. Learn more about securing your Practice Better account.
Encryption
All data sent between your browser and our servers are secured using the industry-standard AES-256 bit encryption. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks. Data stored on our servers are also encrypted using AES encryption algorithms.
Server & Backups
We store your data on encrypted hard drives on servers in North America.
Data backups are done nightly, so you can rest assured you won't lose sensitive data in the unlikely event of a disaster. Backups are stored for 30 days, after which they are purged from our system.
Auditing
We use audit logs to record account changes and communication with your clients. Account changes include updates to your password and changes to your payment information and subscriptions.
We provide you with activity logs when your clients view, sign, and complete forms and waivers. The logs include your clients' IP address and location. An IP address uniquely identifies a computer or mobile device on the Internet.
Comments
0 comments
Article is closed for comments.