As a health and wellness professional, you take your clients’ privacy seriously and are vigilant about protecting their data. It’s important to remember that security and privacy of client information is a shared responsibility. That’s why we put together three tips to help safeguard the sensitive and protected data in your account.
Continually review account activity
HIPAA requires you to track and review account activity. This might include auditing of changes made to a client account, successful and unsuccessful sign ins, password reset requests, and others. You should review these logs periodically to identify potentially inappropriate access to client data.
Whether you’re a solo practitioner or a group practice, reviewing this information regularly can help you detect suspicious activity on your account. Having IP address and location data attached to each logged event gives you useful information to spot and prevent suspicious activity, and being able to match this information against a timestamp provides an even more holistic view of what’s occurring in your account.
Keep your technology up-to-date
Your device’s browser and operating system protect the information you transmit over the internet. That means you need to be proactive about updating your computer, mobile device, and/or tablet to ensure they aren’t outdated. If they are, you are putting your clients information at risk. To check if your browser and operating system needs an update, check out these resources.
Customers who use the SimplePractice mobile app on iOS and Android devices have access to our Security Checkup feature. This feature allows you to see how secure your mobile device is and how to better improve your security based on if your:
- Operating system is up to date
- SimplePractice mobile app is up to date
- Fingerprint, Face ID, or Screen Lock is enabled
- Phone is not rooted or jailbroken
Protect against snooping
From your mobile device to your banking app, today’s security standards include logging you out automatically after a specified period of time. SimplePractice makes this a core part of its product, but it’s important to remember to do the same on your computers, tablets, and mobile devices. This adds an additional layer of protection in the event that you forget to logout.
Often, your work doesn’t end once you leave your office. Sometimes you have to schedule appointments on-the-go or input client notes in public settings. Choosing strong passwords, enabling Touch or Face ID, and having an automatic logout is great. You can also take additional measures to protect sensitive client data such as changing your notification settings for emails and calendar reminders so previews don’t pop up on your devices for unauthorized viewers to see.
Today’s security standards are constantly evolving, and tools like the Account Activity Log and Secure Mobile Checkup are important for helping you safeguard the sensitive and protected information with which you are entrusted. As always, your ability to maintain secure and compliant records within your SimplePractice account is of the highest importance to us.
Additional resources regarding HIPAA recommendations and requirements from the United States Department of Health and Human Services (HHS):