We are very proud of the steps we are taking to help keep your information safe and secure. Security of your account and electronic Patient Health Information (ePHI) is fundamental to us and we have gone above and beyond the standard security and privacy requirements to protect your data.
Here are some of the technologies and practices we’ve put in place to protect you and your practice information:
- Your sensitive data is hosted in a Tier 1 secure hosting provider specializing in helping healthcare organizations achieve and maintain HIPAA and HITRUST security requirements.
- HIPAA compliant encryption.
- HIPAA compliant hosting architecture on enterprise level hardware.
- HIPAA compliant system architecture with separate web and database environment.
- Web pages and APIs are secured with 128-bit Secure Socket Layer encryption.
- Our cloud infrastructures uses multi-factor authentication.
- We use advanced key management and transparent data encryption.
- Application and Database server isolation.
- SimplePractice always transmits account information securely with multiple layers of encryption.
- Your passwords are encrypted and not accessible to anyone but you.
- Our servers are housed in a secure facility protected by proximity readers, biometric scanners, and security guards 24 hours a day, 7 days a week, 365 days a year.
- We hack our own site. SimplePractice runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting.
- Application level monitoring and intrusion protection.
- Firewall management.
- Log retention with detailed audit trail.
- Managed and secure backup and disaster recovery.
- Managed patching, version control, and security updates.
- Credit card transactions processed using secure encryption on a PCI compliant network.