Trust and Security

Security of your account and electronic Patient Health Information (ePHI) is fundamental to us, and we have gone above and beyond the standard security and privacy requirements to protect your data.

SimplePractice always transmits account information securely with multiple layers of encryption.

Your passwords are encrypted and not accessible to anyone but you.

Our servers are housed in a secure facility protected by proximity readers, biometric scanners, and security guards 24 hours a day, 7 days a week, 365 days a year.

We hack our own site. SimplePractice runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting.

Bank-level security.

SimplePractice has received the VeriSign security seal.

Security Technology and Practices

Your sensitive data is hosted in a Tier 1 secure hosting provider specializing in helping healthcare organizations achieve and maintain HIPAA and HITRUST security requirements

  • Web pages and APIs are secured with 128-bit Secure Socket Layer encryption.
  • Our cloud infrastructure uses multi-factor authentication.
  • We use advanced key management and transparent data encryption.
  • Application level monitoring and intrusion protection.
  • HIPAA compliant encryption.
  • HIPAA compliant hosting architecture on enterprise level hardware.
  • HIPAA compliant system architecture with separate web and database environment.
  • Application and Database server isolation.
  • Firewall management.
  • Log retention with detailed audit trail.
  • Managed and secure backup and disaster recovery.
  • Managed patching, version control, and security updates.
  • Credit card transactions processed using secure encryption on a PCI compliant network.

Keep Your Account and Data Secure

  • Keep your computer and browsers current with the latest software and security updates.
  • Install and update anti-virus software.
  • Use personal firewalls to protect your computer and network.
  • Password protect your home and office computer network.
  • Do not enable automatic login to your account.
  • Change your password periodically and avoid using passwords that you use for other accounts.
  • Don’t share your login credentials with anyone.
  • Always make sure you are logged out of your account when you are finished.
  • When using computers that are not your own, make sure you are fully logged out and close the browser.

Have questions or can’t find what you’re looking for? Visit our Help Center.