System Security and User Responsibilities
We're deeply invested in keeping your records safe and secure. We take extraordinary security measures to protect your data that are often outside of the capabilities of the average person, helping you worry less about potential threats to your data. Here's how each of our technical safeguards and powerful security features help protect your records from malware, hackers, natural disasters, and catastrophe.
- Our HIPAA-compliant software verifies that the physical and technical safeguards we implement satisfy the requirements outlined in the HIPAA Privacy Rule and HIPAA Security Rule
- A strong SSL encryption ensures secure communications between our web servers and your web browser
- An extended validation (EV) certificate displays our company name (TherapyNotes, LLC) and our country of origin (US) in green in your address bar to give you confidence that you're in the right place
- A SAS 70 Type II audited data center employs internal controls such as risk assessment procedures and monitoring processes to ensure the security of our IT infrastructure, data storage, and data processing
- Our fully-encrypted database protects your data from unauthorized access
- Powerful firewalls guard our servers against untrusted networks and protect our software from misuse
- Regular onsite and offsite backups ensure that your data is always safe and accessible
- Automatic updates ensure that you're always using the latest version of TherapyNotes with the most up-to-date security features
- Access controls ensure that users only have access to the information necessary to complete their job duties, keeping your client's records secure
- An activity log keeps track of every action taken in your TherapyNotes account to aid in security, auditing, and staff accountability
Practice Administrators may customize Password Settings, Login Settings, and Computer Access Settings for the practice. To configure your practice's security settings, click the User Icon > Settings > Security.
What are my responsibilities as a TherapyNotes user?
While TherapyNotes employs extraordinary security measures to keep your data safe, you are ultimately responsible for the security of your records. Since TherapyNotes handles sensitive data about both your practice and your clients, it is especially crucial to follow good security practices. Follow these tips to help keep your data secure.
- Keep your operating system updated. While you may not be storing PHI directly on your computer, the security of your device is fundamental in accessing TherapyNotes securely. Your operating system has built-in security features to help protect you from malware, encrypt your files, and provide options for user authentication
- Install trusted antivirus software. Antivirus software protects your device beyond the basic security capabilities of your operating system and often provides protection against threats such as adware, spyware, keyloggers, and more
- Avoid storing PHI on your computer. TherapyNotes already creates secure backups of your data, and the less PHI you have stored locally on your computer, the less you have to worry about securing properly
- Use a trusted, up-to-date web browser. Most popular web browsers also have security features built-in to provide basic protections against malware and suspicious activity. Both Mozilla Firefox and Google Chrome allow you to enable automatic browser updates. If you use Internet Explorer, we recommend switching to Microsoft Edge for a more up-to-date, secure browsing experience
- Avoid public computers and networks. Because public Wi-Fi networks and computers do not require user authentication to connect, hackers may be able to intercept your data. We further advise against accessing sensitive data in any public setting without using a virtual private network (VPN)
- Create a strong password. TherapyNotes requires each user's password to satisfy the basic security settings set by their practice. Generally, a strong password is easy for your to remember but hard for others to guess. For our password recommendations, read How To: Configure Password Settings
- Do not allow your browser to autofill your password. If someone does manage to gain access to your device, autofilling your password in your browser could give them access to your TherapyNotes account
- Never share your password with anyone
- Never share your TherapyNotes account. This is against the TherapyNotes Terms of Service and could result in a HIPAA violation. If you have multiple people using a TherapyNotes account, ensure that everyone has a different user account and login credentials
- Check that you're only logging in to https://www.therapynotes.com. Do not enter your TherapyNotes Practice Code, username, or password into any other website. When accessing TherapyNotes, you will always see the green lock icon in your browser's address bar followed by TherapyNotes, LLC [US], reflecting our extended validation (EV) certificate
- Learn how to detect and avoid social engineering. Social engineering involves the use of manipulation to trick you into divulging sensitive information. To learn about phishing, a specific type of social engineering, read How To: Detect and Report Phishing Scams
- Keep PHI away from prying eyes and listening ears. Do not access TherapyNotes where unauthorized people can see your screen, and never discuss PHI with any unauthorized parties
- Train employees on security procedures. This helps to ensure that every employee follows best security practices and avoids HIPAA violations
For additional information and tips on keeping your account secure, read 5 Ways to Boost the Security of Your EMR on our blog.