Notice of Privacy Practices


I keep and store records for each client in a record-keeping system. This system is “cloud-based,” meaning the records are stored on servers which are connected to the Internet. Here are the ways in which the security of these records is maintained:
I have entered into a HIPAA Business Associate Agreement with Acuity Scheduling. Because of this agreement, Acuity Scheduling is obligated by federal law to protect these records from unauthorized use or disclosure.
The computers on which these records are stored are kept in secure data centers, where various physical security measures are used to maintain the protection of the computers from physical access by unauthorized persons.
Acuity Scheduling employs various technical security measures to maintain the protection of these records from unauthorized use or disclosure.

I have my own security measures for protecting the devices that I use to access these records:
On computers, I employ firewalls, antivirus software, passwords, and disk encryption to protect the computer from unauthorized access and thus to protect the records from unauthorized access.
With mobile devices, I use passwords, remote tracking, and remote wipe to maintain the security of the device and prevent unauthorized persons from using it to access my records.

Here are things to keep in mind about my record-keeping system:
While my record-keeping company and I both use security measures to protect these records, their security cannot be guaranteed.
Some workforce members at Acuity Scheduling, such as engineers or administrators, may have the ability to access these records for the purpose of maintaining the system itself. As a HIPAA Business Associate, Acuity Scheduling is obligated by law to train their staff on the proper maintenance of confidential records and to prevent misuse or unauthorized disclosure of these records. This protection cannot be guaranteed, however.
My record-keeping company keeps a log of my transactions with the system for various purposes, including maintaining the integrity of the records and allowing for security audits.