Protecting Patient Data

We take privacy and security very seriously at emilyEMR and so we’ve implemented multiple processes to ensure that all your patient and clinic data is kept safe and as secure as possible with state of the art storage and encryption with Microsoft. Though, we understand that you, as patients and clinic owners, may have some questions about how your data is stored in emily, so here’s a list of our most-asked-about privacy and security features:

Privacy Policy and Terms & Conditions

At emily, the Account Owner controls all of the patient data. They’ve agreed to accept our Privacy Policy and Terms & Conditions. This is their agreement with emily and how we handle the health information to which the Account Owners are the custodian.

Encryption & Secure Data Transfer
Anytime you or a practitioner transfers data from a computer to emily, the information is encrypted with the same level of security as your bank uses to transfer information. In addition all patient data is stored in encrypted data volumes on emily servers.

Practitioners offering health and medical services are under legal obligation to retain health or medical information that was collected during the course of treatment. It is their responsibility, in collaboration with the emily Subscriber (clinic owner), to maintain these records, and in many cases, they are simply not allowed, under law, to delete certain records that they created, and they must retain records for a number of years, sometimes 10 years or more.

If you want your data removed, we do require that you bring your request to the clinic owner who will be able to evaluate their legal obligations to keep that data. Once they have evaluated their obligations, they will provide us with instructions on how to proceed.

Read more here: Privacy Terms.

Zero Credit Card Data in emily
emily never stores a patient’s plain credit card information directly on emily’s servers. When you enter a credit card in emily, emily instantly transfers that data to one of our payment processing partners through encrypted transfer. Our PCI-compliant payment processing partner stores that information for emily. The default behaviour of these partners is to store the credit card information so that refunds can be processed and use this information for future purchases if requested to do so by patients and customers.

Our partners for payments have been very carefully chosen, and they use the same 128-bit encryption as the big banks around the world. They send emily back an encrypted key (a token) which represents the credit card so that emily can continue to bill against that card if the customer wishes but note that this token can’t be used outside of emily. The only information that emily stores about the credit card are the last 4 digits and the expiration date so that the customer will know which card they gave you.

More info here: Is emily PCI-Compliant?

Account Owner Control
The Account Owner determines what patient data is stored in emily, who has access to it, and how long they will need to store it, this data may include a patient’s name, address, health insurance and billing information, medical charts, appointment history and other patient data.

Because of this, we give Account Owners full control to set access permissions for each staff member, which includes control of accessing patient charts, billing records, and schedule records.

Read more here: Patient Data

Unique User ID and Password Required
Administrators, practitioners and patients access their emily account using their own account secured by a unique username and password. Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.

Activity Tracking

emily offers a user-activity report, the Activity Log to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.

Logout All Sessions
As a patient, if you are interested in knowing your own activity, you can check out your managed sessions within your account to see what devices you are currently logged in under, and you’ll have the option to sign out of all sessions as well if needed.

And in the event that you aren’t able to access your account, the Account Owner can send you a password reset link, and once the password is reset, all of your active sessions will also be logged out.

Simple Password Reset
Fast password resetting from main login page so staff can keep passwords fresh (and more secure).