Here’s a list of Jane’s most-asked-about privacy and security features:
Privacy Policy and Terms & Conditions
When you open an account with Jane, you agree to our Privacy Policy and Terms & Conditions. These documents represent our agreement with you on how Jane will properly handle the health information for which you are the custodian.
Encryption & Secure Data Transfer
Anytime you transfer data from your computer to Jane, the information is encrypted with the same level of security as your bank uses to transfer information. Read more here: Security FAQ.
Secure Server Bank
Jane has a private server bank located in a secured SOC2, Type2-certified data center, and all data is backed up regularly on secondary servers.
Zero Credit Card Data in Jane
Jane never stores a client’s plain credit card information directly on Jane’s servers. When you enter a credit card in Jane, Jane instantly transfers that data to one of our payment processing partners through encrypted transfer. Our PCI-compliant payment processing partners store that information for Jane. The default behaviour of these partners is to store the credit card information so that refunds can be processed.
Our partners for payments have been very carefully chosen, and they use the same 128-bit encryption as the big banks around the world. They send Jane back an encrypted key (a token) which represents the credit card so that Jane can continue to bill against that card if the customer wishes, but note that this token can’t be used outside of Jane. The only information that Jane stores about the credit card are the last 4 digits and the expiration date so that the customer will know which card they gave you.
More info here: Is Jane PCI-Compliant?
Account Owner Control
Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
Read more here: Staff Access Levels
Unique User ID & Password Required
Administrators, practitioners and patients each access Jane using their own account secured by a unique User ID and Password. Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
2-Step Verification
Did you know that you can enable 2-step verification for your staff profile for an added layer of security? By enabling 2-step verification on your staff profile, you’ll receive a one-time SMS code to your mobile phone that you enter in Jane each time you log in, after entering your password.
The Account Owner or a Full Access user can also enforce 2-step verification for all staff members clinic-wide.
Check out our guide for more info here.
🎉 We plan to support additional methods to enable 2-step verification soon to provide you with more options so you can stay secure in the most convenient way possible.
Activity Tracking
Jane offers a user-activity report, the Activity Log to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.
Message Log
The Message Log, found under your staff and patient profiles, will provide a log of all of the emails and text messages delivered from Jane. You can come here to verify what was sent, when it was triggered to go out, and how successful Jane was at delivering that message.
Clinic-Level Access Levels
Account owners assign Access Levels, and that role limits what data the user can access.
Sign-Out & Sign-Back-In
Easy sign-out and sign-back-in for secure use on shared devices.
Log-Out All Sessions
In order to mitigate against the risk of unauthorized access, Jane allows staff to automatically logout all sessions by simply clicking the “password reset” link.
Sign-in after Inactivity (Auto Log-Out)
To further protect patient information on a computer that maybe accessed by multiple staff members, Jane provides the option to ask for a password after an account has been inactive for some time (between 10 minutes to 1 week).
Check out our guide doc here for more information.
Notification of Logins on a New Device
Jane sends an email notification to the staff member whenever their credentials are used on a device for the first time. If the staff member isn’t sure that they performed the login, they can end the session immediately from a link.
Manage Sessions Log
Available to all staff members is the ability to see their current and previously created sessions (and end them if needed) by going to their My Account > Username/Passwords > Manage Sessions. The manage sessions log will also display the time and date the sign-in occurred, how they signed in, on what device and browser, the IP address, and what activity took place during this session:
The Jane team also has further logging available at the request of the Account Owner.
Simple Password Reset
Fast password resetting from main login page so staff can keep passwords fresh (and more secure).
Charting Made Simple
Properly protecting health information starts with having the tools you need to accurately capture all of the details of your interactions with clients/patients. Jane allows you to record each interaction with a client/patient. This is whether it’s an in-person session or a telephone conversation.
Appointments are recorded and stored in your schedule, and for each appointment, you have the option of attaching a detailed set of clinical notes or merely adding a simple clinical note that records the exchange. With Jane, you can easily record date, length of the meeting/conversation/interaction, who was there, notes on the substance of the meeting, and you can even distinguish between information that was provided by the patient and your own clinical observations. The key here will be taking the time to set up charting for your practice in a way that makes sense for your personal workflow and prompts you to record all of the appropriate information. Here’s an example of one option for recording contact with a patient via telephone:
Practitioners Choose to Share Charts or Not
Practitioners choose who has access to their charts with Charting Privacy Options.
Controlled Chart Export
You can export charts or clinical notes (and send those out for PHI requests). But the key here is that to act in the best interests of protecting data, you’ll want to limit the amount of health information that gets exported. In your account, you can reduce the chart down to entries by just a specific practitioner, discipline, or date range as per the request parameters. So if you’ve been asked for records for a patient from July 15 to October 31 for just one practitioner, you can filter down to the appropriate entries before you export.
And batch exports of all charts for a practitioner or a clinic require the account owner to contact us directly at [email protected].
Sign, Lock, Timestamp, and Amend Charts
Many regulating bodies require that changes to clinical records must be recorded, dated, and initialed. After a session is over, the practitioner will sign and lock the chart. Once signed and locked, the information in that chart, the timestamp, and the signature are unchangeable.
Circumstances sometimes arise where a practitioner needs to adjust something in a chart after it was signed. Charting standards require practitioners who make changes to charts be clearly identified. In paper charts this meant no white out (remember white out?), and electronically it means that the original entry needs to still be legible even after changes are made. Should a chart from your clinic ever come into question or become an item in a legal proceeding, Jane helps you stay protected.
In these cases, Jane allows a practitioner to add a dated Amendment to a chart. Amendments, once saved, also become a permanent and un-editable component of the chart. While you can add multiple Amendments if you need to make even more changes, each saved and signed Amendment functions like a saved and signed chart entry: it is locked and cannot be altered.
Controlled Chart Sharing with Patients
There’s a feature in the charts where you can make chart entries visible to your patients. Patients will see a section on their My Account page called Documents. Jane helps you keep chart entries secure by marking them all “not shared” by default. You can make any chart entry visible to your patient by clicking the Not Visible to Patient button to make it Visible to Patient at the bottom of the chart entry.
Jane will double check with you to make sure you know what you’re doing :)
Lock Icon on Schedule
Jane helps you remember to sign and lock all of your charts right from the schedule. From your main schedule or day sheet, click on any of those appointments will open the patient’s chart. Where you can add a new entry - when you do so you’ll get an “unlocked” symbol on the appointment which means that you have a draft entry.
Once you sign and lock, the lock is closed.
If there is no lock it means there has been no chart entry created in connection with this scheduled appointment. Read more here: Sign and Lock Workflow.
Limited Deleting of Patients
To avoid irreparable mistakes with health information, Jane does not allow deleting patients for whom you have entered data. You will only be able to delete a patient if they have no data attached to their name i.e. appointments, charts, billing or history.
If you have created two patients, and you thought: “Oh, I will just delete one.” WAIT! Hold that thought! Let me direct you to our Guide Document on Merging Patients.
EU clinics, if you’re worried about GDPR’s Right to Erasure, GDPR is clear, the Right to Erasure is not absolute, and where heath records are concerned, clinics handling health records will need to follow the recommendations of the licensing or regulating organization for their profession in their region of practice. We have more about that here: GDPR and Jane in the EU - scroll down to #3.
Consent Forms
Not all clinics need consent to collect and process data. Clinics in the EU, for example, should read our Guide: GDPR Consent Rules.
Within Canada, however, clinics often need consent to collect and process data. When this is the case, you can use the Intake Forms function to set up an electronic consent form that can be emailed to your client.
Blur Patient Names
When you have your schedule open in Jane, do clients ever lean in and look over your shoulder? Jane can help you avoid the awkwardness. Simply press Shift + P, and Jane will blur patient names and identifying information.
Want more? Have a look at these Keyboard Shortcuts!
Opting In to Email & Text Appointment Reminders
One of Jane’s most-loved features are the text message and email reminders, and the security and privacy of these messages is crucial.
Jane allows clinics to customize the language used in these messages so that you say just enough to be informative while always maintaining the highest standards of privacy and security.
This is what an email reminder looks like to the patient when it is addressed to the patient’s first name and includes appointment time and date, practitioner’s name, and clinic name and address:
You can also link your Jane account to MailChimp if you’re interested in setting up and sending secure marketing emails.
If a patient doesn’t want these messages, they can opt out in two ways:
- if your clinic uses online booking, the patient can login and opt themselves out
- staff can opt a patient out under the Patient Profile.
Still Have Questions?
Have any questions about this guide or anything else related to security? Feel free to email Privacy and Security Support at [email protected] and we’d love to clarify anything you’re unsure on!