Keeping your practice secure takes some setup upfront and good habits over time. This guide covers both: how to configure your Jane account securely, and practices to carry into your broader clinic environment.
In this guide
- Setting up your accounts securely: passwords, multi factor authentication, individual staff profiles, Account Ownership, and auto logout
- Day to day practices: signing out, Privacy Mode, phishing, software updates, secure networks, and data management
Setting Up Your Accounts Securely
Password / Passphrase Best Practices
Every account you use should have a strong, unique password or passphrase. Password recommendations change often, so we’ve put together a dedicated guide with everything you need: Password Best Practices.
Enable Multi Factor Authentication
Multi factor authentication (MFA) adds a second layer of security beyond your password. Even if your password is compromised, MFA helps prevent unauthorized access.
In Jane, you can enable 2 Step Verification on your staff profile to receive a one time code by SMS or through an authenticator app each time you log in. The Account Owner or a Full Access user can also enforce 2 Step Verification for all staff members across the clinic. For setup instructions, see our guide on 2 Step Verification.
Outside of Jane, enable MFA on any account that supports it, including your bank, email, and social media accounts.
Use Individual Staff Profiles
If you run a practice with other practitioners or admin staff, create a separate profile for each person in Jane rather than sharing login credentials. Here’s why individual profiles matter:
- Access control: Each profile has an access level that determines what that person can see and do in Jane. Check out our guide on Staff Access Levels to learn more.
- MFA compatibility: 2 Step Verification works best with individual profiles, since each person links their own phone number or authenticator app.
- Accurate audit logs: Jane logs changes made within the account, including appointments booked, charts accessed, and reports exported. Individual profiles ensure those logs reflect who made each change.
🩵 Jane Tip: Admin profiles in Jane are free. There’s no charge for a staff profile unless that person has a schedule or appointments booked with them, so cost is not a concern.
Confirm the Right Account Owner Is Listed
The Account Owner in Jane is the legal custodian of the data in your account and the only person who can authorize data transfers, change your subscription, or transfer ownership. For full details, see our guide on Who Should Be the Jane Account Owner?.
📣 Heads up: If the wrong person is listed as Account Owner and they leave the clinic, transferring ownership becomes more complex. Confirm the right person is listed before any staff transitions.
Set Up Auto Logout
Auto logout signs staff out of Jane automatically after a period of inactivity. This is especially useful on shared devices like a reception desk computer, where someone might step away and forget to sign out.
For setup steps and recommended settings, see our guide on Auto Logout Duration.
Most devices also support passcodes and auto lock settings. Enabling these adds a layer of security at the device level, separate from Jane.
Day to Day Practices
Security is not a one time setup. It is an ongoing habit. Here are practices worth building into your clinic’s routine.
Sign Out When Stepping Away
Auto logout helps, but signing out manually when you step away from your device is the simplest protection against unauthorized access. This applies whether you are stepping away from a shared reception computer or your personal device.
Use Privacy Mode
Privacy Mode blurs patient names on your schedule. This is useful when a patient is in the room and you do not want other patients’ information visible on your screen.
To enable Privacy Mode, click your name in the top right corner of Jane and select Enable Privacy Mode. You can also press Shift + P on your keyboard. Privacy Mode works on phones and tablets as well.
For more privacy related settings, see our guide on Patient Privacy.
Watch Out for Phishing
Phishing attempts have become harder to spot. A few habits that help:
- Check the sender: Confirm you recognize the sender and that the email comes from their correct address. All official Jane emails come from @janeapp.com or @jane.app domains only. Be cautious of lookalike domains (for example, jane app.com).
- Hover before you click: Hover over any link and check the destination in the bottom left of your browser before clicking. If something looks off, right click and select Copy link address to inspect the URL without visiting the site.
- Do not enter credentials from a link: If an email takes you to a login page, do not enter your credentials. Go directly to the site by typing the URL or using a saved bookmark.
- Be careful with attachments: Only download attachments you were expecting from a source you trust.
- Watch for red flags: Requests for sensitive information, urgent calls to action, and offers that seem too good to be true are all common signs of a phishing attempt.
📣 Heads up: Attackers can spoof trusted email addresses. Even if a sender looks familiar, verify unexpected requests through a separate channel using contact information from their official website, not from the email itself.
Keep Software Updated
Run software and device updates when you receive them. Updates often include security patches that protect against known vulnerabilities. Jane handles its own updates in the background, so no action is needed on your end for Jane.
Use a Secure Network
Avoid using public WiFi to access Jane or other accounts with sensitive data. Public networks are outside your control and easier to intercept.
If a secure private network is not available, use a VPN (Virtual Private Network) to create an encrypted connection between your device and the internet. This significantly reduces the risk of others on the same network seeing your activity.
Minimize and Manage the Data You Collect
Collect only the information you need, retain it only for as long as required by the regulations that apply to your practice, and be mindful of what you share externally, including on social media. The less data you hold, the less there is to protect. Reviewing your retention practices regularly is a good way to reduce your clinic’s exposure.