Data Security & Privacy

We take security and privacy seriously

Is my data secure?

  • Luminello was built by mental health professionals for mental health professionals and their patients/clients, so we get how important security and privacy is – we use it in our practices everyday!
  • Our entire EMR/EHR platform is HIPAA-compliant and we’ll put that in writing for providers in a business associate agreement (BAA).
  • Luminello highly encrypts all data, including all communication between patients/clients and providers and between providers.
  • No patient/client health information is stored on your computer or phone – so there is no HIPAA penalty if your phone or computer is lost/stolen/hacked.
  • Additional state of the art technology is used to protect against hackers, as well as physical protection of data servers and administrative policies that strictly govern access.
  • Your notes are auto-saved as a draft every two minutes, just like gmail and other commonly used web applications.
  • All saved data is backed up off-site every night.
  • Our servers are constantly being monitored for uptime, responsiveness and data security.
  • Your credit card information is stored by our trusted credit card partner, on a server with the highest level of protection possible.
  • We offer 2-factor authentication if you wish to add another layer of security to your account access.

Is my data private?

  • We do not, and will never, sell identifiable patient data.
  • Charts can only be viewed by authorized providers.
  • Patient accounts are no-cost and ad-free.
  • Paid provider subscriptions are ad-free.
  • We pledge to abide by our privacy policy. And feel free to contact us if you have any further questions.

Do I really need to be HIPAA compliant?

  • Yes, even “mom and pop” solo practitioners have to be compliant and to implement solutions that meet the minimum requirements.
  • Aggrieved patients can easily file complaints on the US HHS website – no lawyer or knowledge of medical board needed.
  • The HHS conducted 14,000 random audits last year.
  • HIPAA is arguably the standard of care.
  • One breach – even one that is not your fault, like losing your iPhone or your email getting hacked – may lead to an investigation of all possible breaches – and a data security audit of your entire practice.

What is the worst-case scenario if I’m not HIPAA compliant?

  • The fines for HIPAA non-compliance are up to $1.5 million per year.
  • Other expenses include investigation costs, serving notice to patients, potential licensing board fines, and having to provide identity protection coverage.
  • One data security breach of protected health information can ruin your business reputation.

If I don’t take insurance, I don’t have to be HIPAA compliant, right?

  • HIPAA is arguably the standard of care for all mental health providers, thereby making this exemption moot.
  • State data privacy laws are becoming even more stringent and have no such exemption.