We take security and privacy seriously
Is my data secure?
- Luminello was built by mental health professionals for mental health professionals and their patients/clients, so we get how important security and privacy is – we use it in our practices everyday!
- Our entire EMR/EHR platform is HIPAA-compliant and we’ll put that in writing for providers in a business associate agreement (BAA).
- Luminello highly encrypts all data, including all communication between patients/clients and providers and between providers.
- No patient/client health information is stored on your computer or phone – so there is no HIPAA penalty if your phone or computer is lost/stolen/hacked.
- Additional state of the art technology is used to protect against hackers, as well as physical protection of data servers and administrative policies that strictly govern access.
- Your notes are auto-saved as a draft every two minutes, just like gmail and other commonly used web applications.
- All saved data is backed up off-site every night.
- Our servers are constantly being monitored for uptime, responsiveness and data security.
- Your credit card information is stored by our trusted credit card partner, on a server with the highest level of protection possible.
- We offer 2-factor authentication if you wish to add another layer of security to your account access.
Is my data private?
- We do not, and will never, sell identifiable patient data.
- Charts can only be viewed by authorized providers.
- Patient accounts are no-cost and ad-free.
- Paid provider subscriptions are ad-free.
- We pledge to abide by our privacy policy. And feel free to contact us if you have any further questions.
Do I really need to be HIPAA compliant?
- Yes, even “mom and pop” solo practitioners have to be compliant and to implement solutions that meet the minimum requirements.
- Aggrieved patients can easily file complaints on the US HHS website – no lawyer or knowledge of medical board needed.
- The HHS conducted 14,000 random audits last year.
- HIPAA is arguably the standard of care.
- One breach – even one that is not your fault, like losing your iPhone or your email getting hacked – may lead to an investigation of all possible breaches – and a data security audit of your entire practice.
What is the worst-case scenario if I’m not HIPAA compliant?
- The fines for HIPAA non-compliance are up to $1.5 million per year.
- Other expenses include investigation costs, serving notice to patients, potential licensing board fines, and having to provide identity protection coverage.
- One data security breach of protected health information can ruin your business reputation.
If I don’t take insurance, I don’t have to be HIPAA compliant, right?
- HIPAA is arguably the standard of care for all mental health providers, thereby making this exemption moot.
- State data privacy laws are becoming even more stringent and have no such exemption.