We take security and privacy seriously
Is my data secure?
Luminello was built by mental health professionals for mental health professionals and their patients/clients, so we get how important security and privacy is – we use it in our practices everyday!
Our entire EMR/EHR platform is HIPAA-compliant and we’ll put that in writing for providers in a business associate agreement (BAA).
Luminello highly encrypts all data, including all communication between patients/clients and providers and between providers.
No patient/client health information is stored on your computer or phone – so there is no HIPAA penalty if your phone or computer is lost/stolen/hacked.
Additional state of the art technology is used to protect against hackers, as well as physical protection of data servers and administrative policies that strictly govern access.
Your notes are
auto-saved as a draft every two minutes, just like gmail and other commonly used web applications. All saved data is backed up locally and off-site every night.
Our servers are constantly being monitored for uptime, responsiveness and data security.
Your credit card information is stored by our trusted credit card partner, on a server with the highest level of protection possible.
We offer 2-factor authentication if you wish to add another layer of security to your account access.
Is my data private?
We do not, and will never, sell identifiable patient data.
Charts can only be viewed by authorized providers.
Patient accounts are no-cost and ad-free.
Paid provider subscriptions are ad-free.
We pledge to abide by our
Yes, even “mom and pop” solo practitioners have to be compliant and to implement solutions that meet the minimum requirements.
Aggrieved patients can easily file complaints on the US HHS website – no lawyer or knowledge of medical board needed.
The HHS conducted 14,000 random audits last year.
HIPAA is arguably the standard of care.
One breach – even one that is not your fault, like losing your iPhone or your email getting hacked – may lead to an investigation of all possible breaches – and a data security audit of your entire practice.
What is the worst-case scenario if I’m not HIPAA compliant?
fines for HIPAA non-compliance are up to $1.5 million per year. Other expenses include investigation costs, serving notice to patients, potential licensing board fines, and having to provide identity protection coverage.
One data security breach of protected health information can ruin your business reputation.
If I don’t take insurance, I don’t have to be HIPAA compliant, right?
HIPAA is arguably the standard of care for all mental health providers, thereby making this exemption moot.
State data privacy laws are becoming even more stringent and have no such exemption.