PocketSuite & HIPAA

Security of your account and electronic Patient Health Information (ePHI) is extremely important to us.

PocketSuite is pleased to offer a HIPAA compliant solution – please refer to our HIPAA Statement for details. PocketSuite’s HIPAA Statement hereby serves as a Business Associate Agreement between PocketSuite, Inc. and you, our customer.

We recommend you play a small part to achieve the highest level of HIPAA compliance as a PocketSuite customer.

Privacy detail as well as suggested steps to address any and all HIPAA-related security and privacy issues when running the day-to-day of your business, include:

Enable 2-Factor Login

  • Perpetually lock both your smartphone and your PocketSuite account when unused to optimize security protocol
  • Smartphone:
    • Always lock your iPhone whenever you put it away (e.g., your pocket, briefcase, bag, etc.), or step away from it
    • Set specific passcode and enable Touch ID to ensure a secure login process (under your iPhone Settings > Touch ID & Passcode)
    • Set auto-lock to “1 minute” or less to ensure if your iPhone is left unattended, it will auto-lock (under your iPhone Settings > General > Auto-Lock)
  • PocketSuite App:
    • Always Sign Out of PocketSuite if app is going to be idle for more than a 15 minutes (under your Settings tab)
    • Set your “Requires Login” setting to be 7 days so that if for any reason you forget to sign out of PocketSuite, the system auto signs you out after 7 days (under Settings > Help & Admin > Login & Alerts)
    • SMS pincode security system is set up with continuously auto-expiration (after 5 minutes upon initial login request) security login codes to prevent password hacking

Integrate Private Intake Forms

  • All Client Intake Forms are hosted on Hyper Text Transfer Protocol Secure (“HTTPS”) URLs to enhance form submission security and privacy
  • Intake Forms can be access and integrated online by going to Settings > Online Widgets > Client Intake
  • All client intake submission data transferred using 256-bit TLS encryption
  • Customer data is saved on each client profile, privately viewable by you only within the PocketSuite app

Secure Client Communication

  • Manage a secure and private communication exchange between you and your clients within PocketSuite
    • Limit usage of outside communication tools like email, SMS text, Facebook, etc. to ensure no data breaches
  • Incoming and outgoing message data in PocketSuite is kept completely confidential and not exchanged, sold or viewed by any 3rd party
  • Maintain each client record securely in a single thread for private and easy mobile access

PCI Compliant Credit Card Storage

  • Customer credit card data must be stored securely with a PCI Compliant entity to ensure card security and cardholder privacy
  • As a PCI Compliant entity, PocketSuite supports the storage and charging of any client credit or debit card
  • Select “Add Credit Card” when adding a new client to PocketSuite or editing an existing client
    • Client’s card is securely stored once added
    • Client’s card can be charged at your discretion (tap “Charge” from your Dashboard tab)
    • Payment receipt privately emailed to client

Proper Calendar Sync

  • PocketSuite supports direct calendar sync to your iPhone Calendar (“iCal”) and Google Calendar
  • If you would like to ensure that appointment notes are kept private on Google’s servers (once synced from PocketSuite), look into signing a separate Business Associate Agreement with Google prior to syncing