We keep your data safe, secure and compliant
The security of client data is of utmost importance to us.
With Power Diary you enjoy better security for less cost because we are able to invest in advanced security systems and share the cost across all of our clients. These systems would otherwise be prohibitively complex and expensive for the average business to deploy and maintain. Here’s how we do it…
2-Factor Authentication
For top level security, Power Diary allows you to turn on 2-Factor Authentication (2FA) for yourself and any other profiles under your account. This means that when logging in, you and other users will need to verify the login using 2FA, as well as entering your Power Diary username and password. More information about 2FA can be found here.
User Account Controls
To access the Power Diary system users must enter their unique username and password details into the login page. The usernames and passwords for each user can only be created by you, or someone you delegate. The login and authorisation of each user is processed over a secure and encrypted connection. You can also limit what each user can access within your account. At anytime you can also change a user’s security settings, including suspending or removing their access altogether. This will take immediate effect, even if they are currently logged in.
User Activity Recording
User activity within your Power Diary account is recorded. You can see when a user logged in (including their computer’s IP address) and exactly what they viewed and changed in your Power Diary Account. You also have a range of filter options so you can search and view specific information such as which users have accessed a client file, made an appointment, or changed an appointment etc. The system stores the past two months of activity.
Data Transmission
The connection between your browser and our servers is protected so that information transferred is encrypted using 256 bit SSL technology. This prevents others from intercepting and reading any information during transit. We also use a Domain Validated Security Certificate which provides extra protection against someone
attempting to impersonate our site.
Infrastructure and Design
We use Amazon Web Services as our infrastructure provider which exceeds the standards defined by the HIPAA Security Rule, typically used as the international standard for the physical and electronic safeguards required for the management of Protected Health Information. Power Diary also has an AWS Business Associate Addendum in place.
Backup and Encryption
All Power Diary data is backed up hourly to separate storage devices, and an additional separate daily backup is made to AWS S3 storage. Monthly backups are retained for a minimum of 2 years. All data drives and S3 storage is encrypted using secure and industry compliant encryption technology.
Active System Monitoring and System Availability
Security systems monitor user behaviour in real time and identify any patterns that would indicate possible security threats. Any suspicious or unusual activity is flagged for immediate review by our technical team.
The Service Level Agreement with our primary data centre partner, AWS, includes a 99.9% uptime assurance. Power Diary’s actual uptime since 2007 has exceeded 99.9%.
Compliance
Our range of security and privacy measures ensures compliance with the relevant legislative and regulatory requirements in the main markets in which we operate; Australia, New Zealand, UK, Europe, South Africa, USA and Canada. This includes compliance with the GDPR, HIPAA and PIPEDA.
We closely monitor changes to regulatory environments and make system and policy adjustments as needed.
Power Diary also complies with the relevant international laws and legislation concerning Data Privacy and Breach Notification Requirements including the circumstances, details, and timing of notifying affected users.
Credit Card Processing and PCI Compliance
Payment Card Industry Data Security Standards (PCI DSS) sets the international security standards for the management and processing of the payment industry. Power Diary enables customers to process patient credit card payments via a secure and validated integration with Stripe Inc. Stripe is certified as a PCI Service Provider – Level 1. This is the highest level of certification available. Power Diary does not store your client’s credit card details.
Ownership of Data
At all times you retain ownership of all data related to your Power Diary account. This includes all client records, past and future appointments, and financial information. At Power Diary we help you manage your data,
but you always remain in control.
Data Removal
Should you at any stage decide to discontinue use of Power Diary you can request the removal of all information related to your account from the Power Diary system. This will be completed within seven days of your request.
Technology Updates
As technology constantly evolves we continually update our infrastructure, security systems, and software to ensure we are also providing the highest levels of protection for our customers.
Maximising Security
Whilst we have in place significant measures to protect and maintain the safety and security of your data, no system, whether electronic or otherwise can ever claim to be absolutely secure. Just like internet banking, or your credit card, the security of the Power Diary also relies on you keeping your login details confidential. Never give your Power Diary login information to anyone, and be sure to create a unique username and password for each person that
you permit to access your system.
