Data security and encryption for Psychotherapists
Protect sensitive patient data and ensure confidentiality
Psychotherapists work with their patients’ sensitive and confidential information on a daily basis. The protection of this data is not only ethically necessary, but also required by law. In this blog post we explain why SimpleumSafe is the ideal solution for psychotherapists to protect patient data and maintain confidentiality.
Data Protection Laws and the Importance of Confidentiality in Psychotherapy
Psychotherapy is subject to confidentiality according to StGB §203 and is a very sensitive area in which personal data is collected and nowadays mostly stored electronically. In some cases, notes are also made directly on a tablet computer or MacBook.
This creates different types of electronic files that need to be protected.
Since 25 May 2018, new data protection rules have been in force, which become effective under the EU General Data Protection Regulation (EU GDPR). The EU GDPR is an European Union regulation that unifies the rules on the processing of personal data by private companies and public authorities across the EU. It also applies to established psychological psychotherapists and psychological psychotherapists as well as child and adolescent psychotherapists and child and adolescent psychotherapists with health insurance and in private practice.
Keep in mind that personal data must always be protected against unauthorized access, including in the event of loss / theft. In the event of loss / theft, where the data can be viewed by unauthorized persons, you must always inform all persons concerned.
The use of cloud storage solutions is also particularly problematic. If you store unencrypted data in the cloud, you need a data processing contract with the cloud service provider, and still need to notify all your clients of possible disclosure or theft in the event of a data breach. This risk is too high and, unfortunately, far too often in the past. Your client data deserves better protection.
If you collect client data on a Mac and/or iPhone/iPad, you can store that data with SimpleumSafe GDPR compliant. Strong encryption is used on the devices. A synchronization of different Macs or iPhone/iPad can also be carried out encrypted via the cloud. In this case, the cloud provider has no way to gain insight into the data, nor does it need to be concluded with a data processing contract.
SimpleumSafe is already used by many psychotherapists. Due to the similarity with the Mac Finder, an introduction is done quickly and a training is not necessary.
Solution in detail
Pseudonymization and encryption (GDPR Art. 32 (1a)
Digital data are files that have a file name and content. Even the file name can often provide information about the content. According to GDPR Article 32 (1a), pseudonymization and encryption are appropriate technical measures for the protection of personal data. SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. File names are not recognizable from “outside ” with an unopened safe.
Confidentiality (GDPR Article 32 (1b)
Access to the data with SimpleumSafe is only possible with a password or with the iPhone with any biometric authentication.
Integrity (GDPR Article 32 (1b)
Integrity is the protection of data against manipulation and damage (hardware defect). SimpleumSafe provides an integrity check that checks all data for readability and error-free decryptability.
Availability, recovery after technical incident (GDPR Article 32 (1b.c)
You can backup a safe created with SimpleumSafe encrypted with Apple Time Machine or any other backup solution. In addition, SimpleumSafe itself has its own backup solution. As a result, your data backup is encrypted. In the event that you have forgotten your password and you are actually no longer able to access the data, you can use a so-called recovery password to reset your password, provided you have previously created such a recovery password.
Information for all affected persons in the event of data loss or theft
If you have encrypted your data with SimpleumSafe and a Safe ends up in the hands of third parties by theft, you do not have to share this information to your clients. This is where GDPR Article 34 (3a) applies]: […] The communication to the data subject […] shall not be required […] in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption […] ”
Data in the cloud
SimpleumSafe uses the “extreme secure synchronization ” for synchronization with the iCloud. Even if the synchronization data has been stolen from the cloud and the password has become known, the data can still not be decrypted. In this case, the cloud provider is not a order data processor according to GDPR, as he cannot gain access to the data.
Create photos with personal information
Use the ability to use SimpleumSafe for iOS to directly create photos on iPhone and store them in the Safe in an encrypted manner. These photos are then not stored in the photo library. This allows you to easily photograph client documents, etc.
Examples of use
We want to help you manage, organize and edit your sensitive data as easily as possible with SimpleumSafe. And it all works encrypted throughout. Because the SimpleumSafe user interface for Mac is designed similar to the Mac finder, you can simply drag your files from the finder to the open SimpleumSafe and these are immediately encrypted in the Safe.
Different Safe locations
You can store a Safe at different locations. On your hard disk, on a USB flash drive, or on a network drive.
Secure editing of the data
When editing or in the preview, the data remains encrypted throughout. Once processed, the data is automatically imported back into the Safe.
With SimpleumSafe for iOS, you can photograph encrypted from the app and the photos are immediately stored encrypted in the Safe. The photos are then not stored in the photo library.
You can import your contacts (.vcf) and store them encrypted in SimpleumSafe.
Create notes and comments
You can create notes (.txt) and edit them further. Each file can also be commented on in a comment box.
Image viewer and slideshow
With the image viewer and slideshow, you can view all your photos in full screen mode.
Extreme Secure Synchronization
Convenient synchronization of the safes between iPad, iPhone and Mac. This allows you to keep your data up-to-date anytime, anywhere.
You can create multiple Safes and use them completely independently. For example, you can create themed Safes, or a Safe for each client.
Simple and intuitive usability
Due to the simple and intuitive usability, no training or introductory projects are necessary.