Published: August 23, 2025
Updated: June 8, 2026
Electronic Health Records & Patient Portal (PHI): We use Practice Better for clinical records, secure messaging, forms, and scheduling. According to Practice Better’s published materials, they implement encryption in transit and at rest, minimum-necessary access controls, activity/audit logs, routine vulnerability scanning, and scheduled encrypted backups retained for a defined period. For current details, see Practice Better’s security overview.
E-Prescribing: We use DrFirst with electronic prescribing for controlled substances (EPCS), including multi-factor authentication and audit trails.
Payments: We use Stripe and/or QuickBooks Online (Intuit) for payment processing and invoicing. We do not store full card numbers; these processors maintain payment card industry data security standard (PCI-DSS) compliance.
Our safeguards: Business Associate Agreements (BAA) for PHI-handling vendors; least-privilege access; multi-factor authentication; device encryption and auto-lock; secure portal messaging (no unencrypted email/SMS for PHI); incident response and breach-notification procedures aligned with HIPAA.