Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook
Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook

Are Web-Based EHRs Safe?

Home » Are Web-Based EHRs Safe?

Are Web-Based EHRs Safe?

The most common reason people give for being reluctant to switch to a web-based EHR is safety. When we’re charged with protecting something – in this case, our clients’ records – most of us intuitively feel safer with something we can see and touch; something physical within our own office where we can maintain control of security ourselves. However, despite this subjective sense of safety, Hurricane Katrina taught us all a valuable lesson about the danger of keeping client records on paper. Floods, tornadoes, fires and other types of disasters can destroy paper records in a heartbeat. If you do maintain paper records, at the very least, you should have backup copies of everything – and those copies should be stored at a completely different location – preferably far away from where your paper records are stored.

The question then becomes, what kind of copies do you make and where do you store them? You can certainly use a copy machine and make paper copies of your records, but that’s both costly and cumbersome in terms of paper, ink, and additional space to store everything. Digital records, on the other hand require little to no room to store, although it can be time-consuming to scan all of your paper documents to get them into digital format. Once you have them in digital format, what do you do with them? All types of digital storage media (computers, external hard drives, thumb drives, CDs, etc.) degrade over time. This means if you choose to store your digital files on some type of physical media that you maintain yourself, you’ll have the task every few years of making copies of your copies to ensure that all of your client data is still good. All of this becomes rather daunting, no matter how you look at it.

An obvious solution is to just not generate paper documents. Keep all – or at least most – of your client records in digital format on the Web from the very beginning. This is a huge leap for many – it’s changing the way they’ve done things comfortably their entire careers and, intuitively, it just doesn’t feel safe. However, before just assuming that records kept on the web are less safe than records kept in your office, let’s look at some facts:

Data States on the Web: Data in Motion vs Data at Rest

There are two possible states for data on the web:

  • “Data in motion” is the term used to describe data as it travels back and forth between the computer issuing the request (e.g., you at your personal computer or tablet) and the server you’re trying to reach (e.g., a web-based EHR).
  • “Data at rest” is when the data is just sitting there on either your computer or the server.

Security Issues with Data in Motion

As long as the website you’re accessing starts with “https” instead of just “http”, data in motion is generally safe. The https protocol indicates that the website is working in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely. Here are some facts about SSL:

It appears, then, that data in motion – as long as the website you’re using has SSL – is generally accepted as being secure. When we hear of data being hacked and/or of large data breaches, the culprit is with data at rest.

Security Issues with Data at Rest

To review, data at rest is when the data is just sitting on a computer or other device. The device might be your own personal computer, tablet or even your phone – or it might be the computer (i.e., server) where your web app lives. (Servers are just computers that have certain software on them that enable them to “serve” a web page to you when you request it. In other words, you type www.google.com into your web browser and one of Google’s servers opens that page, i.e., “serves” it to you.)

Consider this: if you’re storing client records on your computer, even if it’s in a desktop EHR (i.e., the program is actually installed on your computer), there are two possible places data at rest might be vulnerable: your computer and the server. However, if you’re using a web-based EHR – unless you specifically download files from the app or store other client records on your computer – NO client data is stored on your machine. All of your client data is on the web. This effectively eliminates 50% of the possible concerns for data at rest breaches. The initial implication here is that, contrary to popular belief, web apps may actually be SAFER ways to store client records. But let’s dig a little deeper.

Most of us fear hackers. We hear about them in the news, they’ve successfully hacked into some pretty scary – and presumably secure – websites, so we assume they’re the major worry with data breaches on the web. However, this is not the case. Hacking actually accounts for a very small percentage of reported healthcare data breaches. One author who has analyzed healthcare breach data notes that the media most often involved in breach incidents are laptops and paper, i.e., NOT servers.

The HITECH Act requires the Secretary of HHS to post a list of breaches of unsecured protected health information affecting 500 or more individuals. To make it easier to see trends, I downloaded the entire list into an Excel sheet so I could group breaches by type and came up with the following table (this data was collected from 2009-2013):

Notice that theft and loss account for 72% of the reported breaches. The thing that most people fear – hacking and/or IT incidents – only accounted for 2% of the breaches. Also, although I didn’t include the “Location of Breach” column in the table, glancing at the original data seems to confirm what the above author concluded, i.e., that the largest percentage of these thefts or losses are from either paper records or laptops.

Furthermore, as of mid 2015, none of the EHRs made specifically for behavioral health practitioners in private practice had ever reported a breach of any kind, nor had any of the clearinghouses used by EHRs reported breaches. This certainly isn’t meant to imply that it couldn’t happen. However, as you can tell from the data presented so far, most breaches are caused by people – people stealing or misplacing client files or data, people disposing of records improperly, people missending emails, people leaving records in public view and failing to secure them properly. It makes sense then, that companies with larger number of employees will be more likely to have breaches. Companies that specialize in behavioral health EHRs tend to be small, which, in some ways may serve to minimize their risk.

Also, even though the data shows that hacking incidents are fairly uncommon, if I were a hacker and I wanted to obtain healthcare data, I’d choose a target where I stood to garner the most records – insurance companies, large hospital complexes, etc. Even IF, for some reason, I wanted to target EHRs, I’d go after the large scale medical EHRs. I wouldn’t waste my time with EHRs that are specifically made for behavioral health. Could it happen? Yes. Is it likely? No.

What We’ve Covered So Far:

  • Data in motion is secure. Data breaches, when they occur, happen with data that’s just sitting on either your computer or a server.
  • If you use a web-based EHR as opposed to a desktop application, that eliminates your computer, i.e., 50% of the security risk.
  • Most healthcare data breaches occur as a result of either theft or loss. The most common items that are lost or stolen are laptops and paper records.
  • As of mid-2015, no behavioral health EHR made just for private practice had reported breaches of any type.
  • Hacking or other IT incidents only account for about 2% of all breaches. Furthermore, there’s some reason to think that behavioral health EHRs made just for private practice might be unlikely targets for hackers.

Summary

Nothing is 100% safe. If you store your client records in your office – either as paper records or on your computer – your office could catch fire and burn. If you had gone to the trouble to keep backup copies of everything in your home, a tornado or other natural disaster could destroy both your home and your office. The same can be said for digital records stored by EHR companies.

However, EHRs that use reputable web server companies have built-in protections provided by the companies themselves, that are difficult to replicate by individuals. For example, PSYBooks is stored on servers that are provided by Amazon. AWS (Amazon Web Server) data centers have military grade perimeter control as well as other natural boundary protection. Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and monitored. Furthermore, Amazon offers backup servers at “redundant co-location facilities the are geographically dispersed” to help ensure that even if a catastrophic event happened in one part of the country, you would have a backup available in another part of the country. It’s pretty unlikely that any of us in private practice would be able to match Amazon’s level of security for the computers we maintain in our homes or offices.

It seems reasonable to conclude that despite the fact that nothing is 100% safe, using web-based EHRs made just for behavioral health providers in private practice may well be the safest option you can choose.

2019-04-10T12:14:48-04:00

Share This Story, Choose Your Platform!

FacebookTwitterRedditLinkedInWhatsAppTelegramTumblrPinterestVkXingEmail

Related Posts

Stay in touch!

Quick Links

General Terms of Service

Date of Last Revision: April 20, 2024

Welcome to our website (“Website”). These General Terms of Service (“Terms”) apply to visitors to this website, as well as registered users of any and all offerings provided by PSYBooks™. PSYBooks, LLC (“PSYBooks” or “we” or “our” or “us”) is a Georgia Limited Liability Company whose principal place of business is located at 2944 Blackwood Rd, Decatur, GA 30033.

PSYBooks is the owner and operator of this Website. PSYBooks, via our Website, provides an electronic health record (“EHR”) software-as-a-service (“Service”) offering specifically designed for mental health practices and may, in the future, offer other tools for those in the mental health professions.

  1. Introduction
    1. Your use of PSYBooks’ products, software, services, servers and Website (referred to collectively as our “Service” in this document) is subject to the terms and conditions of a binding and enforceable agreement (“Agreement”) between you and PSYBooks, as defined herein. By using our Service you acknowledge and agree that you have fully read and agree to be bound by the provisions of this Agreement.
    2. PLEASE READ THESE TERMS OF SERVICE CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING A USER’S LEGAL RIGHTS, REMEDIES AND OBLIGATIONS. THESE INCLUDE VARIOUS LIMITATIONS AND EXCLUSIONS, AND A DISPUTE RESOLUTION CLAUSE THAT GOVERNS HOW DISPUTES WILL BE RESOLVED. IT ALSO CLEARLY SPECIFIES THE MANNER BY WHICH ACCEPTANCE OF THIS AGREEMENT OCURRS. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND PSYBOOKS.
  2. General Terms
    1. The terms and conditions provided herein (the “General Terms”) have two broad sections. The first section applies to all users of our Service, including the public at large (“Users”). The second section applies to that subset of Users who register on our Service as a practitioner (“Subscribers”). Subscribers will also be asked to accept a Subscriber Agreement at the time they actually register. For the purposes of these General Terms, a Subscriber is defined as mental health provider who has registered on our Service and paid the subscription fee. “You” means an individual member of the consuming public that is using our Website, whether or not they are a Subscriber.
    2. The General Terms contained herein are included by reference in subsequent agreements entered into between PSYBooks and a Subscriber (“Subscriber Agreement”), and constitute the minimum terms and conditions controlling use of our Service. The term Agreement, as used herein, refers to these General Terms and to any agreement entered into between a Subscriber and PSYBooks that includes these General Terms by reference.
    3. Our Service and Website include all pages on our Website’s domain (www.psybooks.com) and all pages on any related sub-domains, all of which are controlled by this Agreement.

General Terms for All Users

The following terms are for all Users of our Website, including the public at large and Subscribers.

  1. PSYBooks Grants a Limited License
    1. All content on our Service, except for User Generated Content (“UGC” ) and Protected Health Information (“PHI”) as defined herein, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Information”), are the property of PSYBooks or its licensors with all rights reserved.
    2. If you meet the requirements of Eligibility, and have properly gained access to our Service as provided for in this Agreement, then you are granted a limited license to use our Service and the Information, and to download and print a copy of any portion of the Information for non-commercial use, provided that you keep all copyright or other proprietary notices intact.
    3. As pertaining to all the Information, excluding UGC and a Subscriber’s protected health information (“PHI”), you may not make available, in any form and by any mechanism, said Information on any public or private website or incorporate the Information in any other database or compilation.
    4. Any use of the Information, other than as set forth herein, is strictly prohibited. This limited license allows you to use the Information only for lawful uses in accordance with the foregoing and does not allow you to sell the Information, use the Information for commercial use, or use any type of data mining, robots, or similar data gathering or extraction methods on our Service.
    5. Absent prior written consent from PSYBooks, you may not copy or imitate any elements of our Service, including but not limited to, graphics, digital images, logos, sounds, images, and buttons protected by trade dress and other laws. Absent prior written consent from PSYBooks, you may not use framing, metatags, or hidden text techniques in association with our logo, trademark or other copyrighted or proprietary information.
    6. Unless expressly stated in this Agreement, or in a subsequent agreement entered into by PSYBooks and a Subscriber, nothing herein shall be construed as conferring any license to intellectual property rights, in any form or by any mechanism.
    7. The PSYBooks limited license is revocable at any time without notice and with or without cause, except as provided for in our Subscriber Agreement.
  2. Transmissions
    1. As defined herein, transmissions (“Transmissions”) may take the form of submissions, questions, comments, suggestions, ideas, feedback, notes, messages, emails, postings, letters, or other written materials about, or concerning, our Service, provided by you to PSYBooks, excluding UGC and PHI. You acknowledge that Transmissions by you to and from our Service may be non-confidential, and that others may read and/or intercept such Transmissions.
    2. PSYBooks has the right, but not the obligation, at its sole discretion, to review any Transmissions submitted to our Service and to edit or delete any Transmissions that violate any part of this Agreement. You hereby consent to PSYBooks’ collection and use of such Transmissions in accordance with PSYBooks’ then current Privacy Policy and acknowledge that submitting Transmissions to our Service creates no financial or fiduciary relationship between you and PSYBooks.
    3. By using our Service, you thereby assign all right, title, and interest, including the copyright therein, in all Transmissions, to PSYBooks. Accordingly, PSYBooks shall own all intellectual property rights in the Transmissions and shall be entitled to unrestricted use of the Transmissions for any purpose, commercial or otherwise, without acknowledgment, compensation, or liability to you. By submitting such Transmissions to our Service, you irrevocably waive all “moral rights” in such Transmissions.
  3. Links
    1. Our Service may include hypertext links to other websites over which PSYBooks has no control. PSYBooks makes no representations of any kind regarding the content on such websites or the content on any website linked to such websites or to any changes or modifications made thereto.
    2. You hereby acknowledge that by using any such hypertext links, you irrevocably waive any and all claims against PSYBooks regarding such websites and must adhere to the usage and privacy policies governing such sites. PSYBooks’ usage of links does not imply our endorsement, or sponsorship, of any such websites.
  4. Intellectual Property Rights of Third Parties
    1. PSYBooks respects the intellectual property rights of others and requires Users of our Service to do likewise. PSYBooks prohibits Users from making available, in whatever form and by whatever mechanism, content on our Service that infringes upon any party’s intellectual property rights.
    2. PSYBooks has the right to terminate the Account of any infringing Subscriber and will take steps to do so immediately upon proper notification and in compliance with applicable law. You acknowledge and agree that a violation of the intellectual property rights of others on our Service triggers the Indemnification as provided for herein.
  5. Trademark
    1. All trademarks used on our Service are the property of their respective owners and may not be used without permission therefrom.
    2. Whether or not specifically designated as such, www.psybooks.com and all other colors, graphics, logos, sounds, images, icons and buttons displayed on our Service are, or may be, trademarks of PSYBooks or its affiliates.
    3. Absent prior written consent from PSYBooks, you may not copy, imitate, or use any portion of these marks.
  6. Copyright
    1. PSYBooks will strictly comply with the requirements of the Digital Millennium Copyright Act, Title 17, United States Code Section 512(c)(2) (“DMCA”). If you believe your copyright has been violated by any content on our Service then you may send a written notification of such infringement to our Designated Agent as set forth below.
    2. PSYBooks has designated an agent to the U.S. Copyright Office to receive notifications of alleged copyright infringement relating to our Service. You must submit all such notifications, in a manner consistent with the DMCA, to PSYBooks’ Designated Agent. Likewise, if you believe that your copyrighted content has been erroneously removed from our Service, you must send a counter notification to PSYBooks’ Designated Agent in a similar DMCA compliant manner.
    3. Send all DMCA compliant notifications to:

      DMCA Notification: PSYBooks, LLC

      Designated Agent: Susan Litton

      2944 Blackwood Rd

      Decatur, GA 30033

      Email: susan@psybooks.com

      Phone: 770-441-6361

  7. User Conduct Restrictions: Impermissible Use and Activities
    1. You agree not to use our Service to transmit data or code which: (1) is unlawful, threatening or abusive; (2) encourages criminal or other activity that would reasonably give rise to civil liability or otherwise violate any local, state, federal, or international law; (3) contains false or misleading information; (4) inhibits another User from use or enjoyment of our Service; (5) is defamatory, libelous or otherwise unlawful; (6) contains a virus or surreptitious code; (7) contains any type of commercial component or advertising; or (8) allows for the harvesting of email addresses or other contact information, or the harvesting of information of any kind.
    2. Furthermore, you agree not to use our Service to engage in the following kinds of activities: (1) transmit, upload, post, store, and share content of any kind, and by any other mechanism, that you are not the lawful owner or licensee of; (2) register for more than one Account or register an Account in the name of another; (3) impersonate a person or entity or make misrepresentations regarding affiliations of any kind; (4) engage in any kind of behavior that can reasonably be construed as SPAMMING; (5) engage in any behavior likely to cause harm to PSYBooks, our Service, its Users, or to the public at large; and (6) upload any UGC that is sexually explicitly or contains pornographic content, a determination that will be made at PSYBooks sole discretion.
  8. Data Collection
    1. Your Transmissions are subject to PSYBooks’ Privacy Policy. By using our Service you agree to review PSYBooks’ Privacy Policy and to be bound by its terms and conditions. From time to time PSYBooks may change its Privacy Policy without notice to you, other than that provided for in the Policy. Your continued use of our Service, after the posting of any changes to said Policy, shall constitute your agreement and acceptance of such changes.
    2. PSYBooks does not knowingly collect personally identifiable information (or information of any other kind) directly from anyone under the age of 18, with or without parental consent, for its own use. If you have a good faith belief that PSYBooks has inadvertently collected such information, please contact PSYBooks at support@psybooks.com. PSYBooks will take immediate steps to remove such information from our Service and from any databases under PSYBooks’ control.
  9. Governing Law
    1. The laws of the State of Georgia, United States of America, shall govern this Agreement, as well as PSYBooks’ Privacy Policy, notwithstanding any principles of conflicts of law.
    2. You agree that any action at law or in equity arising out of or relating to this Agreement, or PSYBooks’ Privacy Policy, other than those disputes or claims subject to Arbitration as enumerated below, shall be filed only in state or federal court located in the State of Georgia, in a venue sitting, or most proximate to, DeKalb County, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such action.
  10. Arbitration
    1. Any claim or controversy arising among or between the parties hereto pertaining to our Service, or any claim or controversy arising out of, or with respect to, any matter contained in this Agreement, or any differences as to the interpretation or performance of this Agreement, other than those wherein either party has infringed or threatened to infringe the other party’s intellectual property rights, or wherein you have violated our User Conduct Restrictions, shall be settled by arbitration in the State of Georgia. Such arbitration shall be before three arbitrators of the American Arbitration Association (the “AAA”) under its then prevailing rules.
    2. Intellectual property rights, as defined herein, include patent, copyright, trademark or trade secrets. You and PSYBooks jointly acknowledge that arbitration is not an adequate remedy at law for actual or threatened infringement of either party’s intellectual property rights. Therefore, it is agreed that injunctive or other appropriate relief may be sought under these circumstances.
    3. In any arbitration involving this Agreement, the arbitrators shall not make any award that will alter, change, cancel or rescind any provision in this Agreement, and their award shall be consistent with the provisions of this Agreement. Any such arbitration must be commenced no later than one (1) year from the date such claim or controversy arose, or the claim is waived.
    4. The award of the arbitrators shall be final and binding and judgment may be entered thereon in any court of competent jurisdiction.
  11. Severability
    1. If any portion of this Agreement or of PSYBooks’ Privacy Policy is determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, that portion will be deemed severable and will not affect the validity and enforceability of any remaining provisions hereof.
  12. Entire Agreement
    1. This Agreement contains all of the terms and condition agreed to by you and PSYBooks with respect your use of our Service. It supersedes all prior agreements, arrangements and communications between the parties dealing with same, whether oral or written.
  13. Definitions and Constructions
    1. Unless otherwise specified, the terms “includes,” “including,” “e.g.,”, “for example, and other similar terms are deemed to include the term “without limitation” immediately thereafter.

General Terms for Subscribers

The following Terms are for Subscribers to our Services. These Terms are in addition to the Terms in the Subscriber Agreement which must be accepted when you register.

  1. Acceptance and Modifications
    1. PSYBooks reserves the right to change or revise this Agreement at any time by posting a notification on our Website. PSYBooks, at its sole discretion, may provide a Subscriber notification via other mechanisms, but is not required to do so.
    2. You are required to affirmatively accept this Agreement when becoming a Subscriber by reading this Agreement and clicking “I Agree.” As a Subscriber, you are also required to affirmatively accept any future revisions to this Agreement in a similar manner. PSYBooks maintains a record of acceptance for each Subscriber, including the version of this Agreement accepted by you whenever you click “I Agree.”
    3. PSYBooks will notify you of revision dates to this Agreement by posting the “last revised date” preceding the first paragraph of this document. The revised Agreement will take effect immediately after it has been posted on our Website.
  2. Eligibility
    1. PSYBooks requires, and enforces, strict compliance with our eligibility (“Eligibility”) requirements, as defined herein. Our Service is not intended for individuals under the age of 18. It is intended solely for members of the consuming public that are of legal age and meet the definition of a qualified Subscriber. Registration on our Service is reserved for qualified Subscribers or their respective agents, and therefore, registration by any other person or entity is strictly prohibited, unauthorized, unlicensed, void, and in violation of this Agreement.
    2. By registering on our Service you assert and warrant that you are doing so for the purpose of using our Service as a qualified Subscriber. Registration for any other purpose violates this Agreement and is strictly prohibited. By registering on our Service you further assert and warrant that you are of legal age and possess the legal capacity to enter into this Agreement on behalf of the entity you represent.
  3. Account Registration
    1. As a Subscriber you are required to provide us accurate, current, reliable and otherwise valid data when completing the registration forms that establish your account (“Account”) on our Service and you agree that such data must be kept current and revised in a timely manner when events occur that may alter its validity.
    2. As a Subscriber you agree that you are solely responsible for the data and activities related to updating and maintaining your Account, notwithstanding the fact the PSYBooks may, for technical or other reasons, assist you in making changes to your Account at your direct request, and after proper authentication.
    3. Registration on our Service requires you to maintain security credentials that allow you access to your Account. These credentials include a user identifier and a corresponding password. You may also be required to establish additional credentials should PSYBooks deem them necessary to protect the integrity of our Service. You agree that you are responsible for maintaining the confidentiality of said credentials.
    4. You acknowledge and agree that PSYBooks is a Business Associate and that Subscriber is a Covered Entity as the terms are defined under 45 CFR §160.103 Definitions of the HIPAA regulations. You further agree that by registering to use our Service you will have to enter into a Business Associate Agreement (i.e. included as part of the Subscriber Agreement) with PSYBooks during the registration process.
  4. User Generated Content
    1. You retain all ownership rights to content of which you are a lawful owner or licensee (“User Generated Content” or “UGC”), including any protected health information as defined in CFR § 160.103 of the HIPAA regulations, and which you make available on our Service via whatever mechanism PSYBooks provides, excluding such items defined as Transmissions herein, and subject to any other rights granted to PSYBooks under this Agreement.
    2. By submitting UGC to our Service, you grant PSYBooks a nonexclusive, worldwide, transferable and fully paid license to copy, crop, reproduce, reformat, translate, publicly display, excerpt (in whole or in part) and distribute your UGC for any purpose, commercial or otherwise (“Limited UGC License”). In addition, the Limited UGC License you grant includes rights that allow PSYBooks to create derivative works, or incorporate your UGC into other works, as PSYBooks sees fit. The license granted PSYBooks herein does not permit PSYBooks to use the Covered Entity’s PHI in a manner that violates the HIPAA Privacy Rule or the Business Associate Agreement entered into between the parties.
    3. PSYBooks acknowledge and agrees that the Limited UGC License granted may only be used by PSYBooks within the context of its Service and consistent with the Business Associate Agreement entered into between the parties.
    4. The Limited UGC License expires when you remove your UGC from our Service. However, PSYBooks requires, and you acknowledge and agree, that PSYBooks may retain archived copies of said UGC in order to meet the requirements of applicable law and for other business reasons that PSYBooks may have to maintain such archives. You acknowledge and agree that this Limited UGC License does not terminate if you have shared your UGC with other Users and said Users have not deleted your UGC.
    5. You represent, warrant, and guarantee that you have the full right, ability, and authority to make available to our Service, by whatever mechanism PSYBooks provides, your UGC. You further represent, warrant, and guarantee that by making available any UGC on our Service, you are not violating any obligation owed by you to any third party, including without limitation, obligations of confidentiality, privacy, attribution or any intellectual property rights including, but not limited to, rights related to patent, trademark, copyright, or trade secrets.
  5. Indemnification
    1. You agree to defend, indemnify, and hold PSYBooks, its parents, subsidiaries, affiliates, officers, agents and employees, its suppliers and their respective affiliates and agents harmless from all claims, liabilities, damages, and expenses (including attorneys’ fees and expenses) arising out of or relating to your use of our Service, including but not limited to: (1) your submission to our Service of any Transmission; (2) your alleged breach of this Agreement; or (3) your infringement of any intellectual property or other right of any person or entity.
    2. PSYBooks acknowledges and agrees that the indemnification sought in 20.1 is limited to acts that are directly or indirectly under your control regarding your use of, or inability to use, our Service, and does not extend beyond that.
  6. Limitations of Liability
    1. IN NO EVENT SHALL PSYBOOKS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM YOUR USE OR INABILITY TO USE OUR SERVICE; OR FOR THE LOSS OF PROFITS OR DAMAGES THAT MAY RESULT FROM THEFT, DELAYS, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, VIRUSES, FAILURE OF PERFORMANCE, DESTRUCTION OR UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF USE, PROFITS, DATA OR OTHER INTANGIBLES WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE); OR OTHERWISE, EVEN IF PSYBOOKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    2. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF IMPLIED WARRANTIES OR EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. IN SUCH CASES, THE ABOVE LIMITATION OF LIABILITY MAY NOT APPLY TO YOU. TO THAT EXTENT, PSYBOOKS’ TOTAL LIABILITY TO YOU FOR ALL LOSSES, DAMAGES, AND CAUSES OF ACTION SHALL NOT BE GREATER THAN THE TOTALITY OF PAYMENTS MADE BY YOU TO PSYBOOKS IN EXCHANGE FOR ALLOWING YOU TO USE OUR SERVICE DURING THE PAST THREE MONTHS PRIOR TO THE COMMENCEMENT OF ANY LEGAL ACTION OR PROCEEDING, OR $100.00 USD, WHICHEVER IS LESS.
  7. DISCLAIMER
    1. YOU ACKNOWLEDGE THAT OUR SERVICE AND THE INFORMATION THEREIN ARE PROVIDED ON AN “AS IS” BASIS AND THAT PSYBOOKS MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, REGARDING OUR SERVICE OR THE INFORMATION. PSYBOOKS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
    2. BY USING, OR ATTEMPTING TO USE, OUR SERVICE, YOU EXPRESSLY ACKNOWLEDGE THE FOLLOWING:
      1. THE INFORMATION COULD INCLUDE TECHNICAL INACCURACIES AND/OR TYPOGRAPHICAL ERRORS;
      2. PSYBOOKS DOES NOT REPRESENT OR WARRANT THE TIMELINESS, RELIABILITY, COMPLETENESS, OR ACCURACY OF THE INFORMATION; AND
      3. PSYBOOKS DOES NOT REPRESENT OR WARRANT THAT OUR SERVICE OR ANY RELATED SERVERS ON WHICH IT RESIDES ARE FREE OF ERRORS OR VIRUSES OR OTHER POTENTIALLY DAMAGING CONTENT.
    3. PSYBOOKS MAY PERIODICALLY MAKE CHANGES TO ANY SERVICE CONTENT, INFORMATION, FEATURES OR FUNCTIONS. PSYBOOKS RESERVES THE RIGHT TO IMPLEMENT SUCH CHANGES AT ANY TIME WITHOUT NOTICE TO YOU, OTHER THAN THAT WHICH IS SET FORTH IN THIS AGREEMENT.
    4. UNLESS SPECIFICALLY INDICATED IN WRITING TO THE CONTRARY, NO REFERENCE IN OUR SERVICE TO ANY PRODUCTS, PROCESSES, SERVICES OR OTHER INFORMATION BY TRADE NAME, TRADEMARK, MANUFACTURER, SUPPLIER, OR OTHERWISE, SHALL CONSTITUTE OR IMPLY PSYBOOKS’ ENDORSEMENT OR SPONSORSHIP THEREOF.
  8. Termination
    1. Either you or PSYBooks may terminate this Agreement. You may terminate this Agreement by destroying all materials obtained from our Service, except for UGC and, if you are a Subscriber, by providing a termination notice to PSYBooks at support@psybooks.com. PSYBooks may terminate this Agreement immediately, without notice for any reason, or no reason, other than as provided for in our Subscriber Agreement, and reserves the right to block or prevent your future access to our Service.
    2. Should you or PSYBooks decide to terminate this Agreement then PSYBooks will prevent access to your Account on our Service. PSYBooks agrees to make a good faith effort to resolve an outstanding dispute between PSYBooks and a Subscriber, if any exist, prior to termination. PSYBooks, at its sole discretion, may restore access to your Account if the dispute has been resolved to its satisfaction.
    3. You acknowledge and agree that termination of this Agreement by either party pertains solely to your use of our Service, and has no effect on other contractual obligations that may exist between the parties, which remain in full force and effect.

Privacy Policy

Date of Last Revision: April 20, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.

Business Agreement

Date of Last Revision: April 20, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.