Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook
Practice Management System and Portal for Mental Health Professionals and their Clients
Facebook

The Importance of End-to-End Encryption and Integrated Products

Home » The Importance of End-to-End Encryption and Integrated Products

The Importance of End-to-End Encryption and Integrated Products

I often find myself telling mental health providers that two of the best things they can do to be in compliance with HIPAA while also saving both time and money is to use integrated products that are 100% end-to-end encrypted. I’ve said that so often that I don’t really think about it. It’s my go-to response. Recently I had someone ask how to tell if a product is “100% end-to-end encrypted.” That gave me pause. It was a VERY astute question that no one had asked me before, nor had it occurred to me that it needed explaining. But it does. It so very much does. Here goes:

What is End-to-End Encryption?

The term “end-to-end encryption” means that data is encrypted from the moment it leaves your device all the way through to when it lands on the recipient’s device. It can not be decrypted or read anywhere along the route, even by employees of the software company. It’s encrypted in their database and they don’t have a way to decrypt it. Only the intended recipient does. In a sense, end-to-end encryption creates an impenetrable universe. Everything within that universe is secure. There are no holes.

In contrast, products that are not encrypted or are only partially encrypted DO have holes. Parts of those products may be encrypted, but they do not form an impenetrable universe. They can be accessed and files read at various points along the way. If a hacker chose to, they could post the content on the internet or do anything else they wanted to with the information.

This issue comes up most often with email and texting, so we’ll discuss it within that context. Graphically, the two types of encrypted products can be depicted like this:

Why is 100% End-to-End Encryption Important?

HIPAA specifies that all healthcare apps must be encrypted. However, HIPAA does NOT indicate what kind of encryption is required. Because of this, software companies often correctly claim their product is HIPAA compliant even though it is only partially encrypted.* Because the Security Rule requires us to keep all PHI secure, if we choose to use one of these partially encrypted products and there’s a breach, HIPAA can and does impose fines and possibly other sanctions. We see this most frequently with email, but the rule is the same with all types of PHI: we’re responsible for keeping it secure. The authors of HIPAA realize that mistakes and oversights happen. They are not unforgiving. However, if a provider is using software that is either totally or partially encrypted, the way HIPAA views it is that the provider is willfully disregarding the law. For the provider to proclaim, “Oh! But I didn’t know that!” just compounds the issue. We are required to understand the laws pertaining to our profession. Claiming we didn’t know the product we were using was vulnerable could result in additional fines for not knowing. Which leads us directly into the question I was recently asked:

How Do You Tell if a Product is 100% End-to-End Encrypted?

Short answer is that it is not easy or obvious. Encryption happens behind the scenes. An end-to-end encrypted product looks exactly like a partially encrypted one to the end-user. The difference is under the hood, which isn’t easily discoverable, even by those in the know. The only thing we really have going for us is that companies are required to be transparent about what type of encryption they use. If their product is not 100% end-to-end encrypted, they must say so. However, this is often buried in the fine print because they’re trying to get sales. Admitting that their products are not 100% end-to-end encrypted is a turnoff to potential subscribers. For this reason, they come up with really compelling terms on the main pages of their sites. However, no other description really works here. Terms like “state-of-the-art,” “HIPAA-Compliant,” “endorsed by so-and-so,” and so forth don’t cut it. We need to know that our data is encrypted all the way through. We need to know that the company’s employees can’t access the content of our files. If you can’t find the term 100%-end-to-end encrypted somewhere on their website, write and ask them. The answer to this question should only be Yes or No. If they go into some long-winded explanation of how great their encryption is, you can probably assume that the answer is No.

I also wouldn’t put much stock in software companies that have various types of HIPAA Certifications posted on their websites. I’ve known of at least two software products that carried those certifications that had features that I knew were hackable. Although I do know a lot about this stuff, I’m not a trained security expert. If someone at my level of understanding was able to see vulnerabilities in those two products, it doesn’t give me much faith in the companies that were proclaiming them safe and HIPAA compliant.

How Integrated Products Fit into the Mix

In addition to the encryption piece, it’s also important to use products that are integrated. Integrated products are called by several different names. The most common ones are Electronic Health Record (EHR), Electronic Medical Record (EMR) and Practice Management System. Originally, each of these terms was defined differently. However, as time passed, lines of distinction – blurry to begin with – have become non-existent. Because of that, what you call it doesn’t matter much. But what it does is extremely important to understand. In addition to being more secure, a good integrated product will save you a lot of time and, in most cases, money.

You should expect two things from an integrated product:

  • It should be encrypted. If it’s not one of the 100% kind, find a different product.
  • It should be “integrated.” This means that each tool or feature the product has is integrated with all other features. So, for example, if your patient changes their name, you should only have to enter that change one time. This is very different from entering the change once on your demographics sheet, again in your email program, again for texting, billing, appointment reminders, video sessions, etc.

Some products add new features helter-skelter without actually integrating them. In another post, I’ve referred to those as three-room-house types of products, equating them with home remodeling that adds new rooms as required but doesn’t take the extra time to integrate them seamlessly into the whole. Those types of EHRs will cause you more headaches than they’re worth and may also have additional security risks than an integrated program will have.

The diagram below represents a well-integrated EHR. Everything within the orange box is secure. Also, the medical record of each patient is stored in one place. It’s all within the orange box. The database in the center integrates all features so that a change in one tool will be reflected in all:

The user in the next diagram has the same set of tools as the previous provider. However, this individual purchased them as separate products. They do not have an integrated package. Notice that a couple of the tools (Billing and Video) are encrypted within themselves, as represented by the orange borders. But the encryption of these products does not extend to any of the others. There is no “encryption universe” that keeps all tools secure.

In summary, end-to-end encryption is a must-have, in my opinion. Whether you also want an integrated product is up to you. However, we are required to keep medical records on each of our patients and, at times, must produce them. When a patient’s medical record is scattered among several different places – perhaps some digital, some paper, it’s up to you to pull it all together into one thing. Although it is theoretically possible to find ways to transmit data from one product to another and keep everything secure, it requires a fair amount of extra work. Also, it’s often quite difficult to figure out how to do it without introducing holes in the encryption. Finally, as part of our Security Policy, we’re required to document exactly how we ARE performing those transfers. With an EHR, the security work is done for you. The only thing you have to write up for your Security Policy is that you’re using XYZ EHR.

Interested in switching to an integrated product? PSYBooks checks all the boxes for being both well-integrated and secure. If you write and ask us if our email and texting features are 100% end-to-end encrypted, our answer will be Yes.

________________________
*Legally, only Covered Entities can be HIPAA-Compliant. Because of that, software can’t actually be HIPAA-Compliant. Common usage of “HIPAA Compliant software” refers to software that, if used correctly, enables the CE to be HIPAA-Compliant.

By |2023-05-08T14:21:46-04:00May 3rd, 2023|Current, HIPAA/HITECH, How To Choose an EHR, Why Use an EHR?|Comments Off on The Importance of End-to-End Encryption and Integrated Products

Share This Story, Choose Your Platform!

FacebookTwitterRedditLinkedInWhatsAppTelegramTumblrPinterestVkXingEmail

About the Author:

Susan C. Litton, Ph.D. holds degrees in both psychology and IT. In addition to being the developer of the PSYBooks EHR & Portal, she's been a practicing clinical psychologist in Decatur, GA, since 1985.

Related Posts

Stay in touch!

Quick Links

General Terms of Service

Date of Last Revision: April 26, 2024

Welcome to our website (“Website”). These General Terms of Service (“Terms”) apply to visitors to this website, as well as registered users of any and all offerings provided by PSYBooks™. PSYBooks, LLC (“PSYBooks” or “we” or “our” or “us”) is a Georgia Limited Liability Company whose principal place of business is located at 2944 Blackwood Rd, Decatur, GA 30033.

PSYBooks is the owner and operator of this Website. PSYBooks, via our Website, provides an electronic health record (“EHR”) software-as-a-service (“Service”) offering specifically designed for mental health practices and may, in the future, offer other tools for those in the mental health professions.

  1. Introduction
    1. Your use of PSYBooks’ products, software, services, servers and Website (referred to collectively as our “Service” in this document) is subject to the terms and conditions of a binding and enforceable agreement (“Agreement”) between you and PSYBooks, as defined herein. By using our Service you acknowledge and agree that you have fully read and agree to be bound by the provisions of this Agreement.
    2. PLEASE READ THESE TERMS OF SERVICE CAREFULLY AS THEY CONTAIN IMPORTANT INFORMATION REGARDING A USER’S LEGAL RIGHTS, REMEDIES AND OBLIGATIONS. THESE INCLUDE VARIOUS LIMITATIONS AND EXCLUSIONS, AND A DISPUTE RESOLUTION CLAUSE THAT GOVERNS HOW DISPUTES WILL BE RESOLVED. IT ALSO CLEARLY SPECIFIES THE MANNER BY WHICH ACCEPTANCE OF THIS AGREEMENT OCURRS. THE LIMITATIONS AND EXCLUSIONS CONTAINED HEREIN FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN YOU AND PSYBOOKS.
  2. General Terms
    1. The terms and conditions provided herein (the “General Terms”) have two broad sections. The first section applies to all users of our Service, including the public at large (“Users”). The second section applies to that subset of Users who register on our Service as a practitioner (“Subscribers”). Subscribers will also be asked to accept a Subscriber Agreement at the time they actually register. For the purposes of these General Terms, a Subscriber is defined as mental health provider who has registered on our Service and paid the subscription fee. “You” means an individual member of the consuming public that is using our Website, whether or not they are a Subscriber.
    2. The General Terms contained herein are included by reference in subsequent agreements entered into between PSYBooks and a Subscriber (“Subscriber Agreement”), and constitute the minimum terms and conditions controlling use of our Service. The term Agreement, as used herein, refers to these General Terms and to any agreement entered into between a Subscriber and PSYBooks that includes these General Terms by reference.
    3. Our Service and Website include all pages on our Website’s domain (www.psybooks.com) and all pages on any related sub-domains, all of which are controlled by this Agreement.

General Terms for All Users

The following terms are for all Users of our Website, including the public at large and Subscribers.

  1. PSYBooks Grants a Limited License
    1. All content on our Service, except for User Generated Content (“UGC” ) and Protected Health Information (“PHI”) as defined herein, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Information”), are the property of PSYBooks or its licensors with all rights reserved.
    2. If you meet the requirements of Eligibility, and have properly gained access to our Service as provided for in this Agreement, then you are granted a limited license to use our Service and the Information, and to download and print a copy of any portion of the Information for non-commercial use, provided that you keep all copyright or other proprietary notices intact.
    3. As pertaining to all the Information, excluding UGC and a Subscriber’s protected health information (“PHI”), you may not make available, in any form and by any mechanism, said Information on any public or private website or incorporate the Information in any other database or compilation.
    4. Any use of the Information, other than as set forth herein, is strictly prohibited. This limited license allows you to use the Information only for lawful uses in accordance with the foregoing and does not allow you to sell the Information, use the Information for commercial use, or use any type of data mining, robots, or similar data gathering or extraction methods on our Service.
    5. Absent prior written consent from PSYBooks, you may not copy or imitate any elements of our Service, including but not limited to, graphics, digital images, logos, sounds, images, and buttons protected by trade dress and other laws. Absent prior written consent from PSYBooks, you may not use framing, metatags, or hidden text techniques in association with our logo, trademark or other copyrighted or proprietary information.
    6. Unless expressly stated in this Agreement, or in a subsequent agreement entered into by PSYBooks and a Subscriber, nothing herein shall be construed as conferring any license to intellectual property rights, in any form or by any mechanism.
    7. The PSYBooks limited license is revocable at any time without notice and with or without cause, except as provided for in our Subscriber Agreement.
  2. Transmissions
    1. As defined herein, transmissions (“Transmissions”) may take the form of submissions, questions, comments, suggestions, ideas, feedback, notes, messages, emails, postings, letters, or other written materials about, or concerning, our Service, provided by you to PSYBooks, excluding UGC and PHI. You acknowledge that Transmissions by you to and from our Service may be non-confidential, and that others may read and/or intercept such Transmissions.
    2. PSYBooks has the right, but not the obligation, at its sole discretion, to review any Transmissions submitted to our Service and to edit or delete any Transmissions that violate any part of this Agreement. You hereby consent to PSYBooks’ collection and use of such Transmissions in accordance with PSYBooks’ then current Privacy Policy and acknowledge that submitting Transmissions to our Service creates no financial or fiduciary relationship between you and PSYBooks.
    3. By using our Service, you thereby assign all right, title, and interest, including the copyright therein, in all Transmissions, to PSYBooks. Accordingly, PSYBooks shall own all intellectual property rights in the Transmissions and shall be entitled to unrestricted use of the Transmissions for any purpose, commercial or otherwise, without acknowledgment, compensation, or liability to you. By submitting such Transmissions to our Service, you irrevocably waive all “moral rights” in such Transmissions.
  3. Links
    1. Our Service may include hypertext links to other websites over which PSYBooks has no control. PSYBooks makes no representations of any kind regarding the content on such websites or the content on any website linked to such websites or to any changes or modifications made thereto.
    2. You hereby acknowledge that by using any such hypertext links, you irrevocably waive any and all claims against PSYBooks regarding such websites and must adhere to the usage and privacy policies governing such sites. PSYBooks’ usage of links does not imply our endorsement, or sponsorship, of any such websites.
  4. Intellectual Property Rights of Third Parties
    1. PSYBooks respects the intellectual property rights of others and requires Users of our Service to do likewise. PSYBooks prohibits Users from making available, in whatever form and by whatever mechanism, content on our Service that infringes upon any party’s intellectual property rights.
    2. PSYBooks has the right to terminate the Account of any infringing Subscriber and will take steps to do so immediately upon proper notification and in compliance with applicable law. You acknowledge and agree that a violation of the intellectual property rights of others on our Service triggers the Indemnification as provided for herein.
  5. Trademark
    1. All trademarks used on our Service are the property of their respective owners and may not be used without permission therefrom.
    2. Whether or not specifically designated as such, www.psybooks.com and all other colors, graphics, logos, sounds, images, icons and buttons displayed on our Service are, or may be, trademarks of PSYBooks or its affiliates.
    3. Absent prior written consent from PSYBooks, you may not copy, imitate, or use any portion of these marks.
  6. Copyright
    1. PSYBooks will strictly comply with the requirements of the Digital Millennium Copyright Act, Title 17, United States Code Section 512(c)(2) (“DMCA”). If you believe your copyright has been violated by any content on our Service then you may send a written notification of such infringement to our Designated Agent as set forth below.
    2. PSYBooks has designated an agent to the U.S. Copyright Office to receive notifications of alleged copyright infringement relating to our Service. You must submit all such notifications, in a manner consistent with the DMCA, to PSYBooks’ Designated Agent. Likewise, if you believe that your copyrighted content has been erroneously removed from our Service, you must send a counter notification to PSYBooks’ Designated Agent in a similar DMCA compliant manner.
    3. Send all DMCA compliant notifications to:

      DMCA Notification: PSYBooks, LLC

      Designated Agent: Susan Litton

      2944 Blackwood Rd

      Decatur, GA 30033

      Email: susan@psybooks.com

      Phone: 770-441-6361

  7. User Conduct Restrictions: Impermissible Use and Activities
    1. You agree not to use our Service to transmit data or code which: (1) is unlawful, threatening or abusive; (2) encourages criminal or other activity that would reasonably give rise to civil liability or otherwise violate any local, state, federal, or international law; (3) contains false or misleading information; (4) inhibits another User from use or enjoyment of our Service; (5) is defamatory, libelous or otherwise unlawful; (6) contains a virus or surreptitious code; (7) contains any type of commercial component or advertising; or (8) allows for the harvesting of email addresses or other contact information, or the harvesting of information of any kind.
    2. Furthermore, you agree not to use our Service to engage in the following kinds of activities: (1) transmit, upload, post, store, and share content of any kind, and by any other mechanism, that you are not the lawful owner or licensee of; (2) register for more than one Account or register an Account in the name of another; (3) impersonate a person or entity or make misrepresentations regarding affiliations of any kind; (4) engage in any kind of behavior that can reasonably be construed as SPAMMING; (5) engage in any behavior likely to cause harm to PSYBooks, our Service, its Users, or to the public at large; and (6) upload any UGC that is sexually explicitly or contains pornographic content, a determination that will be made at PSYBooks sole discretion.
  8. Data Collection
    1. Your Transmissions are subject to PSYBooks’ Privacy Policy. By using our Service you agree to review PSYBooks’ Privacy Policy and to be bound by its terms and conditions. From time to time PSYBooks may change its Privacy Policy without notice to you, other than that provided for in the Policy. Your continued use of our Service, after the posting of any changes to said Policy, shall constitute your agreement and acceptance of such changes.
    2. PSYBooks does not knowingly collect personally identifiable information (or information of any other kind) directly from anyone under the age of 18, with or without parental consent, for its own use. If you have a good faith belief that PSYBooks has inadvertently collected such information, please contact PSYBooks at support@psybooks.com. PSYBooks will take immediate steps to remove such information from our Service and from any databases under PSYBooks’ control.
  9. Governing Law
    1. The laws of the State of Georgia, United States of America, shall govern this Agreement, as well as PSYBooks’ Privacy Policy, notwithstanding any principles of conflicts of law.
    2. You agree that any action at law or in equity arising out of or relating to this Agreement, or PSYBooks’ Privacy Policy, other than those disputes or claims subject to Arbitration as enumerated below, shall be filed only in state or federal court located in the State of Georgia, in a venue sitting, or most proximate to, DeKalb County, and you hereby irrevocably and unconditionally consent and submit to the exclusive jurisdiction of such action.
  10. Arbitration
    1. Any claim or controversy arising among or between the parties hereto pertaining to our Service, or any claim or controversy arising out of, or with respect to, any matter contained in this Agreement, or any differences as to the interpretation or performance of this Agreement, other than those wherein either party has infringed or threatened to infringe the other party’s intellectual property rights, or wherein you have violated our User Conduct Restrictions, shall be settled by arbitration in the State of Georgia. Such arbitration shall be before three arbitrators of the American Arbitration Association (the “AAA”) under its then prevailing rules.
    2. Intellectual property rights, as defined herein, include patent, copyright, trademark or trade secrets. You and PSYBooks jointly acknowledge that arbitration is not an adequate remedy at law for actual or threatened infringement of either party’s intellectual property rights. Therefore, it is agreed that injunctive or other appropriate relief may be sought under these circumstances.
    3. In any arbitration involving this Agreement, the arbitrators shall not make any award that will alter, change, cancel or rescind any provision in this Agreement, and their award shall be consistent with the provisions of this Agreement. Any such arbitration must be commenced no later than one (1) year from the date such claim or controversy arose, or the claim is waived.
    4. The award of the arbitrators shall be final and binding and judgment may be entered thereon in any court of competent jurisdiction.
  11. Severability
    1. If any portion of this Agreement or of PSYBooks’ Privacy Policy is determined by a court of competent jurisdiction to be unlawful, void, or unenforceable, that portion will be deemed severable and will not affect the validity and enforceability of any remaining provisions hereof.
  12. Entire Agreement
    1. This Agreement contains all of the terms and condition agreed to by you and PSYBooks with respect your use of our Service. It supersedes all prior agreements, arrangements and communications between the parties dealing with same, whether oral or written.
  13. Definitions and Constructions
    1. Unless otherwise specified, the terms “includes,” “including,” “e.g.,”, “for example, and other similar terms are deemed to include the term “without limitation” immediately thereafter.

General Terms for Subscribers

The following Terms are for Subscribers to our Services. These Terms are in addition to the Terms in the Subscriber Agreement which must be accepted when you register.

  1. Acceptance and Modifications
    1. PSYBooks reserves the right to change or revise this Agreement at any time by posting a notification on our Website. PSYBooks, at its sole discretion, may provide a Subscriber notification via other mechanisms, but is not required to do so.
    2. You are required to affirmatively accept this Agreement when becoming a Subscriber by reading this Agreement and clicking “I Agree.” As a Subscriber, you are also required to affirmatively accept any future revisions to this Agreement in a similar manner. PSYBooks maintains a record of acceptance for each Subscriber, including the version of this Agreement accepted by you whenever you click “I Agree.”
    3. PSYBooks will notify you of revision dates to this Agreement by posting the “last revised date” preceding the first paragraph of this document. The revised Agreement will take effect immediately after it has been posted on our Website.
  2. Eligibility
    1. PSYBooks requires, and enforces, strict compliance with our eligibility (“Eligibility”) requirements, as defined herein. Our Service is not intended for individuals under the age of 18. It is intended solely for members of the consuming public that are of legal age and meet the definition of a qualified Subscriber. Registration on our Service is reserved for qualified Subscribers or their respective agents, and therefore, registration by any other person or entity is strictly prohibited, unauthorized, unlicensed, void, and in violation of this Agreement.
    2. By registering on our Service you assert and warrant that you are doing so for the purpose of using our Service as a qualified Subscriber. Registration for any other purpose violates this Agreement and is strictly prohibited. By registering on our Service you further assert and warrant that you are of legal age and possess the legal capacity to enter into this Agreement on behalf of the entity you represent.
  3. Account Registration
    1. As a Subscriber you are required to provide us accurate, current, reliable and otherwise valid data when completing the registration forms that establish your account (“Account”) on our Service and you agree that such data must be kept current and revised in a timely manner when events occur that may alter its validity.
    2. As a Subscriber you agree that you are solely responsible for the data and activities related to updating and maintaining your Account, notwithstanding the fact the PSYBooks may, for technical or other reasons, assist you in making changes to your Account at your direct request, and after proper authentication.
    3. Registration on our Service requires you to maintain security credentials that allow you access to your Account. These credentials include a user identifier and a corresponding password. You may also be required to establish additional credentials should PSYBooks deem them necessary to protect the integrity of our Service. You agree that you are responsible for maintaining the confidentiality of said credentials.
    4. You acknowledge and agree that PSYBooks is a Business Associate and that Subscriber is a Covered Entity as the terms are defined under 45 CFR §160.103 Definitions of the HIPAA regulations. You further agree that by registering to use our Service you will have to enter into a Business Associate Agreement (i.e. included as part of the Subscriber Agreement) with PSYBooks during the registration process.
  4. User Generated Content
    1. You retain all ownership rights to content of which you are a lawful owner or licensee (“User Generated Content” or “UGC”), including any protected health information as defined in CFR § 160.103 of the HIPAA regulations, and which you make available on our Service via whatever mechanism PSYBooks provides, excluding such items defined as Transmissions herein, and subject to any other rights granted to PSYBooks under this Agreement.
    2. By submitting UGC to our Service, you grant PSYBooks a nonexclusive, worldwide, transferable and fully paid license to copy, crop, reproduce, reformat, translate, publicly display, excerpt (in whole or in part) and distribute your UGC for any purpose, commercial or otherwise (“Limited UGC License”). In addition, the Limited UGC License you grant includes rights that allow PSYBooks to create derivative works, or incorporate your UGC into other works, as PSYBooks sees fit. The license granted PSYBooks herein does not permit PSYBooks to use the Covered Entity’s PHI in a manner that violates the HIPAA Privacy Rule or the Business Associate Agreement entered into between the parties.
    3. PSYBooks acknowledge and agrees that the Limited UGC License granted may only be used by PSYBooks within the context of its Service and consistent with the Business Associate Agreement entered into between the parties.
    4. The Limited UGC License expires when you remove your UGC from our Service. However, PSYBooks requires, and you acknowledge and agree, that PSYBooks may retain archived copies of said UGC in order to meet the requirements of applicable law and for other business reasons that PSYBooks may have to maintain such archives. You acknowledge and agree that this Limited UGC License does not terminate if you have shared your UGC with other Users and said Users have not deleted your UGC.
    5. You represent, warrant, and guarantee that you have the full right, ability, and authority to make available to our Service, by whatever mechanism PSYBooks provides, your UGC. You further represent, warrant, and guarantee that by making available any UGC on our Service, you are not violating any obligation owed by you to any third party, including without limitation, obligations of confidentiality, privacy, attribution or any intellectual property rights including, but not limited to, rights related to patent, trademark, copyright, or trade secrets.
  5. Indemnification
    1. You agree to defend, indemnify, and hold PSYBooks, its parents, subsidiaries, affiliates, officers, agents and employees, its suppliers and their respective affiliates and agents harmless from all claims, liabilities, damages, and expenses (including attorneys’ fees and expenses) arising out of or relating to your use of our Service, including but not limited to: (1) your submission to our Service of any Transmission; (2) your alleged breach of this Agreement; or (3) your infringement of any intellectual property or other right of any person or entity.
    2. PSYBooks acknowledges and agrees that the indemnification sought in 20.1 is limited to acts that are directly or indirectly under your control regarding your use of, or inability to use, our Service, and does not extend beyond that.
  6. Limitations of Liability
    1. IN NO EVENT SHALL PSYBOOKS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM YOUR USE OR INABILITY TO USE OUR SERVICE; OR FOR THE LOSS OF PROFITS OR DAMAGES THAT MAY RESULT FROM THEFT, DELAYS, OMISSIONS, INTERRUPTIONS, DELETION OF FILES, ERRORS, DEFECTS, VIRUSES, FAILURE OF PERFORMANCE, DESTRUCTION OR UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF USE, PROFITS, DATA OR OTHER INTANGIBLES WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE); OR OTHERWISE, EVEN IF PSYBOOKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    2. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF IMPLIED WARRANTIES OR EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES. IN SUCH CASES, THE ABOVE LIMITATION OF LIABILITY MAY NOT APPLY TO YOU. TO THAT EXTENT, PSYBOOKS’ TOTAL LIABILITY TO YOU FOR ALL LOSSES, DAMAGES, AND CAUSES OF ACTION SHALL NOT BE GREATER THAN THE TOTALITY OF PAYMENTS MADE BY YOU TO PSYBOOKS IN EXCHANGE FOR ALLOWING YOU TO USE OUR SERVICE DURING THE PAST THREE MONTHS PRIOR TO THE COMMENCEMENT OF ANY LEGAL ACTION OR PROCEEDING, OR $100.00 USD, WHICHEVER IS LESS.
  7. DISCLAIMER
    1. YOU ACKNOWLEDGE THAT OUR SERVICE AND THE INFORMATION THEREIN ARE PROVIDED ON AN “AS IS” BASIS AND THAT PSYBOOKS MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, REGARDING OUR SERVICE OR THE INFORMATION. PSYBOOKS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
    2. BY USING, OR ATTEMPTING TO USE, OUR SERVICE, YOU EXPRESSLY ACKNOWLEDGE THE FOLLOWING:
      1. THE INFORMATION COULD INCLUDE TECHNICAL INACCURACIES AND/OR TYPOGRAPHICAL ERRORS;
      2. PSYBOOKS DOES NOT REPRESENT OR WARRANT THE TIMELINESS, RELIABILITY, COMPLETENESS, OR ACCURACY OF THE INFORMATION; AND
      3. PSYBOOKS DOES NOT REPRESENT OR WARRANT THAT OUR SERVICE OR ANY RELATED SERVERS ON WHICH IT RESIDES ARE FREE OF ERRORS OR VIRUSES OR OTHER POTENTIALLY DAMAGING CONTENT.
    3. PSYBOOKS MAY PERIODICALLY MAKE CHANGES TO ANY SERVICE CONTENT, INFORMATION, FEATURES OR FUNCTIONS. PSYBOOKS RESERVES THE RIGHT TO IMPLEMENT SUCH CHANGES AT ANY TIME WITHOUT NOTICE TO YOU, OTHER THAN THAT WHICH IS SET FORTH IN THIS AGREEMENT.
    4. UNLESS SPECIFICALLY INDICATED IN WRITING TO THE CONTRARY, NO REFERENCE IN OUR SERVICE TO ANY PRODUCTS, PROCESSES, SERVICES OR OTHER INFORMATION BY TRADE NAME, TRADEMARK, MANUFACTURER, SUPPLIER, OR OTHERWISE, SHALL CONSTITUTE OR IMPLY PSYBOOKS’ ENDORSEMENT OR SPONSORSHIP THEREOF.
  8. Termination
    1. Either you or PSYBooks may terminate this Agreement. You may terminate this Agreement by destroying all materials obtained from our Service, except for UGC and, if you are a Subscriber, by providing a termination notice to PSYBooks at support@psybooks.com. PSYBooks may terminate this Agreement immediately, without notice for any reason, or no reason, other than as provided for in our Subscriber Agreement, and reserves the right to block or prevent your future access to our Service.
    2. Should you or PSYBooks decide to terminate this Agreement then PSYBooks will prevent access to your Account on our Service. PSYBooks agrees to make a good faith effort to resolve an outstanding dispute between PSYBooks and a Subscriber, if any exist, prior to termination. PSYBooks, at its sole discretion, may restore access to your Account if the dispute has been resolved to its satisfaction.
    3. You acknowledge and agree that termination of this Agreement by either party pertains solely to your use of our Service, and has no effect on other contractual obligations that may exist between the parties, which remain in full force and effect.

Privacy Policy

Date of Last Revision: April 26, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.

Business Agreement

Date of Last Revision: April 26, 2024
  1. Introduction
    1. PSYBooks, LLC (collectively “PSYBooks” or “us” or “our” or “we”) is the owner and operator of www.psybooks.com and any related sub-domains (the “Service”). This privacy policy (“Privacy Policy” or “Policy”) applies to the Service in its entirety but does not apply to entities that PSYBooks does not own or control.
    2. PSYBooks is committed to the privacy and protection of information provided to us by our users. This includes any information provided to us through our Service, including any information submitted to us through various forms and through other mechanisms. By using our Service you are accepting the privacy practices contained in this Policy.
    3. The purpose of our Privacy Policy is to inform our users regarding the information that we collect, utilize, and share. If you have any questions about our Privacy Policy, or our privacy practices in general, please contact us using the contact information provided below:

    PSYBooks, LLC

    Privacy, c/o PSYBooks Privacy Officer

    2944 Blackwood Rd

    Decatur, GA 30033

    Email: susan@psybooks.com

    Phone: 770-441-6361

  2. Information Collected About You
    1. There are various types of information that PSYBooks collects about you when you register with, interact with, or otherwise use our Service. Some of this information is provided voluntarily by you and other information is provided through automated processes under PSYBooks’ control.
    2. Information Provided By You: In addition to personally identifiable information (“PII”) provided during the PSYBooks subscription process, you may also provide us PII during the following non-exhaustive list of representative classes of interactions on our Service:
      1. requesting customer support and sending PSYBooks similar communications;
      2. making payments to PSYBooks for various offerings;
      3. signing up for PSYBooks email alerts, newsletters, and similar special offers;
      4. responding to PSYBooks surveys and other special information requests; and
      5. communicating with PSYBooks regarding our compliance with applicable law.
    3. Information Provided By Automated Processes: PSYBooks may automatically collect non-PII pertaining to you when you use our Service including, but not limited to, when you use our Service via mobile and other access devices. PSYBooks may use cookies, web beacons, log files and similar methods to collect non-PII:
      1. A cookie is data stored in a small text file on your local access device that contains data about you. The information in the cookie is used to uniquely identify you and other users of our Service. The cookie may contain a token linked to our databases in order to provide you an enhanced feature set. It identifies a particular user at a particular point in time;
      2. A web beacon is used to enable communications with third parties. It is a small image in an HTML page with all dimensions set to one (1) pixel. Because of its insignificant size, it is not visible. It is used to pass certain non-PII anonymously to third-party sites, usually advertisers;
      3. A log file is a system created file that captures certain interactions between you and our Service.
    4. Non-PII Reservation of Rights: PSYBooks reserves the right to adopt alternative methods for collecting non-PII consistent with the provisions of this Policy and without providing further notification to you, other than what is contained herein.
  3. Implications Regarding Collected Information
    1. Consent Regarding Data Storage and Transfer: Your use of our Service implies your consent to have your PII and non-PII (“Data”) (i.e. any data provided by you to PSYBooks via our Service or through other mechanisms) stored, transferred and processed within the United States, or in any other country in which PSYBooks or its affiliates, subsidiaries or agents maintain facilities. By providing us with your Data and using our Service you consent to any such transfer of Data outside of your country of origin, at PSYBooks’ sole discretion.
    2. Control and Access to Data: PSYBooks respects both the need for you to control your Data and our users’ need for sharing it with us, especially regarding the protected health information (“PHI”) of patients. PSYBooks is diligent in ensuring that it has implemented appropriate administrative, technical, and physical safeguards to prevent the unauthorized or unlawful use of your Data, and to prevent any accidental loss, destruction, or damage to such information.
    3. Use of Data Collected: PSYBooks is the sole business owner of the Data (i.e. as represented by the aggregate content and arrangement of the information collected about you or your patients on our Service) and will not sell, rent or share the information collected in a manner that differs from what is disclosed in this Policy. PSYBooks collects this information in order to:
      1. accomplish the objectives of our Service;
      2. provide you with a high quality user experience on our Service;
      3. offer you a personalized feature set on our Service; and
      4. to improve our Service.
    4. Sharing of Data in General: PII or PHI provided by you will not be shared with third parties, without your permission, for any purpose other than those enumerated below. PSYBooks, in its sole discretion, reserves the right to share with third parties aggregated non-PII for the purpose of compiling information that is relevant to our business interests. PSYBooks, in its sole discretion, reserves the right to disclose any information that it obtains through our Service to appropriate governmental or regulatory authorities or governmental agencies, if required by law. PSYBooks, in its sole discretion, may share any information collected, stored and processed, if it has a good faith belief that to do so is reasonably necessary to:
      1. enforce our Terms of Use;
      2. detect, investigate and otherwise address fraud, security or technical breaches or related matters; or
      3. protect against imminent harm to the rights, property, or safety of PSYBooks, its users, or the public at large, as required or permitted by law.
    5. Sharing of Payment Data: PSYBooks may share transaction information with our third party payment processor (“Payment Processor”) when you pay for or renew your Subscription to our Service. The information shared with our Payment Processor is limited to the information required by our Payment Processor to complete the payment transaction. PSYBooks does not capture or store the financial information provided by you to our Payment Processor. PSYBooks only stores the results of said transactions as provided via notifications from our Payment Processor to us upon the completion of a payment transaction.
    6. Sharing of Data with Other Third Parties: In addition to disclosing information to our Payment Processor, PSYBooks may disclose your personal information or PHI to other third-party service providers (“Providers”) who perform services on our behalf. Examples of such Providers may include, but are not limited to, data storage and web hosting companies, as well as consultants we may engage for various reasons. PSYBooks requires Providers to use and protect your personal information consistent with the provisions of this Policy. PHI will only be shared with business partners with whom PSYBooks has a Business Associate Agreement, as required by applicable law.
  4. Security of Information
    1. Any information sent by you to PSYBooks through Internet email or through our Service may not be secure and is therefore done on a non-confidential basis and at your own risk. Once such information is received, PSYBooks takes appropriate security safeguards to prevent its unauthorized use, alteration, disclosure or destruction. These safeguards include periodic review of our internal processes, and benchmarking of same with industry best practices.
    2. Access to PII or PHI is restricted to PSYBooks employees, contractors, and agents on a need to know basis. Such individuals are generally bound by confidentiality agreements and may be subject to termination and criminal prosecution should they fail to comply as required by said agreements and/or with the contents of this Policy.
  5. Data integrity
    1. PSYBooks processes PII only for the purposes for which it was collected and in accordance with the provisions in this Policy. Reasonable steps are taken to ensure the quality of the PII that PSYBooks collects, processes, and stores. PSYBooks depends on its users to keep their PII current and accurate. PSYBooks conducts periodic reviews to ensure that only the PII required by our Service is captured and used consistent with the provisions of this Policy. The maintenance of data integrity is a joint collaborative effort between PSYBooks and our users.
    2. PSYBooks may delete Data, from time to time, upon the request of an individual user. PSYBooks requires that a user present proper credentials for authentication before honoring all such requests. Good faith attempts are made to work with individual users regarding Data related issues. PSYBooks reserves the right to refuse such requests when they prove unduly burdensome and/or are impractical. PSYBooks will not delete Data required to be kept by applicable law or Data otherwise required by PSYBooks for legitimate business reasons.
  6. Choices Regarding PII
    1. Should PSYBooks decide to use PII or PHI other than for the purpose originally collected, PSYBooks will do so only with your consent. You will be given the opportunity to opt out of any such use. Should PSYBooks become involved in a sale, acquisition, or any form of transfer of some or all of its assets, then PSYBooks will provide notice to you before your PII or PHI is subject to a new or different privacy policy.
    2. You always have the option of contacting PSYBooks should you have questions regarding your PII or PHI. Please contact PSYBooks using the contact information provided above.
  7. Protecting Children

    PSYBooks restricts the use of our Service to individuals of legal age and above. PSYBooks does not knowingly collect or solicit PII from anyone under the age of 18, with or without parental consent.

  8. Links

    Our Service may contain hyperlinks to third-party websites that may collect or solicit information. Our Privacy Policy does not cover information collected or solicited by these third-party websites. PSYBooks is not responsible for the privacy practices of such sites. PSYBooks users are encouraged to pay attention when they leave our Service and to read the respective privacy policies of each website that collects personally identifiable information. This Policy only applies to information provided by you to PSYBooks via our Service or through other mechanisms.

  9. Enforcement

    Because we are committed to protecting our users’ PII and PHI, PSYBooks conducts periodic reviews of our internal processes to ensure that we remain in compliance with this Policy. We will cooperate with the appropriate authorities to resolve any user complaints regarding the transfer of PII or PHI. PSYBooks will initially try to resolve the complaint with the individual user. Formal complaints should be sent to PSYBooks using the contact information provided above.

  10. Policy Changes

    In the future, we may make changes to our Privacy Policy to reflect changes in our privacy practices and/or changes to our Service. PSYBooks’ goal is to keep our users aware of what information we collect, use, and under what circumstances, if any, we disclose it. When changes are made to this Policy the “last updated date” will be modified accordingly. If changes are made to our Privacy Policy then PSYBooks will provide notification on our Website. In addition, further notification will be provided to users that have registered with our Service.