Especially with a shift to a more “online world”, privacy and security have been hot topics as of late. It’s so hard knowing if you’re secure enough and if there are any gaps that you may not be thinking about, so we wrote up this guide to go over a few best practices with Jane and in your clinic in general to help you keep privacy and security at the forefront of your business!
We’ve broken this guide up into two majors parts - setting up your accounts securely and day-to-day best practices.
Setting Up Your Account Securely
Setting a Strong Password and Following Password Best Practices
When you’re signing into your new profile for the first time, you’ll need to set a username and password. Your username can be your email address or a unique username, but the password is probably the most important (and tricky!) part. There’s so many recommendations around passwords that seem to change constantly, so we’ve written up a guide that goes over our recommendations so you don’t have to guess. You can check out that guide here: Password Best Practices
As well as going over the foundations for a good password, this guide linked above talks about a really helpful tool called a password manager, which helps you to store passwords securely and sometimes even generate passwords. Be sure to check the guide out, if this information is new for you!
Individual Profiles and Access Levels
Now that you’re all signed in, it’s time to start setting up! If you’re not a solo practitioner, one item on your to-do list is creating profiles for each user that will need access to your account.
We often hear of clinic users sharing profiles, especially admin profiles, and it seems like one of the most common reasons is cost. But, admin profiles in Jane are actually free! As long as the user doesn’t have a schedule or appointments booked with them, there is no charge for these profiles.
Another common reason we hear is to allow staff members to sign in as the account owner to update the credit card on file or make changes to the subscription, but allowing this does enable staff to make changes that may not be wanted, even unintentionally.
So keeping all of this in mind, let’s talk about the benefits of having a unique profile for each user in your account:
- Everyone has access to only what they need. Each profile has an “access level” set which dictates what that user can see and do within the account. If you’re not familiar with the different access levels, feel free to check out our guide on Staff Access Levels.
- Diving a bit deeper, setting up staff with the lowest level of access they need for their day-to-day responsibilities is known as the concept of “least privilege”. This is a common security practice, and in fact, it’s one that we aim for within our team as well!
- Jane keeps a thorough history of changes made within the account, like the history of an appointment booked as well as charts and reports accessed and exported. If users each have their own profile, this ensures that these logs are accurate. For example, let’s say that an appointment booked into your schedule is booked at a time that makes you wonder if it was accidentally booked there. As long as everyone uses their own profiles, you can check the History & Status area of the appointment to see who made that change so you can ask them about it
While it’s fairly common to have your office manager or admin listed as the Account Owner for convenience’s sake, it’s not actually the most secure setup.
The Account Owner listed in Jane needs to be the person who is the legal custodian of the data stored within the account. This person is also the only one who can make changes to your subscription and authorize data transfers or exports.
Think of Jane as a person who runs one of those self-storage places. We’ll keep your stuff safe, but as far as we’re concerned everything inside the unit belongs to whoever’s name is on the lease. If your admin is listed as the Account Owner and they leave the practice, we don’t have the authority to say they weren’t the owner of the data in your Jane account. And that means it can take a while to get you that access back.
🔍 Where Do I Check Who The Account Owner Is & How Can I Change It?
If you are a Full Access user or the Account Owner, you’ll be able to head into Settings and choose Staff Permissions. Whoever is listed as the owner will have a black badge saying, ‘Account Owner’ next to their name.
If that badge is next to the wrong name, here’s what you can do:
- Step One: make sure that the actual Account Owner has a staff profile set up with an active email, username, and password and is able to access the Jane account. This is important! If they aren’t able to access Jane when you transfer ownership to them, no one in the account will be able to access those important permissions.
- Step Two: if you are listed as the Account Owner in error, click the blue Transfer Ownership text next to the correct person’s name. If you should be listed as the Account Owner and aren’t, you can ask whoever is currently listed to Transfer Ownership to you.
Picture this: you’ve signed in to the computer at the reception desk, but you’re called out of the room suddenly and forget to sign out. During that time, anyone (a colleague, patient, or potentially even someone walking by your clinic) could access your device and everything accessible on your profile. Yikes!
Knowing that it’s all too easy to forget to log out, you can enable auto-logout in your Jane account and this setting will effect all staff members within your account. In Settings > Clinic Info & Locations, you can set auto-logout for a minimum of 10 minutes or a maximum of 1 week depending on your preference:
Using Jane More Securely Day-to-Day
Now that you’re an expert in setting up your account securely we can talk about good day-to-day practices to follow. Like seeing your dentist regularly, maintaining the privacy and security of your account and data is something that should be done preventatively rather than reactively. After all, isn’t it better to prevent the cavity than to have to treat it later?
Keeping this in mind, here are a few day-to-day practices that can help:
Signing Out When Away from the Computer
While you can set up auto-log out like we talked about above, one of the simplest (but also easiest to forget!) best practices is signing out when you walk away from the computer. There are a few reasons for this:
- It would prevent any unauthorized user from accessing Jane/your device while you’re away
- It ensures that if you’re using a shared device, like a computer at the reception desk, that no one makes changes while signed into your profile
Using Privacy Mode
You might have looked at your schedule one day and thought “where are all of my patients’ names!?” No need to panic, you very likely enabled privacy mode!
So what is privacy mode? Let’s say you have a patient in the room and you’d like to open their chart while you chat with them, but of course you can see all of those names in your schedule on the left side of your day tab! To manage that, you can use privacy mode to blur the patient names on your screen.
You can enable this by clicking your name in the top right corner of Jane and choosing Enable Privacy Mode, or by hitting Shift and P on your keyboard. And to be clear, you can use Privacy Mode on your phone or tablet as well!
If you’re interested in learning more, we have a guide that talks about this feature along with a few other privacy-related settings you may find helpful: Patient Privacy
Still Have Questions?
Have any questions about these recommendations or anything else related to security or privacy? Feel free to email Privacy and Security Support at firstname.lastname@example.org and we’d love to clarify anything you’re unsure on!