Security and Encryption – Delve Psychotherapy of Chicago

This page will go over some file security and encryption expectations and requirements. I know that tech can be scary for some. If you’re lost during any part of this, fret not! You can always reach out to Adam for some support.

It is up to each provider and worker to protect client records and confidentiality beyond the requirements listed herein. The expectations listed herein are absolute expectations but are not meant to be exhaustive.

Paper

All employees and contractors should have a shredder that specifically does cross-cutting. These are purchasable for around $30. If you do not have access to a shredder, you must not write pertaining to a session or a client on any paper whatsoever. Any documents that are meant to be included in a client’s medical record should be uploaded to simplepractice. All other documents should be shredded regularly. Please take document security seriously. Any documents containing PHI that are not a part of the medical record that you intend to keep for some period of time must be locked in a locked cabinet, drawer, briefcase or similarly secure (locked) container. If you write in a journal, those entries do need to be shredded.

Email and Phone

You must only email clients from the secure email address provided to you by Delve.

Most client conversation should be directed to the secure messaging platform on simplepractice.com. If a client persists in emailing you (especially clinically relevant content), please direct them to use the secure messaging platform. Your messages to clients should, almost exclusively, be sent through the secure messaging platform. Once the client is loaded into simplepractice, please use the secure messaging platform on simple practice.

Do not call clients from your personal cell. Use the google voice number provided. To do so, log into contact@delvepsych.com and place your call using the google voice app and browser page.

Encryption

To ensure maximum security, we need to secure two forms of encryption. The first is drive encryption on your computer. Essentially, this encrypts your hard-drive such that malicious outside observers will have a harder time accessing the information stored on your computer. Click the links below to access instructions.

Instructions for Mac
Instructions for PC

The second form of encryption is wi-fi encryption. Most routers, by default, will select a form of communication that is encrypted (usually WPA2). We just need to confirm that this encryption is in place.

You, first, need to log into your router. Exactly how one does this is a little different for each router manufacturer.

Step 1: Find your default gateway. Xfinity usually uses 10.0.0.1. On PC you can find your default gateway address by hitting WINDOWS+R –> Type Cmd (hit enter; This opens a command prompt) –> type IPConfig –> Look for “Default Gateway” and record that value. Here are some mac instructions. If you’re still stuck, check in with Adam.

Step 2: Type your default gateway into a web browser (like google chrome). This will take you to a router login page. Xfinity’s default credentials are usually admin::password (as in, the username is “admin” and the password is “password). If you have another router, you may need to lookup your default login. It’s possible that you changed the login credentials. It is also possible that the router will need to be reset to allow you to create a new router login setup (talk to Adam before resetting anything).

Step 3: Once you’re into your router, you want to find where your Wi-Fi settings are listed. If you see something (usually near “security” listing WPA2, you have an encrypted connection.

Update the asset list

We need a record of every device you use that may access PHI. This includes laptops, network equipment, cell phones, printers, and tablets. To update the asset list, go to THIS LINK. You’ll need to request access. You’ll see a list of other employee’s assets. Follow the pattern you see in the other rows as an example for how to enter your devices into the list. If you are confused, let me know. For network devices, use file-level encryption if you confirmed you have a WPA2 connection (from above). Almost all modern cell phones are encrypted at the disk level (if you have an older phone, chat with Adam).

You MUST have encryption enabled and confirmed for laptops, tablets, phones, and network equipment. Do not complete the attestation until you have confirmed that this encryption is in place.

File deletion

Files should not be kept on your computer long term. If it is something needed for client records, upload it to the client’s file on simplepractice. If it is something related to your work that doesn’t contain PHI, save it in your google drive.

Videos (used for training purposes) need to be deleted regularly (at least quarterly) and should not stay on your physical hard-drive long term.