Online security FAQ
We trust Jane
If you’d like to learn more about Jane’s privacy and security standards, practices, and certifications, you can head to their Security and Trust homepage to learn more.
Where is Jane Data Stored?
Jane Data is stored on secure SOC 2-audited servers on proper data centres, depending on the location you choose for your Jane account when you sign up.
- Canada: Montreal, Quebec
- United States and Cayman Islands: Portland, Oregon
- Australia, New Zealand, and Singapore: Sydney, Australia
- UK and Europe: London, England
- Rest of world: Montreal, Quebec
How is Jane Data Secured?
Jane Data is encrypted using 128 bit encryption when sent between your device and our servers, and stored with 256 bit encryption (in the same way as your banking information would be).
How is Jane Data Accessed?
Administrators, practitioners and patients each access Jane using their own account secured by a username and password. Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
How is Jane Data Backed-up?
Jane uses mirrored database servers (which act as real-time backups) so in the unlikely event that something happens in data centre, Jane can flip over immediately to use the other database server. Jane also performs nightly off-site backups, just as an additional precautionary measure.
How is Chart Access Tracked?
Jane offers a user-activity report to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.
Who owns Jane Data?
There are two levels of privacy to consider with Jane. The Account Information we collect from our Account Owners to open their Jane account (such as clinic name and information and credit card number for billing) and the Patient Data that our clients collect (such as patient name, demographics, and medical information for chart entries). Our privacy policy talks about the former which you can read here.
Patient data (charts, patient profiles, appointment history etc) is always owned by you, our customer. So what that means is that Jane acts as an agent storing patient data on behalf of our customers. The account owner (you) retains ownership of all patient data.
Still Have Questions?
Have any questions about this guide or anything else related to security? Feel free to email Privacy and Security Support at security@jane.app and we’d love to clarify anything you’re unsure on!
List of security features
Here’s a list of Jane’s most-asked-about privacy and security features:
Privacy Policy and Terms & Conditions
When you open an account with Jane, you agree to our Privacy Policy and Terms & Conditions. These documents represent our agreement with you on how Jane will properly handle the health information for which you are the custodian.
Encryption & Secure Data Transfer
Anytime you transfer data from your computer to Jane, the information is encrypted with the same level of security as your bank uses to transfer information. Read more here: Security FAQ.
Secure Server Bank
Jane has a private server bank located in a secured SOC2, Type2-certified data center, and all data is backed up regularly on secondary servers.
Zero Credit Card Data in Jane
Jane never stores a client’s plain credit card information directly on Jane’s servers. When you enter a credit card in Jane, Jane instantly transfers that data to one of our payment processing partners through encrypted transfer. Our PCI-compliant payment processing partners store that information for Jane. The default behaviour of these partners is to store the credit card information so that refunds can be processed.
Our partners for payments have been very carefully chosen, and they use the same 128-bit encryption as the big banks around the world. They send Jane back an encrypted key (a token) which represents the credit card so that Jane can continue to bill against that card if the customer wishes, but note that this token can’t be used outside of Jane. The only information that Jane stores about the credit card are the last 4 digits and the expiration date so that the customer will know which card they gave you.
More info here: Is Jane PCI-Compliant?
Unique User ID & Password Required
Administrators, practitioners and patients each access Jane using their own account secured by a unique User ID and Password. Account owners can control access permissions for each user, which includes control of accessing patient charts, billing records, and schedule records.
2-Step Verification
Did you know that you can enable 2-Step Verification for your staff profile for an added layer of security? By enabling 2-Step Verification on your staff profile, you’ll receive a one-time SMS code to your mobile phone that you enter in Jane each time you log in, after entering your password.
Check out our guide for more info here.
🎉 We are planning to support additional methods to enable 2-Step Verification soon to provide you with more options with varying degrees of security and complexity depending on your needs.
Activity Tracking
Jane offers a user-activity report, the Activity Log to account owners in which they can see a detailed breakdown of all user activity. The report can be filtered by date range, user, and type of access for regular reviews on who is accessing patient charts.
© Copyright dawn Health and Wellness