Finger-Ink takes the security of your information, and that of your patients, very seriously. All our systems are designed with security and privacy in mind.
We use a US-based HIPAA-compliant host
We employ Healthcare Blocks (HCB) to manage our server infrastructure. They specialise in managing cloud services for digital health startups, like us, with high compliance needs. They make sure that all system access is logged, the latest security updates are in place and that system alerts are in place and monitored.
The underlying layer on which we're hosted is powered by AWS. All data we store on our servers resides in the USA.
We communicate with your PMS
In order to provide our service, we need to communicate with your practitioner management system (PMS). This could be Cliniko, Nookal or Pabau.
Your data is encrypted
All data on our servers is encrypted at rest using disk-level encryption, configured by Healthcare Blocks.
All data on your iPad(s) is encrypted using Apple's Complete File Protection. This ensures that your data is only accessible to the iPad when the Finger-Ink app is on screen. A passcode (that you set) prevents any patient accessing information they shouldn't.
All communication between our servers, your device(s) and/or your PMS servers is encrypted in transit.
Your API keys are further encrypted once more in our application. Even in the very unlikely event that someone gained access to our database, they wouldn't be able to gain access to your PMS account.
What we store about you and your team on our servers
Your first and last names (so we know how to address you)
Your business name (see above)
Your email address (so we can contact you — e.g. for trial expiry notices, billing issues etc.)
A link to your subscription in our payment processor, Stripe (so we can bill you)
When you signed up (so we can calculate your trial)
When you activated your account
When your trial expires
The number of practitioners you have in your PMS account (so we know what plan to put you on)
A list of the businesses you have in your PMS (i.e. if you have multiple locations setup in your PMS, these are known as different businesses). We use this to allow you to filter appointments for check-in to particular locations.
Your PMS account ID
A guess at your currency code e.g. AUD (we look at your currency symbol and your PMS account's country to work this out)
A one-way hash of your your PMS API key(s). This is to allow quick de-duplication checks on sign-up and sign-in.
An encrypted version of your PMS API key(s). API keys are decrypted and stored in memory (not written to our DB) for the duration of use.
A list of users from your PMS account, their email addresses, roles and encrypted API keys where we've been given them.
Any data you generate from within Finger-Ink — form templates, filled forms, check-ins, configuration settings etc.
Where applicable: your PMS referral source types, custom patient fields & concession types.
Statistics on how many forms have been filled (by device) and how many check-ins have been completed (also by device).
What we store about your patients on our servers if you use Finger-Ink forms
We store form responses from the iPad app and web.
This patient data is stored to allow re-processing. This data is stored indefinitely until you delete the response. After deleting, the data is removed.
If enabled, we will also store a backup of the patient record alongside the form response. This will also be removed if the response is deleted.
Our server is hosted with a HIPAA-compliant host. This doesn't mean we're HIPAA compliant yet, but it means that extra precautions are taken with our database, its backups, and any access.
Our entire database is protected by encryption at disk-level by our HIPAA-compliant host.
Title, first names, last name, preferred first name, date of birth, email address, mobile phone and the patient & appointment IDs from the filled form (if available) are stored at this disk-level of encryption to allow for searching of forms through the inbox.
Other filled form data (i.e. any field on a form not included in the point above) and patient record backups are also stored at this disk-level encryption.
What we store about your patients on our servers if you use Finger-Ink kiosk
We store the appointment and patient IDs for completed check-ins for 90 days. This is to allow the calculation of statistics, and to assist in debugging.
No other check-in data is stored on our servers.
Transient data
There is some data that we don't store in a database, but we keep in memory on the server to provide to connected iPads:
Your decrypted API keys.
Your recent appointments (2 days ago, yesterday, today, tomorrow, the next day) — stored alongside basic patient information (name, DOB, email) used for self check-in.
A list of your appointment types.
A list of your practitioners.
Third party integration
We keep third-party integration to a minimum. The full list of our sub-processors can be found in our Data Processing Addendum.
No patient information is shared with any of our sub-processors — except for your PMS.
Your PMS
Obviously, we interact with your PMS in a huge way. We use the API key(s) you provide us to communicate with their servers both regularly in our app and, the first time you connect with us, from our servers.
We communicate with your PMS to
Get your settings to determine your online booking logo image, company name and email address.
Get your settings to determine your billing currency, administrator name, administrator email address and your company name — so we can use these to create a Finger-Ink account for you.
Get a list of your businesses.
Get a list of users so we know in which plan to place you, and so user accounts can be created in Finger-Ink for the rest of your team.
If you use forms, we also communicate with your PMS to
Get your appointments
Get patient information before filling out a form
Send updated patient information
Attach PDFs to patient records
Get a list of your treatment note templates
Get a specific treatment note template that you've selected
Create draft treatment note templates
Create medical alerts
If you use kiosk we also communicate with your PMS to
Get updated patient information for these appointments
Mark patients as arrived in your PMS
We may also communicate with your PMS to
Download your referral source types, custom patient fields & concession types
Download your appointment types
Download treatment note templates & patient form templates
Intercom
We use Intercom as our customer support service. Any time you send an email to support@finger-ink.com, privacy@finger-ink.com or contact us through the chat button on the website, or in the app, it goes through Intercom's servers.
We also send key events from the app so we can better serve you — e.g. when you first load the app, when you have filled out your first form, when you've imported a template from your PMS etc.
Patient and appointment IDs are sometimes shared with Intercom to assist with debugging, but no other patient information is shared.
Sendgrid
Sendgrid is what we use to send emails from our application — both to you (if you have enabled inbox notifications, or kiosk message notifications), and to your patients (if you're using identity-verified forms).
Patient names, email addresses, form names and confirmation codes are shared with Sendgrid to allow the sending of these emails. We never share completed forms by email.
Stripe
We use Stripe as for subscription billing. To facilitate this, the following information about your subscription is stored with Stripe:
Your subscription plan
Your billing address
Your billing email address
Your credit card details — name, number, expiry date (we can't access these, see Stripe's security documentation)
A history of your transactions with us
No patient information is shared with Stripe.
Sentry
Sentry is a service we use to let us know when the iPad app crashes, or exceptions occur within the web app.
No patient information is explicitly shared with Sentry. Occasionally patient information might come through in a crash exception. This information is treated with the utmost care, and is deleted as soon as we have resolved the issue.
Slack
Slack is our company communication service — we use it to plan features, collaborate on supporting you, our customers, and for general company communication.
We occasionally mention company names and first names during this communication.
No patient information is shared with Slack.
Github
Github is where our application source code is hosted. We also use it to plan features. We occasionally tag planned features or bugs with company and customer names.
No patient information is shared with Github.
Quip
Quip is like Google docs, and it allows collaboration on documents across our team. We use it to collect the results of optional surveys you may take.
No patient information is shared with Quip.
Xero
Xero is our accounting software. When payments come in, they need to be matched against our bank account. Xero is how we do that. Your name, your company name and your billing address may be stored within Xero.
No patient information is shared with Xero.
Webflow
Webflow is where we host our the Finger-Ink website. We do not currently process any of your data with this service, but there was a time when we asked for your name and email address before downloading the app — and this is where it was collected.
No patient information is shared with Webflow.
We use Google Workspace for team collaboration on policies, legal documents and Form conversions. We don't generally store any of your information here unless we're performing a Form Review or Form Conversion for you. If so, we store the Form Templates you've sent us and information around the conversion process itself. We do not use Google Analytics.
No patient information is shared with Google.
Migadu
Migadu is our email hosting provider for any non-Intercom address. As such, all email communication we send and/or receive through these addresses go through Migadu. We do not generally mention specific customers over email so your information shouldn't be there.
No patient information is shared with Migadu.
OpenPhone
OpenPhone is our VOIP phone service provider. Our phone numbers are hosted with them. When we call you — we're doing it through OpenPhone. We do not currently use their call recording feature. We do make notes of our conversations.
Patient information is only ever shared with OpenPhone if you choose to share it on a call.
What we store about you and your patients on your iPad(s)
Almost everything we store about you on our servers, plus:
Your device authentication token.
Your account ID.
All information provided to you by your patients.
Metadata allowing normal operation of the app (such as your form definitions, details about which filled forms need processing / pushing to your PMS etc.)
This information is also encrypted on your device — any time the app isn't in the foreground. (so it's encrypted if the iPad is asleep, or if you're in another app).
If someone gets the iPad and goes into our app without you knowing, they still have to guess your iPad passcode and the Finger-Ink passcode to get into the admin area, where patient information is kept.
The biggest risk to your patients' data is losing an iPad. If this happens, the first thing you should do is revoke access to this device through the Finger-Ink portal. The second is to remotely wipe the lost iPad.
Privacy frameworks
Finger-Ink is compliant with, and helps you comply with the APPs, we do the same for the GDPR and the New Zealand Privacy Act 2020.
We are not currently HIPAA compliant, even though our managed hosting provider is.
You're amazing 🤩
If you've made it this far — well done! I know that's a lot to take in. If you have any questions whatsoever, please don't hesitate to reach out to us. Either at support@finger-ink.com, or using the chat bubble in the bottom right-hand corner of most of our products. Thank you for reading. ❤️