Skip to main content

Your data in Finger-Ink

Exactly what we store, where we store it and how it's communicated across our services.

Brendan Kilfoil avatar
Written by Brendan Kilfoil
Updated over a week ago

Finger-Ink takes the security of your information, and that of your patients, very seriously. All our systems are designed with security and privacy in mind.

We use a US-based HIPAA-compliant host

We employ Healthcare Blocks (HCB) to manage our server infrastructure. They specialise in managing cloud services for digital health startups, like us, with high compliance needs. They make sure that all system access is logged, the latest security updates are in place and that system alerts are in place and monitored.

The underlying layer on which we're hosted is powered by AWS. All data we store on our servers resides in the USA.

We communicate with your PMS

In order to provide our service, we need to communicate with your practitioner management system (PMS). This could be Cliniko, Nookal or Pabau.

Your data is encrypted

All data on our servers is encrypted at rest using disk-level encryption, configured by Healthcare Blocks.

All data on your iPad(s) is encrypted using Apple's Complete File Protection. This ensures that your data is only accessible to the iPad when the Finger-Ink app is on screen. A passcode (that you set) prevents any patient accessing information they shouldn't.

All communication between our servers, your device(s) and/or your PMS servers is encrypted in transit.

Your API keys are further encrypted once more in our application. Even in the very unlikely event that someone gained access to our database, they wouldn't be able to gain access to your PMS account.

What we store about you and your team on our servers

  • Your first and last names (so we know how to address you)

  • Your business name (see above)

  • Your email address (so we can contact you — e.g. for trial expiry notices, billing issues etc.)

  • A link to your subscription in our payment processor, Stripe (so we can bill you)

  • When you signed up (so we can calculate your trial)

  • When you activated your account

  • When your trial expires

  • The number of practitioners you have in your PMS account (so we know what plan to put you on)

  • A list of the businesses you have in your PMS (i.e. if you have multiple locations setup in your PMS, these are known as different businesses). We use this to allow you to filter appointments for check-in to particular locations.

  • Your PMS account ID

  • A guess at your currency code e.g. AUD (we look at your currency symbol and your PMS account's country to work this out)

  • A one-way hash of your your PMS API key(s). This is to allow quick de-duplication checks on sign-up and sign-in.

  • An encrypted version of your PMS API key(s). API keys are decrypted and stored in memory (not written to our DB) for the duration of use.

  • A list of users from your PMS account, their email addresses, roles and encrypted API keys where we've been given them.

  • Any data you generate from within Finger-Ink — form templates, filled forms, check-ins, configuration settings etc.

  • Where applicable: your PMS referral source types, custom patient fields & concession types.

  • Statistics on how many forms have been filled (by device) and how many check-ins have been completed (also by device).

What we store about your patients on our servers if you use Finger-Ink forms

  • We store form responses from the iPad app and web.

  • This patient data is stored to allow re-processing. This data is stored indefinitely until you delete the response. After deleting, the data is removed.

  • If enabled, we will also store a backup of the patient record alongside the form response. This will also be removed if the response is deleted.

  • Our server is hosted with a HIPAA-compliant host. This doesn't mean we're HIPAA compliant yet, but it means that extra precautions are taken with our database, its backups, and any access.

  • Our entire database is protected by encryption at disk-level by our HIPAA-compliant host.

  • Title, first names, last name, preferred first name, date of birth, email address, mobile phone and the patient & appointment IDs from the filled form (if available) are stored at this disk-level of encryption to allow for searching of forms through the inbox.

  • Other filled form data (i.e. any field on a form not included in the point above) and patient record backups are also stored at this disk-level encryption.

What we store about your patients on our servers if you use Finger-Ink kiosk

  • We store the appointment and patient IDs for completed check-ins for 90 days. This is to allow the calculation of statistics, and to assist in debugging.

  • No other check-in data is stored on our servers.

Transient data

There is some data that we don't store in a database, but we keep in memory on the server to provide to connected iPads:

  • Your decrypted API keys.

  • Your recent appointments (2 days ago, yesterday, today, tomorrow, the next day) — stored alongside basic patient information (name, DOB, email) used for self check-in.

  • A list of your appointment types.

  • A list of your practitioners.

Third party integration

We keep third-party integration to a minimum. The full list of our sub-processors can be found in our Data Processing Addendum.

No patient information is shared with any of our sub-processors — except for your PMS.

Your PMS

Obviously, we interact with your PMS in a huge way. We use the API key(s) you provide us to communicate with their servers both regularly in our app and, the first time you connect with us, from our servers.

We communicate with your PMS to

  • Get your settings to determine your online booking logo image, company name and email address.

  • Get your settings to determine your billing currency, administrator name, administrator email address and your company name — so we can use these to create a Finger-Ink account for you.

  • Get a list of your businesses.

  • Get a list of users so we know in which plan to place you, and so user accounts can be created in Finger-Ink for the rest of your team.

If you use forms, we also communicate with your PMS to

  • Get your appointments

  • Get patient information before filling out a form

  • Send updated patient information

  • Attach PDFs to patient records

  • Get a list of your treatment note templates

  • Get a specific treatment note template that you've selected

  • Create draft treatment note templates

  • Create medical alerts

If you use kiosk we also communicate with your PMS to

  • Get updated patient information for these appointments

  • Mark patients as arrived in your PMS

We may also communicate with your PMS to

  • Download your referral source types, custom patient fields & concession types

  • Download your appointment types

  • Download treatment note templates & patient form templates

Intercom

We use Intercom as our customer support service. Any time you send an email to support@finger-ink.com, privacy@finger-ink.com or contact us through the chat button on the website, or in the app, it goes through Intercom's servers.

We also send key events from the app so we can better serve you — e.g. when you first load the app, when you have filled out your first form, when you've imported a template from your PMS etc.

Patient and appointment IDs are sometimes shared with Intercom to assist with debugging, but no other patient information is shared.

Sendgrid

Sendgrid is what we use to send emails from our application — both to you (if you have enabled inbox notifications, or kiosk message notifications), and to your patients (if you're using identity-verified forms).

Patient names, email addresses, form names and confirmation codes are shared with Sendgrid to allow the sending of these emails. We never share completed forms by email.

Stripe

We use Stripe as for subscription billing. To facilitate this, the following information about your subscription is stored with Stripe:

  • Your subscription plan

  • Your billing address

  • Your billing email address

  • Your credit card details — name, number, expiry date (we can't access these, see Stripe's security documentation)

  • A history of your transactions with us

No patient information is shared with Stripe.

Sentry

Sentry is a service we use to let us know when the iPad app crashes, or exceptions occur within the web app.

No patient information is explicitly shared with Sentry. Occasionally patient information might come through in a crash exception. This information is treated with the utmost care, and is deleted as soon as we have resolved the issue.

Slack

Slack is our company communication service — we use it to plan features, collaborate on supporting you, our customers, and for general company communication.

We occasionally mention company names and first names during this communication.

No patient information is shared with Slack.

Github

Github is where our application source code is hosted. We also use it to plan features. We occasionally tag planned features or bugs with company and customer names.

No patient information is shared with Github.

Quip

Quip is like Google docs, and it allows collaboration on documents across our team. We use it to collect the results of optional surveys you may take.

No patient information is shared with Quip.

Xero

Xero is our accounting software. When payments come in, they need to be matched against our bank account. Xero is how we do that. Your name, your company name and your billing address may be stored within Xero.

No patient information is shared with Xero.

Webflow

Webflow is where we host our the Finger-Ink website. We do not currently process any of your data with this service, but there was a time when we asked for your name and email address before downloading the app — and this is where it was collected.

No patient information is shared with Webflow.

Google

We use Google Workspace for team collaboration on policies, legal documents and Form conversions. We don't generally store any of your information here unless we're performing a Form Review or Form Conversion for you. If so, we store the Form Templates you've sent us and information around the conversion process itself. We do not use Google Analytics.

No patient information is shared with Google.

Migadu

Migadu is our email hosting provider for any non-Intercom address. As such, all email communication we send and/or receive through these addresses go through Migadu. We do not generally mention specific customers over email so your information shouldn't be there.

No patient information is shared with Migadu.

OpenPhone

OpenPhone is our VOIP phone service provider. Our phone numbers are hosted with them. When we call you — we're doing it through OpenPhone. We do not currently use their call recording feature. We do make notes of our conversations.

Patient information is only ever shared with OpenPhone if you choose to share it on a call.

What we store about you and your patients on your iPad(s)

Almost everything we store about you on our servers, plus:

  • Your device authentication token.

  • Your account ID.

  • All information provided to you by your patients.

  • Metadata allowing normal operation of the app (such as your form definitions, details about which filled forms need processing / pushing to your PMS etc.)

This information is also encrypted on your device — any time the app isn't in the foreground. (so it's encrypted if the iPad is asleep, or if you're in another app).

If someone gets the iPad and goes into our app without you knowing, they still have to guess your iPad passcode and the Finger-Ink passcode to get into the admin area, where patient information is kept.

The biggest risk to your patients' data is losing an iPad. If this happens, the first thing you should do is revoke access to this device through the Finger-Ink portal. The second is to remotely wipe the lost iPad.

Privacy frameworks

Finger-Ink is compliant with, and helps you comply with the APPs, we do the same for the GDPR and the New Zealand Privacy Act 2020.

We are not currently HIPAA compliant, even though our managed hosting provider is.

You're amazing 🤩

If you've made it this far — well done! I know that's a lot to take in. If you have any questions whatsoever, please don't hesitate to reach out to us. Either at support@finger-ink.com, or using the chat bubble in the bottom right-hand corner of most of our products. Thank you for reading. ❤️

Did this answer your question?