Security & Technology

Published: August 23, 2025

EHR & Patient Portal (PHI): We use Practice Better for clinical records, secure messaging, forms, and scheduling. According to Practice Better’s published materials, they implement encryption in transit and at rest, minimum-necessary access controls, activity/audit logs, routine vulnerability scanning, and scheduled encrypted backups retained for a defined period. For current details, see Practice Better’s security overview.

E-Prescribing: We use DrFirst with EPCS for controlled substances, including multi-factor authentication and audit trails.

Payments: We use Stripe and/or QuickBooks Online (Intuit) for payment processing and invoicing. We do not store full card numbers; these processors maintain PCI-DSS compliance.

Our safeguards: Business Associate Agreements for PHI-handling vendors; least-privilege access; multi-factor authentication; device encryption and auto-lock; secure portal messaging (no unencrypted email/SMS for PHI); incident response and breach-notification procedures aligned with HIPAA.

For how we use and disclose PHI and your patient rights, see our HIPAA Notice of Privacy Practices. For cookies/analytics on this website, see our Privacy Policy.

© Copyrights by Med Fit Culture. The information on this site is not medical advice.

By using this site or booking services, you agree to our Privacy Policy and Terms of Use.