The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
This framework aligns with SimplePractice’s priorities of trust and security. With that in mind, we’ve collaborated with our partners to carefully review how we store and use data. While we have continued to maintain HIPAA and HITRUST security requirements, we have also taken steps to help you handle GDPR data requests from your clients.
Below you’ll find suggestions on how to consider moving forward in SimplePractice with different GDPR-specific situations:
- Helping fulfill data access requests from clients
- Rectifying clients' data upon their request
- Erasing a client's data upon their request
- What if a client asks if SimplePractice tracks any data from the Client Portal or related to them?
- What if I have additional questions or am unsure about how to proceed with a client's request(s)?
Note: We do recommend that you consult with your regulatory body to best determine any next steps for your unique practice.
Helping fulfill data access requests from clients
If a client requests access to her or his data, you’ll want to initiate a data export, locate the files associated with that client, and provide them the information they’ve requested. Be sure to review the data files to make sure the information you share is necessary and appropriate. To successfully perform a data export, follow the steps found in this guide: Data export: Exporting client information.
Rectifying clients' data upon their request
To rectify a client’s data upon their request, simply navigate to the client’s Overview page and select View/edit client info. Here, you can rectify the client’s name, contact information, demographic information, billing and insurance-related information, emergency contacts, and communication preferences.
Erasing a client's data upon their request
If a client requests that you erase data associated with them, there are a couple of options to consider:
- To erase only certain data for a client, navigate to the client’s Overview page and select View/edit client info. Here, you can erase client contact information, demographic information, billing and insurance-related information, emergency contacts, and communication preferences.
- To fully erase a client’s data, you can consider deleting the client. To do this, navigate to the client’s Overview page and select View/edit client info. Scroll to the bottom of the Client Info tab and press Delete this client. To permanently delete the client’s data, you will have to enter the client's first name and last name in the fields and then press Permanently Delete Client.
Note: Deleting a client will permanently remove all records and history for the client. This includes all medical records which you may have an obligation to maintain depending on your jurisdiction. This cannot be undone and we cannot recover information for a client you delete.
What if a client asks if SimplePractice tracks any data from the Client Portal or related to them?
SimplePractice does not track any data from the Client Portal.
What if I have additional questions or am unsure about how to proceed with a client's request(s)?
We recommend consulting the European Commission’s information related to GDPR or reaching out to your regulatory body.