When therapists are looking at our platform to support and develop their online practice, they want to know that we’ve taken appropriate steps to ensure a safe online workspace for them and their clients.
We keep this article up to date with information on everything we have done, are doing and will be doing as part of our ongoing commitment to the security and safety of the platform.
Security By Design #
- Bilateral Base was designed specifically to meet the needs of therapists, so right from the beginning, security has been central to our thinking. Each feature or capability that is added to the platform undergoes a rigorous security and privacy review and updates are only released to you once we’re confident that we have maintained or improved the high security standard we have set ourselves.
Minimal Information Collected #
We only ask for the absolute minimum of personal or sensitive information to enable you as a therapist to work effectively with your clients:
For You: #
- Your name and an email address are the only pieces of personal information we ask for
For Your Clients: #
- We offer anonymous client profiles
- You don’t have to enter your clients’ names – we give you the option to enter a confidential ID to identify your client in your Bilateral Base account
- You don’t have to enter email addresses for your clients. We know you will already have an established way to communicate with clients, so we don’t ask you for this and enable you to easily send session invites/links with your established communications such as email and messaging.
Secure Video Technology #
- Our video calls use end-to-end 256 bit encryption directly between the two participants’ computers, so no one can break into or watch a session happening. For the technically minded, the technology we use is WebRTC. This is an industry standard for secure telehealth.
- The software for our video technology (WebRTC) is open source, this means that the code that makes up the software is available for anyone to review. This means it undergoes an enormous amount of scrutiny from security experts all over the world to spot and fix security flaws and this is generally acknowledged to be the best way to deliver secure online services. WebRTC is compliant with HIPAA, GDPR and other relevant data privacy regulations world-wide
Strong Access Controls #
- Strong Passwords – We ask you to set a strong password as part of your account set up. This is a key component of keeping your account secure. We ask you to please never use the same password across multiple accounts on the web. If just one other poorly protected website that you’re a member of gets compromised, then a hacker may then be able to try your login details automatically on thousands of different websites and see which ones it works on.
- Secure Session Links – the reusable unique links that you send to your clients so that they can join your sessions contain a ‘key’ which is like a very strong password with such a vast number of possible combinations that it is close to impossible to guess. This represents a good balance between robust security and making it easy for clients to access your sessions even if they find using a computer challenging.
Security On Advanced Tools #
- Session Recording – You may need to record a session for supervision or accreditation purposes. We’ve designed this feature so that the recording is only available on your computer until you take specific steps to share it with someone else. We don’t have access to recordings or to view or listen to any part of your sessions
- Screen Sharing – This feature is a popular tool for online therapy work, however there is often some anxiety about what exactly is being shared with a client or vice versa. We give you the tools to select exactly what information you want to share rather than the other participant viewing everything on your computer screen (we recommend using Chrome browser for Screen Share as it provides very good control over what parts of your screen you are sharing).
We hope this article has given you a good foundation on how we operate as a service to keep you and your clients’ information safe.
We welcome any questions you have or clarification you need, and as we continue to develop the platform and introduce new capabilities, we will always share with you the steps and precautions we have taken to ensure we maintain the highest standard of security across all our therapy technologies.