Questions About Security

At Sessions Health, the security of your data is our highest priority. We understand the value and sensitivity of the information you entrust to us. We take extensive measures to protect your information from unauthorized access, disclosure, alteration, and destruction. From employing state-of-the-art encryption methods to implementing strict access controls and regular security audits, our commitment to security is unwavering. Your peace of mind is our ultimate goal, and through transparent communication about our security practices, we aim to earn and maintain your trust.


There's much more around security than just simply encrypting data. An easy analogy to this is if I lock my car door but leave the keys in plain sight for everyone to see, I just left open an easy window for someone to steal my car (even though I locked my door!). Data security is very much the same and data encryption is only part of the equation. As it stands, there's three main pillars for a secure system:

  • Having Technical safeguards in place: this includes data encryption, audit trails (ie, what data was changed, when, and by whom), access control (ie, only those with access to data can see it), conducting penetration testing, etc.
  • Having Physical safeguards in place: this includes the physical access to our servers and various services, and also includes securing our team's laptops and devices against unauthorized use
  • Having Administrative safeguards in place: this includes having set procedures in place for training staff, granting/removing access to systems where they may be exposed to data, having periodic evaluations of our internal security practices, etc.

Getting any deeper than that is beyond the scope what we can convey in a support article. However, what we can say is that we follow the HIPAA Privacy and Security Rules very strictly and go above and beyond to ensure the safety and integrity of our data.


If you're interested in getting into the nitty gritty details, we do publicly share our Compliance Documentation that addresses our policies and how they map to HIPAA compliance and beyond.

Frequently asked questions

Do you have your site tested by third-parties to assess security?

Yes, we employ various methods including hiring white-hat penetration testers to find and assess potential security vulnerabilities.


Do you use SSL?

Yes, all data is transmitted using the latest SSL encryption utilized by modern web browsers.


Do you have 2FA, MFA (multifactor authentication)?

We have two-factor authentication on our radar. We don't have any specific timelines to share when we will have it available.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us