Mobile Therapy holds privacy in the highest regard. Our system conforms to all HIPAA digital and physical security protocols, which are comparable to the security standards used for high-level banking transactions. Our database and access to the web application are SSL secured and encrypted to meet AES standards. All data is stored at a maximum security SSAE 16 Type II (formerly SAS 70) certified facility that deals specifically with HIPAA protected data. We take many additional precautions to protect privacy including requiring: strong passwords, automatic logouts, automatic logging of access, data backups, powerful firewalls, and limiting access to only those individuals who absolutely need it to do their jobs.
Who has access to client data?
All of your data is confidential. Only your clinician or other individuals you explicitly authorize have access to the personal information you input while using the Mobile Therapy app. As a client, your data is protected by the Health Insurance Portability and Accountability Act (HIPAA). Federal law prohibits the transfer of Personal Health Information (PHI) without explicit consent from the individual to whom the PHI belongs.
Mobile Therapy is a company run by leading psychology research professors who are very interested in using Mobile Therapy data to advance clinical and academic knowledge and improve the human condition. Your data may be used for Institutional Review Board approved research purposes; however, your data will have been made completely anonymous (stripped of all personally identifying information) and aggregated with the anonymous data of thousands of other users.
You own your PHI and are entitled to access it. We recommend consulting with your clinician if you are interested in seeing your data as such information is intended to be interpreted by a healthcare professional. To request a copy of your data as a csv or excel file please send an email request with your full name, registered email address, and the name of your clinician to email@example.com.
What type of data is collected by the Mobile Therapy app?
Some data is collected actively, meaning that it requires input from you; other data is collected passively, meaning that once you authorize access, it will occur periodically without any additional action or input required.
Active data includes the questions and brief surveys you complete: things like how you feel, if you are at work or home, what you are doing, and whom you spend time with. These are customized by your clinician and help gather data about your current state and situation so that your clinician can better understand how you are doing and how certain situations affect you.
Mobile Therapy also accesses your phone’s accelerometer, a small sensor built into your smartphone that monitors movement. This allows the system to understand how many steps you have taken and how active you are.
GPS data is also accessed. Currently, location information is only used to help you more quickly complete the surveys about where you have been. If you are uncomfortable with Mobile Therapy having access to your location services you can skip authorization when you install the app or disable location services in your phones settings. Disabling location services however, interferes with some of the functions of the Mobile Therapy app.
If you have connected your Facebook, the system pulls in your profile photo for your app home screen and passes your status updates through our linguistic analysis program. Your status updates are never recorded, nor does any human ever have any access to them, only the numerical analyses are stored.
If you have connected your Google account, the system periodically accesses your Gmail email messages and your calendar events. Email text is analyzed through our linguistic analysis program to help your clinician deduce information about how you are feeling and how you are communicating without you having to manually check-in. Your email text is never recorded, nor does any human ever have access to them, only the numerical analyses are stored. Calendar information is used to assist in the timing of check-in notifications. Like email text, this information is never stored and never accessed by any human.