We understand how crucial privacy is for the businesses that rely on Cliniko. It's why privacy is at the forefront in every decision we make, and every change we make to Cliniko. Cliniko is used by businesses around the world, we've made sure that Cliniko meets the privacy requirements in many regions, including abiding by GDPR, HIPAA, PIPEDA, UK Data Protection Act, and the Australian Privacy Principles.

Below you'll find a few features that are important to ensure that your Cliniko account and the sensitive information it contains, is secure and protected. If you have any questions about any of these, feel free to reach out to our support team, and we will be happy to help!


Enabling 2 Factor Authentication (2FA)

2FA is the single best thing you can do to secure your Cliniko account: it’s as simple as that! By enabling 2FA, you can be comfortable knowing that even if someone knew your password, they would also require your device to gain access to your Cliniko account.

If you haven’t already enabled 2FA on your Cliniko account, you can follow the 2FA setup guide to get started with it! We also have an FAQ about 2FA that you may find useful!

☝️ If you’re an Administrator of your Cliniko account, you should consider requiring 2FA for all users on your Cliniko account.


Privacy settings for patient names

There are two places where patient names could be exposed that you may not realise; your browser history and any external calendars you may have connected to. In some regions (such as those bound by HIPAA) it can violate the privacy requirements, and may be something you want disable.

Cliniko allows you to restrict patient names from showing up in either of these locations 🎊! You can read more about it by checking out our privacy settings for patient names guide.


Anonymise deleted patient records

In order to preserve financial records, by default, not all patient details are deleted when deleting a patient record.

We understand that in many cases, you will still need to remove this data, and with that, you have the option to anonymise this information so that it does not display the patient’s details. Check out our anonymised deleted patient records guide for more details, as well as steps to get this enabled in your account!


Automatic session timeouts

Automatic session timeouts is a feature that will automatically sign you out from Cliniko, after a period of time. This can help to prevent others accessing your account, if you've left it signed in.

While the default is 12 hours, you can customise the setting to your preferences, up to 7 days ⏳. You can decide on what works best for your practice, but it’s best to keep the automatic timeout to the shortest possible time, without it interfering with your day-to-day operations! You can read more about automatic session timeouts here.


Hide patient names in booking notifications

Getting notified on new bookings in your calendar, or when someone cancels can be a really helpful feature. It allows you to keep track of what is happening in your calendar, without needing to login to Cliniko.

Patient names are included in these notifications, and some privacy regulations prohibit patient information being sent via email. We have a way for you to still get notifications, without having the patient names show up 👀! It’s an account-wide setting, so it’s easy to hide patient names in practitioner booking notifications!


Other ways Cliniko can help

Cliniko has a wide variety of other features that can help you maintain a high level of privacy within your clinic. Here are some noteworthy ones:


As always, if you have any questions about any of this, reach out to our support team via the chat bubble in the lower-right! We'll be more than happy to discuss things with you! 😊

Did this answer your question?