GDPR and Consent
Do you have some example portal introduction text (for GDPR)?
If you're gaining consent via email, your client will receive a message in their inbox with a "Review Consent Form" link in it. When they click on the link they will be taken to a secure portal where they can review your form and provide their consent. When you create a consent form, we have given you the ability to specify some introduction text at the top of the portal page where you can explain why you have requested consent and what they need to do. What you include in here is totally upPopularIs WriteUpp GDPR compliant?
GDPR took effect on 25th May 2018 we have appropriate measures and protections in place to comply with our responsibilities as a "data processor" we provide a suite of tools to help you (as a clinician) comply with your responsibilities as a "data controller". To be clear, there is no requirement for us (as the data processor) to do this but we feel very strongly that GDPR is a positive piece of legislation and as such we want to do everything we canPopularWhat should the consent feature be used for?
The consent feature is primarily designed to help you comply with GDPR (General Data Protection Regulation), although it can be used as a mechanism to record any form of consent. If you're unfamiliar with GDPR you can check out the full details of the regulation here. In particular, this feature relates to Article 13 of the GDPR, which is the "right to be informed" In accordance with Article 13, the data contrSome readersSample Consent Text
— This is the kind of information that you might elect to include in a consent form: We collect certain data from you to meet mandatory requirFew readersWhy have we invested in Microsoft Azure?
We recently took the decision to migrate to Microsoft's world-class Azure hosting platform. Here are our primary reasons for making this decision: Scaleability The WriteUpp user base has grown exponentially (this is not marketing hyperbole!) over the past three years and we expect this growth to continue going forwards. With this in mind, we need the ability to increase the processing power available to us with minimal service disruption. Microsoft Azure provides us with this flexibilityFew readersCan I use WriteUpp to record CPD?
Yes, although in normal WriteUpp style our approach is very straightforward and perhaps less sophisticated than some other implementations. The advantage of this approach, aside from being simple, is that it mirrors your normal daily workflow with WriteUpp. Create a client record for yourself in WriteUpp - you only need to do this once Create appt types called Supervision & Course making sure to set them up as patient-related appointments with no cost. Again, you only need to do this oFew readersCan we have a specific and/or signed DPA?
A DPA is a Data Processing Agreement and is a required document under GDPR where a relationship exists between a Data Controller and a Data Processor. Our DPA is included in our Privacy Policy and referenced in our Terms of Service which you agreed to when you signed up to use WriteUpp. Our DPA covers the following points very clearly: Conditions for Processing The Kind of Information we hold How we wFew readersWho are your sub-processors?
A sub-processor is an organisation that we use to: EITHER provide WriteUpp/the service, as defined in our Terms of Service where we are acting as the Data Processor OR to run our business, where we are acting as the Data Controller Below are organisations that we use as sub-processors: The Company - aFew readers
Your Data and Security
How Do You Handle Patient Confidentiality & Data Security?
We are frequently asked by potential users about patient confidentiality and data security. This article explains in straightforward terms the measures that we take to protect your data. Introduction To understand how we maintain the integrity of your data, it’s worthwhile recapping on how WriteUpp works. WriteUpp is cloud based medical software. This isn’t particularlyPopularAre emails sent from WriteUpp encrypted/secure?
How can you send email from within WriteUpp? By default, we provide an integrated, "ready-to-go" mechanism to send emails from within WriteUpp. Messages sent from within WriteUpp via this method are encrypted in flight using TLS. In addition, we also provide optional integration with Gmail (via OAuth authentication) which requires a small amount of setup and is ideal for practices that have an existing Gmail account and went outbound emails to go from this account. You can read more aboutFew readersWhere is my data stored?
Our servers reside in the EU as they must to be GDPR compliant. Given the uncertainty around Brexit (and the fact that UK will not be in the EU from 2021) we took the decision to re-locate our servers from a UK-based facility to Microsoft's facility in Dublin. You can find out more about data security and confidentiality below: How do you handle Data Security & Patient Confidentiality (https://help.writeupp.com/en/article/how-do-yFew readersDo I need to do anything about Strong Customer Authentication (SCA)?
Strong Customer Authentication, or SCA, is a European regulation that was introduced in September 2019, designed to make payments made online by credit or debit card more secure in the European Economic Area (EEA) and the UK. It helps to verify cardholders and reduce the chance of fraudulent transactions. If you would like to read the original SCA requirements, they are set out in the Regulatory Technical Standards (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L.2018.069.01Few readersWhat is the Security Log used for in WriteUpp?
The security log, which is found under Main Menu -Tools -Security Log provides you with an audit trail of: Patient Deletions Patient Merges User Logins Data Exports To determine what you see in the log just check the appropriate box at the top of the security log Patient Deletions This will provide you with evidence that a record has been deleted in the event of a “Right to be forgotten” request under GDPR (Article 17): (https://storage.crisp.chat/users/helpFew readersIs WriteUpp HIPAA compliant?
HIPAA (Health Insurance Portability and Accountability Act of 1996) is US-specific legislation (i.e. it does not relate to organisations operating in EU member states) that provides data privacy and security provisions for safeguarding medical information. If you would like to read more aboFew readersI’ve unsubscribed and my data has been deleted - why?
If you’re reading this article it's likely that you have contacted us because your data has been deleted after you have unsubscribed from our service. This article explains why it has been deleted and why it can’t be recovered. You should read this document thoroughly before taking any further action. Terms of Service When you created your WriteUpp account you agreed to our Terms of Service. The clause relating to cancellation is shown below: (https://storage.crisp.chat/users/helpdesk/websFew readers
Two-Factor Authentication
How do I enable two-factor authentication (2FA)?
Two-factor authentication (2FA) provides an added layer of security for your WriteUpp account. This is a site-wide setting so before you enable it, it's important to understand: What it is How it works The implications of enabling 2FA As the name suggests, 2FA uses two mechanisms (instead of one) to verify your identity when you login to WriteUpp. In our case these two mechanisms are:PopularHow do I set up two-factor authentication (2FA) as a user?
Two-factor authentication (2FA) provides an added layer of security for your WriteUpp account, and can be enabled by a site administrator.Some readersTwo factor authentication and iCloud Keychain on macOS and iOS
Those of you accessing WriteUpp using Safari on Apple devices can set up two factor authentication by using the iCloud Keychain, as long as you are using macOS Monterey (or later) or iOS 15 (or later). Instead of using an external authenticator app, you can use the built in verification code generator within your iCloud keychain password manager. It works in just the same way as using a code generated by an external app like Google Authenticator, but is all contained within iCloud. ItSome readersHow do I login if I have deleted Google Authenticator?
If you have deleted Google authenticator from your phone or deleted the WriteUpp entry in Google Authenticator, you can request for your code to be sent to you by SMS. All you to do is: Login with your username and password, as normal Click on Verify using SMS and we'll send your code to your mobile Enter the code and proceed as normal Once you hSome readersI'm having difficulties logging in with 2FA. What should I do?
Two Factor Authentication (2FA) has been enabled on your site. If you are logging into WriteUpp and you're seeing a screen like the one below, you haven't set up 2FA on your individual account yet. You will need to do this before you are able to login: If you need help setting up 2FA please take a look at the article below: How do I set up two-factor authentication (2FA) as a uFew readersSample Team Briefing About Two-Factor Authentication (2FA)
As an organisation, we are committed to the highest standards of data security. As such, we have decided to activate two-factor authentication (2FA) in WriteUpp. 2FA provides an added layer of security when logging in to WriteUpp and as the name suggests it uses two mechanisms (instead of one) to verify your identity. These are: Username/password - like normalFew readersHow do I install Google Authenticator?
With two-factor Verification activated on your site you will need to log in to your account with your username/password and a six digit code generated using the Google Authenticator app. To install Google Authenticator please go to the relevant app store on your mobile phone and complete the installation process. App Store (iOS) Play Store (Android) (https://play.google.com/store/apps/details?id=com.google.androiFew readersWhat does "Trust this device" mean?
If you don’t want to enter a 2FA code every time you login to WriteUpp, you can mark your computer or device as "trusted". To "trust" a device you need to check "Trust this device", enter your code and then click on "Verify", as below: (https://storage.crisp.chat/users/helpdesk/website/3bdaa0c7caaa6800/imagFew readersCan I reset 2FA for myself or another user?
2FA on a user's WriteUpp account can be reset if they lose access to the authenticator app that was used to set it up. For example if a user loses or changes their phone, they will need to set up 2FA again. This can do done by a site administrator. To reset 2FA: Go to Settings -Users Find the user who needs 2FA resetting Click on the three dots at the end of the row and choose "Reset 2FA" (https://storage.crisp.chat/users/helpdesk/website/64f15d95f9946800/93776Few readersHow do I login once I have set up 2FA?
Once you have set up 2FA, it's very straightforward to use on a day to day basis. To login with 2FA set up: Via Google authenticator Enter your your username and password into the WriteUpp login screen as normal Open the Google Authenticator app on your mobile phone and find the entry for your WriteUpp account. It will look something like this:Few readersWhy do you need my mobile number to set up 2FA?
We need your mobile number to verify your identity and your association with the phone that you are using to authenticate via 2FA. We also need your number in case you're unable to use the authenticator app. If this happens, you can request your code to be sent via SMS. For security reasons, we will only send it to the mobile number we have associated with your WriteUpp username/password. Please note that if you request for a code to be sent via SMS, this will use a text credit each time aFew readersCHECKLIST FOR SITE ADMINS: Enabling Two Factor Authentication (2FA)
Have you read How do I enable two-factor authentication (2FA) for my team? (Yes/No) Do all staff have their own mobile phone? (Yes/No) Have all staff been sent the team briefing about 2FA? (Yes/No) Have all staff been walked through the 2FA setup process? (Yes/No) HFew readersWhat should I do if a member of my team can't login with 2FA?
If a member of your team is unable to login with 2FA, there are a couple of things you can check. Ensure that they have completed the 2FA set up process. You can check this by going to Settings -Users and looking at the "2FA" column: If they have not set up 2FA their status will be set to "No". If so, please direct them to the following article: How do IFew readersHow do I know if a user has completed the 2FA set up process?
Once you have activated 2FA on your site, you should make sure that all users set up 2FA promptly. To see who has set up 2FA, please go to Settings -Users and take a look at the 2FA column. Team members that have set up 2FA will shown as "Yes" and those that haven't will be shown as "No". Users that haven't set up 2FA will not be able to login to WriteUpp just using their usernamFew readersRemoving verification codes through iCloud keychain
If you need to remove the 2FA verification codes linked to your WriteUpp account from your iCloud keychain, you can do this by accessing the information stored in your keychain on your Apple device. If you would like to remove the verification infoFew readersHow do I de-activate 2FA on my site?
To de-activate 2FA site-wide you need to be a Site Administrator. Doing so will instantly disable 2FA on your site for all users and remove the extra layer of security provided by 2FA. If you're sure you want to de-activate 2FA: Login to WriteUpp Go to Settings -Users, and click on the Configure two-factor authentication button Click on the Deactivate button at the bottom of the screen You will be asked if you're sure that you want to de-activate 2FA. If youFew readersWhat happens if I lose my phone with 2FA activated?
Two-factor authentication (2FA) provides an added layer of security when logging in to WriteUpp and as the name suggests it uses two mechanisms (instead of one) to verify your identity. These are: Username/password - like normal A verification code generated by an authenticator app, usually on your mobile phone If you lose your mobile phone you will be unable to login to WriteUpp unless you checked Trust this device (https://help.writeupp.com/en/article/what-does-trust-this-device-mFew readersDo I have to have text credits for 2FA?
Yes, text credits are required for two reasons: When you activate 2FA (as a Site Admin) and/or setup 2FA (as a user) we need to verify your mobile number. To do this we send you a verification text with a 4 digit code that you need to enter into WriteUpp. This is one-time process and ensures that the number we have for you is a) valid b) in your possession c) capable of receiving your six digit code via text if you are unable to access the authenticator app. If you are unable to accessFew readersDo I have to have a mobile phone to secure my site with Two-Factor Authentication (2FA)?
Yes, as the name suggests 2FA uses two mechanisms (instead of one) to verify your identity when you login to WriteUpp. In our case these two mechanisms are: Username/password - like normal Your mobile phone With 2FA activated when you login you enter your username and password as normal and then you enter a Time-based, One-time Password (TOTP) which is a six digit code generated by the Google Authenticator app on your mobile phone. Without a mobile you can't authenticate and consequeFew readersCan I use a different authentication app (instead of Google)?
Yes, there are a number of authenticator apps that you can use: iPhone — Google Authenticator, Duo Mobile, 1Password, Authy Android — Google Authenticator (https://play.google.com/store/apps/details?id=com.google.android.apps.Few readersCan I change the period of time between code changes when using 2FA?
No, this isn't possible. One of the principle protections offered by 2FA is the need to use a Time-Based, One-Time Password (TOTP) which is generated by your chosen authentication app. The fact that this password/code changes every thirty seconds helps to underpin the extra peace of mind offered by two-factor authentication (2FA).Few readersCan I turn on 2FA for specific users?
No, unfortunately not. 2FA is an "all or nothing" security feature. By this we mean that it is a site-wide security setting, if you activate it you will be doing so for all users. There is no option to apply it on a user by user basis.Few readersHow do I re-activate 2FA?
To re-activate 2FA, you need to be a Site Administrator. 2FA can be reactivated if you previously had it set up on your site. If you would like to re-activate 2FA: Login to WriteUpp Go to Settings -Users Click on the "ACTIVATE" button at the bottom of the screen: 2FA will then be active again on your site. If you re-activate 2FA and you or yourFew readersDoes WriteUpp support Two-Factor Authentication (2FA)?
Yes, you can set up 2FA to be used when logging in to your WriteUpp site. If you want to activate two-factor authentication please take a look at this article for more details: How do I enable two-factor authentication (2FA) for my team?Few readers
HTTPS and Signing In
HTTPS - What is it and why is it important?
What is HTTP? When you visit a website or type in the address of a site you may have noticed that the address is prefixed by “HTTP”, i.e. “http://www.writeupp.com”. HTTP or “HyperText Transfer Protocol” is a fundamental element of the world wide web. It allows your web browser (i.e. Google Chrome, Mozilla Firefox, Apple Safari or Internet Explorer) to communicate with the server where any given website is hosted. Responses can be sent and received between the client (yourself) and the sePopularSSL Error: This is probably not the site you are looking for!
As you will know WriteUpp uses SSL to secure communication between your browser and our servers. When you are using SSL we associate a certificate with a specific domain. In the case of WriteUpp the certificate is associated with WriteUpp.com and wildcards (*.writeupp.com) of that, which means xyz.writeupp.com (where xyz is your practice). If you insert www before your sub-domain (like this: www.xyz.writeupp.com) you will see the following rather ugly and slightly disconcerting error. This hFew readersWhy am I seeing reCaptcha/I am not a robot?
We are always looking for ways to enhance the security of WriteUpp and one of the areas that we were very keen to address was something called "brute force attacks". This is where a robot attempts to maliciously login to your account trying millions of different random passwords in quick succession. To defend against this we implemented Google's reCaptcha technology. This kicks in if there are three incorrect logins. In the first instance itFew readers
Access Requests
Sample Access Request Confirmation Letter
DISCLAIMER: THIS SAMPLE LETTER IS PROVIDED FOR REFERENCE PURPOSES ONLY. ALWAYS TAKE LEGAL ADVICE OR SEEK ADVICE FROM YOUR PROFESSIONAL BODY IF YOU ARE UNSURE ABOUT HOW TO DEAL WITH AN ACCESS REQUEST OR ANY OTHER GDPR-RELATED MATTER. — Dear NAME OF DATA SUBJECT , Data subject access request – request for ID/information Reference: DATA SUBJECT ACCESS REQUEST NUMBER WPopularHow do I handle an Access Request?
Article 15 of GDPR, “the right of access” is a powerful and often less discussed aspect of the GDPR that is designed to empower data subjects (you and I) with TOTAL visibility of the information that organisations and public bodies hold about us. In short, what this means from a practical perspective is that any one (or all) of your clients has the right at any time to request EVERY scrap of data that you hold about them within 30 days of their request. We don't have any general feel for the vPopularHow do I download an Access Request?
To be able to download an Access Request file you need to have logged it first. If you have previously logged an access request and you are ready to provide the requestor with their data just click on Main Menu -Tools-Access Requests You will then be taken to a log of previous Access Requests. Find the row that relates to the particular request that you are dealing with andFew readers
WUID
What is WUID?
WUID stands for "WriteUpp ID" and its a unique alpha-numeric identifier that is assigned to every patient in your instance of WriteUpp. WUID provides a unique and confidential way to refer to your clients. Here are just a few examples of ways that it can be used: In Notes/Documents/Messages you can refer to a client using their WUID instead of their Name so that these documents don't contain any PII (Patient Identifiable Information). To do this just insert the WUID variable into the documSome readersWhy do we ask you for your client's WUID?
GDPR (General Data Protection Regulation) sets new standards for data protection and privacy. With this in mind (and for your own protection), we would prefer it if you don't refer to your clients by name in support tickets to us. Instead, please just provide us with their WUID (WriteUpp ID) and we can then investigate your issue further. Your client's WUID can be found at the top of the Client tab of the Client Summary: (https://storage.crisp.chat/users/helpdesk/website/3bdaa0c7caaa6800/Few readersHow do I search by WUID?
If you'd like to search for your patient/client by their WUID, you just need to enter their WUID (you don't need to include the WU at the start of the WUID) into the search bar at the top of WriteUpp and hit either the enter button or click the magnifying glass. If it matches with your patient you'll be taken directly to their patient summary. If by chance your patient's WUID matches with another patient's NHS number or phone number the results will be shown with the common value highlighted.Few readers
Frequently Asked Questions
Privacy & Data Security - FAQs
We are frequently asked by potential users about patient confidentiality and data security. The following articles explain in straightforward terms the measures that we take to protect your data: How Do You Handle Patient Confidentiality & Data Security? Is WriteUpp GDPR compliant? Where is my data stored?Few readersFAQ's regarding backups
If you're registering as a provider with an insurer they may ask you to provide information about the way you handle data on behalf of their clients. Keep in mind that under GDPR you (as the clinician) are the "data controller" and we (as the system provider) are the "data processor". As the data controller you are ultimately responsible for your client's data but understandably if you choose to use a system like WriteUpp you need assurances about our practices and procedures in relation to bacFew readers