Posts in Security


July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Consent forms, Consultation Forms, GDPR, Holistic Health, Insurance, Paperless, Security No Comment yet

Most of us are way beneath the higher risk threshold but our insurance companies are taking these levels of risk on our behalf and charging us to do so.

I spent some time this weekend chatting to specialist Healthcare Insurance Brokers at the exhibition and they were very pleased to see me. They assured me that the actuaries will sleep better knowing their clients are using iPEGS paperless forms.

Now I like a well-rested actuary as well as the next man, but my objective is to get them to discount insurance for our users. Not only is your risk less, so are theirs, after all.

For most practices, GDPR creates the need for greater investment either in consultant’s fees or in your own valuable time. Ensuring your operational processes are up to the required standards, ensuring websites, forms etc are designed and optimised for the latest protocols.

Large companies may appoint a DPO (data protection officer). However, for most of us DPO is just another hat to hang alongside the, therapist, counsellor, head of HR, finance, marketeer, sales manager and parent hats ti name a few. Being too busy is no defence in law unfortunately. I’ve always believed it’s a clever man who buys his brains. So if we can rely on professionals like iPEGS and save money into the bargain it’s a bonus.


Compliance isn’t solely an expense, in order to conform to the rules, it helps to inspire trust and confidence in the eyes of our patients.

Companies who seem to cut corners with data protection might well cut corners elsewhere. Most of us are members of a National Hypnotherapy association and have no problems with Hypnotherapy ethical issues. Cutting corners is not in our DNA we understand our ethics and professionalism are all we have. So going digital make sense.

Compliance not only protects the patient, but it also protects your clinic from overstepping the boundaries.


  • Are you or someone on your team trained on data protection?
  • What changes have you made this year to become GDPR compliant?
  • Have you built client consent into your system?

Clients can give consent in various ways, such as email, a contact form on the website, a check-box on your landing page, tick box on the form etc.

Consent records must specify the time and date when consent was given, as well as the exact means that they delivered consent. 

Can you simply and rapidly process data deletion for clients. Is it at the press of a button or will it take hours of work?

Do any 3rd parties have access to your client’s data? Third party access to data is all too common, third parties who might be using the same network or facilities, you need to be aware of any other parties who might have access to the data you’re collecting. This can be a particular problem in mixed therapy practices. Is it kept in a filing cabinet where others have access or a shared network?


Are there proper security protocols in place that will detect data breaches when they occur? How do you know if your client’s data had been hacked into or copied? The last thing you want is to find out about a data breach from your users and valued client. This is a sure-fire way to lose trust. 

How easy is it to export your data? Is it available at the touch of a button or is it a trip down to the cellar and a root through the filing cabinets?

One component of GDPR is privacy by design. This requires therapists to design their systems with the proper security protocols in place from the start. Failure to design your systems of data collection the right way will result in a hefty fine. It is a good idea to take a good look at your website if it hasn’t had a design overhaul in the last year or so.

Are your forms easy to find and wipe? Who has copies? Are you holding data on your laptop or PC? Do others have access to these devices?

The concept seems sort of complex, but essentially it refers to the need to have business systems designed with proper security and privacy measures integral. iPEGS paperless forms provides such a system.

If you would like to help improve the management of your client data and in the way you collect it please check out our website or contact me directly or call on 01244 955350, I will be pleased to help.


July 24th, 2019 Posted by Alternative Medicine, Consent forms, Consultation Forms, Holistic Health, Medical History Form, Paperless, Security No Comment yet

As a therapist, you are subject to strict rules about collecting and retaining data. Against the trend, HMG and your Insurer demands you to take and hold reams of data. Often for many years.

Data such as Consultation Forms, Consent Forms, Medical Histories and Treatment Plans as well as clients contact details.

Not only do you collect this in order to function as a therapist but also in order to insure against subsequent legal claims of negligence.

Just check out what the small print says in your insurance policy. I have taken some notes of the small print in some policies. The blog can be read here.

It is informative, if scary reading.


If you do not Keep Necessary Records, often you are not insured. 

What patient records should I as a Therapist Keep?

In this day and age, almost all of us use computers and doesn’t everyone use a smartphone? 

Unfortunately, many practitioners still stockpile paper in filing cabinets. In the mistaken belief that GDPR only applies to computer data. Like the Sicilian Mafiosi who only communicated by little paper notes. He had smuggled out from his hideout for 20 years. Some of us feel that paper is somehow safer than electronic communications.

Data is data on disc, paper or in the cloud, even in your mobile phone. If you take a client’s phone number and save it on your phone you have just collected personal data. 

So it’s best to keep it safe and easy – using paper forms is neither.

As a 21st Century business manager you probably book your appointments using ‘Booksy’ or a similar system. You run your accounts on ‘Quickbooks’ or ‘Xero’. Unfortunately, many therapists are still keeping patient consent and medical records on your hard drive, or worse, on paper forms.

That’s an awful lot of data, all of which, if it’s not correctly secured and stored makes you vulnerable to an attack by a hacker or experience a data leak.


According to the government department for Digital, Culture, Media and Sports 2018 survey, over four in ten businesses and nearly two in ten charities experienced a cyber security breach or attack in the last 12 months. No wonder nearly three quarters of businesses (74%) and over half of all charities (53%) say cyber security is a high priority for their management.

The average cost per breach was over three thousand pounds.

Unfortunately today we all produce so much data. With GDPR in place, fines are coming in thick and fast, and with cyber-attacks becoming increasingly sophisticated and expensive, it really is time to get serious about your data.

We have all heard of the ransom that was demanded after malware froze the NHS. You can bet didn’t demand just three grand.

How would you cope if you were locked out of your client’s database? How much would it cost you if you lost your clients contacts?


There has never been a more important time to make sure that your cyber security is able to keep your data safe. 

Fortunately, you can now buy insurance against these losses.

Cyber and data risks insurance is available to protect and support your business. If you are the victim of malware from a malicious site, subject to an attack by a hacker or suffer a data breach.

If you use a Paperless System such as iPEGS, Consultation Forms, Consent Forms, Medical Histories and Treatment Plans, you can be sure your data is safe.

As the data processor we store and encrypt your data in a secure, state of the art, UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more why not email me: steve or contact me direct on 01244 955350 and we can discuss how iPEGS can help you secure your patients data.


July 24th, 2019 Posted by Acupuncture, Alternative Medicine, Clinic app, Consent forms, Consultation Forms, GDPR, Holistic Health, Hypnotherapy, Medical History Form, Paperless, Security, Sports Therapy, Uncategorized No Comment yet

As a Therapist you collect a lot of information about your clients and their treatment.

In fact, your insurance policy demands it and they can be quite specific. 

Therapists are faced with mountains of paper consent forms, as your client base increases. Paper consent forms are insecure, inefficient and expensive. Storing forms on a hard drive is more efficient, but leaves you at risk from computer crashes, virus and malware.

iPEGS Paperless forms are the perfect solution. You free up valuable space, meaning no more clunky filing cabinets. iPEGS allows you to use your company branding and easily build and edit your forms. Search for your clients using our advanced search feature and manage your electronic forms into folders.

Forms don’t go missing like paper ones, which is vital for future reference or if a claim was to arise. 

Mandatory fields mean you will never receive incomplete forms with important missing information. Going paperless also means you can easily implement the latest GDPR consent requests.


For Yoga, Pilates, Fitness, Meditation or Mediumship you must record the client’s name and brief details and record the date of the session and any other relevant facts.

Ensure that there is no health reason why clients should not attend class. If in doubt you should ask for their GP’s confirmation that they can safely participate in your class. 

At the start of each class please ask all participants is there any change in their circumstances. Any that could affect their ability to participate in and complete the class safely.

Insurers will be ask you to produce your records of the client/event,In the event of a claim,


Where therapists work in a gym, sports or leisure centre, or a shared practice often the centre keeps these records.  

You must advise the centre of any unusual events or of any injuries sustained during your class. 

You must ensure that the Centre gives you access to these records. In the event of a claim being made against you.


If you give therapy sessions at public events, a great way to increase your client base, the name and brief details of every participant, date of session and therapy being demonstrated and any other relevant facts must be recorded.

iPEGS provides quick and easy way to quickly access and complete consent forms, consultation forms and medical history forms on an iPad, Tablet, Smart Phone or Laptop. This avoids discouraging queues and saves you and the client valuable time. Mandatory fields mean you will never receive incomplete forms missing important information.

After the event you can access and safely store the data on the iPEGS secure web portal. By incorporating marketing permissions on the registration form you can easily follow up and increase your client base by exporting this data from iPEGS.

Remember in the event of a claim you will be asked to produce your records of the client/event.


You are required to take consultation records and retain those records, one policy I checked asked for five years, but most require seven years, after the last treatment given. 

In the case of minors, insurers advise that records should be kept for at least 7 years after the minor reaches 18.

The records should as a minimum have the client’s full name, date of consultation and notes on the lifestyle/medical history where appropriate to the treatment being given. 

They should at least include a brief description of the therapy or treatment. 

The therapist must adequately record each and every treatment given to each and every client. 

The record is to include full details of the consultation process, the treatment, the result of the treatment and any aftercare instructions given where appropriate.

Notes need to be added of any adverse reaction to the therapy or treatment either separately or as part of the notes already used.

In the event of a claim you will be asked to produce your records of the client/event. The insured person must adequately record each and every treatment given to each and every client. This is to protect you in the event of a claim being made against you. 


By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans. You can be sure that your data is safe. Saved to the cloud there is no risk of a computer breakdown losing all your data. As the data processor we store and encrypt your data in a secure, state of the art, UK data centre.

We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks.

We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.

If you would like to know more please email steve @ or contact me directly on 01244 955350.

Electronic signatures….. the lowdown

October 13th, 2016 Posted by Electronic signatures, News, Security No Comment yet

Electronic signatures are constantly being utilised and respected by users across the globe including businesses, academic and government institutes. Gone are the days of hesitation regarding the security of signatures where now electronic signatures are already legally preferred worldwide.

Below are some interesting stats positively enforcing the use of electronic signatures:

  • From the 1st July 2016 – New laws governing electronic signatures came into force across the European Union. The Electronic Identification and Signature (eIDAS) Regulation is intended to standardise the way e-signatures work.
  • In July 2016, the law society released a practise note to assist parties and their legal advisors who wish to enter into, or execute commercial contracts with one or more of the parties intending to do so by way of an electronic signature
  • A leading global electronic signature company claims more than 85 million users in 188 countries within 225,000 companies globally. Research shows that the following improvements have been recorded as a result of using electronic signatures: 25% turnaround on agreements, 127% average increase in customer satisfaction scores, 80% completed in a day.
  • Signature platform helped State of Vermont solve anticipated $154 million fiscal gap.
  • The global digital signature market is expected to increase from $501.7 million in 2015, and reach $3,318.6 million by 2022, growing at a CAGR of 31.5%
  • United healthcare reported: Paper Saved using electronic signatures in 1 Year Exceeds the height of Empire State Building, $1 million saved in admin staffing costs

So…… do you want to benefit from using electronic signatures within your organisation? Use the iPEGS innovative app for unique electronic signature features including:

  • Face Stamp – Take a picture of the person electronically signing
  • Time Stamp – Records the exact time of signature
  • Date Stamp – Records the date of signature
  • Location Stamp – Records the location of signature – using GPS

Then please enquire how iPEGS can help, email or call 01244 955350

iPEGS unique electronic signature features

September 2nd, 2016 Posted by Electronic signatures, Security No Comment yet

A frustration for many businesses and customers is the average time in which is takes to get a paper contract or document signed. This can take either days or weeks of unnecessary delay. A prime example is the house buying process which can be a stressful and lengthy process due to lots of paper based forms needing to be completed and signed for by multiple parties.  iPEGS, innovative app provides a solution to this problem, where the average time to get an electronic contract or document signed is immediate and important documents can be signed for anywhere in the world.

More and more businesses are seeking ways to cut costs spent on printing, postage, admin and time spent waiting for documents to arrive back either incomplete or unreadable. To be ahead of other competitors, a priority to speed up the process for the consumer, providing a more efficient and proactive service is key to success.

iPEGS electronic signature includes:

Facestamp – This unique feature takes a picture of the person signing the document as increased identification authenticity

Date Stamp & Time Stamp – The signature’s date and time is automatically added to the signature as a record

Signature – Inserts a signature into the document

Name – Inputs the full name of person signing the document

All of the above signature functions are optional and can be used as required. All signatures are legally binding when used through iPEGS.

Examples of forms that require signatures:

    • Employment contracts
    • Sales Agreements
    • Agreement of Terms and conditions
    • Rental Agreements
    • Service Agreements
    • Employee Policies
    • Vendor Agreements
    • Liability waivers
    • Salary Agreements
    • Performance reviews
    • Waiver forms
    • Consent forms
    • Order forms
    • Inspection check lists
    • Company audits

Why use iPEGS for document signing:

    • Documents can be signed by multiple users in real time
    • Forms can be signed by third party signees
    • Improve your customer interaction by signing documents in the presence of your customer or remotely
    • Documents can be emailed straight to the person or company who require this signed document
    • Signed documents can be managed in the completed forms section or stored on the secure iPEGS portal
    • Identification authenticity is improved with face stamp
    • The document including the signature, can be exported to the following: pdf, word document, iPEGS document

For more information or to get started today contact us on 01244 955350 or email us on

Online security tips

January 30th, 2015 Posted by Security No Comment yet

There are many consumers who avoid working, shopping and banking online due to their fear of internet fraud or ID theft. While their fears may not be unfounded, there are ways to ensure that you are protecting yourself online while enjoying the experience of browsing from your armchair.

So how do you avoid leaving your keys in the virtual ignition? By educating yourself about the risks that come with ‘living’ online and understanding how to protect yourself and your family from any online goblins. We have pulled together a short guide that explains the difference between a virus and spyware and offers some basic tips of how to stay safe. It’s not exhaustive, and online security needs to be an ongoing project, but it’s a good start…

A Virus is a computer program that can infect other programs within your computer and ‘copy’ itself to infiltrate and spread across all software within an individual’s computer. The Virus can then further spread to others via email or the transference of USB sticks, DVDs, CDs or any other removable disk.

Spyware is unauthorised software that monitors individual internet habits. Observing and recording internet sites visited, and personal information shared.

Malware or Malicious Software are files or programs that are inadvertently downloaded from websites as file or from spam emails. This software is designed to cause disruption to the computer user and can use up memory and corrupt files.

Phishing refers to the sending of fraudulent emails requesting personal details and banking information from unauthorised individuals impersonating legitimate brands, banks and retailers.

A hacker is a person capable of computer programming. In contemporary language, we recognize the term as a description of someone who uses their computer programming skills to illegally access the computer systems of businesses or individuals in order to cause corruption of to gain information.

A Firewall is a virtual barrier between your computer and the rest of the internet. It offers protection from attacks in your computer and information stored there. Many operating systems and routers have Firewalls built in, but rather than assume you have this protection, always check when installing that you have this first line of defence.

How to stay safe

Be aware
If you are using a shared computer then ensure you are logging out of all secure websites and don’t undertake any tasks that could put you at risk that online banking or using credit or debit cards. If you are working in a public space then be aware of who is around you and whether your personal information is on view or if your passwords are easily identifiable.

Anti-virus software/Mobile Security Software
Install anti-virus software on your computer and make sure all updates are regularly installed, it’s very easy to become complacent about updating this software – don’t be! It’s worth the effort or maintaining the software properly. If you conduct a lot of activity online, especially if you are running banking apps or purchasing via your smartphone then install specific mobile security. Banks can often advise on the best packages to download.

Email fraud
Over the years, email fraud or ‘phishing’ scams have become more sophisticated. Most brands will clearly state how they will correspond with you. If in doubt, don’t open the email and contact the brand directly using a tried and tested contact method to alert them to any potential scams.

There is conflicting advice when it comes to online passwords, but, you should try to vary the amount of passwords you use online as much as possible. This comes with its own challenges, especially if you have a large amount of sites you log in to and bad memory. If the last sentence describes you, then secure password manager sites like Lastpass could be helpful for you. Keep passwords varied and change them regularly to avoid being hacked.

Don’t be a Paranoid Android…
…but do have an appreciation for how quickly information you divulge online can spread. Don’t post anything that you wouldn’t want your mother or boss to see. Know there are bad guys online wanting to exploit those who are nonchalant about their online security.

At iPEGS, we help individuals and business create and sign secure digital forms to ensure that their business can operate efficiently within the digital space. You can take a look at our product range or browse our video demos in our Media Library.

For more information about how iPEGS can help you and your business, please contact us on 01244 955350 or email