Please complete all boxes required for registration & check that you have entered the correct email. Check the acceptance of Terms & Conditions box. If the issue continues contact support@zmaaya.com

Zmaaya works best on Chrome. Check your internet connection. Reload the page. Contact - support@zmaaya.com

Click the section heading under which you would like to see your question. Click the + icon at the right side of the page & type your question. The question saves automatically. Check the box beside your question to ensure it is visible on your intake form.

Items you select or questions/text that you add to the intake form are saved automatically.

Contact support@zmaaya.com and we will assist.

The Zmaaya intake form is sent in the form of a link to our servers? Therefore no client private information is sent over email. The client clicks the link and completes the intake form on our servers. The intake form link expires in 48hours.

Yes. On the client dashboard tou can click to complete the client intake form together with the client.

The S standards for Session plan - you can attach your therapist session plan to the client session. The A stands for Action plan - this is the plan developed for the clients own personal use and may be different to the therapists session plan.

Click on the menu bar. Click “Set Up Outcome Measures”. Choose up to five (5) outcome measures from our library or click the + icon and add your own. The outcome measures will appear in your session notes.

Generic plans are plans that you have developed that are not attached to a client session. For example these might include - Lower Back Pain Plan or Weight Loss Plan.

Click on the menu bar in the top right corner of the app. Click on ‘Set Up Plan Components’. Here you can delete or add components.

After making an appointment with a client go to the Therapist Dashboard or the Client Dashboard. Expand the section for the client you wish to add session notes. Check the meodaity provided. Add the before & after putcome measures. Input your session notes. Click save. Notes cannot be edited after saving however you can add addition notes that will be date stamped.

You cannot change a session note once it has been saved. However you can add additional notes that will be dated stamped once you save them.

The following security standards are applied to the Zmaaya platform: - user ID & password protection for log in by subscribers - Two factor authentication (2FA) for subscriber log in - Time out for idle use - All client data is encrypted in the back end - Zmaaya is housed on the Amazon servers in the US - the Zmaaya intake form is sent as a link via email. When the link is clicked the intake form opens on our servers. That means that no personal, private or confidential information is ever sent over email. - the intake form link sent to clients expires after 48hrs. This reduces the risk of the email being opened by an unintended person. - As a company we have our own internal Standard Operating Policies and Procedures for investigating & reporting data breach

Your data is encrypted both in transit (between the browser and our servers) and also at rest (when stored on our servers). We use AES-256 bit encryption while transferring your data to/from our servers. We encrypt and store data on our servers using the AES 256-bit encryption. AES-256 is the industry standard for storing and transferring sensitive data. All backups of your data are also encrypted using AES-256 bit encryption. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks.

Yes, we use Amazon Web Services (AWS) and Box.com to store your data in the cloud.

We use Amazon Web Services and Box.com to store your data in the cloud. Our core infrastructure is hosted using these two services. We have Business Associate Agreements (HIPAA BAA) and Data Processing Agreements which requires these providers to meet the highest level of security and privacy for storing personal health information.

Any documents you upload to Zmaaya will be stored in AWS. Any generated PDFs for completed forms, archived notes and protocols will also be stored here. We use Box.com to facilitate our "Document Preview" feature within the portal. This allows PDFs, Word Docs and other document types to be viewed directly from the website without having to install 3rd party extensions or download files to your computer.

We have HIPAA Business Associate Agreements and GDPR Data Processing Agreements with vendors which store and process data on our behalf.

We have access controls, role-based authorization and IP whitelisting in place to restrict unauthorized access to cloud data. Both AWS and Box.com adhere to strict SSAE 18 auditing and reporting standards for managing access to data stored in their systems.

Yes, these providers are mandated to provide options (which we utilize) to completely wipe data from their servers.

Data is replicated across multiple redundant servers within our environment which mitigates the risk of loss of connectivity with one or more nodes (this guidance is specific to our AWS infrastructure - database and file servers).

Third parties services are outlined in our Privacy Policy. Updates to this list of providers are generally communicated via this Policy.

You can export client data by following the instructions here by making a written request to support@zmaaya.com Your export will be provided as a CSV file which includes spreadsheets of data included in the client file and documents associated with your client. Data you or your clients have created/uploaded to Zmaaya will be wiped completed from our system after 30 days either via automated batch processes or data retention rules defined in our infrastructure. For example: we have policies defined to limit database backups to a maximum of 30 rolling days. we run a nightly batch process to purge accounts (and related data) which have been marked for deletion by practitioner or client

We can provide a record of access/transfer of your clients' health information at your request. In general, we will only access your health information at your request to assist with troubleshooting issues related to your use of the system.

We can provide summarized reports of our regular vulnerability assessments. We generally conduct these assessments once per quarter and with the release of major features.

In the event of a data breach we will follow these procedures: Access to affected systems will be locked down Access credentials will be updated We will access the access logs and activity logs to determine the scope and impact of the breach Steps will be taken to determine how the breach occurred We will define steps to remediation (i.e. wipe data, update software code, increase logging) We will communicate data breach to affected parties via email We will provide notice of breaches of security or privacy to affected parties within 72 hours