Question 1

I am trying to register but I keep seeing a circle with an arrow through it & am unable to register.

Accepted Answer

Please complete all boxes required for registration & check that you have entered the correct email. Check the acceptance of Terms & Conditions box. If the issue continues contact support@zmaaya.com

Question 2

I am unable to save my registration information.

Accepted Answer

Zmaaya works best on Chrome. Check your internet connection. Reload the page. Contact - support@zmaaya.com

Question 3

How can I add a new question to the intake form?

Accepted Answer

Click the section heading under which you would like to see your question. Click the + icon at the right side of the page & type your question. The question saves automatically. Check the box beside your question to ensure it is visible on your intake form.

Question 4

How do I save the questions I have selected in the intake form?

Accepted Answer

Items you select or questions/text that you add to the intake form are saved automatically.

Question 5

How do I change to another Google calendar?

Accepted Answer

Contact support@zmaaya.com and we will assist.

Question 6

When I send the intake form to my client is that HIPAA compliant?

Accepted Answer

The Zmaaya intake form is sent in the form of a link to our servers? Therefore no client private information is sent over email. The client clicks the link and completes the intake form on our servers. The intake form link expires in 48hours.

Question 7

Can I complete the intake form with my client?

Accepted Answer

Yes. On the client dashboard tou can click to complete the client intake form together with the client.

Question 8

What do S & A symbols mean on the client session appointment?

Accepted Answer

The S standards for Session plan - you can attach your therapist session plan to the client session. The A stands for Action plan - this is the plan developed for the clients own personal use and may be different to the therapists session plan.

Question 9

How do I set-up outcome measures for my client?

Accepted Answer

Click on the menu bar. Click “Set Up Outcome Measures”. Choose up to five (5) outcome measures from our library or click the + icon and add your own. The outcome measures will appear in your session notes.

Question 10

What are generic plans?

Accepted Answer

Generic plans are plans that you have developed that are not attached to a client session. For example these might include - Lower Back Pain Plan or Weight Loss Plan.

Question 11

How to I add my own content to the lists in the management plans?

Accepted Answer

Click on the menu bar in the top right corner of the app. Click on ‘Set Up Plan Components’. Here you can delete or add components.

Question 12

How do I add a session note for a client?

Accepted Answer

After making an appointment with a client go to the Therapist Dashboard or the Client Dashboard. Expand the section for the client you wish to add session notes. Check the meodaity provided. Add the before & after putcome measures. Input your session notes. Click save. Notes cannot be edited after saving however you can add addition notes that will be date stamped.

Question 13

Can I edit my session notes after they have been saved?

Accepted Answer

You cannot change a session note once it has been saved. However you can add additional notes that will be dated stamped once you save them.

Question 14

What are some of the security measures protecting data & information in Zmaaya?

Accepted Answer

The following security standards are applied to the Zmaaya platform: - user ID & password protection for log in by subscribers - Two factor authentication (2FA) for subscriber log in - Time out for idle use - All client data is encrypted in the back end  - Zmaaya is housed on the Amazon servers in the US - the Zmaaya intake form is sent as a link via email. When the link is clicked the intake form opens on our servers. That means that no personal, private or confidential  information is ever sent over email. - the intake form link sent to clients expires after 48hrs. This reduces the risk of the email being opened by an unintended person. - As a company we have our own internal Standard Operating Policies and Procedures for investigating & reporting data breach

Question 15

Is my data stored and transmitted securely in Zmaaya?

Accepted Answer

Your data is encrypted both in transit (between the browser and our servers) and also at rest (when stored on our servers). We use AES-256 bit encryption while transferring your data to/from our servers. We encrypt and store data on our servers using the AES 256-bit encryption. AES-256 is the industry standard for storing and transferring sensitive data. All backups of your data are also encrypted using AES-256 bit encryption. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks.

Question 16

Is any of my data stored or processed using cloud-based services?

Accepted Answer

Yes, we use Amazon Web Services (AWS) and Box.com to store your data in the cloud.

Question 17

What third-party service providers does Zmaaya use to store my data?

Accepted Answer

We use Amazon Web Services and Box.com to store your data in the cloud. Our core infrastructure is hosted using these two services. We have Business Associate Agreements (HIPAA BAA) and Data Processing Agreements which requires these providers to meet the highest level of security and privacy for storing personal health information.

Question 18

What data is stored using these providers?

Accepted Answer

Any documents you upload to Zmaaya will be stored in AWS. Any generated PDFs for completed forms, archived notes and protocols will also be stored here.   We use Box.com to facilitate our "Document Preview" feature within the portal. This allows PDFs, Word Docs and other document types to be viewed directly from the website without having to install 3rd party extensions or download files to your computer.

Question 19

Do you have agreements with these third-party cloud providers?

Accepted Answer

We have HIPAA Business Associate Agreements and GDPR Data Processing Agreements with vendors which store and process data on our behalf.

Question 20

How is my data protected from unauthorized access?

Accepted Answer

We have access controls, role-based authorization and IP whitelisting in place to restrict unauthorized access to cloud data. Both AWS and Box.com adhere to strict SSAE 18 auditing and reporting standards for managing access to data stored in their systems.

Question 21

Do these cloud service providers have the ability to permanently delete my data?

Accepted Answer

Yes, these providers are mandated to provide options (which we utilize) to completely wipe data from their servers.

Question 22

What happens to my data in the event of a natural disaster?

Accepted Answer

Data is replicated across multiple redundant servers within our environment which mitigates the risk of loss of connectivity with one or more nodes (this guidance is specific to our AWS infrastructure - database and file servers).

Question 23

How will I be notified of changes in third-party providers who will have access to my data?

Accepted Answer

Third parties services are outlined in our Privacy Policy. Updates to this list of providers are generally communicated via this Policy.

Question 24

Can I export my clients' data?

Accepted Answer

You can export client data by following the instructions here by making a written request to support@zmaaya.com Your export will be provided as a CSV file which includes spreadsheets of data included in the client file and documents associated with your client. Data you or your clients have created/uploaded to Zmaaya will be wiped completed from our system after 30 days either via automated batch processes or data retention rules defined in our infrastructure. For example: we have policies defined to limit database backups to a maximum of 30 rolling days. we run a nightly batch process to purge accounts (and related data) which have been marked for deletion by practitioner or client

Question 25

Can I request a record of all accesses and transfers of personal health information associated with my clients?

Accepted Answer

We can provide a record of access/transfer of your clients' health information at your request. In general, we will only access your health information at your request to assist with troubleshooting issues related to your use of the system.

Question 26

Can I be provided with a threat risk and privacy impact assessment of services provided through Zmaaya?

Accepted Answer

We can provide summarized reports of our regular vulnerability assessments. We generally conduct these assessments once per quarter and with the release of major features.

Question 27

What policy do you have in place in the event of a data breach?

Accepted Answer

In the event of a data breach we will follow these procedures: Access to affected systems will be locked down Access credentials will be updated We will access the access logs and activity logs to determine the scope and impact of the breach Steps will be taken to determine how the breach occurred We will define steps to remediation (i.e. wipe data, update software code, increase logging) We will communicate data breach to affected parties via email We will provide notice of breaches of security or privacy to affected parties within 72 hours

Zmaaya Mobile App is now available on Google and Apple App Store. Click to know more.

Want To Know More?