Can I share my Physitrack account with a colleague?
Short answer: No, you cannot and should not. Below we explain why it is not allowed, either from a legal perspective or from a Physitrack perspective.
1. Physitrack's terms of service
Physitrack is an online platform with individual accounts tied to individual users. In our Terms of Service, you can read at point 7a that when you start a subscription, you get a non-transferable licence (permission) to use the platform. As with other popular online services such as Spotify or Netflix, you are not allowed to let this licence (or your account) be used by colleagues or others.
For clarity, we also specifically mention at point 9 of these Terms of Service that account sharing is not allowed, and that you as a user are obliged to notify us immediately if you suspect that your Physitrack account is or may be used by others, so that the required security measures can be taken.
2. Physitrack's system architecture
Physitrack was never designed or built to support more than one user per account. If a colleague logs in to a Physitrack account while you are working with it, you will be immediately logged out and lose the work you were currently doing. If you were almost done with an exercise programme, all parameters are correct, additional instructions have been added, etc., you can start from scratch. A waste of time - with your own account, you will never run into this problem!
3. General Data Protection Regulation (GDPR)
The third reason - perhaps the most important one: by sharing an account, you run a high risk of also being in breach of the General Data Protection Regulation (GDPR).
- As a healthcare practitioner, you work with sensitive information about your patients, such as medical histories, diagnoses and treatment plans. By sharing your Physitrack account, you increase the risk of unauthorised access to this data, which could violate patients' privacy rights.
- Each user account in Physitrack is linked to a specific healthcare practitioner. By sharing your Physitrack account, you make it impossible to trace actions related to patients back to individual users, which is a requirement under the GDPR.
- Physitrack is committed to providing a secure platform. However, sharing accounts increases the risk of data loss or data leaks. This could be due to a malicious action, but it certainly does not have to be the case.
- If things go wrong, you could face nasty, high fines. And it doesn't have to stop there: you can be held liable for material or immaterial damages and your reputation will be severely dented.
Summary
Data security and protection is a subject we take extremely seriously at Physitrack, and we would ask you, as a healthcare practitioner, to do the same.
Here you can read in detail about what we all do to keep both your and your patients' data safe. For instance, we are proud to be ISO:27001 and ISO:27018 certified, and the platform is of course fully compliant with both GDPR and HIPAA. However, the security of an information system is only as strong as the weakest link in the chain. We would urge you to ensure that you are not that weakest link.