When users register on the app, the email they register with is confirmed to ensure the patient is who they say they are.

Biometric authentication: After patients register and log in to UpPatient, they have the option to enable biometric authentication (fingerprint or facial recognition) to log in to the app going forward.

UpPatient automatically logs users out after a short period of inactivity and requires a password, fingerprint, or facial recognition scan to log back in.

Because the patient data is saved on a server, and not on the device, there is no encryption required. The only data saved on the device is the session token.

Data stored on a server is encrypted ("encrypted at rest") and sensitive data (PHI) has an additional layer of encryption.

In the event that a non-authorized third party attempts to access sensitive data or files, they cannot view or interpret the data.

Data transmitted between the app and the servers is over https, which is itself encrypted for increased security. Thus, network providers can't read or intercept these communications.

Camera: Mandatory for virtual video consults

Microphone: Mandatory for virtual consults that are initiated as audio only

Push notifications: Required for notifying the app user when their provider attempts to initiate a virtual consult or if a provider sends them a message.