Streamline Your Acupuncture Practice | Jasmine Software: May 2013

Tuesday, May 14, 2013

Security: Philosophy of Trust

As we continue working hard to make Jasmine Practice Management a reality, we are now at a point where we are working on passing the Salesforce Security Review. I want to talk some about the security review and what it means to Jasmine Practice Management and you.

In the development of Jasmine Practice Management, we've made the architectural decision to build in the cloud and on a platform called Salesforce. While we believe that being cloud based offers many advantages and is the future of acupuncture practice management, we are also aware of the risks that come with an always on and always online environment. The main risk being security.

What is the Salesforce Security Review?

The Salesforce Security Review is a mandatory annual security review for applications built on the Salesforce Platform. The Salesforce Platform being the underlying technology we have chosen to build Jasmine Practice Management. The Salesforce Platform is a very powerful platform to build applications on top of and is a larger topic to be discussed in a later post.

Every year, Jasmine Practice Management will undergo this security review to ensure that new features and functionality we've developed adhere to Salesforce's strict level of security.

The scope of the security review covers all aspects of the application, even parts of the application not built directly on top of the platform. The reason for this is that the security of a system must be treated as whole to ensure that no vulnerabilities exist.

The security review is heavily based on OWASP, the Open Web Application Security Project, which is an organization whose mission is on improving the security of software. What this means is that the security review has been developed to meet industry best practices for security and to ensure applications meet a high level of security.

The many levels of the security review

The first level of the security review involves a source code vulnerability scanner. Brakeman will analyze our code to find security issues as we are developing the application and we can quickly address the issues.

The next level is to use industry strength security scanning tools, Checkmarx and Burp Suite, which mimic what hackers would do and to uncover security risks and vulnerabilities. These tools are used while the application is running and on the network as they would be in production.

The final level of the security review is a manual and automated application and network security testing performed by an expert on the Salesforce Security team. The results of the review are then shared with us and any issues will need to be resolved before Salesforce will allow Jasmine Practice Management to be offered on the platform.

Philosophy of Trust

As a company, Jasmine Software, we want to earn your trust. And we understand that trust takes time and must be earned. We intend to take steps to be a transparent company and part of that is talking directly and openly about security and keeping your data safe.

The security review is just a small part of a much larger discussion on security which I will be addressing more about in upcoming posts. In the meantime, for more details about Salesforce security is here.

If you have comments or question, feel free to contact me any time at

Thank You,

Minto Tsai

Thursday, May 2, 2013

Using Email to Maintain Contact with Clients

    During the interviews we have been doing with acupuncturists, we have been hearing them talk about using email to maintain contact with clients. This makes good business sense and stands out as a professional way to develop your clinic. The rest of this post will describe some of the email exchanges we have talked about with the community.

    A common request is for an email to be sent to a new client before their first appointment. This email can be very important in setting the tone for your business relationship with a new client. It makes sense for this email to welcome the new client and to provide them with information they will need in order to show up for their appointment (date, time, address). We are also hearing from many of you that this email should provide a way for the new client to access and complete the forms which are required by your clinic. This will save time for the clinic and the client if they can arrive for their first appointment having already completed an intake form, privacy policy statement, referral notification, arbitration agreement, and insurance information.

    A second type of email we have heard about is appointment reminders. This can indeed be a useful tool in helping new and established clients show up on time for their appointment. It is also useful for this communication to include information about their appointment. Clients might need to be reminded about the treatment they are going to receive, the status of any package they have purchased, and when they can expect the appointment to end. We are hearing that most clinics want a good deal of flexibility with this type of email. We have been told that not every client needs a reminder so the clinic should be able to enable this email for some clients and disable it for others. Some clinics have also asked for the ability to have a confirmation be a part of this email. This means a client needs to acknowledge they have seen the reminder and the clinic's calendar should show which clients have acknowledged their upcoming appointments. This way a clinic can identify a client who might need a telephone call because they have not confirmed their appointment.

    We have heard from quite a few clinics about the need to have a follow-up email after a client's appointment. This can also be an excellent way to maintain a faithful customer base. The follow-up email can include information about any herbs or exercises which have been identified for the client after their treatment. In addition, we have been told the follow-up email should include a request for the client to write a review. Word of mouth has always be a great way to develop your business and in today's on-line society a good on-line review can make a difference in your business. Think of it as word of mouth with the power of the internet.

    In addition to these basic business practices, we have also heard from some clinics that they want a way to review their customer base and to be able to send a more targeted message. Some have asked for the ability to send birthday greetings to clients. Others have asked for the ability to send an email with updates about the clinic which may pertain to some clients, but not others. For example if you develop new treatments which may benefit some segment of your clients it can be beneficial to your business development to get this message communicated to those clients. We have also had requests for the ability to send an email to clients who have not been to the clinic recently.

    I hope this post has given you some ideas about using email to communicate with your clients. We believe that our practice management application should support all of these types of communication. We look forward to working with the community to develop and deliver the right solutions to help your business thrive and grow. 

Please leave your thoughts and comments below or email us directly at