Privacy Policy

Introduction: 

This Privacy Policy outlines how the Stern Center collects, uses, and protects personal information that we collect from our customers, patients, and other individuals in alignment with HIPAA requirements. We are committed to protecting the privacy of all personal information we collect and to complying with all applicable laws and aligning our practices with HIPAA regulations. 

Information Collection and Use: 

We collect personal information from our clients and other individuals and organizations only as necessary to provide our services and to comply with legal and regulatory requirements. This information may include, but is not limited to, name, address, email address, phone number, date of birth, social security number, educational data, medical information, and mental health information. 

We may use this personal information to: 

• Provide instruction and evaluation services to our clients  
• Communicate with our clients and authorized third parties 
• Comply with legal and regulatory requirements 
• Improve our services and client experience 
• We will not sell, rent, or lease personal information to third parties, unless we have your permission or are required by law. 

Information Protection: 

We are committed to protecting the security of all personal information we collect. We have implemented technical, administrative, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. This includes:  

1. Access controls: Technical measures to limit access to PHI to authorized individuals, including unique user identification, passwords or other authentication mechanisms, and automatic logoff after a period of inactivity. 

2. Encryption and decryption: Encryption and decryption mechanisms to protect PHI that is stored or transmitted over electronic communication networks. 

3. Audit controls: Hardware, software, and/or procedural mechanisms to record and examine access and other activity in systems containing PHI. 

4. Integrity controls: Measures to ensure the integrity of PHI, such as data backup and recovery, data validation, and access controls to prevent unauthorized alteration or destruction of PHI. 

5. Transmission security: Technical security measures to guard against unauthorized access to PHI that is being transmitted over electronic communication networks, such as firewalls, virtual private networks (VPNs), and secure socket layer (SSL) or transport layer security (TLS) protocols. 

Disclosure of Personal Information: 

We may disclose personal information to third parties in the following circumstances: 

• To comply with legal and regulatory requirements 
• To provide services to our customers and patients 
• To protect the rights, property, or safety of our company or others 
• We require any third party that receives personal information from us to maintain the confidentiality and security of the information and to use it only for the purpose for which it was provided. 

Changes to Privacy Policy: 

We reserve the right to modify this Privacy Policy at any time. We will notify customers and patients of any changes to this Privacy Policy by posting the updated policy on our website or by other means as appropriate. 

Client Notification: 

We will provide all clients with a Privacy Policy Notice and obtain their signature verifying that they have received and understand the Privacy Policy Notice prior to the start of their services. This will be renewed at the start of each new service at the Stern Center.  

HIPAA Compliance: 

At the Stern Center, most of our services are educational in nature rather than medical.  For those services that are considered health care, we do not bill or provide information for the purposes of billing health insurance companies. Given the nature of our practices and protocols, the Stern Center does not meet the criteria that requires an organization to be considered a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA). However, as an organization, we recognize the ethical obligation to handle client information in a responsible and secure manner and therefore we make every effort to adhere to the requirements outlined by HIPAA.  

We handle client information and records as Protected Health Information (PHI) and have implemented administrative, physical, and technical safeguards to protect PHI and to align with HIPAA compliance.  We have appointed the Stern Center COO as the Information Security Officer who will oversee our security program and to ensure that we align our practices with all applicable HIPAA requirements.