Information Collection and Use:
We collect personal information from our clients and other individuals and organizations only as necessary to provide our services and to comply with legal and regulatory requirements. This information may include, but is not limited to, name, address, email address, phone number, date of birth, social security number, educational data, medical information, and mental health information.
We may use this personal information to:
- Provide instruction and evaluation services to our clients
- Communicate with our clients and authorized third parties
- Comply with legal and regulatory requirements
- Improve our services and client experience
- We will not sell, rent, or lease personal information to third parties, unless we have your permission or are required by law.
We are committed to protecting the security of all personal information we collect. We have implemented technical, administrative, and physical safeguards to protect personal information from unauthorized access, disclosure, alteration, or destruction. This includes:
- Access controls: Technical measures to limit access to PHI to authorized individuals, including unique user identification, passwords or other authentication mechanisms, and automatic logoff after a period of inactivity.
- Encryption and decryption: Encryption and decryption mechanisms to protect PHI that is stored or transmitted over electronic communication networks.
- Audit controls: Hardware, software, and/or procedural mechanisms to record and examine access and other activity in systems containing PHI.
- Integrity controls: Measures to ensure the integrity of PHI, such as data backup and recovery, data validation, and access controls to prevent unauthorized alteration or destruction of PHI.
- Transmission security: Technical security measures to guard against unauthorized access to PHI that is being transmitted over electronic communication networks, such as firewalls, virtual private networks (VPNs), and secure socket layer (SSL) or transport layer security (TLS) protocols.
Disclosure of Personal Information:
We may disclose personal information to third parties in the following circumstances:
- To comply with legal and regulatory requirements
- To provide services to our customers and patients
- To protect the rights, property, or safety of our company or others
- We require any third party that receives personal information from us to maintain the confidentiality and security of the information and to use it only for the purpose for which it was provided.
At the Stern Center, most of our services are educational in nature rather than medical. For those services that are considered health care, we do not bill or provide information for the purposes of billing health insurance companies. Given the nature of our practices and protocols, the Stern Center does not meet the criteria that requires an organization to be considered a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA). However, as an organization, we recognize the ethical obligation to handle client information in a responsible and secure manner and therefore we make every effort to adhere to the requirements outlined by HIPAA.
We handle client information and records as Protected Health Information (PHI) and have implemented administrative, physical, and technical safeguards to protect PHI and to align with HIPAA compliance. We have appointed the Stern Center COO as the Information Security Officer who will oversee our security program and to ensure that we align our practices with all applicable HIPAA requirements.