Confidentiality Policy

• Anyone with access to patients’ medical records, correspondence, or other sensitive content through work with clients should follow practices that acknowledge and reflect the critical nature of confidentiality and data security.  

• I don’t use subcontractors; all the work is done by me. I will not disclose any information shared with me by the client to a third party unless with written consent or required by law. 

•  All my work is done on a single password-protected computer. Two-step password authentication is required to access my dedicated email and cloud storage system.

•  File sharing will correspond to the client’s needs and can include Dropbox, Google Drive, OneDrive, end-to-end encryption, or any other preferred methods for HIPAA-compliant file transfer.

•  I will delete all documents from my hard drive and cloud storage system within 30 days of completion of a project. Any existing paper documentation will be shredded.

 For any other questions or concerns around confidentiality, please contact me.