You are here: Home -> Your Privacy in My Practice and on this Website
Your Privacy in My Practice
The general rule is that what gets discussed in a therapy session remains confidential unless you give me specific written permission to release information. You will need to complete and both of us will need to sign a "Release of Information" form in order for me to release information about you. There are some exceptions:
- If you intend to harm yourself, I may have to violate your confidentiality in order to protect you.
- If you intend to harm someone else, I will probably have to violate your confidentiality in order to protect someone else.
- If you talk about recent abuse of a child, I will have to report that. Psychologists are "mandated reporters" of child abuse in Pennsylvania.
- If a judge issues a court order compelling me to release information, I must comply.
Our Communications and Your Privacy
I use one of several HIPAA-compliant video conferencing services. Sessions are encrypted end-to-end. This makes our conversations unintelligible to others as they travel between my computer and your computer/cellphone.
Phone calls are not encrypted while in progress, but any voicemail you leave me is stored on an encrypted server. If you suffer from "Zoom fatigue" we can conduct sessions using the audio call feature of my client portal. Audio calls through my client portal are encrypted.
I use a HIPAA-compliant encrypted email service called Protonmail.com. They offer a basic FREE subscription. If both of us use Protonmail any messages and files we exchange (which is called "Protected Health Information" or PHI) are encrypted "end-to-end" from your computer/cell phone to mine. This is one way for us to exchange PHI without anyone else getting a hold of it. In addition to webmail, they also have an app for Android and iOS.
I do not use SMS and MMS texts due to their lack of encryption. My client portal does offer secure messaging and you are welcome to use that once you are a client.
I am not on Facebook, Twitter, etc.
How I handle and store your Protected Health Information (PHI)
I am required to maintain a record of our sessions in what is called a chart. Some of that is in paper format. Most of it is in my business computer. It is encrypted via "whole disk encryption", "home directory encryption" and your chart is also encrypted with a unique password. Triple encryption, if you will. I also use a HIPAA-compliant Electronic Health Record provider called Practice Better.
I maintain certain documents you give me in paper form. These are locked in a filing cabinet in a locked room. I scan any paper documents I have from you and store them on encrypted computers. I use a HIPAA-compliant offsite back-up company called Spideroak.com.
Your Privacy on this Website
I try to make your visit here a private one. No tracking cookies are used on this website. No programming from my website is running around in your computer. I also use an "HTTPS" web address, so that no one can see what you are doing here (although your Internet Service Provider (ISP) will know you have come to my website address if you are not using a Virtual Private Network).
Your IP address is considered Protected Health Information (PHI). Your IP Address is not logged on this website.