Online Session Privacy Policy

Updated Online Session Policies and Procedures as of April 7th, 2020:

Due to the nature of the internet it is impossible to engage online in a way that holds 100% no risk, however, I do everything in my power to protect your confidential data and online privacy. I do this by choosing platforms with high security standards and by only storing what information is necessary for me to support you in our work together. Below I outline what platforms I use for online sessions and how they address online privacy, as well as any new procedures required to access sessions online.  If you have any questions or concerns about anything contained in this document, please do not hesitate to reach out so we can discuss.

Platforms and procedures I use for online sessions and how they address online privacy:

 

Zoom.us

In order for us to connect online, I use a paid account for software called Zoom. It provides end-to-end video encryption, so Zoom does not have access to any information about the content of our sessions, nor do I enter any information about you when I set up the meetings. Zoom may have access to any information you enter about yourself upon joining the meeting, such as your name and email, as well as your IP address (aka where your computer is located in the world) so they can allow us to connect. You can read their privacy policy here https://zoom.us/privacy for more detailed information about what information they collect and your online privacy while using the platform. You can also read this document highlighting Zoom’s PIPEDA (Canada’s Personal Information Protection and Electronic Documents Act) compliance measures.

Please note that Zoom servers are located globally, which includes the EU, UK, US, and Canada, so our call may connect through a server outside of BC and/or Canada. However, since our sessions are live-streamed, no data about the content of our sessions will be stored, only that the meeting happened. If you decide to set up your own Zoom account independent of our sessions, I highly recommend always logging in using your email vs. through your Facebook account as Facebook typically is pretty dodgy when it comes to online privacy. 

Cliniko.com

I use an online client management platform called Cliniko, which has global redundancy servers in Canada, Australia, the EU, UK, and the USA, but all data is stored and processed in Canada. It utilizes end-to-end encryption and uses a 2048-bit SSL certification for encryption in transit. All information is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. Here I store necessary demographic details such as your name, phone number, email, and address from the information provided in your intake form along with your intake paperwork, plus any other forms you fill out for me or any letters I’ve written for you. Cliniko is also the platform that sends session reminders and receipts to your email. For more information about this platform, you can look here https://www.cliniko.com/security/

Google for Work

For email, I use Google for Work that also has global servers, including those located in the EU, UK & US. For more detailed information about howGoogle for Work privacy and encryption works, you can read this document. Although all messages, attachments, and contact emails stored on this platform are end-to-end encrypted, I still only recommend using email for administrative or scheduling purposes as an additional safeguard.

E-transfers

Payments for online sessions are accepted through e-transfer, which means that your bank and my bank will know that you are sending a payment to me. However, they will not be aware of the reason for the transfer. I recommend looking at your bank’s privacy information for more information about your online banking privacy.

Client Files

As with in-person sessions, session notes are still taken on paper and added to your physical file, usually located in a locked filing cabinet in my locked downtown office. Until guidance is received that it is safe to resume in-person sessions, client files are currently stored in a locked cabinet in my locked home office. Each quarter, client records are scanned to an encrypted, password-protected external flash drive that is stored in a locked fire and flood-proof safe in my home office as a backup in case of a fire or flood at my downtown office.

If you have any questions or concerns about the use of any of these platforms or procedures, please let me know and I’m happy to address them.

 

Preparing for online sessions:

 

For us to connect for our online sessions, you will need access to a device that has a webcam, microphone, and speakers, as well as access to high-speed internet. This device can be a smartphone, tablet, or computer. I also highly recommend using headphones with a mic to improve sound quality and increase privacy.

Once you have found the device you plan to use, next, you need to find a quiet private place so you can have as few distractions as possible. If you are home with other family members or roommates, I recommend trying to find a room in the house where you can close the door and possibly turn on some music or a white noise machine if you concerned others could overhear our time together. If you have access to a car, this can sometimes be a solution to a lack of privacy at home if this is a concern for you.

Confidentiality regarding sessions:

The same confidently and limits to that confidentiality apply as with in-person meetings, meaning we will keep everything shared in sessions only between the two of us unless there is the disclosure of; ongoing child/elder/vulnerable persons abuse, imminent harm to you or someone else, or in the very unlikely event my records are subpoenaed – otherwise what is said in session stays between us. However, when we do online sessions, there are a few extra things we need to consider to help make this possible.

For us both to speak as freely online as we would in my office, sessions are not to be video or audio recorded, or screen grabbed in any way, by either of us, unless there are explicit discussions and permission by both sides. In the minimal circumstances where this would be appropriate, and permission is given, those files cannot be shared with anyone other than the two of us. Also, it is not ok for other people to be present or listen in to our sessions at any time. If you are in a circumstance where this is unavoidable, I need to know. We can discuss the impact this may have on our sessions and come up with a plan to address this together.

You may also want to consider what’s in the background of where you connect with me as I will be able to see it. If this is something that you are concerned about, you can shift your back and the monitor to face a wall to limit what I can see. However, this is a judgment-free zone, and the only thing I’m focused on is you.

Additional Online Privacy Recommendations:

 

These recommendations apply to all online interactions, not just our sessions so they are just helpful reminders of ways you can maintain your privacy online:

  1. Remember to protect any devices used for a mobile or online connection with secure hard-to-guess passwords.
  2. Make sure to change any default password provided for initial access to an application immediately.
  3. Use a private window when using online applications. This means opening an Incognito window on Chrome or a private window on Safari and Firefox, before opening the app you are using.
  4. If you are sharing sensitive information, make sure you are not using a public device.
  5. Be extra careful if you have free apps such as social media applications on your phone or computer. Double-check all privacy settings often to make sure they are on the highest privacy settings as settings can change without notice.
  6. Make sure that you install any system upgrades and security patched immediately 
  7. Only use private WiFi connections
  8. If you have access to a Virtual Private Network (VPN) or can set up one, use this to ensure that you have encrypted connections for all your online contacts.
  9. Use tools that have end-to-end encryption, security features, and password protection
  10. Don’t use free tools as these are more likely to be hacked and therefore are a higher risk to use.

If you have any questions or concerns about utilizing online sessions, please don’t hesitate to reach out. We will find a way to make this work for you. Please check this document regularly for the most up to date information. If any substantial changes are made, you will be notified.