Dear NOCD Community,
We are writing to address an article that appeared on the Mozilla Foundation website today discussing our privacy practices. We want to reassure you that this article is completely inaccurate and entirely misconstrues our practices. As we discuss below, we have gone above and beyond to make sure your data is secure. The authors of this article never sought to learn about our actual practices – which are highly protective of your privacy – before publishing. We will be following up with them to be sure this is taken down, but in the meantime wanted to communicate this to you as soon as possible.
To address one of the more egregious allegations here, they claim that we share your personal health information with third parties such as data brokers. This assertion is completely false, as we share only limited data and only as needed to provide treatment. The only third parties we share that limited data with are those that enable us to provide treatment to you and make it affordable – for example, the health plans that we must share data with in order to process insurance claims so that your treatment is covered. We do not share any of your session notes, your triggers, your messaging with your therapist, or anything related to your OCD with any third party unless upon your request (should you submit an ROI for your information to be released).
We have taken the utmost care to secure your privacy. The only disclosures we do make are fully compliant with HIPAA and limited to helping you gain and obtain coverage for treatment (to file a claim with your insurance plan); it is not a sale of your data. We have all Business Associate Agreements needed in place as required under HIPAA; we encrypt your data while in transit and at rest; we protect your data using Aptible, which explains its security measures as follows: “AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS.”
We care deeply about all of you, our community, and your privacy. We understand that this article may have caused you distress, so please do not hesitate to reach out with any questions to stephen@nocdhelp.com or privacy@nocdhelp.com.
Sincerely,
Stephen M. Smith
Cofounder and CEO of NOCD