We collect only the information necessary to support neuropsychological assessment, therapy, and practice operations.

This may include:

• Personal Information: Name, date of birth, contact details

• Health Information: Medical history, neuropsychological assessment results, therapy notes, and diagnostic impressions

• Administrative Details: Billing information, insurance data, and appointment history

• Emergency Contact Information: For use in urgent or safety-related situations

We use your information solely to deliver and support your care. This includes:

• Conducting neuropsychological assessments

• Providing therapy and treatment services

• Coordinating care with other providers (only with your consent)

• Managing scheduling, billing, and communication

• Fulfilling professional, legal, and ethical obligations

• We will never sell your data or share it without your permission, except where legally required or in circumstances involving risk of harm.

Your information is kept confidential, with limited exceptions:

• With your informed consent (e.g., sharing results with a referring physician or school)

• When required by law (e.g., court order, child protection concerns)

• If necessary to prevent serious harm to yourself or others

• To coordinate healthcare services, with your permission

Under the Personal Information Protection Act, you have the right to:

• Access your personal records

• Request corrections to inaccurate or outdated information

• Limit or withdraw consent to how your data is used (within legal/ethical limits)

• Request deletion of records, where appropriate and legally permissible

To exercise any of these rights, please contact us at admin@mindsetbermuda.com.

We take your privacy seriously and maintain strict safeguards:

• Encrypted, password-protected electronic health record (EHR) systems

• Limited access to clinical data—only staff involved in your care can view your records

• Staff training in confidentiality and data protection

• Secure email communications (by request)

• Ongoing audits to ensure compliance with PIPA and HIPAA

Client records are securely retained for the period required by local law and professional standards. Once that period has passed, all information is securely deleted or destroyed.

If there is ever a security breach that may impact your personal information, you will be notified promptly in line with both PIPA and HIPAA requirements. We will also notify the Office of the Privacy Commissioner (Bermuda) as required.

We may occasionally update this policy to reflect changes in law or practice. All major updates will be posted on our website and communicated to current clients.