Frequently Asked Questions
Yes. We respect your privacy both by law and by priority (see our consent forms). iWILL ’til iRECOVER protects your identity and communications at every step of our process. For any treatment program to work, clients must share their thoughts and feelings with their counselors and group members. You decide how much to share.
Only the other iWILL ’til iRECOVER clients in your group and your counselor can see you. In group sessions, iWILL ’til iRECOVER clients often develop tight bonds, and your counselor needs to get to know you. Seeing each other is the only way for your group to make real connections.
Feel free to use just your first name and last name initial, or a nickname.
iWILL ’til iRECOVER’s video conference system is encrypted using 256-bit Advanced Encryption Standard (AES), the global standard for data encryption. Even if someone intercepts video from a therapy session, they can’t see or hear it. Each meeting link is encrypted and password-protected and is sent to your calendar. We do not record therapy sessions.
iWILL ’til iRECOVER clients live all over the country. Since iWILL ’til iRECOVER is online, clients who live close to each other won’t belong to the same group. If we suspect clients know each other for any reason, we’ll put them in different groups.
No. Clients are responsible for keeping what they hear and see confidential. Clients are legally obligated to keep their home and computer equipment safe for the group. Special permission can allow clients to bring someone else in some cases. For example, when an iWILL ’til iRECOVER counselor feels that family participation is therapeutic.
There is no need to share your private communication numbers with your counselor if you don’t want to. All communication between you and your counselor happens inside our HIPAA-compliant portal. You can message your counselor, and exchange links, documents, and other files.
iWILL ’til iRECOVER maintains ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain and store protected health information for any entities restricted by these regulations.
All production data is in a VPC (virtual private cloud). Internal access is firewalled and users must be authenticated on the VPN and via multi-factor authentication to access anything.
End of employment processes are in place. VPN access is disabled, AWS and administrator access keys are terminated, and all access to PHI is revoked. Upon termination, employees are required to destroy remaining local data and return hardware to iWILL ’til iRECOVER.
Per internal IT policy, we only upgrade instances to stable release versions, or hosted HIPAA compliant SaaS offerings, and apply all security patches when released.
We follow all NIST password guidelines for login based systems: https://pages.nist.gov/800-63-3/sp800-63b.html
Yes. Code reviews and analysis are conducted by all engineers as a part of the development process. iWILL ’til iRECOVER does application scans and penetration tests at least quarterly.