Privacy policy

Last Updated: May 6, 2025

At Elevated MedLegal Solutions, I am dedicated to protecting the privacy and confidentiality of your personal and sensitive information. This Privacy Policy outlines how I collect, use, disclose, and safeguard information when you visit my website www.elevatedmedlegal.com or engage my freelance medical-legal writing and consultation services for personal injury cases. By using my website or services, you agree to the practices described in this policy.

1. Information I Collect

I collect the following types of information to provide my medical-legal writing and consultation services:

a. Personal Information

  • Contact Information: Name, email address, phone number, or mailing address provided when you contact me, request a consultation, or engage my services.

  • Professional Information: Details shared during consultations or project work, such as:

    • For lawyers/law firms: Case details, client information, or legal documents relevant to personal injury lawsuits.

    • For physicians/surgeons: Medical records, expert opinions, or clinical data relevant to case evaluations.

    • For patients/clients: Personal or medical information provided in connection with personal injury cases, typically through their medical providers or legal representatives.

  • Payment Information: Billing details (e.g., credit card or bank information) processed securely through third-party payment processors.

b. Sensitive Information

  • Medical-Legal Data: Health records, medical reports, case summaries, or other sensitive information provided for drafting reports, expert witness preparation, or consultation services. This may include protected health information (PHI) subject to laws like HIPAA.

c. Non-Personal Information

  • Website Usage Data: Information collected automatically when you visit my website, including IP address, browser type, operating system, pages visited, and time spent on the site, gathered via cookies or similar technologies (see Section 5).

  • Analytics: Aggregated data about website performance and user behavior, collected through tools like Google Analytics.

2. How I Collect Information

I collect information in the following ways:

  • Directly from You: When you submit contact forms, request services, email me, or provide documents for medical-legal writing or consultation (e.g., medical records, case files).

  • Automatically: Through website cookies, analytics tools, or server logs.

  • From Third Parties: From trusted service providers (e.g., payment processors, Squarespace, Google Workspace) or, with your permission, from clients’ legal or medical representatives.

3. How I Use Your Information

I use your information to:

  • Provide medical-legal writing and consultation services, such as drafting case reports, medical chronologies, expert witness statements, or other documents for personal injury cases.

  • Communicate with you about your projects, consultations, or billing.

  • Process payments securely through third-party processors.

  • Improve my website and services through analytics and feedback.

  • Comply with legal obligations, including privacy laws like HIPAA, GDPR, or CCPA, where applicable.

  • Maintain confidentiality and security of sensitive medical and legal information.

⠀I do not use your information for marketing or promotional purposes unless you explicitly consent, and I will never sell your data.

4. How I Share Your Information

I prioritize confidentiality and do not sell or rent your personal or sensitive information. I may share information only in the following circumstances:

  • Service Providers: With trusted third parties who assist in delivering my services, including:

    • Squarespace: My website hosting platform, which may process website usage data or form submissions. Squarespace adheres to industry-standard security practices.

    • Google Workspace: My email, document storage, and collaboration platform, used for client communications and secure file management. Google Workspace is configured to comply with HIPAA and other privacy standards.

    • Other providers, such as payment processors or analytics tools, which are contractually obligated to protect your data and comply with applicable laws.

  • Legal Requirements: If required by law, regulation, or legal process (e.g., court order, subpoena, or to comply with HIPAA or other regulations).

  • With Your Consent: If you or your authorized representative (e.g., attorney) explicitly agree to share information for a specific purpose, such as collaborating with other professionals on a case.

  • Business Transfers: In the rare event of a sale, merger, or acquisition of my business, your information may be transferred as part of the transaction, with safeguards to maintain confidentiality.

5. Cookies and Tracking Technologies

My website, hosted by Squarespace, uses cookies and similar technologies to:

  • Enhance your browsing experience (e.g., remembering preferences).

  • Analyze website performance and user behavior through tools like Google Analytics or Squarespace Analytics.

⠀You can manage cookie preferences through your browser settings or Squarespace’s cookie banner (if enabled). Disabling cookies may limit some website functionality. Given my professional audience, I minimize the use of tracking for advertising purposes.

6. Data Security and Confidentiality

I implement robust technical and organizational measures to protect your personal and sensitive information, particularly medical and legal data, from unauthorized access, loss, or misuse. These measures include:

  • Secure website hosting through Squarespace with encryption (e.g., SSL/TLS).

  • Encrypted storage and transmission of sensitive data, including PHI, via Google Workspace’s secure tools.

  • Limited access to your information, restricted to me and essential service providers under strict confidentiality agreements.

  • Compliance with HIPAA standards for handling protected health information, where applicable.

  • Use of reputable third-party providers that meet industry security standards.

⠀While I strive to maintain the highest security standards, no system is entirely immune to risks, and I cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction and applicable laws (e.g., GDPR, CCPA, HIPAA), you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal or sensitive data I hold about you.

  • Correction: Request corrections to inaccurate or incomplete data.

  • Deletion: Request deletion of your data, subject to legal obligations (e.g., retaining records for tax purposes or HIPAA compliance).

  • Restriction: Request restrictions on how your data is processed.

  • Data Portability: Request a transferable copy of your data.

  • Opt-Out: Opt out of non-essential data processing, such as cookies (where applicable).

⠀To exercise these rights or inquire about your data, contact me at brielle@elevatedmedlegal.com. I will respond within the timeframes required by law (e.g., 30 days for GDPR/CCPA, 45 days for HIPAA).

If you are a patient/client, I typically work through your legal representative, and requests for access or deletion may need to be coordinated with them to ensure compliance with legal processes.

8. Data Retention

I retain personal and sensitive information only for as long as necessary to:

  • Complete the services requested (e.g., delivering a medical-legal report).

  • Comply with legal, tax, or regulatory obligations (e.g., retaining billing records for 7 years or maintaining HIPAA-compliant records).

  • Support ongoing client relationships, unless you request deletion.

⠀After this period, I securely delete or anonymize your data in accordance with applicable laws.

9. Third-Party Links

My website may include links to third-party websites (e.g., payment processors or professional organizations). I am not responsible for their privacy practices or content. Please review their privacy policies before sharing information.

10. International Data Transfers

If you are located outside the United States (e.g., in the EU), your information may be processed or stored in the United States, where data protection laws differ. I ensure appropriate safeguards, such as using service providers like Squarespace and Google Workspace that comply with GDPR or equivalent frameworks, to protect your data during international transfers.

11. HIPAA Compliance

For clients in the United States, particularly physicians, surgeons, or patients, I adhere to the Health Insurance Portability and Accountability Act (HIPAA) when handling protected health information (PHI). This includes:

  • Using Google Workspace in a HIPAA-compliant manner, with appropriate security configurations and a signed Business Associate Agreement (BAA) with Google.

  • Signing BAAs with covered entities (e.g., physicians or law firms) as needed.

  • Using HIPAA-compliant tools for data storage and communication.

  • Training and processes to ensure confidentiality of PHI.

⠀If you are a covered entity under HIPAA, please contact me at brielle@elevatedmedlegal.com to execute a BAA before sharing PHI.

12. Children’s Privacy

My website and services are not intended for individuals under 16. I do not knowingly collect personal information from children. If such data is inadvertently collected, I will delete it promptly upon discovery.

13. Changes to This Privacy Policy

I may update this Privacy Policy to reflect changes in my practices or legal requirements. Updates will be posted on this page with a revised “Last Updated” date. For significant changes, I may notify you via email or a website notice.

14. Contact Me

For questions, concerns, or requests regarding this Privacy Policy, please contact me at:

Elevated MedLegal Solutions
brielle@elevatedmedlegal.com