Confidentiality Policy

Effective Date: May 22, 2024

The purpose of this Confidentiality Policy is to protect the personal, medical, and financial information entrusted to Endometriosis Excision for All by individuals seeking support, as well as by volunteers, partners, and other stakeholders. This policy outlines how confidential information is collected, stored, accessed, and disclosed in a manner that upholds legal standards and ethical responsibility.

This policy applies to:

  • Volunteers

  • Board Members

  • Contractors and partners

  • Anyone acting on behalf of Endometriosis Excision for All

All individuals associated with the organization are expected to uphold confidentiality at all times.

  • Information shared with Endometriosis Excision for All is treated with the utmost care and respect.

  • Personal, medical, and financial data will only be accessed on a need-to-know basis and used solely for the purposes of evaluating assistance eligibility, coordinating care, or fulfilling legal obligations.

  • Individuals must be informed of how their data will be used, and consent must be obtained prior to storing or sharing personal information.

Types of Information We Handle

We may collect and store the following types of information:

  • Applicant details including name, contact information, and demographics

  • Medical records and diagnosis details shared as part of financial assistance requests

  • Financial documentation used to assess eligibility

  • Volunteer and donor records

  • Communications through email, website forms, or events

Storage and Security

  • Paper files containing sensitive data are kept in locked cabinets accessible only to authorized personnel.

  • Digital records are protected with secure passwords, encrypted storage, and secure access protocols.

  • Any document containing personal or medical information must be labeled “Confidential.”

  • Confidential data must never be discussed in public or non-secure spaces.

Sharing of Information

Information will only be shared:

  • With explicit written consent from the individual

  • With medical providers or support agencies involved in coordinating care (with consent)

  • When legally required (e.g., in cases of suspected abuse, harm, or fraud)

  • With law enforcement or government agencies as required by federal or state law

Rights of Individuals

Any person whose data is stored by Endometriosis Excision for All has the right to:

  • Request access to their information

  • Request correction of inaccurate data

  • Request deletion of their records, unless required to be retained by law

  • Understand how their data is being used and with whom it is shared

Requests must be made in writing to the contact listed above.

Duty to Disclose

We are legally obligated to report:

  • Suspected child or elder abuse or neglect

  • Threats of harm to self or others

  • Participation in or knowledge of criminal activities (e.g., fraud, human trafficking)

In such cases, we will inform the individual of our duty to report unless doing so would place someone at further risk.

Breach of Confidentiality

Any breach of confidentiality—intentional or accidental—will be taken seriously and may result in disciplinary action, including removal from volunteer or board positions. If a breach involves a third party or former volunteer, legal steps may be pursued.