Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

Your Information. Your Rights. Our Responsibilities.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

PURPOSE

 This Privacy & Security Policy applies to all Brooks Continuing Education (CE) programs. 

(ASHA), American Occupational Therapy Association (AOTA), state Physical Therapy (PT), Occupational Therapy (OT), and Speech Language Pathology (SLP) boards, nursing boards, and other accrediting bodies. It outlines how Brooks collects, uses, protects, stores, and shares personal information across all CE activities.

POLICY

Brooks provides CE activities across multiple professions and accrediting bodies. This policy governs how Brooks collects, uses, protects, stores, and shares personal information.

DEFINITIONS

Personal Information: Includes data that identifies an individual (e.g., name, employee ID, contact details).

CE Data: Any information collected or generated to enroll, deliver, document, verify, or report continuing education, certification, or licensure (e.g., course completions, credits, scores, certificates, licensure numbers, expiration dates).

Data Privacy: The set of principles, policies, and practices that govern how personal information is collected, used, shared, stored, and retained to ensure it is handled in a lawful, fair, transparent, and purpose‑limited manner.

Data Security: The administrative, technical, and physical safeguards implemented to protect information from unauthorized access, use, disclosure, modification, destruction, or loss.

Accreditation Bodies: External organizations that accredit courses, providers, or professional credentials (e.g., Florida Board of Physical Therapy).

PROCEDURES

  1. Information We Collect

Brooks collects identification, contact information, professional details (e.g., ASHA numbers, AOTA IDs, state license numbers), participation records, payment data (via secure third parties), and technical data (IP address, device information).

  1. How We Use Information

Brooks uses personal information to enroll and support learners, deliver CE content, verify completion, issue certificates, report CEUs or CE credits to selected accrediting bodies, and meet legal and accreditation requirements.

  • Accreditor-Specific Reporting

Brooks reports: ASHA CEUs to the ASHA CE Registry, AOTA CE units as required, CE credit verification to PT/OT/SLP state boards, and CE documentation to nursing boards.

  1. Sharing Information

Brooks does not sell personal information. Data is shared only with accrediting bodies selected by the learner or required by regulation, and with secure vendors.

  1. Security Measures

Security safeguards include encrypted transmission, access controls, multi-factor authentication, secure storage, vendor vetting, and backup systems.

  1. Records Retention

Brooks maintains records per accreditor requirements, retaining records  only as long as necessary to meet legal, regulatory, accreditation, or audit requirements, and organizational needs.

  • Individual Rights

Learners may access or update information, request corrections, or opt-out of non-essential communications. Changes to ASHA learner records must be made directly through ASHA.

  • Staff Responsibilities

Brooks trains CE staff on privacy and security procedures and maintains documented policies.

  1. Incident Response

Brooks investigates and addresses security incidents promptly and notifies affected parties when required.

  1. Contact Information

Report suspected privacy or security incidents involving CE Data immediately to:
Email: privacy@brooksrehab.org
Mail: Brooks Rehabilitation – CE Privacy Office

Affected parties and regulators are notified as required by law and contracts.

  1. Policy Availability & Updates

This policy is available during registration and reviewed for updates annually.