MST Institute
About MST Institute Services QA Program Contact MSTI

Privacy Policy for MST Institute

This Privacy Policy governs the privacy terms of our website. We are committed to maintaining the privacy of information stored on our website. We are committed to maintaining a proactive approach to the privacy and security of data that is submitted by our client organizations in accordance with HIPAA and GDPR. This privacy policy will explain how our organization uses the personal data about our users and individuals receiving Multisystemic Therapy, MST®.

What information do we collect?

MST Institute collects only the information necessary to support quality assurance monitoring and training of MST staff. Users provide their name, employer name and email address and Users who are MST therapists also provide information about gender, race/ethnicity, professional qualification, and bilingual status.  We also collect basic demographic information about individuals receiving MST® (including year of birth, gender, race/ethnicity, state, country and outcomes of services).  For client organizations who use our call center to collect therapy adherence data, we also collect the name of caregivers receiving MST and their phone number.

How do we collect information?

MST Providers enter most of the data we collect directly into our websites or upload data through our secure portals. This includes the data listed above about their staff and their clients receiving MST. We might also collect data directly in the following ways:

  • When a client receiving MST from a team using our call center answers survey questions voluntarily about their therapist’s adherence to MST
  • When authorized users use or view our websites via their browser’s cookies

Who can access the information?

Permissions are limited to those working directly with an organization providing MST services, i.e., the MST Provider, staff providing training and support to the MST Providers, and the MST Helpdesk staff. MST Providers can view all the data they provide about their program and request changes as needed.

The MST Provider maintains strict control of access to the website. MST Providers request user personal logon accounts from the MSTI Helpdesk. The MSTI Helpdesk will verify the request and authorize the user. Once a user is authorized, the user will only have access to the forms and data needed to perform their role in the system. This is accomplished by user privilege control. When approved users leave the organization, the organization is responsible for making the person’s account inactive to prevent unauthorized access. In addition, inactive accounts are automatically disabled after 90 days of non-use.

For clients who have agreed to use the MSTI Call Center, interviewers at the Call Center have access to the information needed to conduct their surveys.

MST Institute does not rent, sell, or give this information to any other third party, aside from those noted in this policy.

How is the information used?

The information we collect is used to ensure that providers delivering MST are meeting the quality standards required for licensure as an MST program. The information may be combined to look for patterns across all MST providers that will help us to continue to improve the delivery of MST. The information is never shared publicly or used in research unless the individuals receiving MST have given specific informed consent to participate in the specific research and the MST Provider has authorized the release of the information for that specific purpose.

How do we store the information?

MST Institute stores information on secure Azure servers located in the US. Azure has a wide array of security tools and capabilities that supports the secure transmission of data. We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our products. By contractual agreement, those companies must treat your information in accordance with this Privacy Policy.

MST Institute retains data to support the MST program’s performance over time, but all personally identifiable data is removed when an individual leaves employment with an MST Provider or finishes MST. However, you can request, in writing, that your information be deleted at any time.

How do we use cookies?

We use "cookies" to help users personalize your online experience. A cookie is a text file that is placed on a user’s hard disk by a Web server. Cookies are not used to run programs or deliver viruses to a computer. Cookies are uniquely assigned to the user and can only be read by a Web server in the domain that issued the cookie. One of the primary purposes of cookies is to provide a convenience feature to save time. The purpose of a cookie is to tell the Web server that the user has returned to a specific page. When a user returns to the same the website, the information previously provided can be retrieved.

Users can accept or decline cookies. Most Web browsers automatically accept cookies, but a user can usually modify the browser setting to decline cookies. If cookies are declined, the user may not be able to fully experience the interactive features of the website.

Your rights

  • MST Providers have the right to request copies of the data they provide. We may charge a small fee for this service.
  • MST Providers can ask us to correct information that you think is incorrect or incomplete. Ask us how to do this. We may say “no” to the request but will provide a reason in writing within 60 days.
  • MST Providers can ask us to delete information and we will say “yes” to all reasonable requests. We will respond within writing within 60 business days.
  • MST Providers can ask us to contact them in a specific way (for example, home or office phone) and we will say “yes” to all reasonable requests.
  • MST Providers can ask us not to use or share certain information for our operations. We are not required to agree to this request, and we many say “no’ if it would affect our QA reporting.
  • MST Providers can complain if they feel we have violated their rights by contacting us using the information below. We will not retaliate for filing a complaint.

Our responsibilities

  • We are required by law to maintain the privacy and security of protected health information.
  • We must follow the duties and privacy practices described in this notice.

Changes to the Terms of This Notice

We can change the terms of this notice, and the changes will apply to all information we have. The new notice will be available upon request on our web site.

GDPR Compliance

In compliance with the GDPR Principles, MST Institute commits to resolve complaints about our collection or use of personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact MST Institute at: msti@mstinstitute.org.

Last Update: January 7, 2021