Security

Our Commitment

We take security seriously across all our web properties: drpatrickfisher.com, theinvisible.life, therapetic.net, mypsd.org, mydatakey.org, and drprison.org.

Security Measures

HTTPS encryption: All web properties are served over HTTPS with valid SSL/TLS certificates.

Static architecture: Our informational websites are built as static HTML sites with no server-side processing, databases, or user authentication — minimizing attack surface.

No PHI on this site: No protected health information is collected, stored, or transmitted through any of our public-facing websites. Clinical systems are maintained separately under HIPAA-compliant infrastructure.

Third-party embeds: We embed content from established platforms (Spotify, Google Fonts, LinkedIn) and accept the security posture of those services.

Responsible Disclosure

If you discover a security vulnerability on any of our web properties, please report it responsibly to help@drpatrickfisher.com with subject line "Security Disclosure." We will acknowledge receipt within 48 hours and work to address confirmed vulnerabilities promptly.

Please do not publicly disclose vulnerabilities before we have had an opportunity to investigate and address them.

Clinical Systems

Our clinical practice operates under separate, HIPAA-compliant systems for electronic health records, scheduling, and patient communication. Security inquiries related to clinical systems should be directed to help@drpatrickfisher.com.

Contact

Security concerns: help@drpatrickfisher.com
Subject line: "Security Disclosure"