Colorado Service Animals
HomeHow It WorksPricingFAQAboutContact
45 CFR 164.520 · Effective May 1, 2026

HIPAA Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. What Is Protected Health Information?2. How We Use & Disclose PHI3. Your Rights Under HIPAA4. How We Safeguard Your PHI5. Breach Notification6. Minors & Authorized Representatives7. Telehealth-Specific Practices8. How to File a Complaint9. Changes to This Notice10. Contact Our Privacy Officer

1. What Is Protected Health Information?

  • Protected Health Information (PHI) is any individually identifiable health information we create, receive, or maintain about you.
  • PHI includes your demographics, mental-health history, screening answers, clinician notes, evaluation outcomes, and your ESA or PSD letter.
  • PHI is protected by federal HIPAA law (45 CFR Parts 160, 162, and 164) and Colorado state privacy laws.

2. How We Use & Disclose PHI

  • Treatment — your assigned Colorado-licensed clinician uses your PHI to evaluate you and produce your letter.
  • Payment — we use limited PHI (name, service rendered, fee) to process payment and refunds.
  • Healthcare Operations — quality assurance, training, audit, and compliance reviews.
  • When required by law — court order, subpoena, public health reporting, or threats of imminent harm.
  • Business Associates — HIPAA-compliant subprocessors (hosting, video, payment) under signed BAAs.
  • We will never use or disclose your PHI for marketing without your written authorization.

3. Your Rights Under HIPAA

  • Right to inspect and copy your PHI — we provide records within 30 days of a written request.
  • Right to request amendment — ask us to correct PHI you believe is inaccurate.
  • Right to an accounting of disclosures made for purposes other than treatment, payment, or operations.
  • Right to request restrictions — though we are not always required to agree.
  • Right to confidential communications — request that we contact you only at certain phone numbers or addresses.
  • Right to a paper copy of this notice on request.
  • Right to revoke prior authorizations in writing.

4. How We Safeguard Your PHI

  • Administrative — workforce HIPAA training, role-based access, signed confidentiality agreements.
  • Physical — secure SOC-2 Type II hosting facilities; no PHI on personal devices.
  • Technical — TLS 1.2+ in transit, AES-256 at rest, audit logs on every access, 2-factor authentication for staff.
  • Risk assessments performed annually; vulnerabilities remediated under documented timelines.

5. Breach Notification

  • If we discover a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and within 60 days.
  • Notification will include what happened, the PHI involved, steps you should take, and what we are doing to mitigate.
  • Breaches affecting 500+ individuals will also be reported to the U.S. Department of Health and Human Services (HHS) and prominent media.

6. Minors & Authorized Representatives

  • We provide services to minors aged 12 and older with verified parental or guardian consent.
  • Parents and legal guardians generally have access to a minor's records, except where Colorado law gives the minor independent control (e.g., certain mental-health services).
  • Personal representatives must provide proof of authority (power of attorney, guardianship, etc.).

7. Telehealth-Specific Practices

  • All video sessions occur on HIPAA-compliant, encrypted platforms.
  • Sessions are not recorded unless you explicitly authorize it in writing.
  • Clinicians conduct sessions from private, secure environments.
  • We recommend you also choose a private space for your session.

8. How to File a Complaint

  • Contact our HIPAA Privacy Officer at support@coloradoserviceanimals.net — we respond within 10 business days.
  • You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, at https://www.hhs.gov/ocr/complaints/.
  • We will not retaliate against you for filing a complaint.

9. Changes to This Notice

  • We reserve the right to change this Notice and apply changes to PHI we already maintain.
  • Updated Notices will be posted here with a revised effective date.
  • On request we will provide a paper copy of the most current Notice.

10. Contact Our Privacy Officer

  • HIPAA Privacy Officer email: support@coloradoserviceanimals.net
  • Mail: Colorado Service Animals — Privacy Officer, Denver, CO.
  • Effective date of this Notice: May 1, 2026.
Privacy Policy
How we handle your data
Terms of Service
Platform terms of use
Refund Policy
Money-back guarantee

Contact Our HIPAA Privacy Officer

10-business-day response time. We never retaliate for complaints.

support@coloradoserviceanimals.net