HIPAA Compliant

Privacy Policy & Notice of Privacy Practices

Effective Date: January 14, 2026  ·  Last Updated: January 14, 2026

Introduction

Ponyacare Mental Health Services ("Ponyacare," "we," "us," or "our") is committed to protecting the privacy and security of your health information. This Notice of Privacy Practices ("NPP") describes how we may use and disclose your Protected Health Information (PHI) to carry out treatment, payment, and healthcare operations, and for other purposes permitted or required by law. It also describes your rights to access and control your PHI.

We are required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, to maintain the privacy of your PHI, to provide you with this notice of our legal duties and privacy practices, and to abide by the terms of this notice.

This notice applies to all services provided by Ponyacare Mental Health Services, including outpatient mental health therapy, psychiatric services, telehealth/virtual sessions, and any online intake or scheduling processes.

How We Use and Disclose Your Health Information

Treatment

We may use your PHI to provide, coordinate, or manage your mental health care and related services. For example, we may share your information with other healthcare providers involved in your treatment, such as your primary care physician or a specialist, when medically necessary.

Payment

We may use and disclose your PHI to obtain payment for services rendered. This includes submitting claims to your insurance company, verifying coverage, and responding to billing inquiries.

Healthcare Operations

We may use your PHI for our internal operations, including quality assessment, staff training, compliance reviews, and business management activities necessary to run our practice.

Appointment Reminders

We may contact you to remind you of scheduled appointments or to provide information about treatment alternatives or other health-related benefits and services.

As Required by Law

We will disclose your PHI when required to do so by federal, state, or local law, including mandatory reporting requirements for child abuse, elder abuse, or imminent danger to self or others.

Business Associates

We may share your PHI with third-party "business associates" (e.g., billing services, EHR providers, IT support) who perform services on our behalf. We require all business associates to sign a Business Associate Agreement (BAA) and protect your PHI in accordance with HIPAA.

Online Forms, Website & Cookies

When you submit an appointment request or contact form on our website, the information you provide (including name, phone number, email, insurance information, and health concerns) is transmitted over an encrypted HTTPS connection and stored securely. We do not sell, rent, or share this information with third-party marketers.

Our website may use cookies and similar tracking technologies for functionality and analytics purposes. You may opt out of non-essential cookies using the cookie consent banner displayed on your first visit. Opting out will disable analytics tracking while preserving core website functionality. We do not use cookies to store or transmit PHI.

We do not include PHI in URL parameters, browser history, or any publicly accessible location on our website.

Your Rights Regarding Your Health Information

Right to Access: You have the right to inspect and obtain a copy of your PHI maintained in our records, with limited exceptions. Requests must be made in writing.
Right to Amend: You have the right to request that we amend your PHI if you believe it is incorrect or incomplete.
Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI.
Right to Request Restrictions: You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or operations.
Right to Confidential Communications: You have the right to request that we communicate with you in a specific way or at a specific location.
Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this NPP upon request, even if you agreed to receive it electronically.
Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr. We will not retaliate against you for filing a complaint.

Security Safeguards

We implement administrative, physical, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure, including:

  • End-to-end TLS/HTTPS encryption for all data transmitted through our website
  • Encrypted data storage for all PHI collected through online forms
  • Access controls limiting PHI access to authorized personnel only
  • Automatic session expiration for staff accessing patient records
  • Regular security risk assessments in accordance with the HIPAA Security Rule
  • Staff training on HIPAA privacy and security requirements
  • Business Associate Agreements with all third-party vendors handling PHI

Changes to This Notice

We reserve the right to change this notice at any time. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any information we receive in the future. We will post a copy of the current notice on our website and make copies available upon request.

Contact Our Privacy Officer

For questions, concerns, or to exercise your rights under this notice, please contact our Privacy Officer:

Phone
+1 (480) 504-1032
Email
[email protected]
States Served
Arizona · Colorado · California
Ponyacare Mental Health Services  ·  HIPAA Notice of Privacy Practices  ·  Effective January 14, 2026