HIPAA Compliance

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards to protect individuals' medical records and other identifiable health information - collectively called Protected Health Information (PHI). HIPAA applies to covered entities and their business associates that handle PHI.

The Supportive Pet facilitates mental health evaluations conducted by licensed mental health professionals (LMHPs). Because these evaluations involve health information, we take our HIPAA obligations seriously and have implemented robust safeguards to protect your privacy.

How We Protect Your Health Information

Technical Safeguards

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• Encryption at rest: Sensitive health data stored on our servers is encrypted using AES-256.
• Access controls: Role-based permissions ensure only authorized personnel (the assigned clinician and necessary support staff) can access your PHI.
• Audit logging: All access to PHI is logged and regularly audited.
• Secure authentication: Multi-factor authentication is available for all user accounts.

Administrative Safeguards

• HIPAA training: All staff with access to PHI receive regular HIPAA compliance training.
• Privacy Officer: We have a designated Privacy Officer responsible for overseeing HIPAA compliance.
• Incident response: We maintain a written breach notification plan and will notify you within 60 days of any discovered breach involving your PHI.
• Business Associate Agreements (BAAs): We have executed BAAs with all third-party vendors that handle PHI on our behalf.

Physical Safeguards

• Our infrastructure is hosted on HIPAA-compliant cloud platforms with documented physical security controls including access logs, video surveillance, and 24/7 monitoring.
• Workstations used to access PHI have automatic screen lock and full-disk encryption.

What Information Is Protected

Under HIPAA, Protected Health Information (PHI) includes any individually identifiable health information. On our platform, this includes:

• Your mental health history and symptom descriptions submitted during evaluation
• Information about your diagnosis or conditions discussed with the licensed clinician
• Any communications between you and the clinician about your evaluation
• Your name and contact information when combined with health-related data

Who Can Access Your Information

Access to your health information is strictly limited to:

• The licensed mental health professional assigned to conduct your evaluation
• Authorized The Supportive Pet staff required to facilitate your service (e.g., support staff assisting with a complaint or technical issue)
• Third-party service providers bound by HIPAA Business Associate Agreements

We never sell your health information to marketers, insurers, employers, or other third parties.

Your HIPAA Rights

Under HIPAA, you have the right to:

• Access your PHI: Request a copy of the health information we hold about you.
• Request corrections: Request amendments to inaccurate or incomplete PHI.
• Restrict disclosures: Request restrictions on certain uses or disclosures of your PHI.
• Receive a breach notification: Be notified if your PHI is involved in a breach.
• File a complaint: If you believe your HIPAA rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) at hhs.gov/ocr.

Data Retention

We retain your health information for a minimum of six years from the date of creation, or as required by applicable state law, whichever is longer. After the retention period, PHI is securely deleted or de-identified.

Questions or Concerns

If you have questions about our HIPAA compliance practices or wish to exercise your HIPAA rights, please contact our Privacy Officer:

• Email: privacy@supportivepet.com
• Phone: +1 (888) 412-4041
• Hours: Monday–Saturday, 9:00 AM–6:00 PM