NOTICE OF PRIVACY PRACTICES (HIPAA)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (“Notice”) describes how TheraPetic Solutions, Inc. (“we,” “our,” or “us”) may use and disclose your Protected Health Information (“PHI”) and how you can get access to this information. We are committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its implementing regulations, and the HIPAA Privacy and Security Rules.

Our Duties

We are required by law to:

• Maintain the privacy and security of your PHI;
• Provide you with this Notice of our privacy practices;
• Notify you in the event of a breach of unsecured PHI as required by law; and
• Follow the terms of this Notice currently in effect.

We reserve the right to change our privacy practices and this Notice. Any material changes will be posted on our website with the effective date and, where required by law, individuals will be notified.

How We May Use and Disclose Your PHI

We may use and disclose PHI for the following purposes, subject to HIPAA’s minimum-necessary standard:

Treatment

We may use and disclose PHI to provide, coordinate, or manage health care and related services. For example, we may conduct preliminary screenings and share relevant PHI with licensed mental health providers we work with so they can evaluate and, if appropriate, issue a written recommendation for an emotional support animal.

Payment

We may use and disclose PHI to obtain payment for services, including processing credit or debit card transactions through secure third-party processors.

Health Care Operations

We may use and disclose PHI for quality assessment, compliance activities, business management, training, and other administrative operations. We share PHI with vendors and service providers only under Business Associate Agreements (BAAs) when required.

Other Permitted or Required Disclosures

We may disclose PHI without your authorization when required or permitted by law, including for:

• Public health activities;
• Health oversight activities (audits, investigations);
• Law enforcement purposes and legal proceedings where required;
• To prevent a serious threat to health or safety;
• Workers’ compensation claims;
• Research, when approved by an Institutional Review Board or Privacy Board;
• Other disclosures required by federal, state, or local law.

Uses and Disclosures That Require Your Written Authorization

Except as described in this Notice, we will obtain your written authorization before using or disclosing your PHI. Examples requiring authorization include:

• Most marketing communications that require authorization under HIPAA;
• The sale of PHI;
• Any other use or disclosure not described in this Notice.

If you sign an authorization, you may revoke it in writing at any time, except where we have already relied on it.

Your Rights Regarding Your PHI

You have the following rights under HIPAA. To exercise any right, contact our Privacy Officer (see Contact section):

• Right to Access: Request copies of the PHI we maintain about you in electronic or paper form. We will respond within the timeframe required by law (generally 30 days; we may extend once if necessary and will notify you of the reason and extension period).
• Right to Request Restrictions: Request restrictions on certain uses and disclosures of your PHI. We are not required to agree to all requests, but will comply with any agreed restriction.
• Right to Request Confidential Communications: Request that communications about your PHI be made to an alternate address, email, or phone number.
• Right to Amend: Request amendment of PHI you believe is incorrect or incomplete. We will respond as required by law.
• Right to an Accounting of Disclosures: Request a list of certain disclosures of your PHI (generally disclosures over the past six years, subject to limits in law).
• Right to a Paper Copy of This Notice: You may request a paper copy at any time even if you agreed to receive it electronically.

Breach Notification

If we discover a breach of unsecured PHI, we will follow applicable breach notification requirements, including notifying affected individuals, the HHS Office for Civil Rights, and any other required authorities consistent with the HIPAA Breach Notification Rule.

Security Practices (HIPAA Security Rule & Cybersecurity)

We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI, including but not limited to:

• Encryption of data in transit (TLS/HTTPS) and at rest where feasible;
• Role-based access controls and strong authentication for staff with PHI access;
• Least-privilege access, logging, and monitoring of systems that contain PHI;
• Periodic vulnerability scanning and security assessments;
• Business Associate Agreements (BAAs) with vendors who access PHI;
• Regular workforce training on HIPAA privacy and security obligations;
• Incident response procedures and breach notification protocols.

No system is completely secure; however, we follow industry-standard practices and HIPAA Security Rule requirements. In the event of a security incident, we will take appropriate steps to contain, remediate, and notify as required by law.

Website Privacy Policy (Original — Preserved & Updated)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This HIPAA Privacy Policy (the “HIPAA Privacy Policy”) discloses the information gathering and dissemination practices for TheraPetic Solutions, Inc., the owner of this website (Service-Dog.org). TheraPetic Solutions, Inc. is required to abide by the terms of the current HIPAA Privacy Policy. We reserve the right to modify our privacy practices, which may apply to existing and subsequently collected health information. A copy of the current notice is posted at myPSD.org. We will notify you of changes by posting the new policy on this website. Applicable law requires TheraPetic Solutions, Inc. to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy practices with respect to protected health information.

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: HHS — OCR: Understanding Your HIPAA Privacy Rights.

Your authorization of these practices is essential for us to provide our services. We need you to provide accurate information so that we can conduct a preliminary screening to determine whether to connect you with a licensed mental health provider that we work with, who will assess whether to make a written recommendation for an emotional support animal. You can opt-out and decide not to provide the requested personal information. However, by doing so, we will be unable to conduct our screening and you will not be contacted regarding a written recommendation. You can also request that we not use any information you submitted by contacting us (see Contact section).

Information We Collect

The only personal information we collect is your name, email address, responses to the preliminary questionnaire on the Therapetic.QuestionPro.com website, and payment information. We use the information we collect to determine whether you qualify for a written recommendation for an emotional support animal. We obtain your written authorization to permit us to use your personal health information this way. Any other uses and disclosures not described in this notice will be made only with your written authorization, which you may subsequently revoke. We also use personal information to obtain payment from you. We may use your name and email address to send you advertisements if you have opted in to such communications.

Payment Processing

When you pay for anything on our site using a credit or debit card, we collect the personal information needed to complete the transaction. This information includes your name, account number, and other information necessary to process your payment, all of which is clearly labeled on the form you use to submit payment. We use an unaffiliated, payment processing company to process your payment. We transfer your payment information—and you authorize us to do so—to this company solely for this purpose. The company does not retain, share, store, or use personally identifiable information for any other purposes. We do not store full payment card numbers on our systems; card data is handled by the PCI-compliant processor.

Website Tracking & Analytics

We automatically collect certain information from visitors to the site, such as Internet addresses, browser type, Internet Service Provider (ISP), referring and exit page, operating system, timestamps, and clickstream data. We also track and analyze non-identifying and aggregate usage and volume statistical information from our visitors and customers. This information is logged to help diagnose technical problems, and to administer our site so that we can constantly improve the quality of the services we provide.

We do not respond to your browser’s “Do Not Track” signals. If in the future we deploy analytics, tracking, or advertising technologies that require disclosures beyond this policy, we will update this page and, where required by law, request consent.

Note: In prior versions of this site we have used or referenced Google Analytics or advertising networks. If such tools are in use, we will ensure compliance with applicable privacy standards and provide opt-out information. (If you need an explicit current-statement for deployment status, contact our Privacy Officer.)

Advertising & Remarketing

Our website may use advertising or remarketing services (for example, Google, Facebook, Instagram, Twitter, LinkedIn) to provide targeted ads or promotions in certain deployments. These services use cookies and anonymized identifiers to show ads on other sites. We do not permit third parties to collect PHI through our website. If you want to opt out of interest-based advertising, use the choices available through your browser or device settings and industry opt-out tools.

Security & Other Disclosures

We take measures to prevent the loss, misuse, and alteration of your information. We carefully limit access to the database in which your personal information is stored. Additionally, we share and transfer your personal information only in the ways set forth in this HIPAA Privacy Policy.

We cannot ensure that all of your private communications and other personally identifiable information will never be disclosed in ways not otherwise described in this HIPAA Privacy Policy. For example, we may be forced to disclose information to the government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications. We can (and you authorize us to) disclose any information about you to law enforcement or other government officials as we, in our sole discretion, believe necessary or appropriate in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose us to legal liability.

Children’s Privacy

This website is directed at teenagers and adults and not to children under the age of 18. We do not knowingly collect personally identifiable information from children under the age of 18, nor do we knowingly distribute such information. We do not knowingly allow children under the age of 18 to publicly post or otherwise distribute personally identifiable contact information through our website. Similarly, because we do not collect any personally identifiable information from children under the age of 18, we do not condition the participation of a child under 18 in activities on providing personally identifiable information. If we become aware that we have inadvertently received personally identifiable information from someone under the age of 18, we will delete such information from our records. If we change our practices in the future, we will obtain prior, verifiable parental consent before collecting any personally identifiable information from children under the age of 18.

Requests to Change or Delete Information

Contact us at the address below if you want us to change or delete any information that we have about you. We will respond to your request to access, update, or delete your information within ten (10) business days. Before we are able to provide you with any information, correct any inaccuracies, or delete any information, however, we may ask you to verify your identity.

Requests, Complaints & Appeals

If you believe your privacy rights have been violated, you may file a complaint with TheraPetic Solutions, Inc. and/or with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.

• To file a complaint with us, contact the Privacy Officer (see Contact section).
• To file a complaint with OCR, visit: HHS OCR.

State-Specific Privacy Rights

Certain U.S. states provide additional privacy rights (for example, rights to access, deletion, or data portability). Where those laws apply to your information, we will honor applicable state law requirements. If you wish to know whether state-specific rights apply, contact the Privacy Officer.

Contact & Privacy Officer

If you have questions, wish to exercise any rights described in this Notice, or need assistance with a privacy request, contact:

This website is owned and operated by: TheraPetic Solutions, Inc.

Effective date: August 1, 2016   ·   Reviewed date: January 10, 2026