Colla Health Privacy Policy
Effective Date: January 31, 2025
This Privacy Policy is designed to help you understand how Colla Health, Inc. collects, uses, and shares Personal Information and collected through our website at https://www.collahealth.com/, along with our related websites, networks, applications, mobile applications, our electronic communications, including email and text messages, and other services provided by us (collectively, the “Services”). “You” or “your” refers to the person accessing and using the Site and Services. In providing the Services, we at times act as a service provider to health care providers (“Providers”).
This Privacy Policy is part of the Terms of Use between you and us. Do not use the Site or Services if you do not agree with the terms of this Privacy Policy. This Privacy Policy may be updated from time to time. Updates will be posted on this page and become effective upon posting. Your continued use of the Site and Service after Colla Health posts or otherwise notifies you of any changes indicates your agreement to the changes, so please review this page periodically for updates.
Linked Sites
For your convenience, we may provide links on our Services to third party websites (“Third Party Sites”), with which we have no affiliation. Please remember that this Privacy Policy is not applicable to such Third Party Sites. A link to any Third Party Sites does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Site, you are a participant to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.
Personal Information We Collect
“Personal Information” generally means any information that can reasonably identify you as an individual, and any other information we associate with it. We collect information you provide when you use the Services or otherwise communicate with us. If you request information or engage in Services with us, we will collect the information you provide, such as your name, email address, and phone number. We will also collect any information you submit through your use of the Services. We may also collect information through your communications with our employees.
Colla Health provides administrative and operational support to healthcare providers but does not itself engage in the provision of healthcare services. We do not independently collect or store Protected Health Information (PHI), except as necessary to support providers in accordance with HIPAA and other applicable laws.
Providers may provide us information about patients they recommended to the Services such as the patient’s name, date of birth, gender, telephone number, medical history, upcoming health appointments, and prescribed medications. We use and disclose this information only in accordance with your consent, which we require the relevant Provider obtain from you through a separate document. Please be aware that if you do not provide your authorization, or if you subsequently withdraw your authorization, you may not be able to use the Services, but may continue to receive services from the Provider outside of the Services.
You have the right to revoke this consent at any time by notifying the Provider or by sending an email to contact@collahealth.com, however, please note that the revocation will not apply to the extent that we have already released your information to medical professionals based on this consent. It will take effect as soon as it is received.
We may also collect the following Personal Information from you:
-
Personal Identifiers, such as account username, first and last name, email address, mailing address, phone number, demographic information, professional title and other information about you.
-
Commercial Information, such as payment information, purchase history, and other information related to your request for goods and services.
-
User Generated Content, such as information provided by you when interacting with the services or though social media, including social media identifiers.
-
Professional History, such as information provided when applying for employment opportunities which includes education history, previous employers, and other information you may provide in your resume and cover letter.
When using the Sites, information is automatically and passively collected about you, your terminal device (for example, your computer or mobile phone), and your interaction with the Sites including:
-
Device data, such as your IP address (i.e., your computer’s address on the internet), operating system type (Windows or Mac) and version, internet browser type and version, and language, unique identifiers (including identifiers used for advertising purposes), and general location information such as city, state or geographic area.
-
Online activity data, such as what websites you viewed and how you may have interacted with those websites, navigation paths between pages, information about your activity on a page, and whether you interacted with Colla Health emails or clicked links within them.
To the extent we process consumer personal information outside the scope of HIPAA, California residents may have rights under the California Consumer Privacy Act (CCPA), including the right to request access to, or deletion of, their non-health-related personal data.
We may receive Personal Information about you from third parties and combine this information with information we have already collected from you through our Sites. We will handle this information in accordance with this Privacy Policy. If you apply for a job with us, we may collect reference information and/or information received from background checks (where applicable) from third parties and information about your educational or professional background from publicly available sources.
Children’s Privacy
Our Services are not intended for individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 13, please contact us at privacy@collahealth.com.
Parents and guardians are encouraged to monitor their children's online activities. By using our Services, you confirm that you are at least 13 years old or are using the Services under the supervision of a parent or guardian.
Email Communications
We collect your email address in order to:
-
Send information, respond to inquiries, and/or other requests or questions
-
Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
Opt-Out Mechanism:
-
If you no longer wish to receive marketing or promotional emails from us, you can opt out at any time by following the "unsubscribe" instructions provided in each email or by contacting us at privacy@collahealth.com.
-
We process opt-out requests promptly, typically within 10 business days, as required by law. Once processed, you will not receive further marketing emails, though you may continue to receive emails related to your use of our Services (e.g., account notifications or care team communications).
Prohibition on Unauthorized Use:
-
Unauthorized use of our Services to send spam or other unauthorized email communications is strictly prohibited and may result in termination of your access to our Services.
How We May Use Your Personal Information
We may use your Personal Information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection to:
-
Provide and improve the Site and Services;
-
Communicate with you for Services-related purposes;
-
Process job applications;
-
Respond to questions and communications you send us;
-
Provide announcements, updates, security alerts, support and administrative messages;
-
Provide you a personalized experience with the Site and our communications;
-
To market and advertise to you directly as permitted by law (you may opt-out of our marketing communications as described in the Opt-out of marketing communications section below);
-
To research and develop new products and services;
-
To protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
-
To protect and enforce our legal rights;
-
To enforce the terms and conditions that govern the Sites; and
-
To prevent and detect fraud and otherwise comply with law.
We may aggregate and anonymize Personal Information so that it cannot identify the individual to which it would otherwise relate, which renders the data as non-Personal Information.
How We Share your Personal Information
We only disclose your Personal Information in the following circumstances or as described in this Privacy Policy:
Affiliates. We may disclose your Personal Information with our subsidiaries and affiliates for business purposes.
Providers and Approved Persons. We share information collected from you through the Services with your Provider. In addition, the Services may allow you to share information collected with explicitly designated third parties.
Service providers. We may disclose your Personal Information with third party companies and individuals that provide us with services that help us provide the Sites or support our business activities (such as hosting, website analytics, email delivery, payment processing, IT providers, technical support, customer support and legal and other professional advice).
Professional advisors. We may disclose your Personal Information to professional advisors, such as doctors, lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
For compliance, fraud prevention and safety. We may disclose your Personal Information for compliance, fraud prevention and safety purposes.
Legal Disclosures. We may disclose your Personal Information when required to do so by law, such as in response to a subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, comply with a legal obligation, or safeguard the health and safety of others.
Business transfers. In the event of a business transaction, such as a merger or acquisition (or negotiations or due diligence for a potential business transaction), we may transfer non-health-related data to the acquiring entity. However, any Protected Health Information (PHI) shared by providers remains subject to HIPAA protections and contractual obligations and will only be transferred as permitted by law.
HIPAA
Colla Health is an administrative services organization that supports healthcare providers in delivering behavioral health integration services. If you receive healthcare services from a provider affiliated with Colla Health, your personal health information will be handled in accordance with the provider’s Notice of Privacy Practices (NOPP)as “covered entities” under the Health Insurance Portability and Accountability Act (“HIPAA”). Examples of this include healthcare providers (e.g. hospitals, clinics, healthcare systems), health plans, or healthcare clearinghouses. Please be aware that this Privacy Policy is distinct from such Provider’s HIPAA Notice of Privacy Practices, which describes in detail how that Provider uses and discloses individually identifiable health information. If an End User would like to review a copy of their Provider’s relevant Notice of Privacy Practices, the End User should request a copy directly from their Provider.
At your direction. You may direct us to disclose your information to third-parties or otherwise in accordance with applicable law.
We do not sell or trade your Personally Identifiable Information.
Your Choices
Opt out of marketing communications. You may opt out of marketing-related emails by following the unsubscribe instructions in the email. You may continue to receive Site-related, Services-related, and other non-marketing emails.
We may send SMS and email communications related to your care, such as appointment reminders, in compliance with HIPAA exemptions under the TCPA. These messages are not considered marketing and do not require separate opt-in consent. However, if you wish to opt out of non-essential communications, you may do so by following the opt-out instructions in the message.
Cookies and Similar Technologies
We, our service providers, and business partners may use cookies and similar technologies to track your browsing activity over time and across the Sites and third-party websites. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals.
We may use analytics services, including Google Analytics, to better understand how customers use our Websites and Apps to improve those technologies and optimize your experience and interactions. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly.
For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org. You can also opt-out of tracking through certain third-party advertising and analytics cookies by using the opt out services provided by the Digital Advertising Alliance or Network Advertising Initiative.
Other Important Privacy Information
Third party sites and services. The Sites may contain links to other websites and services operated by third parties. Please remember that this Privacy Policy is not applicable to such third party sites. These links are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third party websites, applications, or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use and sharing of your Personal Information. We encourage you to read their privacy policies governing the use of their websites.
Security practices. We work to protect your Personal Information from loss, misuse, or unauthorized alteration by using commercially reasonable security safeguards, coupled with security procedures and practices. Although Colla Health employs measures to maintain security, we cannot guarantee that your information will not be intercepted by third parties’ illegal efforts. It is your responsibility to maintain the privacy of your username and password, or other forms of authentication involved in obtaining access to password protected or secure areas of any of our Services. Unauthorized use of your registered account with us will enable access to your Personal Information. Please keep your username and password in a safe and secure place. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.
Use of Sites by visitors outside of the United States. The Sites are solely for persons located within the United States. Any information we obtain about you in connection with your use of the Sites may be processed and stored in, and subject to the laws of, the United States or other countries. Privacy laws in the locations where we process and store your Personal Information may not be as protective as the privacy laws in your home country.
International data transfers. We are headquartered in the United States and may have service providers in other countries, and your Personal Information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.
Changes to this Privacy Policy. We encourage you to periodically review this Privacy Policy. We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will post them on the Sites and indicate the effective date of the change.
Contact Us
To request access to, or correction, amendment, or deletion of your information or, to ask any questions or comments about this Policy, End Users should contact:
Colla Health, Inc.
5312 Blossom St
Houston, TX, 77007-5208
United States
Attention: Legal Department