Consumer Health Data Policy
Our comprehensive policy outlining how we collect, use, and protect your consumer health data in compliance with state privacy laws and our unwavering commitment to your privacy rights.
Policy Navigation
Pro ESA Letter Consumer Health Data Policy
This Consumer Health Data Policy supplements our Privacy Policy and HIPAA Notice of Privacy Practices. It specifically addresses how we handle consumer health data as defined under state privacy laws including Washington's My Health My Data Act, California's Confidentiality of Medical Information Act, and other applicable state consumer health data privacy laws.
Legal Compliance Notice
Pro ESA Letter is committed to complying with all applicable state and federal laws regarding consumer health data privacy. This policy outlines our practices concerning the collection, use, and disclosure of consumer health data and informs you of your rights regarding such data.
What is Consumer Health Data?
Consumer Health Data refers to personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future health status. This includes but is not limited to:
Health Conditions
Information about physical or mental health conditions, disorders, diseases, or diagnoses
Treatments & Medications
Information about treatments, medications, medical devices, or other health interventions
Health Measurements
Data derived from health measurements, tests, examinations, or health assessments
Healthcare Services
Information related to seeking, obtaining, or receiving healthcare services
What This Policy Covers
This Consumer Health Data Policy applies to all consumer health data we collect, use, or disclose in connection with our emotional support animal evaluation services. This includes data collected through:
- Our telehealth platform and evaluation forms
- Communications with our licensed mental health professionals
- Customer support interactions
- Website usage and analytics (where health-related)
- Marketing communications (where health-related)
Our Data Collection Flow
Direct Collection
We collect consumer health data directly from you when you voluntarily provide it during the ESA evaluation process. This includes information you provide in evaluation forms, during telehealth consultations, and in communications with our mental health professionals.
Automated Collection
We automatically collect certain technical information when you use our website and services. This may include IP addresses, device information, browser type, and usage patterns. We only collect health-related data through automated means when you explicitly provide consent.
Third-Party Sources
In limited circumstances, we may receive consumer health data from third parties, such as when you authorize another healthcare provider to share information with us. We only accept data from third parties with your explicit consent and in compliance with applicable laws.
Types of Consumer Health Data We Collect
Specifically, we may collect the following categories of consumer health data:
We use consumer health data solely for purposes that are consistent with our services and as permitted by law. Our primary uses include:
Service Provision
To provide you with emotional support animal evaluation services, including conducting assessments, determining eligibility, and issuing ESA letters when appropriate.
Treatment Coordination
To facilitate communication between you and our licensed mental health professionals and to coordinate your care when appropriate.
Service Improvement
To analyze and improve our services, develop new features, and enhance the quality of care we provide to all clients.
Legal Compliance
To comply with legal obligations, respond to legal requests, protect our rights and property, and ensure the security of our services.
Important Limitations
We do not use consumer health data for advertising purposes. We do not sell consumer health data to third parties. We do not use consumer health data to make decisions about employment, credit, insurance, or housing.
Disclosure to Service Providers
We may disclose consumer health data to third-party service providers who assist us in delivering our services. These providers are contractually bound to protect your data and may only use it for the specific purposes we authorize. Examples include:
- Licensed mental health professionals conducting evaluations
- Technical service providers maintaining our platform
- Payment processors handling transactions
- Customer support service providers
Legal and Required Disclosures
We may disclose consumer health data when required by law or in response to legal processes, including:
- Court orders, subpoenas, or other legal requirements
- Law enforcement requests (with appropriate legal process)
- Government agency requests for oversight or compliance
- To prevent imminent harm to individuals or the public
Disclosure with Your Authorization
We will only disclose your consumer health data to third parties for purposes not covered by this policy with your explicit, written authorization. You may revoke any authorization at any time by contacting us.
Authorization Requirements
Any authorization for disclosure of consumer health data must be in writing, specify the recipient, describe the information to be disclosed, state the purpose of the disclosure, and include an expiration date or event. You have the right to revoke any authorization at any time.
Depending on your state of residence and applicable laws, you may have certain rights regarding your consumer health data. These rights may include:
Right to Access
The right to confirm whether we are processing your consumer health data and to access such data.
Right to Delete
The right to request deletion of your consumer health data, subject to certain exceptions.
Right to Withdraw Consent
The right to withdraw consent for the collection and sharing of your consumer health data.
Right to Data Portability
The right to obtain a copy of your consumer health data in a portable, readily usable format.
How to Exercise Your Rights
To exercise any of these rights, please submit a verifiable consumer request to us by:
- Contacting us using the contact information provided in this policy
- Submitting a request through our designated online portal (if available)
- Calling our toll-free number for privacy requests
Verification Process
We will need to verify your identity before processing most requests. We may ask you to provide additional information to verify your identity. We will respond to verifiable consumer requests within the timeframes required by applicable law.
Our Security Measures
We implement and maintain reasonable security measures to protect your consumer health data from unauthorized access, acquisition, destruction, use, modification, or disclosure. Our security program includes:
Technical Safeguards
Encryption of data in transit and at rest, secure access controls, regular security updates, and network security measures.
Administrative Safeguards
Employee training, security policies and procedures, risk assessments, and incident response plans.
Physical Safeguards
Secure data center facilities, access controls to physical locations, and proper disposal of physical records.
Monitoring & Auditing
Regular security monitoring, vulnerability assessments, penetration testing, and security audits.
Data Retention
We retain consumer health data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our specific retention periods are:
- Active client records: Retained for 7 years from last service date
- Completed ESA evaluations: Retained for 7 years from evaluation date
- Financial records: Retained for 7 years from transaction date
- Legal compliance records: Retained as required by applicable laws
Breach Notification
In the event of a security breach involving your consumer health data, we will notify you as required by applicable law. Our breach notification process includes:
- Prompt investigation of any suspected breach
- Notification to affected individuals without unreasonable delay
- Reporting to appropriate regulatory authorities as required
- Implementation of remedial measures to prevent future breaches
Your Privacy Matters to Us
We are committed to protecting your consumer health data and respecting your privacy rights. If you have questions about this policy or wish to exercise your rights, we're here to help.
Contact Information
For questions about this Consumer Health Data Policy or to exercise your privacy rights, please contact our Privacy Team:
Privacy Officer
Consumer Health Data Privacy Team
Pro ESA Letter
Email Address
privacy@proesaletter.com consumerhealth@proesaletter.comFor consumer health data inquiries
Mailing Address
Pro ESA Letter
Attn: Consumer Health Data Privacy
1234 Privacy Way, Suite 500
Los Angeles, CA 90012
We typically respond to privacy requests within 45 days as required by law. Complex requests may require an additional 45-day extension, in which case we will notify you.