top of page
Anchor 1

Mindcolor Autism HIPAA Notice of Privacy Practices

Policies and Practices to Protect the Privacy and Security of Your Health Information (HIPAA Policy)

This notice describes how all health information regarding clients served at Mindcolor Autism may be used and disclosed and how to access this information. Please review it carefully.

Uses and Disclosures for Treatment, Payment, and Health Care Operations

Mindcolor Autism (“Mindcolor”) may use or disclose your protected health information (PHI) for treatment, payment, and health care operations purposes.

To help clarify these terms, here are some definitions:

  • PHI – refers to information in your health record that could identify you.

  • Treatment – is when a health care professional provides, coordinates, or manages your health care and other services related to your health care. We may disclose your PHI to other doctors, nurses, technicians or other personnel who are involved in your care.

  • Payment – is when Mindcolor obtains information about your healthcare benefits and eligibility and/or attempts to obtain and/or obtains reimbursement for your healthcare. Examples of payment are when Mindcolor discloses your PHI to your health insurer to obtain reimbursement for your health care or to determine eligibility or coverage.

  • Health Care Operations – is when Mindcolor uses or discloses your PHI for operation of our practice. For example, we may use heath information to review our treatment and services and to evaluate the performance of our staff in caring for you.

  • Use – applies to activities within the Mindcolor office such as sharing, applying, utilizing, examining, and analyzing information that identifies you.

  • Disclosure – applies to activities outside of Mindcolor office such as releasing, transferring, or providing access to information about you to other parties.

  • Authorization – means written permission for specific uses or disclosure.


Health agencies are allowed or required to share your child’s information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see:

Examples of Other Permissible or Required Uses and Disclosures Not Requiring Authorization

  • Business Associates: Some of our activities are provided on our behalf through contracts with business associates. Examples of when we may use a business associate include coding and claims submission performed by a third party billing company, consulting and quality assurance activities provided by an outside consultant, billing and coding audits performed by an outside auditor, and other legal and consulting services provided in response to billing and reimbursement issues which may arise from time to time. When we enter into contracts to obtain these services, we may need to disclose your PHI to our business associate so that the associate may perform the job which we have requested. To protect your PHI, however, we require our business associate to appropriately safeguard your information.

  • Communication with Family Members: Health professionals, including those employed by or under contract with us may disclose to a family member, other relative, close personal friend or any other person you identify, health information relative to that person’s involvement in your care or payment related to your care, unless you object to the disclosure.

  • Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care, of your location, and general condition. We will not disclose your PHI to your family members, personal representative, or close personal friends as described in this paragraph if you object to such disclosure. Please notify our Privacy Officer if you object to such disclosures.

Uses and Disclosures Requiring Authorization

Mindcolor may use or disclose PHI for purposes outside of treatment, payment, and health care operations when an appropriate authorization is obtained. In those instances when Mindcolor is asked for information for purposes outside of treatment and payment operations, Mindcolor will obtain an authorization before releasing this information. Mindcolor will also need to obtain an authorization before releasing your therapy progress notes. Treatment progress notes or session notes are documentation completed by the health care provider regarding all conversations, actions, observations, treatment provided, etc, during any and all treatment sessions, including but not limited to direct sessions with the RBT, BCBA direction sessions, Caregiver Training session, etc. All such authorizations of PHI may be revoked at any time; however, the revocation or modification is not effective until received by Mindcolor in writing. Mindcolor reserves the right to refuse these requests for revocation of authorization in the event that it may impact an individual's access to treatment. Mindcolor may also release information with written consent for research purposes as it relates to health research.

Uses and Disclosures with Neither Consent nor Authorization

Mindcolor may use or disclose PHI without your consent or authorization in the following circumstances:

  • Mandated Reporting: If any Mindcolor staff knows or suspects that a client has or is being abused, abandoned, or neglected, the law requires that they report such knowledge or suspicion to the proper authorities according to the county and state you reside in.

  • Adult and Domestic Abuse: If any Mindcolor staff knows or suspects that a vulnerable adult (disabled or elderly) has been or is being abused, neglected, or exploited, they are required by law to immediately report such knowledge or suspicion.

  • Health Oversight: Mindcolor may disclose your PHI to a health oversight agency for activities authorized by law, including audits, investigations, inspections and licensure. For example, if a complaint is filed and later is open for investigation; a subpoena for confidential health information from certain parties may be requested and therefore shared.

  • Judicial or Administrative Proceedings: If you are involved in a court proceeding and a request is made for information regarding your diagnosis or treatment and the records thereof, such information is privileged under state law, and Mindcolor will not release information without the written authorization of you or your legal representative, or a subpoena of which you have been properly notified and you have failed to inform Mindcolor that you are opposing the subpoena or a court order. The privilege does not apply when you are being evaluated by a third party or where the evaluation is court ordered. You will be informed in advance if this is the case.

  • Serious Threat to Health or Safety: When you present a clear and immediate probability of physical harm to yourself, to other individuals, or to society, Mindcolor must communicate relevant information concerning this to the potential victim, appropriate family member, and/or law enforcement or other appropriate authorities.

  • Law Enforcement: Mindcolor may disclose your PHI to law enforcement officials for law enforcement purposes, including the following: reporting certain injuries as required by law; to identify or locate a suspect, fugitive, material witness, or missing person; about the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person's agreement.

  • Worker’s Compensation, law enforcement, and other government requests: Information may be shared in relation to workers’ compensation claims, law enforcement purposes or with a law enforcement official, health oversight agencies for activities authorized by law, and/or special government functions, such as military, national security, and presidential protective services.

  • Compliance with laws and regulations: Information may be shared about your child if state, federal, or local laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Use of Email, Phone, Texts, and Google Messages for Communication

Mindcolor may communicate with you via email, phone, texts, or Google Messages. Information contained in these communications may at times contain PHI. There are inherent risks of using these communications, including, but not limited to:

  • Email, voicemail, texts, and Google Messages can be circulated, forwarded, stored electronically and on paper, and broadcast to unintended recipients.

  • Email, voicemail, texts, and Google Messages senders can easily misaddress an email or message and send the information to an undesired recipient.

  • Backup copies of email, voicemails, texts, and Google Messages may exist even after the sender and/or the recipient has deleted his or her copy.

  • Employers and on-line services have a right to inspect emails sent through their company systems.

  • Email, texts, and Google Messages can be intercepted, altered, forwarded or used without authorization or detection.

  • Email, voicemail, texts, and Google Messages can be used as evidence in court.

  • Email, voicemail, texts, and Google Messages may not be secure and therefore it is possible that the confidentiality of such communications may be breached by a third party.

We will use reasonable means to protect the security and confidentiality of email, voicemail, texts, and Google Message information sent and received. If you feel uncomfortable receiving communication via email, voicemail, texts, or Google Messages, you can inform us at any time and we will accommodate alternative means of communication.

Mindcolor Responsibilities

  • We are required by law to maintain the privacy and security of your child’s protected health information.

  • Mindcolor is required by law to provide a copy of this notice of Mindcolor’s legal duties and privacy practices with respect to PHI.

  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your child’s information.

  • Mindcolor reserves the right to change the privacy policies and practices described in these notices. Unless you are notified of such changes, however, we are required to abide by the terms currently in effect.

  • If Mindcolor revises privacy policies and practices, they will make their best effort to contact you with this information in person, by telephone, by email, or by mail. For this reason, it is important that you notify Mindcolor immediately of any address, telephone, or email changes.

  • We will not use or share your child’s information other than as described here, unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see:

Rights of Client

When it comes to your child’s health information, you have certain rights. This section explains your rights and some of Mindcolor’s responsibilities to help you.

  • Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of protected health information about you. However, Mindcolor is not required to agree to a restriction of your request, and may deny the request if it were to affect a child’s care and treatment. Mindcolor will approve most requests unless legally required to share the information.

  • Right to Receive Confidential Communications by Alternative Means and at Alternative Locations: You have the right to request and receive confidential communications of PHI by alternative means and alternative locations. A request may be made to contact the legal guardian/caregiver in a specific way, or to send an email to a different address. All reasonable requests will be accommodated. For example, you may not want a family member to know you are in treatment. Upon request, Mindcolor will send your bills to another address.

  • Right to Inspect and Copy: You have the right to inspect or obtain a copy (or both) of PHI of Mindcolor’s treatment and billing records used to make decisions about you for as long as the PHI is maintained in the record. Upon your request, Mindcolor will discuss the details of the request process. A request can be made to see or receive an electronic or paper copy of your child’s medical record and other health information. Contact Mindcolor in writing to make a request. A copy will be provided or a summary of the client’s health information, usually within 30 days of the request.

  • Right to Amend: You have the right to request an amendment of PHI that is incorrect or incomplete for as long as the PHI is maintained in the record; however, Mindcolor may deny your request. These requests may be denied, but a response as to why a request was denied will be provided in writing within 60 days of the request. On your request, Mindcolor will discuss with you the details of the amendment process.

  • Right to an Accounting: You generally have the right to receive an accounting of disclosures of PHI. On your request, Mindcolor will discuss with you the details of the accounting process. All disclosures will be included, except those about treatment, payment, and health care operations, and certain other disclosures (such as any requested by the legal guardian). We will provide one accounting a year.

  • Right to Limit Use or Sharing: A request can be made to no use or share certain health information for treatment, payment, or operations. Mindcolor is not required to agree to this request, and may deny the request if it were to affect a child’s care and treatment. Mindcolor will approve most requests unless legally required to share the information.

  • Right to have someone act on your behalf: If medical power of attorney for the client has been given to someone, or if someone else is the client’s legal guardian, that person can exercise rights and make choices about the client’s health information. Mindcolor will ensure and confirm that this individual has the authority and can act on behalf of the client/caregiver, before taking any action.


A complaint may be filed if you feel we have violated your child’s rights by contacting us using the information listed on this page.

You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting We will not retaliate against you for filing a complaint.

This notice is effective as of March 7, 2023.

If you have a question, concern, or complaint regarding how your health information is protected, used, and/or disclosed, you may contact Mindcolor Autism Compliance Department in writing:

Privacy Officer
℅ Mindcolor Autism Compliance Department

224 W 35th St, Ste 500
New York, NY 10001

Mindcolor will never sell or market an individual’s personal information.

All parents and legal guardians may request access to health and treatment records via our electronic health record system, Rethink.


Please contact us regarding any question about this HIPAA Notice of Privacy Practices by phone or web form located at Talk To Us


bottom of page