Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy is published pursuant to the Washington My Health My Data Act (RCW 19.373). It describes how Cognia Health PLLC ("we," "us," or "our") collects, uses, and shares consumer health data through this website (cogniahealth.com).

This policy applies to consumer health data as defined by RCW 19.373.010(8): information that identifies or is reasonably linkable to a consumer and identifies past, present, or future physical or mental health status, including data derived or inferred from non-health information such as browsing behavior on health-related pages.

What this policy does not cover: Protected health information (PHI) governed by HIPAA is exempt from the My Health My Data Act at the data level per RCW 19.373.100. If you are a patient of Cognia Health, the use and disclosure of your clinical health information is governed by our Notice of Privacy Practices. For information about other data this website collects (such as server logs and account data), see our Website Privacy Policy.

When you visit this website, the following data may be considered consumer health data because it is collected in the context of a psychiatric healthcare provider's website:

• Browsing behavior on health-topic pages: The pages you visit on this site (such as pages describing psychiatric services, conditions, or treatments) may indicate an interest in mental health services. This data is logged by our hosting provider (Netlify) as part of standard server access logs, which include your IP address, the pages you visited, and timestamps.
• Authentication data: If you create an account or log in (via Memberstack), session cookies are set that identify you as an authenticated user accessing health-related reference content.

We collect or process the consumer health data described above for the following purposes only:

• To deliver website content you have requested
• To manage authenticated access to the treatment reference
• To maintain website security and detect abuse

We do not collect consumer health data for advertising, marketing, profiling, or sale.

The following third-party services receive data that may qualify as consumer health data when collected through this website:

• Netlify, Inc. (hosting provider): Receives server access logs including IP addresses and pages visited.
• Memberstack, Inc. (authentication): Receives account and session data for authenticated users.
• Stripe, Inc. (payment processing): Receives payment information when you subscribe to paid services.

We do not have affiliates that receive consumer health data.

Under the Washington My Health My Data Act, you have the right to:

• Confirm whether we are collecting or sharing your consumer health data
• Access the consumer health data we have collected about you
• Delete consumer health data we have collected, including data held by third parties on our behalf
• Withdraw consent to the collection or sharing of your consumer health data

We will not discriminate against you for exercising any of these rights.

To exercise any of the rights described above, contact:

Matias Massaro, DNP, Privacy Officer
Cognia Health PLLC
Email: matias@cogniahealth.com
Phone: (206) 350-9411

We will acknowledge your request within 5 business days and respond substantively within 30 calendar days. If we deny your request, we will explain the reason and inform you of your right to appeal.

We will update this policy as our data practices or applicable law changes. Updates will be posted on this page with a revised "Last Updated" date. We will not collect or share additional categories of consumer health data without updating this policy and providing you the opportunity to exercise your rights.