OF DIGITAL INTEREST
OF DIGITAL INTEREST
Legal news and analysis of all things digital
OF DIGITAL INTEREST
Legal news and analysis of all things digital
Colorado
Subscribe to Colorado's Posts

Updated Mandatory Disclosure Requirements for Colorado Mental Health Providers Go into Effect

by , , and | Sep 11, 2024 |

On August 1, 2024, Colorado legislation took effect amending the mandatory disclosures that mental health providers must make to their clients under state law. Providers of mental health services in Colorado should take note of the new legislation and review their existing patient disclosure notices to ensure compliance.

Colorado law requires mental health providers to disclose certain information in writing during initial client contact. The statute covers a broad range of mental health providers, including psychologists, social workers, marriage and family therapists, licensed professional counselors, addiction counselors, and licensee candidates. Key elements of the mandatory disclosures include the following:

  • The provider’s name, business address, and business phone number.
  • The provider’s degrees; credentials; certifications; registrations; licenses; and related education, experience, and training.
  • Contact information related to the applicable board that regulates the provider’s profession.
  • Certain statements regarding fees, patient freedom of choice and rights to information, inappropriateness of sexual relationships between providers and clients, confidentiality of information discussed during sessions, and record retention requirements.

Colo. Rev. Stat. Ann. § 12-245-216(1).

The newly enacted legislation reduced the extent of the required mandatory disclosures. Previously, the Colorado statute required that providers include information explaining the levels of regulation applicable to different mental health professionals, but Senate Bill 24-115 removed this requirement. 2024 Colo. Legis. Serv. Ch. 217 (S.B. 24-115). This is a positive change for providers because it reduces some of the mandatory disclosures.

If you need assistance creating a patient notice to comply with the Colorado statute overall or assistance updating your existing disclosures, please reach out to us. We will work to address any questions you may have regarding the impact of this legislation and the compliance of your current forms.



read more

State Privacy Patchwork Spreads with Signing of Colorado Privacy Act

by , , and | Jul 9, 2021 | , ,

On July 7, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (CPA) into law, the latest in the recent wave of state privacy legislation but unlikely to be the last. The CPA will take effect July 1, 2023, six months after Virginia’s Consumer Data Protection Act (CDPA) and the California Privacy Rights Act (CPRA) become effective. Organizations subject to the new Colorado law will have to prepare for new consumer rights and restrictions with respect to Colorado consumers’ personal data. What follows are key takeaways from the CPA and the implications for businesses grappling with the changing privacy landscape in the US.

Applicability and Exemptions

Not all organizations will be covered by the new CPA. To be subject to the law, an organization must do business in Colorado and meet one of the following requirements:

  • The organization processes data on 100,000 or more Colorado consumers annually.
  • The organization processes data on 25,000 or more Colorado consumers annually and “sells” any personal data.

This applicability threshold sets a relatively high bar, and many companies that are subject to the California Consumer Privacy Act of 2018 (CCPA)/CPRA may not meet these thresholds in Colorado.

There are a number of exemptions and limitations built into the Colorado law. Personal data regulated under existing federal privacy regimes, such as the Health Insurance Portability and Accountability Act (HIPAA), will be exempt from the CPA, as will personal data about employees and others “acting in a commercial or employment context.” Further, the CPA’s substantive requirements will not limit organizations’ ability to process data for legal compliance, fraud prevention, security, contract fulfillment or any “internal operations that are reasonably aligned with the expectations of the consumer based on the consumer’s existing relationship” with the organization.

Substantive Rights Largely Mirror Other State Privacy Laws

The CPA establishes a number of substantive rights that Colorado consumers will have with respect to their personal data. In general, these rights mirror those in the existing laws in California and Virginia, including the following:

  • Notice. Covered organizations will be required to disclose data collection and processing details in their public-facing privacy policies. In addition, a new “duty of purpose specification” requires that companies identify the “express purposes for which personal data are collected and processed.” Whether existing privacy policies are sufficiently “express” for these purposes will be an important consideration for organizations under the CPA and one that will likely lead to both confusion and potential regulation in the future.
  • Access, Correction and Deletion. Consumers will have the right to access, correct and delete their personal data. For the right to access, businesses will be required to provide data in a portable format where feasible.
  • Opt Out. Consumers have the ability to opt out of data “sales,” targeted advertising and high-risk automated “profiling.”
  • Opt In. As with the CDPA, businesses must seek opt-in consent before collecting or processing “sensitive personal data,” which includes data revealing an individual’s race, ethnicity, religious beliefs, [...]

    Continue Reading


read more

BLOG EDITORS

Amanda Enyeart

Marshall E. Jackson, Jr.

Lisa Schmitz Mazur

Michael G. Morgan

Romain Perray

Amy C. Pimentel

STAY CONNECTED

Subscribe

TOPICS

ARCHIVES

2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law