Privacy Policy

Home
Privacy Policy

Notice of Privacy Practices

Effective Date: April 20, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Overview

Colorado Retina Associates, PLLC (“CRA”, “we”, “our”, or “us”) strives to provide high-quality care to our patients. As partners in your healthcare, we are committed to maintaining the privacy and confidentiality of your health information, which generally includes information that we create or receive that identifies you and your past, present or future health status or care or the provision of or payment for that health care. This Notice describes our privacy practices, including how we may use or disclose your health information, as well as your rights and choices regarding such information.

How We Use & Disclose Your Health Information

We may use or disclose your health information without an authorization (i.e., your written permission) for the following purposes:

Treatment. We may use and/or disclose your protected health information in order to ensure that you receive proper medical treatment. For example, we may share your health information with another physician or healthcare provider involved in your care. We may also contact you about treatment alternatives and options.
We may keep your information electronically using our electronic medical record systems. In some cases, you may be asked to give permission to allow the sharing of your health information.

Payment. We may use and/or disclose your protected health information to obtain payment for services that were provided to you. For example, we may share your health information with your health plan so it will pay us or reimburse you for your retinal care services. We may also contact your health plan about a treatment you may receive to determine whether your plan will pay part of the cost. We may also disclose your information to other providers for their own payment activities.

Health Care Operations. We may use and/or disclose your information for operational purposes. “Health care operations” are activities that are necessary to run our offices, maintain licensure, and to make sure that our visitors receive quality information on services and products. For example, we use your health information to contact you or your personal representative to remind you that you have an appointment or that it is time to schedule an appointment. We may also disclose information to healthcare professionals and other authorized personnel for educational and learning purposes.

Other Purposes. We may also use and/or disclose your health information without your written authorization for other purposes, as permitted or required by law. This includes:

Public Health Activities & Safety Issues. We are permitted to share your health information for certain purposes that have been determined to benefit the public as a whole, such as, (i) preventing disease; (ii) helping with product recalls; (iii) reporting adverse reactions to medication; (iv) reporting suspected abuse, neglect, or domestic violence; and (v) preventing or reducing a serious threat to anyone’s health or safety.
Lawsuits & Legal Actions: We may disclose your health information in response to a court or administrative order, or in response to a subpoena, as permitted by law and once all administrative requirements and/or any applicable state law requirements have been met.
Parents & Guardians. We may share a minor’s health information with his or her parents or guardians unless such disclosure is otherwise prohibited by law. For example, a minor’s parents may discuss medical treatment with the minor’s retina specialist. Note, however, that if a minor is emancipated, married, pregnant or a parent, we may not be permitted to share information with the minor’s parents or guardians.
Research. We strive each day to develop new treatments and technology to benefit our patients. Research is an important part of that process. We may use or disclose your health information for such research purposes. For example, we may use or disclose your health information to:
Plan for research studies and determine whether such studies can be carried out or would be useful.
o Identify and contact you regarding taking part in a specific research study. Your participation in the study can only start after you have been told about the study, are given a chance to ask questions, and have shown your willingness to participate in the study by signing a consent form.
o Remove information that identifies you. Anonymized data may be shared for internal analysis.
o Gather and analyze information that might be used to publish an article—although your identity or identifiable information about you will never be released in the article without your authorization.
All research projects for which we share health information are carefully reviewed by an institutional review board or privacy board to protect the safety, welfare, and confidentiality of our patients. If you have questions regarding the above or prefer not to be contacted for research purposes, please contact [Research Department Director Victoria Lee at 303-261-1600, or vlee@retinacolorado.com ].
Business Associates. At times, we may provide your health information to outside vendors (business associates) that provide services to us. For example, we may provide your name, address, and other information to a company that helps us mail important health communications to you. These business associates are required to adhere to federal and state laws regarding the protection of your health information; they are also under contractual obligations with us to maintain the privacy and security of your health information.
Coroner, Medical Examiner, or Funeral Director. We may share health information with a corner, medical examiner, or funeral director when an individual dies while in our care.
Organ & Tissue Donation. We may use or disclose health information with organ procurement organizations for the purposes of facilitating a patient’s organ, eye, or tissue donation and transplantation.
Workers’ Compensation. We may disclose your health information in connection with workers’ compensation claims or similar programs that provide benefits for work related injuries or illness as required or permitted by law if you are injured at work.
Law Enforcement & Other Government Requests. We may use or disclose your health information, as required or permitted by law:

For law enforcement purposes or to a law enforcement official.
For special government functions or to various departments of the government such as the U.S. military, or the U.S. Department of State.
To health oversight agencies for activities authorized by law.
To the Secretary of the U.S. Department of Health and Human Services, when required to investigate or determine our compliance with applicable laws.

AI Solutions. We may use various technologies to support the work that we describe in this Notice. These technologies, which include artificial intelligence, are used to enhance the care we provide, improve our services and providers’ well-being, and support our operations and billing activities. Use of these technologies are subject to appropriate protections for the privacy and security of your health information.
This Practice does not sell, rent, or lease its customer lists or mobile opt-in data to third parties for marketing purposes.

Additional State & Federal Requirements. Some state and federal laws provide additional privacy protections of your health information.

Sensitive Health Information. Some types of health information are particularly sensitive, and the law, with limited exceptions, may require that we obtain your written permission or in some instances, a court order, to use or disclose that information. Sensitive health information includes, for example, information dealing with mental health and developmental disabilities, HIV/AIDS, alcohol and drug abuse treatment, genetic testing, and genetic counseling. Prior to receiving care from us, our patients sign, where required by law, a consent to allow us to use and disclose sensitive health information in the same way that federal law allows us to use and disclose non-sensitive health information for treatment, payment, and health care operations, as described in this Notice.
Substance Use Disorder Records. We do not operate a Part 2 Program under 42 USC § 290dd-2 and 42 CFR Part 2 (collectively, “Part 2”). Where we receive any substance use disorder treatment records protected by Part 2 (“SUD Records”), we comply with our obligations as a lawful holder of these records. If we receive SUD Records pursuant to your consent, we may use and disclose these records in accordance with the terms of that consent. If the consent authorizes the uses and disclosures for purposes of treatment, payment, and health care operations, we may use and disclose these records in accordance with this Notice, provided that in no event will we use or disclose such records, or testify relaying the content of such records, in any civil, criminal, administrative, or legislative proceeding against you unless you’ve given written consent to do so (separate from your consent for any other use or disclosure), or a court order requires disclosure after notice and an opportunity to be heard is provided to you or us, as provided by Part 2.
Certain Disciplinary Proceedings. State law may require your written permission if certain health information is to be used in various review and disciplinary proceedings by state health oversight boards (such as the Department of Professional Regulation).
Certain Litigation Proceedings. State law may require your written permission for certain providers to disclose information in certain legal proceedings.
Registries. Some laws require your written permission if we disclose your health information to certain state-sponsored registries.

We are committed to complying with applicable laws when we use and/or disclose your health information.

Your Rights

When it comes to your health information, you have certain rights. This section explains those rights, how to exercise them, and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record. You may ask to see or get an electronic or paper copy of your medical record and other health information we have about you. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct or amend your medical record. You can ask us to correct or amend health information about you that you think is incorrect or incomplete. We may say “no” to your request, but we will tell you why in writing, usually within 60 days of your request.
Request confidential communications. You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests.
Ask us to limit what we use or share. You can ask us not to use or share certain health information for treatment, payment, or our operations. For example, if you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. You may also request a restriction on what health information we may disclose to someone who is involved in your care, such as a family member or friend. We are not required to agree to these requests. For example, we may say “no” if it would affect your care. Additionally, any restriction request that we may approve will not affect any use or disclosure that we are legally required or permitted to make under the law.
Obtain a list of those with whom we’ve shared your information. You can ask us for a list (accounting) of the instances we have shared your health information for six years prior to the date you ask, with whom we shared it, and why. We will include all the disclosures except for those related to treatment, payment, or health care operations, and certain other disclosures (such as any you asked us to make). We will provide one accounting per year for free but may charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this Notice. You can ask for a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you. If you have given someone health care power of attorney or if someone is your legal guardian, they can exercise your rights and make choices about your health information. If someone has been appointed to act for you, a copy of the document appointing that person must be provided to us. We will make reasonable efforts to ensure the person has this authority and can act for you before we take any action.
File a complaint. Protecting your confidential information is important to us. If you feel we have violated your rights, please contact us using the information at the end of this Notice. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201, calling 1-877-696-6775, or visiting retinacolorado.com/hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.

Please ask us how to accomplish any of the above items by contacting us using the information at the end of this Notice. You may have to complete a form and submit your request in writing. For example, to obtain a copy, amend, or restrict your medical records, or to receive a listing of disclosures you must fill out a form. The forms are available at our offices upon request. Some forms may also be available on our website.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will make a good faith effort to follow your instructions.

You have both the right and choice to tell us to:

Share your information with individuals, such as family members or friends, involved in your care or payment for your care.
Share your information in a disaster relief situation.

If you are not able to tell us your preference (for example, if you are unconscious), we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

For situations not generally described in this Notice, we will not use or disclose your health information without first obtaining your written authorization to do so. The form will describe what information will be disclosed, to whom, for what purpose, and when. These situations can include uses and disclosures for marketing purposes, including marketing communications paid for by third parties; and disclosures that constitute a sale of health information. You have the right to revoke your authorization, in writing, at any time, except to the extent we have taken action in reliance upon it. The revocation will only be effective after we receive it.

With respect to fundraising, we may contact you as part of our fundraising efforts, but you can tell us not to contact you again.

Our Responsibilities Regarding your Health Information
• We are required by law to maintain the privacy and security of your protected health information.
• We will provide you with notice if a breach occurs for which we are aware and that may have compromised the privacy or security of your protected health information.
• We will not use or share your information other than as described in this Notice unless you tell us we can do so in writing.
• We will follow the duties and privacy practices described in this Notice.
• We will offer you a copy of this Notice.
Please note, we reserve our right to change our Privacy Practices and the terms of this Notice in the future. As described at the end of this Notice, we will communicate any material change to our Notice and Privacy Practices.

Changes to this Notice

We can change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available at our offices, on our website, or upon request.

Questions or Complaints

Protecting your confidential information is important to us. If you have questions, want additional information, or feel we have violated your rights, please contact us using the information below:

Mail: Colorado Retina Associates, PLLC - Attn: Michelle Wagner - Compliance & Privacy Officer
Address: 255 Routt St., Ste 200, Lakewood, CO 80228
Phone Number: 303-261-1600
Email Address: mwagner@retinacolorado.com

Cookie Policy

Below lists cookies that may be used on our Service.

You may be able to change a web browser’s settings to block and delete cookies when you access the Service through that web browser. However, if you do that, the Service may not work properly; also, we will still receive basic information (such as last URL visited) when you navigate to the Service. The Service does not respond to browser do-not-track signals.

Service Provider: Google Analytics* (_ga, _gid, _gat)

Purpose: First party usage analytics
Link to Privacy Notice

Service Provider: Google Tag Manager (_gatUA*)

Purpose: Used for performance and to store preferences
Link to Privacy Notice

Service Provider: Kirby_session, homepage

Purpose: Sets duration of CMS login, preferred language, CSRF Token
Link to Privacy Notice

Service Provider: urlParams

Purpose: Collects URL parameters to append to the Careers link
Link to Privacy Notice

Service Provider: Googletrans language language-text

Purpose: Collects URL parameters to append to the Careers link
Link to Privacy Notice

*Like most websites, we use Google Analytics to collect and process certain first-party website usage data. To learn more about Google Analytics and how to opt out, CLICK HERE. In addition, you can click the following link in order to find out more information about your options with respect to Google Analytics and other Google services: CLICK HERE.

Information We Use and Collect

Through the Service and by Email and Telephone. We collect and store the following personal information and use it for typical business purposes (including security and anti-fraud purposes), as described more specifically below.

Colorado Retina Associates does not sell, rent, or lease its customer lists or mobile opt-in data to third parties for marketing purposes.

Personal identifiers. We receive personal identifiers (such as your name, phone number, cell phone number, date of birth, e-mail address, mailing address, gender, and social media username) and use them to respond to your requests, and to communicate with you for appointments, marketing, surveys, and informational purposes. We may also collect and use this information to respond to feedback, complaints, and to provide information about our products and services.
Message content. We receive messages you provide through email, by phone, or a contact us form on the Service, including in connection with customer service requests, appointment requests, surveys, and complaints. We use this information to respond to your requests and to improve the Service and our service. We may also use this information to post reviews on our Service.
Appointment or Curbside Consult information. When you request to make an appointment or curbside consult online, the Practice will treat that information in accordance with the HIPAA Notice of Privacy Practices made available on those web pages and not under this Privacy Policy.
Business-related information. We may receive business-related information when you refer a patient (such as the name of your practice). We use this information to respond to your requests.
Geolocation information. We may use some of the information we collect, such as IP addresses, to estimate an approximate location of the device you are using to access our Service in order to enhance and personalize the features and functionality of the Service and service offerings.
Survey information. We may receive survey responses that you submit to us. We use this information for research and other business purposes.
Anonymous or aggregated information. We de-identify or aggregate data we receive and may use and disclose it for any business purpose.
Inferences. We may draw inferences from the categories of information described above. This information may be used so that we can improve future user experiences with the Practice and to provide a more personalized experience.

From Referring Providers

If you use the Service to refer a patient, we may submit information about your practice and relating to the patient, including personal identifiers (such as their name, date of birth, phone number, and address), gender, patient insurance number, a description of the reason for the referral (such as diagnosis and symptoms), and any other information you may provide. We process the patient information received from referrals in accordance with the Practice’s HIPAA Notice of Privacy Practices made available on the Practice web page and not under this Privacy Policy.

Social Media

If you post information on our social media pages, we may use the information to respond to your post, to promote our business and services, and in the normal course of our business operations. We may collect personal identifiers, such as your social media username, and other personal characteristics that you have made publicly available on the social media website. Note that the third-party operators of social media websites also receive such information and your posts, and their use of your personal information is governed by their own privacy policies.

Automatically Through the Service

When you visit our Service, we may collect information about your use of our Service by automated means. Such means include the use of cookies, web beacons, web server logs, and other similar technologies.

We may use such first-party technologies to collect personal identifiers (such as your IP address), information about your device (such as your browser characteristics, device IDs and characteristics, operating system version, and language preferences) and information concerning your usage of our Service (including the link you used to reach a given webpage). For example, we use this information to determine how many users have visited webpages, viewed particular content, or opened messages or alerts, and we may also use such information to improve the performance of the Service, to improve our marketing activities, and to enforce our website service terms, prevent malicious conduct, and for anti-fraud and security purposes.

In some cases, our third-party partners may process information collected by cookies and related technologies on our behalf that we permit them to use on the Service. Please see our Cookie Policy for more details. With respect to any social network pages that we may use, please see the privacy policies and any cookie policies of the applicable social network providers as to their automated data collection practices.

As indicated above, we, similar to many other website operators, currently use Google Analytics to collect and process certain Service usage data. To learn more about Google Analytics and how to opt out, please see our

INFORMATION DISCLOSURES

To Support Our Business. We may provide third parties with the personal information we collect (as described above) for our business purposes to assist us in providing products and services to you, including to put you into contact with a partner or to help us market.

To Provide, Protect, and Improve Our Service and Services. We disclose personal information as necessary to operate our business, such as with third-party providers, partner practices, and affiliates in connection with providing services to you. For example, we may provide your name, telephone, and e-mail address information, to our partner practices. We require that third-party providers use personal information only for that purpose, and we also require assurances that they will appropriately protect personal information entrusted to them. We also may access, preserve, and disclose information if we believe that such action is necessary in our judgment to comply with a legal obligation or to protect and defend our rights or property, or those of others. For example, we may provide information, including IP address information, to our service providers to protect the Service, such as for fraud detection purposes.

To Comply with the Law and Legal Process. We may access, preserve, and disclose information concerning you if required to do so by law or if we believe that such action is necessary in our judgment to comply with a legal obligation.

Other Sharing. We may share information as described under “Information We Collect and Use” above and for other business purposes as otherwise explained in this Privacy Policy.

Sales, Mergers, and Acquisitions. In the event of a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another entity (whether by private sale, through operation of law, as part of a divestiture plan, or otherwise), we will provide personal information and transaction history associated with each such business unit to the persons and/or entities assuming control of such business unit or as otherwise necessary to complete the transaction as permitted by law or contract.

RETENTION OF PERSONAL INFORMATION

As a general matter, we only keep information for as long as necessary to fulfill the purposes for which it was collected, as stated in our retention policies, and permitted or required by law, such as to comply with recordkeeping and other legal obligations. There may also be residual information that will remain within our backup files, databases, and other records, which will not be removed or changed, except in accordance with retention policies. The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you are a patient with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise;
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

PROTECTION OF PERSONAL INFORMATION

We employ reasonable security measures to secure and protect the information we receive. No method of electronic transmission or storage is 100% secure.

LINKS TO THIRD-PARTY WEBSITES

The Service may contain links to other websites, and other websites may link to the Service. This Privacy Policy does not apply to personal information that you submit to the websites of our business partners, partner practices, or any other third-parties or that are collected by them from you, even if those third-party websites are linked to our Service or listed in our Cookie Policy. We are not responsible for the privacy practices of such other websites. When you visit another website – via a link from the Service or otherwise – you should review the privacy policy of that other website. This Privacy Policy applies solely to information provided or obtained on our Service.

NO USE BY CHILDREN UNDER THE AGE OF 13

The Service is not intended for use by children under the age of 13. If you are under the age of 13, you may not use our Service. We do not knowingly collect, maintain, or use personal information from children under 13 years of age. If we believe that any information has been posted by a child under the age of 13, we will promptly delete that information. Parents may contact us using the methods set forth below to request that information concerning their child be removed from our Service.

STATE PRIVACY RIGHTS

Your state may impose specific legal requirements and create privacy rights with respect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law.

When you make a request, we may require that you provide information (such as your name, email address and/or zip code) and follow procedures so that we can verify a request you make and your jurisdiction before responding to it. The verification steps we take may differ depending on your jurisdiction and the request you make. We will match the information that you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us verify your request.

We will respond to your request within the time period required by applicable law. However, we may not always be able to fully comply with your request, and we will notify you in that event when required.

Certain privacy laws permit consumers to use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the consumer. An authorized agent must follow the process described below to make a request, and we will additionally require the authorized agent to verify his/her own identity and we will confirm the agent’s authority with the consumer about whom the request was made.

You may have specific rights regarding your personal information. This section describes your rights and explains how to exercise those rights.

Right to Know and Data Portability Rights
In certain circumstances, you have the right to request that we disclose certain information to you about our collection and use of your personal information.

Right to Delete
You may have the right to request that we delete the personal information that we collected from you and retained, subject to certain exceptions.

Right to Correct
You may have the right to request that we correct any inaccurate personal information we may hold about you. We will use commercially reasonable efforts to correct inaccurate personal information, taking into account the nature of the personal information and the purpose for our processing.

Right to Appeal
You may have a right to appeal a refusal to take action on a request by contacting us by email at info@retinacolorado.com.

Non-Discrimination
We will not discriminate against you for exercising any of your rights.

Exercising Rights
You may be able to use the Service to access and update the information that you have provided to us through your use of the Service or otherwise. If you would like to request access to such information or that we update, correct, or delete any such information, you may email us at: [email protected]. We will comply with requests you submit as required by applicable law.

Sales/Sharing of Personal Information
Colorado Retina Associates does not sell, rent, or lease its customer lists or mobile opt-in data to third parties for marketing purposes. We do not sell personal information for money or other considerations, nor do we share personal information for cross-context or targeted behavioral advertising. In the preceding 12 months, we used cookies and similar tracking technologies that enabled certain advertising networks, social media companies, analytics services, and other third-party businesses to collect and disclose your personal information directly from your browser or device when you visited or interacted with our Service or otherwise engaged with us online. In some cases, we may have uploaded certain Identifiers to certain partners for advertising or analytics purposes. These “sales” or “sharing” of personal information does not presently occur on our Service.