Privacy Policy

Last Updated: January 6, 2026

Connection Space ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website connection-space.com and receive our therapeutic services.

HIPAA NOTICE: As a healthcare provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable state and federal privacy laws. Your protected health information (PHI) is handled with the utmost care and confidentiality.

1. Information We Collect

Personal Information

When you schedule an appointment, contact us, or use our services, we may collect:

• Name, contact information (email, phone number, mailing address)

• Date of birth and demographic information

• Insurance information (if applicable)

• Emergency contact information

• Payment and billing information

Protected Health Information (PHI)

During the course of treatment, we collect and maintain:

• Clinical notes and treatment records

• Mental health history and assessments

• Diagnoses and treatment plans

• Therapy session notes

• Correspondence related to your care

• Information from other healthcare providers (with your consent)

Website Usage Information

When you visit our website, we may automatically collect:

• IP address and browser type

• Pages viewed and time spent on pages

• Referring website or search terms

• Device information and operating system

2. How We Use Your Information

Treatment, Payment, and Healthcare Operations

• Treatment: To provide, coordinate, and manage your mental health care and related services

• Payment: To bill you or your insurance company, process payments, and verify coverage

• Healthcare Operations: To improve our services, conduct quality assurance, train staff, and maintain our practice

Communication

• To schedule and confirm appointments

• To send appointment reminders (via phone, email, or text with your consent)

• To respond to your inquiries and requests

• To provide important practice updates or changes

Legal Compliance

• To comply with applicable laws and regulations

• To respond to legal processes (subpoenas, court orders)

• To report suspected abuse, neglect, or domestic violence as required by law

• To prevent serious threat to health or safety when legally permitted

3. How We Protect Your Information

We implement comprehensive security measures to protect your information:

• Physical Security: Secure office facilities with restricted access and locked filing systems

• Technical Security: Encrypted communications, secure servers, password protection, and regular security updates

• Administrative Security: Staff training on confidentiality, limited access to PHI on a need-to-know basis, and business associate agreements with third-party vendors

• Electronic Records: HIPAA-compliant electronic health record (EHR) systems with encryption and secure backups

EMAIL AND TEXT COMMUNICATION: While we use secure methods when possible, standard email and text messaging are not completely secure. We will not discuss sensitive clinical information via unencrypted email or text unless you provide explicit consent and understand the risks.

4. When We May Disclose Your Information

With Your Written Authorization

We will not use or disclose your PHI without your written authorization except as described in this policy or as required by law. You may revoke your authorization in writing at any time.

Without Your Authorization (As Permitted by Law)

• Emergency Situations: To prevent serious and imminent threat to your health or safety, or that of another person

• Legal Requirements: In response to court orders, subpoenas, or other legal processes

• Mandatory Reporting: When required to report suspected child abuse, elder abuse, or dependent adult abuse

• Workers' Compensation: As necessary for workers' compensation claims

• Public Health: To public health authorities for disease prevention or reporting

• Law Enforcement: In limited circumstances such as reporting crimes witnessed at our practice

• Business Associates: To vendors who provide services on our behalf (billing, IT support) under strict confidentiality agreements

Telehealth Services

If we provide telehealth services, we use HIPAA-compliant platforms. However, you should be aware that electronic communications can potentially be intercepted. We will discuss the risks and benefits of telehealth with you before beginning remote sessions.

5. Your Privacy Rights

Under HIPAA and applicable state laws, you have the following rights:

• Right to Access: You may request to inspect and obtain copies of your health records

• Right to Amend: You may request corrections to your health information if you believe it is incorrect or incomplete

• Right to an Accounting: You may request a list of certain disclosures we have made of your health information

• Right to Request Restrictions: You may request restrictions on how we use or disclose your information, though we are not required to agree to your request

• Right to Confidential Communications: You may request that we communicate with you in a specific way or at a specific location

• Right to a Paper Copy: You have the right to receive a paper copy of this Privacy Policy at any time

• Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services

To exercise any of these rights, please contact us using the information provided at the end of this policy.

6. Minors and Parental Rights

If you are a minor (under 18), your parent or legal guardian generally has the right to access your health information. However, in certain circumstances defined by state law (such as treatment for substance abuse or mental health crisis), minors may have confidentiality rights that limit parental access.

We will discuss confidentiality and its limits with minors and their parents/guardians at the beginning of treatment.

7. Cookies and Website Tracking

Our website may use cookies and similar tracking technologies to improve your browsing experience. These are used for:

• Remembering your preferences

• Understanding how visitors use our site

• Improving website functionality

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

We do not sell or share your personal information with third parties for their marketing purposes. We may use analytics tools (such as Google Analytics) to understand website traffic, but these do not collect PHI.

8. Third-Party Services

We may use third-party services to support our practice, including:

• Electronic health record (EHR) systems

• Payment processing services

• Appointment scheduling platforms

• Telehealth platforms

• Email and communication services

All third-party vendors who have access to PHI are required to sign Business Associate Agreements (BAAs) ensuring HIPAA compliance and confidentiality of your information.

9. Data Retention

We retain your health records in accordance with applicable state and federal laws. Typically, adult records are retained for a minimum of 7 years from the date of last service, and minor records are retained until the patient reaches age 25 or for 7 years, whichever is longer. After this period, records are securely destroyed.

10. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our website. The "Last Updated" date at the top of this policy will reflect when changes were made. We will provide notice of significant changes through our website or direct communication.

You have the right to receive a copy of the Privacy Policy in effect at the time of service.

11. Notice of Privacy Practices

This Privacy Policy serves as our Notice of Privacy Practices as required under HIPAA. You will receive a copy of this notice at your first appointment, and you will be asked to acknowledge receipt in writing.

12. Contact Information

Connection Space
Avigail Margolis, Licensed Therapist

Website: connection-space.com
Email: dr.amargolis@gmail.com

If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us using the information above.

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

Connection Space Privacy Officer
dr.amargolis@gmail.com

U.S. Department of Health and Human Services
Office for Civil Rights
www.hhs.gov/ocr/complaints
Phone: 1-800-368-1019

You will not be penalized or retaliated against for filing a complaint.

CONSENT: By using our services and visiting our website, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. At your first appointment, you will be asked to sign an acknowledgment confirming receipt of this Notice of Privacy Practices.