We empathize with those who suffer from mental or emotional disabilities, and truly understand the daily difficulties of their life. While some of us recover using medication, many would prefer to use alternative therapies.
And that’s where an Emotional Support Animal, or ESA, through its affection and companionship, can help to relieve the symptoms associated with emotional disabilities.
An Emotional Support Animal Recommendation is a letter from a physician or Licensed Mental Health Counselor. Per Federal Law, this letter is the only requirement for your cat or dog to be an Emotional Support Animal.
Getting an emotional support animal recommendation.
Looking for an ESA letter this week?
2. Complete an online mental health exam (30-45 minutes).
3. With a licensed therapist from your city/region/state, you’ll discuss your disability and disability-related need for an emotional support animal.
For those who qualify, typically within three to five business days, a letter of recommendation will be securely delivered electronically and via postal mail.
Do you accept medical insurance?
Unfortunately, due to the problematic nature of being reimbursed by insurance companies for emotional support animal exams, we regret that we are not able to accept medical insurance at this time. In light of this, we have tried our best to make the approval protocol as accessible and as affordable as possible.
What forms of payment do you accept?
We accept the following payment types: PayPal, Discover, Visa, MasterCard, and American Express.
How long does it take?
Typically, this entire process takes three to five business days to complete. With our expedited service, we typically fulfill your order within three business days (not counting weekends, and holidays).
Five to ten days? Why does it take so long?
We’re connecting you with an actual practicing licensed mental health care professional. Sometimes, it takes time for you to get on their schedule.
Ever try to see your family doctor the same afternoon?
If you’re looking for an instant letter, make sure to review our blacklist!
Cancellation and Refund Policy
Click here for more information about our cancellation and refund policy.
What is your cancellation and refund policy?
Please review our cancellation and refund policy to learn more.
If I pay for a treatment recommendation letter for an ESA, am I guaranteed to qualify for it?
Ordering our services does not guarantee you’ll be qualified as disabled.
There really isn’t anything typical when it comes to the emotional/psychological status of a person; every person’s situation, ability to cope, and life experience is different. In addition, to qualify, a licensed therapist must assess your disability and disability-related need for an assistance animal.
What is HIPAA Compliance?
In 1996, HIPAA (Health Insurance Portability and Accountability Act) was created as an effort to protect patients’ healthcare information from data theft and unwanted disclosure.
All electronic communications with our clients is done via our secure HIPAA-compliant infrastructure.
Federal privacy guidelines require these discussions to remain strictly confidential. Your therapist will never share that information with anyone without your express, written consent.
Top 10 Most Common HIPAA Violations
1. Keeping Unsecured Records
As part of your employee training, all staff members should be required to keep documents with PHI in a secure location at all times. Physical files containing PHI should be locked in a desk, filing cabinet or office. Digital files should require secure passwords to access them, in addition to being encrypted whenever possible.
2. Unencrypted Data
The dangers of leaving PHI data vulnerable without encryption are simple. Encrypting the data is an added protection if a device containing PHI is lost or stolen. It offers an additional layer of security if a password protected device is somehow accessed, such as through hacking. Although it is not a strict HIPAA requirement, it is highly recommended. You should also be familiar with your State HIPAA regulations as many States have passed laws requiring ePHI and PII to be encrypted.
Although we’d like to think it would never happen to us, hacking is a real threat to medical ePHI. There are people out there who want to use this information for malicious purposes, and therefore medical practices need to protect against hacking wherever possible.
Keeping antivirus software updated and active on all devices containing ePHI is a great place to start. Using firewalls adds another layer of protection as well. Finally, creating unique and difficult to remember passwords, and changing them frequently is another important measure to take to prevent hacking.
4. Loss or Theft of Devices
A case was settled in June of 2016, where an iPhone containing a vast amount of ePHI, including social security numbers, treatment and diagnosis information, medications, and more was stolen.
In addition, the iPhone was neither password protected nor encrypted, leaving all ePHI vulnerable to access by anyone possessing the phone.
The violation occurred at a facility called the Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). A combination of nursing home residents and family members totaling 412 people were affected by the data breach, and the facility was fined $650,000.
Unfortunately, if devices containing ePHI are not stored in a secure location at all times, they are subject to the possibility of loss or theft. If the information stored on such devices is not encrypted or password protected, the loss or theft of the device becomes an even more severe issue.
5. Lack of Employee Training
When it comes to training employees on HIPAA regulations and compliance, it’s important that every employee who comes in contact with PHI be thoroughly educated. Employee HIPAA training is more than a recommendation – it is a requirement of the HIPAA law. All staff members must be well-trained on the law, as well as on the particular policies and procedures set forth by your individual practice.
6. Gossiping / Sharing PHI
Although general gossip or chit chat by the water cooler can be harmless, PHI should always be off limits. When talking to co-workers, there is no reason to discuss PHI. Plus, it comes with a hefty fine.
Medical practice employees with access to patient PHI need to be careful about the information they share with others. When discussing PHI, should always be aware of who may be listening. Keep conversations about PHI behind closed doors, and only with appropriate office personnel.
7. Employee Dishonesty
Although not always done with a malicious purpose, when employees try to access PHI that they are not authorized to view, this is a HIPAA violation. Often it is merely out of curiosity, but the punishment is the same regardless of the intent. Thorough and precise training and procedures that outline who can access what, as well as a clear indication of the consequences that will result, can help prevent occurrences of this particular HIPAA violation.
8. Improper Disposal of Records
When training your staff members on HIPAA regulations, one of the most important procedures to enforce is proper disposal of PHI records. Staff members should understand that all information that contains PHI, such as social security numbers, medical procedures, diagnoses, etc., should be shredded, destroyed, wiped from the hard drive, etc.
If any of this information is left lying around in a trash can, in a computer’s recent files folder, etc., it could get into the hands of the wrong person, and this would be a serious HIPAA violation. You can prevent this from happening with proper employee training and enforcement by a compliance officer or other staff.
9. Unauthorized Release of Information
This violation most often occurs when members of the media release PHI regarding public figures and celebrities. It can also happen when medical personnel release PHI to family members that are unauthorized, as only dependents and those with a Power of Attorney are allowed access to the PHI of a family member.
10. 3rd Party Disclosure of PHI
When it comes to discussing PHI, it should only be discussed with the people who need to know, such as the patient, the doctor(s), and/or the person(s) billing for the procedure, medication, or other related service. If you have access to PHI and discuss it with those who do not have the right access to this information is a direct violation of HIPAA.
However, it does happen frequently. Again, by educating all staff members with access to PHI about HIPAA regulations such as this, you can eliminate the majority of data breaches caused by this violation.
Another example of 3rd party disclosure would be if a staff member were to release the wrong patient’s information due to human error. In this case, the act may be an accident, but the consequences would be similar to those for a purposeful violation.
What is PHI?
Protected health information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. HIPAA regulations allow researchers to access and use PHI when necessary to conduct research. However, HIPAA only affects research that uses, creates, or discloses PHI that will be entered in to the medical record or will be used for healthcare services, such as treatment, payment or operations.
For example, PHI is used in research studies involving review of existing medical records for research information, such as retrospective chart review. Also, studies that create new medical information because a health care service is being performed as part of research, such as diagnosing a health condition or a new drug or device for treating a health condition, create PHI that will be entered into the medical record. For example, sponsored clinical trails that submit data to the U.S. Food and Drug Administration involve PHI and are therefore subject to HIPAA regulations.
What is not PHI?
In contrast, some research studies use data that is person-identifiable because it includes personal identifiers such as name, address, but it is not considered to be PHI because the data are not associated with or derived from a healthcare service event (treatment, payment, operations, medical records) not entered into the medical records, nor will the subject/patient be informed of the results. Research health information that is kept only in the researcher’s records is not subject to HIPAA but is regulated by other human subjects protection regulations.
Examples of research health information not subject to HIPAA include such studies as the use of aggregate data, diagnostic tests that do not go into the medical record because they are part of a basic research study and the results will not be disclosed to the subject, and testing done without the PHI identifiers. Some genetic basic research can fall into this category such as the search for potential genetic markers, promoter control elements, and other exploratory genetic research. In contrast, genetic testing for a known disease that is considered to be part of diagnosis, treatment and health care would be considered to use PHI and therefore subject to HIPAA regulations.
Also note, health information by itself without the 18 identifiers is not considered to be PHI. For example, a dataset of vital signs by themselves do not constitute protected health information. However, if the vital signs dataset includes medical record numbers, then the entire dataset must be protected since it contains an identifier. PHI is anything that can be used to identify an individual such as private information, facial images, fingerprints, and voiceprints. These can be associated with medical records, biological specimens, biometrics, data sets, as well as direct identifiers of the research subjects in clinical trials.
HIPAA Security Rule
The HIPAA Security Rule requires appropriate Administrative, Physical, and Technical Safeguards to ensure the confidentiality, integrity, and security of protected health information (PHI).
The Security Rule is made up of 3 parts.
- Technical Safeguards
- Physical Safeguards
- Administrative Safeguards
All three parts include implementation specifications. Some implementation specifications are “required” and others are “addressable.” Required implementation specifications must be implemented. Addressable implementation specifications must be implemented if it is reasonable and appropriate to do so; your choice must be documented.
HIPAA Breach Notification Rule
The Breach Notification Rule requires most healthcare providers to notify patients when there is a breach of unsecured PHI. The Breach Notification Rule also requires the entities to promptly notify HHS if there is any breach of unsecured PHI, and notify the media and public if the breach affects more than 500 patients.
Learn more about the Breach Notification Rule.
HIPAA Privacy Rule
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, healthcare clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections.
Business Associates are directly liable for uses and disclosures of PHI that are not covered under their BAA or the HIPAA Privacy Rule itself.
The Privacy Rule requires Business Associates to do the following:
- Do not allow any impermissible uses or disclosures of PHI.
- Provide breach notification to the Covered Entity.
- Provide either the individual or the Covered Entity access to PHI.
- Disclose PHI to the Secretary of HHS, if compelled to do so.
- Provide an accounting of disclosures.
- Comply with the requirements of the HIPAA Security Rule.
HIPAA Administrative Safeguards
The Administrative Safeguards are a collection of policies and procedures that govern the conduct of the workforce, and the security measures put in place to protect ePHI.
The administrative components are really important when implementing a HIPAA compliance program; you are required to assign a privacy officer, complete a risk assessment annually, implement employee training, review policies and procedures, and execute Business Associate Agreements (BAAs) with all partners who handle protected health information (PHI).
There are nine standards under the Administrative Safeguards section.
- Security Management Process
- Assigned Security Responsibility
- Workforce Security
- Information Access Management
- Security Awareness and Training
- Security Incident Procedures
- Contingency Plan
- Business Associate Contracts and Other Arrangements