1. Introduction

Creative Thinkers (“we,” “us,” or “our”) is a holistic early childhood behavioral health program located at 2021 E Hennepin Ave Suite LL20, Minneapolis, MN 55413. We are committed to protecting the privacy of our clients, their families, and all visitors to our website.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website creativethinkersmn.com (the “Website”), contact us, or use our services. This policy applies to all visitors, parents, legal guardians, and clients.

By using our Website or submitting information to us, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use this Website or provide us with your personal information.

2. Compliance Framework

Creative Thinkers operates in compliance with the following federal and state laws governing health information privacy:

HIPAA: The Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, including the Privacy Rule and Security Rule.

Minnesota Health Records Act: Minnesota Statutes §144.291–144.298, which provides additional protections for health records that may exceed federal HIPAA requirements. Where Minnesota law provides greater protection, Minnesota law controls.

COPPA: The Children’s Online Privacy Protection Act, which protects the personal information of children under 13 collected through websites and online services.

Minnesota Consumer Data Privacy Act (MCDPA): Minnesota’s comprehensive data privacy law (effective July 31, 2025) providing consumer data protection rights.

Minnesota Behavioral Health Rules: Minnesota Rules 2150.7515 and related provisions governing confidentiality in behavioral health practice.

3. Information We Collect

Information You Provide Directly

When you contact us, complete forms on our Website, or engage with our services, we may collect the following information:

Contact Information: Parent/guardian name, email address, phone number, and mailing address.
Child Information: Child’s name, date of birth, and general reason for seeking services (as provided by parent/guardian on intake forms).

Insurance Information: Insurance carrier, member ID, and group number for benefits verification.
Referral Information: Name of referring physician or professional, if applicable.
Communication Records: Messages, emails, and inquiries you send to us through the Website or email.

Protected Health Information (PHI)

Once a therapeutic relationship is established, we collect and maintain Protected Health Information as part of your child’s clinical record. PHI is collected and maintained in accordance with HIPAA and the Minnesota Health Records Act and is governed by our separate Notice of Privacy Practices, which is provided during the intake process.

Important: We strongly advise against submitting sensitive health information, diagnoses, or detailed medical history through our Website contact forms or email, as these methods may not be fully HIPAA-secure. For secure communication about your child’s care, please contact us directly at 612-353-6057.
Information Collected Automatically

When you visit our Website, we may automatically collect certain technical information, including:
Device and Browser Information: IP address, browser type, operating system, and device type.
Usage Data: Pages visited, time spent on pages, referring URLs, and navigation patterns.
Cookies and Tracking Technologies: See Section 7 (Cookies and Tracking Technologies) for details.

4. How We Use Your Information

We use the information we collect for the following purposes:
Service Delivery: To respond to inquiries, schedule consultations, conduct intake assessments, and provide behavioral health services.

Treatment and Care Coordination: To develop and implement treatment plans, coordinate care among our clinical team, and communicate with other healthcare providers involved in your child’s care (with appropriate consent or authorization).

Insurance and Billing: To verify insurance benefits, obtain prior authorizations, submit claims, and process payments.

Communication: To send appointment reminders, service updates, and respond to your questions and requests.

Website Improvement: To analyze how visitors use our Website and improve its content, functionality, and user experience.

Legal Compliance: To comply with applicable federal, state, and local laws and regulations, including mandatory reporting requirements.

We do not sell, rent, or trade your personal information or your child’s information to third parties for marketing purposes.

5. How We Share Your Information

We may share your information in the following circumstances: With Your Consent

We will share your child’s health information with third parties when you have provided written authorization, as required by HIPAA and the Minnesota Health Records Act. Written authorizations are valid for one year unless otherwise specified, and you may revoke authorization at any time in writing.
For Treatment, Payment, and Healthcare Operations Under HIPAA, we may use and disclose PHI without separate written authorization for purposes of treatment (coordinating care among providers), payment (submitting insurance claims and verifying benefits), and healthcare operations (quality assurance, staff training, and compliance activities). We apply the minimum necessary standard, disclosing only the information needed for the specific purpose.

As Required or Permitted by Law We may disclose information without your consent when required or permitted by federal or Minnesota law, including:

Mandatory Reporting: Minnesota law requires healthcare providers to report suspected child abuse or neglect to the appropriate authorities.

Duty to Warn: Under Minnesota law, we have a duty to disclose information when a client has communicated a specific, serious threat of physical violence against a clearly identified potential victim.
Court Orders and Legal Process: We may disclose information in response to a valid court order, subpoena, or other legal process as permitted by law.

Public Health and Safety: We may disclose information to prevent a serious and imminent threat to health or public safety.

Oversight Activities: We may disclose information to health oversight agencies for legally authorized activities, including audits, investigations, and licensure.

Business Associates and Service Providers

We may share information with third-party service providers (“business associates”) who perform functions on our behalf, such as billing companies, electronic health record providers, and IT service providers. All business associates are required to sign Business Associate Agreements (BAAs) and must safeguard your information in compliance with HIPAA.

6. Children’s Privacy (COPPA Compliance)

Creative Thinkers takes the privacy of children very seriously. Our Website is designed to provide information to parents and legal guardians about our services. We do not knowingly collect personal information directly from children under the age of 13 through our Website.

All information submitted through our Website contact forms, referral forms, and consultation requests should be provided by a parent or legal guardian. If we learn that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will promptly delete that information from our records.

If you are a parent or guardian and believe your child has provided personal information to us through our Website without your consent, please contact us immediately at 612-353-6057 or Info@creativethinkersmn.com so we can take appropriate action.

Note: Clinical records and health information collected as part of your child’s treatment are governed by HIPAA and the Minnesota Health Records Act, not COPPA. Parental consent for treatment is obtained separately through our clinical intake process.

7. Cookies and Tracking Technologies

Our Website may use cookies and similar tracking technologies to enhance your browsing experience and analyze Website usage.

Types of Cookies We May Use

Essential Cookies: Necessary for the Website to function properly. These cannot be disabled.
Analytics Cookies: Help us understand how visitors interact with our Website by collecting information such as pages visited, time spent, and navigation patterns. We may use third-party analytics services such as Google Analytics.

Functionality Cookies: Remember your preferences and settings to improve your experience on return visits.

Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to alert you when a cookie is being sent. Please note that disabling cookies may affect the functionality of certain parts of our Website.
We do not use advertising or remarketing cookies. We do not serve targeted advertisements based on your browsing behavior.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your personal information and PHI, including:

Encryption: Data transmitted through our Website is protected using SSL/TLS encryption (HTTPS).
Access Controls: Access to personal information and PHI is restricted to authorized personnel who need the information to perform their job functions.

Staff Training: All employees receive regular training on privacy, confidentiality, and security requirements, including HIPAA compliance.

Business Associate Agreements: All third-party service providers with access to PHI are required to maintain appropriate safeguards.

Incident Response: We maintain procedures for identifying, responding to, and reporting security incidents and breaches.

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of information transmitted through the internet or our Website.

9. Telehealth Privacy

If Creative Thinkers offers telehealth or teletherapy services, the following additional privacy protections apply:

HIPAA-Compliant Platforms: All telehealth sessions are conducted using platforms that meet HIPAA security requirements, including encryption of audio and video transmissions.

Environmental Privacy: Our clinicians conduct telehealth sessions from private locations. We encourage families to ensure their child participates from a private, quiet space as well.

No Recording Without Consent: Telehealth sessions are not recorded unless you provide explicit written consent. Under Minnesota law, recording of diagnostic interviews or therapeutic sessions requires written informed consent.

Technology Limitations: We are not responsible for the security of your personal internet connection, device, or home network. We recommend using a secure, private Wi-Fi connection for telehealth sessions.

10. Your Rights

Rights Under HIPAA and the Minnesota Health Records Act As a parent or legal guardian of a client, you have the following rights regarding your child’s health information:

Right to Access: You have the right to request and obtain copies of your child’s health records. We will respond to written requests within 30 calendar days. When records are requested for review of current medical care, no fee will be charged.

Right to Amend: You have the right to request that we amend your child’s health records if you believe the information is inaccurate or incomplete. We will respond within 60 days.

Right to Restrict Disclosures: You have the right to request restrictions on certain uses and disclosures of your child’s health information. While we will consider your request, we are not required to agree to all restrictions.

Right to Confidential Communications: You have the right to request that we communicate with you about your child’s care through specific means or at specific locations.

Right to an Accounting of Disclosures: You have the right to receive a list of certain disclosures of your child’s health information that we have made.

Right to a Copy of This Policy: You have the right to obtain a paper copy of this Privacy Policy at any time by contacting us.

Rights of Minors Age 16 and Older

Under Minnesota law, minors age 16 and older may consent to mental health services without parental consent. In such cases, the minor — not the parent or guardian — controls access to their health information related to those services. Creative Thinkers complies with Minnesota’s minor consent laws and will inform minor clients of their rights at the beginning of the professional relationship.
Rights Under the Minnesota Consumer Data Privacy Act Minnesota residents may exercise the following rights regarding personal data we hold about them (excluding data governed by HIPAA):

Right to Know: Request information about what personal data we have collected about you.

Right to Correct: Request correction of inaccurate personal data.

Right to Delete: Request deletion of personal data we hold about you.

Right to Opt-Out: Opt out of the sale of your personal data or its use for targeted advertising or profiling. Note: We do not sell personal data.

To exercise any of these rights, please contact us at 612-353-6057 or Info@creativethinkersmn.com. We will respond to your request within 45 days.

11. Confidentiality in Behavioral Health Services

In addition to HIPAA and state health records protections, Minnesota behavioral health rules impose specific confidentiality requirements on our practice:

Confidentiality of Treatment: Information obtained during the course of behavioral health services is treated as private and confidential. Our clinicians safeguard all private information obtained in professional practice.

Family and Group Therapy: When services are provided to multiple family members, each participant is informed that the provider’s responsibility is to treat all information as private, while acknowledging that there are limitations on each person’s right to privacy in a family or group setting.

Observation and Recording: Diagnostic interviews or therapeutic sessions may only be observed or recorded with written informed consent. Separate consent is required for each instance of observation or recording.

Limits of Confidentiality: At the beginning of the professional relationship, we inform all clients and parents/guardians about the scope and limitations of confidentiality, including situations where disclosure may be required by law (mandatory reporting, duty to warn, court orders).

12. Insurance and Billing Information

Information related to insurance claims, billing, and payment is considered Protected Health Information and receives full HIPAA protection. We use billing information only for the purposes of verifying insurance coverage, obtaining prior authorizations, submitting claims, collecting payments, and responding to billing inquiries.

We may share billing information with insurance companies and managed care organizations (including Medical Assistance/Minnesota Medicaid managed care plans such as UCare, Medica, and HealthPartners), billing service providers, and claims processors. All such entities are bound by applicable privacy laws and/or Business Associate Agreements.

You have the right to request an itemized bill, to receive an accounting of billing-related disclosures, and to dispute charges. In accordance with the Minnesota Debt Fairness Act (Minnesota Statutes Chapter 332C), our medical debt collection policy is available upon request.

13. Data Retention

We retain personal information and health records in accordance with the following guidelines:
Health Records for Minors: Minnesota law requires that health records for minors be retained until the patient reaches the age of majority (18) plus the applicable retention period. We retain clinical records for a minimum of seven years after the last date of service or until the child turns 25, whichever is later.
Website Data: Non-clinical data collected through our Website (contact form submissions, analytics data) is retained only as long as necessary to fulfill the purpose for which it was collected, typically no longer than three years.

Insurance and Billing Records: Billing records are retained for a minimum of seven years in accordance with Minnesota and federal record retention requirements.

When records are no longer required to be retained, they are securely destroyed in accordance with HIPAA requirements for the destruction of PHI.

14. Third-Party Services

Our Website and operations may utilize third-party services, including but not limited to:
Website Hosting: Our Website is hosted by a third-party provider that maintains appropriate security measures.

Analytics: We may use analytics services to understand Website usage patterns.
Electronic Health Records (EHR): We use a HIPAA-compliant EHR system to maintain clinical records.
Payment Processing: Payment transactions are processed through secure, PCI-compliant payment processors.

Each of these third-party providers is selected based on their ability to maintain appropriate privacy and security standards. Providers with access to PHI are required to execute Business Associate Agreements.

15. Breach Notification

In the event of a breach of unsecured Protected Health Information, Creative Thinkers will comply with all HIPAA and Minnesota breach notification requirements, including:

Individual Notification: We will notify affected individuals without unreasonable delay, and no later than 60 days after discovery of the breach, by first-class mail or email (if the individual has agreed to electronic communication).

HHS Notification: We will notify the U.S. Department of Health and Human Services as required by HIPAA.
Minnesota Attorney General: We will notify the Minnesota Attorney General as required by Minnesota law for breaches affecting Minnesota residents.

Notifications will describe the nature of the breach, the types of information involved, steps individuals can take to protect themselves, and what we are doing to investigate and mitigate the breach.

16. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals. Our Website currently does not respond to DNT signals. However, we do not engage in online behavioral tracking of individual users across third-party websites, and we do not use targeted advertising cookies.

17. Links to Third-Party Websites

Our Website may contain links to third-party websites for informational purposes. We are not responsible for the privacy practices or content of these external websites. We encourage you to review the privacy policies of any third-party website you visit. Linking to a third-party website does not constitute our endorsement of that website or its privacy practices.

18. SMS and Email Communications

If you provide your phone number or email address, we may use it to communicate with you about your child’s services, including appointment reminders, scheduling, and general service information. By providing your contact information, you consent to receiving these communications.

You may opt out of SMS communications at any time by replying STOP. You may opt out of email communications by clicking the unsubscribe link in our emails or contacting us directly. Please note that opting out of communications may affect our ability to provide timely service-related information.
We will never send unsolicited marketing messages. All communications relate directly to services you have requested or your child’s care.

19. Notice of Privacy Practices

This Website Privacy Policy is separate from our HIPAA Notice of Privacy Practices (NPP). Our NPP provides detailed information about how we use and disclose your child’s Protected Health Information in the clinical setting and outlines your full rights under HIPAA and Minnesota law.

Our Notice of Privacy Practices is provided to all clients during the intake process and is available upon request at any time. You may request a copy by calling 612-353-6057 or emailing Info@creativethinkersmn.com.

20. Accessibility

We are committed to making our privacy information accessible to all individuals. If you need this Privacy Policy or our Notice of Privacy Practices in an alternative format (large print, audio, or other accessible format), please contact us at 612-353-6057 or Info@creativethinkersmn.com and we will provide a reasonable accommodation.

21. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will update the “Last Updated” date at the top of this page. If we make material changes that affect how we handle your personal information or PHI, we will provide notice through our Website and, where required, seek your consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Website after any changes constitutes your acceptance of the updated Privacy Policy.

22. Governing Law

This Privacy Policy is governed by the laws of the State of Minnesota and applicable federal laws, including HIPAA. Where Minnesota law provides greater privacy protections than federal law, Minnesota law controls. Any disputes arising from this Privacy Policy shall be resolved exclusively in the state or federal courts located in Hennepin County, Minnesota.

23. Contact Information and Complaints

If you have questions about this Privacy Policy, wish to exercise any of your rights, or want to file a privacy-related complaint, please contact us:

Creative Thinkers
2021 E Hennepin Ave Suite LL20
Minneapolis, MN 55413
Phone: 612-353-6057
Email: Info@creativethinkersmn.com