Privacy Policy
Carina Health Network Privacy Policy
Last updated and effective: April 13, 2026
This Privacy Policy describes how Colorado Community Managed Care Network (dba “Carina Health Network”, “we,” “us,” or “our”) collects, uses, shares, and protects personal information. This Privacy Policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.
This Policy governs the use of our Website and Shared Content, as well as any products and services we offer through this Website or Shared Content (collectively, “Services”). Your use of our Website or the Services, and any dispute over privacy, is subject to this Policy and our Terms of Service, including its applicable limitations on damages and the resolution of disputes. This Policy is incorporated by reference to the Terms of Service of our Website.
This Website and the Services are designed for persons in the United States and specifically, the State of Colorado.
Web Tracking & Cookies
We use cookies, web beacons, clear GIFs, and similar tracking technologies on our website. These technologies help us operate our site, conduct analytics, and improve user experience. Some of these technologies are placed by us (first-party), and some are placed by third parties on our behalf.
Third-Party Tracking Tools. We may use third-party analytics and tracking services, which may include:
- Google Analytics – Collects anonymized usage data (pages visited, session duration, browser type, approximate location). Google’s privacy policy governs its data use. You may opt out via the Google Analytics Opt-Out Browser Add-On at tools.google.com/dlpage/gaoptout.
- Session Replay / Interaction Tools – If we use session replay technology, it may record mouse movements, clicks, and form interactions to help us improve usability. No payment card data or credentials are captured. We will update this section if such tools are deployed.
Cookie Consent & Opt-Out. When you first visit our website, you will be presented with a cookie consent banner that allows you to: (1) Accept all cookies; (2) Reject non-essential cookies; or (3) Manage your preferences by category. You may update your preferences at any time by clicking the “Manage Consent” banner at the bottom of the website. Strictly necessary cookies required for site functionality cannot be disabled. For other privacy requests, contact us via the website contact form.
HIPAA & This Website. This corporate website does not provide access to any systems containing protected health information (PHI) and does not collect PHI through its forms or interfaces. Accordingly, HHS/OCR guidance on third-party tracking technologies on healthcare websites does not apply to this site. Our HIPAA compliance obligations are fulfilled in the context of our Business Associate Agreements, not through this website.
Do Not Track. Some browsers transmit “Do Not Track” (DNT) signals. We honor user opt-out preferences as expressed through our cookie consent tool. Because there is no uniform industry standard for DNT signals, we do not automatically respond to browser-level DNT signals, but provide equivalent control via our consent banner.
Information We Collect
We collect information about you in a variety of ways depending on how you interact with us and our websites and services, including:
- Directly from you when you provide it to us, such as when you register for an account, sign up to receive communications from us, or contact us by phone, email, or otherwise.
- Automatically through the use of cookies, server logs, and other similar technologies when you interact with our websites and emails.
- From other sources, including, for example, our affiliates, business partners, service providers, and other third parties, or from publicly available sources.
The following provides examples of the type of information that we may collect in a variety of contexts and how we use that information.
| Context | Types of Information | Primary Purpose for Collection and Use of Information |
|---|---|---|
| Account Registration | We collect your name and contact information when you create an account. We also collect information relating to the actions that you perform while logged into your account. | To administer your account and provide account-related functionalities. |
| Cookies and First-Party Tracking | We use cookies, clear GIFs, and similar technologies. We may also use third-party analytics tools (e.g., Google Analytics) and, where applicable, session replay or interaction tracking tools. These collect IP addresses, browser type, pages visited, and interaction data. | To make our website operate efficiently, conduct analytics, and understand user behavior. See the ‘Web Tracking & Cookies’ section for opt-out options. |
| Email Interconnectivity | If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains. | To understand how you interact with our communications to you. |
| Feedback/Support | If you provide us feedback or contact us for support, we will collect your name and email address, as well as any other content that you send to us. | We have a legitimate interest in receiving, and acting upon, your feedback or issues. |
| Mailing List | When you sign up for one of our mailing lists we collect your email address or postal address. | To send you information about our organization. |
| Surveys | When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third-party service provider, the third party’s privacy policy applies. | To understand your opinions and collect information relevant to our organization. |
| Website Interactions | We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. | To improve our website, understand preferences and interests, and detect and prevent fraud. |
| Web Logs | We collect information, including your browser type, operating system, IP address, domain name, click-activity, referring website, and/or a date/time stamp for visitors. | To monitor our networks and the visitors to our websites and understand which services are most popular. |
How We Use Information
In addition to the purposes and uses described above, we use information in the following ways:
- To operate our websites and services.
- To improve our services and offerings.
- To conduct analytics.
- To communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues, or feedback.
- To send information, marketing and/or promotional materials.
- To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of our company and our users, employees, or others.
- To debug, identify and repair errors that impair existing intended functionality of our website and services.
- To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
- For internal administrative purposes, as well as to manage our relationships.
- For such other purposes as you may consent to from time to time.
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.
How We Share Information
We share your information at your direction; with the limited exceptions discussed below, we do not share your information with third parties unless you agree in advance or such use, sharing or disclosure is permitted by applicable laws and regulations without first obtaining your consent.
We do not sell your personal information to third parties for monetary consideration. We do not share personal information with third parties for their own direct marketing purposes without your opt-in consent.
In addition to the specific situations discussed elsewhere in this Privacy Policy, we may disclose personal information in the following situations:
- Affiliates and Acquisitions. We may share information with our corporate affiliates. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
- Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws.
- Service Providers. We may share your information with service providers who assist us in administering our website, conducting surveys, providing technical support, and similar activities. Service providers are contractually prohibited from using your information for purposes beyond the scope of their services to us.
- Other Disclosures with Your Consent. We may disclose your information to other third parties when we have your consent or direction to do so.
HIPAA Our Role as a Business Associate
Carina Health Network operates as a Business Associate (as defined under HIPAA) in connection with certain contracted services. In that capacity, we handle protected health information (PHI) pursuant to Business Associate Agreements (BAAs) with our covered entity clients not through this website.
This corporate website does not provide access to any systems containing PHI, does not collect PHI through its forms or interfaces, and is not a channel through which any health plan member or patient data flows. Accordingly, the HHS/OCR guidance on third-party tracking technologies on healthcare websites does not apply to this site.
Our HIPAA compliance obligations including safeguarding PHI, breach notification, and individual rights are governed by the terms of our applicable BAAs and our internal HIPAA compliance program and are fulfilled in that context. If you have questions about our handling of PHI in our capacity as a Business Associate, please contact our Privacy Officer using the website contact form.
State-Specific Privacy Rights
Colorado (Colorado Privacy Act – CPA). As a Colorado-based organization, we comply with the Colorado Privacy Act (CPA), C.R.S. § 6-1-1301 et seq. Colorado residents have the right to:
- Access personal data we hold about you.
- Correct inaccurate personal data.
- Delete personal data we have collected about you.
- Opt out of the processing of your personal data for targeted advertising or the sale of personal data.
- Obtain a portable copy of your personal data.
- Appeal our decision if we decline to fulfill a privacy rights request.
To exercise these rights, contact us using the website contact form with the subject line “CO Privacy Request.” We will respond within 45 days (extendable by an additional 45 days with notice).
California (CCPA/CPRA). California residents have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These include the right to know, delete, correct, and opt out of the sale or sharing of personal information, as well as the right to limit the use of sensitive personal information. We do not sell personal information. To submit a California privacy request, contact us using the website contact form with the subject line “CA Privacy Request.”
Virginia (VCDPA). Virginia residents may exercise rights under the Virginia Consumer Data Protection Act (VCDPA), including rights of access, correction, deletion, portability, and opt-out of targeted advertising and data sales. Contact us using the website contact form with the subject line “VA Privacy Request.”
Other States. We recognize and honor privacy rights granted by applicable state laws, including but not limited to laws in Texas, Oregon, Montana, and other states with enacted consumer privacy legislation as of 2026. Contact us using the website contact form to exercise your rights regardless of your state of residence.
Children’s Privacy (COPPA)
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take steps to delete such information. If you believe we may have inadvertently collected information from a child under 13, please contact us using the website contact form.
To the extent our services involve any pediatric health programs or educational services covered by COPPA or FERPA, we will obtain appropriate consent and provide additional notice as required by applicable law.
Your Choices and Data Subject Rights
Some jurisdictions give you a right to make the following choices regarding your personal information. To exercise any of these rights, please contact us using the website contact form.
- Access To Your Personal Information. You may request access to your personal information or confirmation that we have information about you. In certain limited circumstances, you may also request to receive access to your data in a portable, machine-readable format.
- Changes To Your Personal Information. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
- Deletion Of Your Personal Information. You may request that we delete your personal information. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another business purpose.
- Opt-Out of Sale or Sharing. We do not sell or share your personal information for monetary consideration. To the extent any future activities constitute “sale” or “sharing” under applicable state law, you may opt out by contacting us using the website contact form.
- Opt-Out of Tracking / Non-Essential Cookies. You may decline non-essential tracking at any time via our cookie consent tool (accessible from the “Cookie Settings” link in our website footer) or by contacting privacy@carinahealth.org.
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send newsletters, surveys, offers, and other promotional materials. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
- If you disagree with how we handled a request, you may appeal our decision by contacting us using the website contact form with the subject line “Privacy Appeal.” We will respond within the timeframe required by applicable law.
Please note, not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.
How We Protect Information
No method of transmission over the internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Third-Party Applications/Websites
For your convenience, we may provide links to websites and other third-party content or services that we do not own or operate. The websites and third-party content to which we link may have separate privacy notices or policies. Please note, we have no control over the privacy practices of websites or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about such third party’s privacy practices.
Changes To This Privacy Policy
We may change our Privacy Policy and practices over time. To the extent that our Privacy Policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy. We will post the updated policy on our website and update the “Last Updated” date at the top of this page. Where required by law, we will notify you of material changes by email or prominent website notice.
Consent Management
We are committed to presenting cookie and tracking consent in a clear, accessible, and non-deceptive manner. Our consent management approach follows these principles:
- Users are presented with a clear choice to Accept, Reject, or Manage cookie preferences when first visiting our site. There are no pre-ticked consent boxes for non-essential cookies.
- Accepting and declining non-essential cookies are equally prominent options – we do not use dark patterns that make declining more difficult than accepting.
- Consent preferences are saved and honored. We do not ignore or reset user choices without explicit user action.
- Consent records (timestamp, choice, version of policy in effect) are retained to document compliance.
Privacy Governance
Carina Health Network maintains internal privacy governance practices to support compliance with applicable law, including:
- A designated privacy contact responsible for overseeing compliance with this Policy and applicable privacy laws.
- Regular review and updating of this Privacy Policy to reflect changes in law, technology, and our practices.
- Staff training on privacy and security obligations.
- Vendor management practices that include privacy review and, where required, BAA or data processing agreement execution.
Contact Information
If you have any questions, comments, or complaints concerning our privacy practices, or if you would like to submit a request to exercise any of the choices described under “Your Choices” section above, please contact our Privacy Officer at:
Privacy Officer – Carina Health Network
Email: Contact via our website contact form
Phone: 720-925-5280
Address: 1212 South Broadway, Suite 200, Denver, CO 80210
We will attempt to respond to your requests and to provide you with additional privacy-related information within the timeframes required by applicable law.