HIPAA Notice of Privacy Practices

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

1. Who We Are

Family1st Integrated Therapy & Wellness, LLC ("Family1st," "we," "us," or "our") is a licensed psychiatric mental health nurse practitioner practice operated by Kristin McKnight, MSN, APRN, PMHNP-BC in the State of Nevada with telehealth services across 14 licensed states. This Notice applies to all protected health information ("PHI") we create, receive, maintain, or transmit in connection with your care.

2. Our Legal Duty

We are required by law to:

• Maintain the privacy of your protected health information (PHI)
• Provide you with this Notice of our legal duties and privacy practices
• Notify you following a breach of your unsecured PHI
• Abide by the terms of this Notice currently in effect
• Not use or disclose your PHI except as described in this Notice or as permitted or required by law

3. How We May Use and Disclose Your Health Information

3.1 Treatment

We may use and disclose your PHI to provide, coordinate, or manage your mental health care and related services. For example, we may share information with other treating providers — such as your primary care physician, specialists, pharmacists, or hospitals — to coordinate your care.

3.2 Payment

We may use and disclose your PHI to obtain payment for services we provide. This includes submitting claims to your health insurance plan, Medicare, Medicaid, or other payers, and responding to requests for information about your care.

3.3 Healthcare Operations

We may use and disclose your PHI for our internal healthcare operations, including quality assessment and improvement activities, training programs, accreditation, licensing, compliance activities, and other operational purposes.

3.4 Disclosures We May Make Without Your Authorization

As permitted or required by federal and state law, we may use or disclose your PHI without your written authorization for the following purposes:

• As required by law (court orders, subpoenas, lawful processes)
• Public health activities (reporting communicable diseases, vital statistics)
• Health oversight activities (audits, inspections, investigations by government agencies)
• Serious threats to health or safety (to prevent or lessen a serious and imminent threat)
• Workers' compensation (as authorized and necessary for workers' compensation claims)
• Law enforcement (limited circumstances as required by law)
• Coroners, medical examiners, and funeral directors (as necessary)
• Research (under specific privacy protections and IRB oversight)
• Military and national security activities (if you are a member of the armed forces)

3.5 Psychotherapy Notes — Special Protections

Psychotherapy notes (notes recorded by a mental health professional documenting the contents of a counseling session) are given special protection under HIPAA. We will not use or disclose your psychotherapy notes without your written authorization, except as specifically permitted by law (e.g., for our own training, to defend a legal action, or as required by law).

3.6 Substance Use Disorder Records — 42 CFR Part 2

Records related to substance use disorder treatment are protected by additional federal regulations (42 CFR Part 2), which are more restrictive than general HIPAA rules. These records may not be disclosed without your written consent except in very limited circumstances, including a medical emergency or a court order. Redisclosure of these records by third parties is prohibited without your consent.

3.7 Uses and Disclosures Requiring Your Authorization

For any uses or disclosures not described above, we will ask for your written authorization. You may revoke your authorization at any time in writing. We will always obtain your written authorization before:

• Marketing communications that involve payment to us by a third party
• Sale of your PHI
• Most uses of psychotherapy notes

4. Your Rights Regarding Your Health Information

4.1 Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set. We may charge a reasonable fee for copies.

4.2 Right to Request an Amendment

If you believe that your PHI is incorrect or incomplete, you may request that we amend it.

4.3 Right to an Accounting of Disclosures

You have the right to request a list of disclosures we have made of your PHI during the previous six years for purposes other than treatment, payment, and healthcare operations.

4.4 Right to Request Restrictions

You may request that we restrict uses or disclosures of your PHI. We must agree to your request to restrict disclosure to a health plan if the disclosure is for payment or healthcare operations and you pay out-of-pocket in full.

4.5 Right to Request Confidential Communications

You may request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests.

4.6 Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

4.7 Right to Notification of a Breach

We are required to notify you within 60 days if there is a breach of your unsecured PHI.

5. Telehealth-Specific Disclosures

Family1st provides telehealth services across multiple states. When you receive telehealth services, your PHI may be transmitted electronically using secure, HIPAA-compliant platforms covered by Business Associate Agreements. You should ensure you are in a private location during telehealth sessions to protect your own privacy. If you receive services while located in states other than Nevada, additional state-specific privacy laws may apply.

6. Our Privacy and Security Practices

We implement appropriate administrative, physical, and technical safeguards to protect the privacy and security of your PHI, including:

• Encrypted electronic health records and communications
• Role-based access controls limiting staff access to PHI
• Business Associate Agreements with all vendors who handle PHI
• Staff training on HIPAA privacy and security requirements
• Secure disposal of paper and electronic records

7. Changes to This Notice

We reserve the right to change this Notice at any time. Changes will apply to PHI we already have about you as well as any information received in the future. The effective date will always appear at the top of this Notice.

8. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be penalized or retaliated against for filing a complaint.

HHS Office for Civil Rights: www.hhs.gov/ocr | 1-800-368-1019

9. Contact Information

Privacy Officer: Kristin McKnight, MSN, APRN, PMHNP-BC
Family1st Integrated Therapy & Wellness, LLC · Las Vegas, Nevada
Phone: 775.245.8200
Email: kmcknight@family1stintegratedtherapy.com