Website Privacy Policy

1Information We Collect

1.1 Information You Provide Directly

When you submit our online contact form, you may provide: name and contact information (phone number, email address); state of residence; service interest (e.g., medication management, therapy, Spravato®, weight loss); insurance information; and a description of what brings you to our practice.

1.2 Information Collected Automatically

When you visit our website, we may automatically collect certain technical information, including: IP address and general geographic location (city/region level); browser type, version, and operating system; pages visited, time spent on pages, and navigation path; referring website or search query; and device type (desktop, mobile, tablet). This information is collected through cookies and similar tracking technologies and is used to improve our website and understand how visitors find and use it.

1.3 Cookies and Tracking Technologies

Our website may use the following types of cookies:

• Essential Cookies: Required for the website to function properly
• Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics with anonymized IP addresses)
• Preference Cookies: Remember your settings and preferences

You may disable cookies through your browser settings. Disabling cookies may affect website functionality. We do not use advertising or third-party marketing cookies. This website is ad-free. Family1st does not sell advertising space or allow advertisers to target you based on your visit to our site.

2How We Use Your Information

We use information collected through our website to:

• Respond to your inquiry and schedule consultations
• Verify insurance eligibility and coverage prior to scheduling
• Send appointment confirmations and administrative communications
• Improve our website, content, and user experience
• Comply with legal and regulatory obligations across all 15 licensed states
• Protect the safety of our patients and staff

We do not use your information for marketing purposes without your explicit opt-in consent. We do not sell, rent, or share your personal information with third-party advertisers under any circumstances. You may opt out of any marketing communications at any time by clicking “unsubscribe” in any email or contacting us directly.

3How We Share Your Information

3.1 Service Providers

We may share your information with trusted service providers who assist us in operating our website or practice, including: electronic health records (EHR) platforms; HIPAA-compliant telehealth platforms; appointment scheduling and billing systems; website hosting and analytics providers. All service providers who may access PHI are required to sign Business Associate Agreements (BAAs) and comply with HIPAA. Other service providers are bound by contractual confidentiality obligations.

3.2 Legal Requirements

We may disclose your information when required by law, court order, or governmental authority, or when necessary to protect the safety of you or others.

3.3 No Sale of Personal Information

4Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encrypted data transmission (HTTPS/TLS) for all website traffic
• HIPAA-compliant form processing and storage systems
• Restricted access to personal information on a need-to-know basis
• Regular review and testing of our security practices
• Business Associate Agreements with all vendors who handle PHI

No method of electronic transmission or storage is completely secure. While we implement commercially reasonable safeguards, we cannot guarantee absolute security of information transmitted over the internet.

5Your Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal information. To exercise any right, contact us in writing at kmcknight@family1stintegratedtherapy.com. We will respond within 30 days (or as required by applicable law).

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request that inaccurate or incomplete information be corrected
• Right to Deletion: Request that we delete your personal information, subject to legal retention requirements and our HIPAA obligations. Please note that deletion requests cannot be granted for clinical records during applicable retention periods. Nevada law requires medical records to be retained for a minimum of five (5) years from the date of last treatment, and for records of minor patients, until the patient reaches 23 years of age, whichever is longer. Similar retention obligations apply in each of our other licensed states. Requests to delete non-clinical website contact information (e.g., inquiry form submissions) not associated with a patient record will be honored.
• Right to Opt Out of Marketing: Opt out of any marketing or promotional communications at any time
• Right to Data Portability: Receive your data in a portable, machine-readable format where technically feasible

California Residents — CCPA / CPRA

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to opt out of the sale of personal information (we do not sell personal information), the right to non-discrimination for exercising privacy rights, and the right to correct inaccurate personal information. To submit a CCPA/CPRA request, contact our Privacy Officer at the information in Section 10.

Nevada Residents — NPICICA

Nevada residents have rights under the Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA). You may request that we not sell your covered information. As stated above, we do not sell personal information. Nevada residents may submit an opt-out request at any time to our Privacy Officer.

Washington Residents — My Health My Data Act (MHMDA)

Residents of Washington State have rights under the Washington My Health My Data Act (MHMDA, RCW 19.373), one of the most protective consumer health data privacy laws in the United States. You have the right to confirm whether we are collecting, sharing, or selling your consumer health data; to access that data; to withdraw consent; to have your consumer health data deleted (subject to HIPAA and retention requirements described above); and to receive a list of third parties with whom your consumer health data has been shared. Family1st does not sell consumer health data. To exercise any MHMDA right, contact our Privacy Officer at the information in Section 10. We will respond within 45 days as required by the Act.

State-Specific Mental Health Privacy Protections

Several of our licensed states have mental health and medical information privacy laws that provide protections greater than HIPAA and this Policy. These include, without limitation: California’s Confidentiality of Medical Information Act (CMIA, Cal. Civ. Code §§ 56 et seq.) and Lanterman-Petris-Short Act; New York Mental Hygiene Law §33.13; Washington’s Uniform Health Care Information Act (UHCIA, RCW 70.02); Oregon’s mental health record statutes (ORS 179.505); and the District of Columbia Mental Health Information Act (D.C. Code §§ 7-1201.01 et seq.). Where a state mental health privacy law applicable to your care is more protective than HIPAA or this Policy, we will honor the more protective standard. State-specific authorizations and disclosures will be addressed during intake.

Nondiscrimination & Language Access (Section 1557 of the Affordable Care Act)

Family1st complies with applicable federal civil rights laws, including Section 1557 of the Affordable Care Act, and does not discriminate on the basis of race, color, national origin, age, disability, sex (including pregnancy, sexual orientation, and gender identity), or any other status protected by law. Language assistance services are available free of charge to individuals with limited English proficiency, and auxiliary aids and services are available free of charge to individuals with disabilities. To request language assistance, an interpreter, or an auxiliary aid or service, call 775.245.8200 or email kmcknight@family1stintegratedtherapy.com. Individuals who believe their civil rights have been violated may file a grievance with our Privacy Officer or directly with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr or 1-800-368-1019 (TDD 1-800-537-7697).

6Children’s Privacy

Our website is intended for adults. Clinical services are available to adults 18 and older and, where clinically appropriate and permitted by state law, to adolescents aged 15 to 17 with the written consent and ongoing involvement of a parent or legal guardian. We do not knowingly collect personal information through our website from children under the age of 13, consistent with the Children’s Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected information from a child under 13, please contact us immediately at kmcknight@family1stintegratedtherapy.com and we will delete it promptly. Information collected in the course of clinical care for adolescent patients is governed by our HIPAA Notice of Privacy Practices and applicable state minor-consent laws, not by this website Privacy Policy.

7Third-Party Links

Our website may contain links to third-party websites (such as insurance company portals, professional directories, or educational resources). We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before submitting any personal information.

8Telehealth and Multi-State Services

Because Family1st provides telehealth services across 15 licensed states, we may be subject to privacy laws in multiple jurisdictions simultaneously. We are committed to complying with the most protective applicable state privacy law for each patient. State-specific telehealth consent and disclosure requirements will be addressed during your intake process.

Our services are intended for residents of our licensed U.S. states only and are not directed to residents of the European Union, the United Kingdom, or other jurisdictions outside the United States. This Privacy Policy is not intended to confer rights under the EU General Data Protection Regulation (GDPR), the UK GDPR, or similar non-U.S. privacy frameworks.

9Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will post the updated Policy on our website with a new effective date. Material changes will be communicated to existing patients by email. We encourage you to review this Policy regularly.

10Contact Us