Last Updated: January 19, 2026
Privacy Policy
Effective Date: 1/19/2026
1. Overview
This Privacy Policy describes how Synergic Mind (“we,” “us,” or “our”) collects, uses, discloses, and safeguards information obtained through our website. This policy applies only to information collected through this website and does not replace or supersede our Notice of Privacy Practices, which governs how Protected Health Information (“PHI”) is used and disclosed once a provider-patient relationship is established.
2. Information We Collect
We may collect the following categories of information through our website:
A. Personal and Health-Related Information
When you voluntarily submit information through contact forms, appointment request forms, or telehealth inquiries, we may collect:
Name
Email address
Phone number
Reason for contact or appointment
Mental health–related information you choose to provide
This information may constitute Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
B. Technical and Usage Information
We may automatically collect certain non-clinical information, including:
IP address
Browser type
Device information
Pages visited and time spent on the site
Referring website
This information is used for website functionality, security, and performance analysis.
3. How We Use Information
Information collected through the website may be used to:
Respond to inquiries and appointment requests
Communicate with prospective or existing patients
Determine whether requested services are appropriate
Operate and improve website functionality
Maintain security and prevent unauthorized access
Comply with legal, regulatory, and professional obligations
We do not sell personal or health information.
4. HIPAA and Protected Health Information
If you submit health-related information through this website, we take reasonable steps to protect that information in accordance with HIPAA-aligned safeguards. However:
Submission of information through this website does not establish a provider-patient relationship
Full HIPAA protections apply only after formal intake and consent processes are completed
Our detailed HIPAA practices are described in our Notice of Privacy Practices, which is available upon request or provided during the intake process
You are encouraged not to submit highly sensitive or urgent clinical information through general website forms.
5. No Emergency Services
This website is not intended for emergencies. If you are experiencing a mental health emergency or are in immediate danger, call 911 or go to the nearest emergency department.
6. Disclosure of Information
We may disclose information collected through the website:
To staff and clinicians as necessary to respond to your request
To third-party service providers who support website hosting, security, or communications, subject to confidentiality obligations
As required by law, regulation, or court order
To protect the rights, safety, or property of patients, the public, or our practice
We do not sell or share mental health information for targeted advertising, cross-context behavioral advertising, or similar commercial purposes.
We do not disclose PHI for marketing purposes without authorization.
7. Third-Party Services and Technology
Our website may rely on third-party services for:
Website hosting
Secure form processing
Analytics and performance monitoring
These vendors may have limited access to information solely for performing services on our behalf and are required to maintain appropriate safeguards. We do not authorize third-party services to use information for their own marketing purposes.
8. Cookies and Analytics
We may use cookies or similar technologies to improve website performance and understand general usage patterns. Cookies do not provide access to personal health records.
You may adjust browser settings to disable cookies; however, some website functionality may be limited as a result.
9. Data Security
We implement administrative, technical, and physical safeguards designed to protect information collected through the website. Despite these measures, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children’s Privacy
This website is not directed toward children under the age of 13, and we do not knowingly collect personal information from children through the website. Clinical services for minors are governed by applicable consent and privacy laws and are addressed outside of this website.
11. Your Privacy Rights
Depending on applicable state and federal law, you may have rights to:
Request access to information you submitted through the website
Request correction of inaccurate information
Request limitations on certain uses or disclosures
Opt out of non-essential communications
Requests may be submitted using the contact information below. Requests involving medical records or PHI will be handled in accordance with HIPAA and applicable state law.
12. Utah and State Privacy Laws
Yes. Below is a revised, regulator-defensible version of the state-law section, expanded to cover Utah, Washington, and Tennessee, followed by a clean consolidated replacement you can drop directly into your policy.
Nothing else in the policy needs to change unless you want deeper state-specific operational workflows.
Key Differences to Account For (Plain-English Summary)
Before the text, here is what actually matters legally:
Utah (UCPA)
Applies primarily to consumer data, not medical records
Explicitly exempts HIPAA-regulated PHI
Requires transparency and a method to exercise rights
Washington (My Health My Data Act – High Risk for Psychiatry)
One of the strictest health data privacy laws in the U.S.
Applies even to prospective patients
Covers mental health information broadly, even outside HIPAA
Prohibits geofencing and sensitive health data misuse
Requires clear disclosure of collection, use, and sharing
Tennessee (Tennessee Information Protection Act – TIPA)
Business-friendly, similar to Virginia
Explicit HIPAA carve-out
Requires notice of rights and opt-out mechanisms
Applies mainly to non-clinical consumer data
Your website privacy policy should:
Explicitly acknowledge Washington’s enhanced protections
Avoid any suggestion of targeted advertising using mental health data
Preserve HIPAA primacy once a patient relationship exists
Drop-In Replacement Section
(Replace Section 12 in the Policy)
12. State Privacy Laws (Utah, Washington, and Tennessee)
We comply with applicable state privacy laws, including but not limited to the Utah Consumer Privacy Act (UCPA), the Washington My Health My Data Act (MHMD), and the Tennessee Information Protection Act (TIPA), to the extent they apply to information collected through this website.
Utah Residents
Under the Utah Consumer Privacy Act, Utah residents may have certain rights regarding personal data collected online. These rights do not apply to Protected Health Information governed by HIPAA but may apply to non-clinical website data. Requests may be submitted using the contact information below.
Washington Residents
Washington law provides enhanced protections for health-related information, including mental health information, even when collected outside of a formal provider-patient relationship.
For Washington residents:
We do not sell, rent, or disclose mental health information for advertising or marketing purposes
We do not use geofencing or location-based targeting related to healthcare services
Health-related information submitted through this website is collected solely to respond to inquiries and determine service appropriateness
Information is handled in accordance with applicable state and federal privacy requirements
Once a provider-patient relationship is established, the use and disclosure of Protected Health Information is governed by HIPAA and our Notice of Privacy Practices.
Tennessee Residents
Under the Tennessee Information Protection Act, Tennessee residents may have rights related to access, correction, or deletion of certain personal data collected through the website. These rights do not apply to medical records or Protected Health Information governed by HIPAA.
What I Can Do Next (High-Value Options)
If you want to tighten this further, I can:
Align the policy to your actual tech stack (forms, hosting, analytics)
Add a Washington-specific consent acknowledgment (best practice)
Review your site for MHMD Act risk exposure
Draft a matching HIPAA Notice of Privacy Practices that does not conflict with this policy
Flag any Meta / Google Analytics configurations that could create Washington liability
If you want me to tailor this precisely, tell me:
Whether you see Washington residents via telehealth
Whether you use Google Analytics (GA4)
Whether any forms allow free-text symptom descriptions
That will determine whether further tightening is advisable.13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The effective date will be revised accordingly. Continued use of the website after changes are posted constitutes acceptance of the updated policy.
14. Contact Information
For privacy-related questions or concerns, contact:
Synergic Mind
Orem, UT
Phone:
Email: [Privacy or Practice Email]
Important Implementation Notes (Not for Website Posting)
Do not claim “HIPAA-compliant forms” unless every vendor involved has a signed BAA.
Avoid Meta/Facebook pixels entirely on pages that collect PHI.
Ensure your contact forms use TLS/HTTPS encryption.
Host this policy on a dedicated
/privacy-policypage and link it in the footer.Keep this policy consistent with your actual tech stack—misrepresentation is a common enforcement trigger.
If you want, I can:
Tailor this precisely to your actual vendors (forms, hosting, analytics)
Review your site for HIPAA exposure points
Draft a matching Notice of Privacy Practices that aligns cleanly with this policy
Just let me know how far you want to take it.