Website Privacy Policy
Effective Date: April 25, 2026 | Last Updated: April 25, 2026
Brain Bath Wellness PLLC, doing business as Brain Bath (“Brain Bath,” “we,” “us,” or “our”), respects your privacy and is committed to protecting the personal information you share with us through our website at www.brain-bath.com (the “Site”).
This Privacy Policy explains what information we collect through our Site, how we use it, when we share it, and the choices you have. It applies to information collected through the Site only.
This Privacy Policy does not cover protected health information (PHI) created or received in the course of providing clinical care. The use and disclosure of PHI is governed by our separate Notice of Privacy Practices under HIPAA, which you will receive when you become a patient.
1. Who We Are
Brain Bath is a telepsychiatry private practice serving adult patients in Michigan, California & Washington. Clinical services are provided by licensed psychiatric nurse practitioners through secure, HIPAA-compliant telehealth.
Mailing and contact information: 29532 Southfield Rd, Suite 115, Southfield, MI 48076
Phone: 989.465.5707
Email: support@brain-bath.com
2. Information We Collect
Information You Provide Directly
We collect information you give us when you interact with the Site, including when you submit a contact form, request an appointment, send us an email, or call us. This may include:
• Name
• Email address
• Phone number
• Mailing address or city and state of residence
• Date of birth (when requested for eligibility verification)
• Insurance information you choose to share
• Reason for contacting us, including any health-related details you choose to share in a message
• Any other information you voluntarily include in a communication to us
Information Collected Automatically
When you visit the Site, certain information is collected automatically through cookies, pixels, and similar technologies used by our website host (Squarespace) and any analytics services we may enable. This may include:
• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited, links clicked, and time spent on the Site
• Referring website and search terms
• Date and time of your visit
Information from Third Parties
If you book an appointment, you will be directed to our secure scheduling portal hosted by a third-party platform (currently brainbath.clientsecure.me). Information you submit through that portal is governed by the privacy practices of that platform and, once you become a patient, by our Notice of Privacy Practices under HIPAA.
3. How We Use Your Information
We use the information we collect through the Site to:
• Respond to your inquiries and contact requests
• Schedule appointments and verify state-of-residence eligibility
• Verify insurance coverage when applicable
• Send you information you request, such as intake forms or appointment details
• Operate, maintain, and improve the Site
• Analyze how visitors use the Site so we can improve content and usability
• Comply with legal obligations and enforce our terms
• Protect the security and integrity of the Site
We do not sell your personal information. We do not use information collected through the Site for targeted advertising.
4. How We Share Your Information
We share information only as needed to operate our practice and as described below.
Service Providers
We share information with vendors who help us run the Site and our practice, including our website host (Squarespace), our scheduling and electronic health record platform, our email provider, and any analytics services we enable. These vendors are contractually required to protect your information and use it only for the purposes we authorize. Where vendors handle PHI, we maintain Business Associate Agreements as required by HIPAA.
Legal and Safety
We may disclose information when required by law, in response to a valid legal process, or when we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Brain Bath, our patients, or others. This includes mandatory reporting obligations that apply to licensed health professionals.
Business Transfers
If Brain Bath is involved in a merger, acquisition, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to applicable law.
With Your Direction
We share information with other parties when you direct us to do so, such as releasing records to another provider with your authorization.
5. Cookies and Tracking Technologies
Our Site uses cookies and similar technologies through Squarespace to operate the Site, remember preferences, and understand how visitors use the Site. You can control cookies through your browser settings. Disabling cookies may affect how the Site functions.
We honor Global Privacy Control (GPC) signals where required by applicable law as a request to opt out of the sale or sharing of personal information.
6. Your Privacy Rights
California Residents
Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA), California residents have the following rights regarding personal information collected through the Site:
• The right to know what personal information we collect, use, disclose, and (if applicable) sell or share
• The right to request a copy of the specific pieces of personal information we have collected about you
• The right to request deletion of personal information, subject to certain exceptions
• The right to correct inaccurate personal information
• The right to limit the use and disclosure of sensitive personal information
• The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under the CCPA)
• The right not to receive discriminatory treatment for exercising your rights
Personal information that qualifies as PHI under HIPAA, or as medical information under California’s Confidentiality of Medical Information Act, is not covered by the CCPA and is governed by those laws instead.
To exercise your rights, contact us at support@brain-bath.com or 989.465.5707. We may need to verify your identity before responding.
Washington Residents
Under the Washington My Health My Data Act, Washington residents have the following rights regarding consumer health data we collect through the Site:
• The right to confirm whether we are collecting, sharing, or selling your consumer health data
• The right to access your consumer health data
• The right to withdraw consent to our collection or sharing of your consumer health data
• The right to have your consumer health data deleted
We do not sell consumer health data. We collect and use consumer health data only for the purposes described in this Policy and only with your consent or as otherwise permitted by law. To exercise your rights or appeal a decision, contact us at support@brain-bath.com.
Consumer health data that is also PHI under HIPAA is regulated by HIPAA rather than the My Health My Data Act.
All Visitors
Regardless of where you live, you may contact us at any time to ask what information we have about you, request that we correct or delete it, or unsubscribe from non-essential communications. We will respond as required by applicable law.
7. Data Security
We use administrative, technical, and physical safeguards designed to protect the information we collect, including encryption in transit, access controls, and vendor agreements that require appropriate security. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.
Please do not send detailed health information through the Site’s contact form or by unencrypted email. If you need to share clinical details, please wait until you are connected through our secure patient portal.
8. Data Retention
We keep information collected through the Site only as long as needed for the purposes described in this Policy or as required by law. Inquiry messages and contact form submissions are typically retained for a limited period and then deleted, unless they become part of a clinical record, in which case retention is governed by state medical record laws and our Notice of Privacy Practices.
9. Children’s Privacy
The Site is intended for adults. Brain Bath provides clinical services to patients age 18 and older only. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Third-Party Links
The Site may link to third-party websites, including our scheduling portal, crisis resources such as 988lifeline.org, and findahelpline.com. We are not responsible for the privacy practices of those sites. Please review their privacy policies before sharing information with them.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. Material changes will be posted on the Site. Your continued use of the Site after changes take effect means you accept the updated Policy.
12. Contact Us
If you have questions about this Privacy Policy or how we handle information collected through the Site, contact us at:
Brain Bath Psychiatric Care
29532 Southfield Rd, Suite 115
Southfield, MI 48076
Email: support@brain-bath.com
Phone: 989.465.5707
Notice of Privacy Practices
Effective Date: April 25, 2026 | Last Updated: April 25, 2026
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Commitment to Your Privacy
Brain Bath Wellness PLLC, doing business as Brain Bath (“Brain Bath,” “we,” “us,” or “our”), is required by law to maintain the privacy of your protected health information (PHI), to provide you with this Notice of our legal duties and privacy practices regarding your PHI, to notify you in the event of a breach of unsecured PHI, and to follow the terms of the Notice currently in effect.
PHI is information about you, including demographic and clinical information, that may identify you and that relates to your past, present, or future physical or mental health, the care you receive, or payment for that care.
How We May Use and Disclose Your Health Information
The following describes the ways we may use and disclose your PHI without your written authorization. Not every use or disclosure will be listed, but every permitted use or disclosure falls within one of the categories below.
For Treatment
We use and disclose your PHI to provide, coordinate, and manage your psychiatric care. For example, we may share information with a primary care provider, therapist, or other clinician involved in your treatment, with a pharmacy when sending prescriptions, or with a laboratory when ordering tests.
For Payment
We use and disclose your PHI to obtain payment for services. For example, we may share information with your insurance company to verify coverage, obtain authorization, or submit claims.
For Health Care Operations
We use and disclose your PHI for activities that support our practice, such as quality review, training, credentialing, business planning, and management. We may also use your information to contact you about appointments or to follow up on your care.
Appointment Reminders and Health-Related Communications
We may contact you by text message, email, or phone to remind you of upcoming appointments, confirm scheduling, or share treatment-related updates. Standard text message rates from your carrier may apply. You may opt out of text reminders at any time by replying STOP or by contacting our office.
Business Associates
We work with vendors who help us operate the practice, including our electronic health record system, scheduling platform, billing service, secure email and fax providers, and IT support. These vendors are called business associates. Each business associate is required by a written agreement and by federal law to protect your PHI to the same standard we do.
Required by Law
We will use or disclose your PHI when required to do so by federal, state, or local law.
Public Health and Safety
We may disclose your PHI for public health activities, including reporting communicable diseases, adverse drug reactions, or to government agencies authorized to receive such information. We may also disclose information when necessary to prevent or lessen a serious and imminent threat to the health or safety of you or others.
Abuse, Neglect, or Domestic Violence
We are required by law to report suspected abuse, neglect, or domestic violence involving children, vulnerable adults, or others as required by the laws of Michigan, California, and Washington.
Health Oversight Activities
We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, or licensure actions.
Judicial and Administrative Proceedings
We may disclose your PHI in response to a court order, subpoena, discovery request, or other lawful process, after taking the steps required by law to protect your information.
Law Enforcement
We may disclose your PHI to law enforcement officials when required by law, such as in response to a court order, warrant, or summons, to identify or locate a suspect or missing person, or in cases involving certain crimes.
Coroners, Medical Examiners, and Funeral Directors
We may disclose PHI to coroners, medical examiners, or funeral directors as necessary for them to carry out their duties.
Workers’ Compensation
We may disclose your PHI to comply with workers’ compensation laws and similar programs.
Military, Veterans, National Security, and Specialized Government Functions
If you are a member of the armed forces, we may release your PHI as required by military command authorities. We may also disclose PHI to authorized federal officials for national security and intelligence activities or for the protection of the President and other officials.
Inmates
If you are an inmate of a correctional institution or in the custody of a law enforcement official, we may disclose your PHI as permitted by law.
Special Protections for Mental Health and Substance Use Information
Mental health information, including psychotherapy notes, receives special protection under federal and state law. Information relating to substance use disorder treatment may receive additional protection under federal regulations at 42 CFR Part 2 when applicable.
We will not use or disclose psychotherapy notes without your written authorization, except in limited circumstances permitted by law (such as for our own training, defending a legal action you bring against us, or as required by law).
In addition, the laws of Michigan, California, and Washington may provide protections for mental health information that go beyond federal HIPAA requirements. Where state law is more protective, we follow the more protective rule.
Uses and Disclosures That Require Your Written Authorization
Other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization. Specifically, we will obtain your written authorization before:
• Using or disclosing psychotherapy notes (with limited exceptions allowed by law)
• Using or disclosing PHI for marketing purposes
• Selling your PHI
Brain Bath does not sell PHI, does not use PHI for marketing, and does not use PHI for fundraising or research.
If you give us written authorization, you may revoke it at any time, in writing. Revocation will not affect any use or disclosure already made in reliance on the authorization.
Your Rights Regarding Your Health Information
Right to Inspect and Copy
You have the right to inspect and obtain a copy of your PHI maintained in our records, including in electronic format if available. To request access, submit a written request to our Privacy Officer. We may charge a reasonable, cost-based fee as permitted by law. In limited circumstances, we may deny a request, in which case you may have the right to have the denial reviewed.
Right to Request Amendment
If you believe information in your record is incorrect or incomplete, you have the right to request that we amend it. Submit your request in writing to the Privacy Officer with a reason supporting the change. We may deny your request in certain situations and will explain the reason in writing.
Right to an Accounting of Disclosures
You have the right to request a list of certain disclosures we have made of your PHI for purposes other than treatment, payment, health care operations, disclosures you authorized, and a few other exceptions. Requests must specify a time period of up to six years. The first accounting in any 12-month period is free; we may charge a reasonable fee for additional requests.
Right to Request Restrictions
You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or health care operations, or to family or others involved in your care. We are not required to agree to most requested restrictions. However, if you pay for a service or item out-of-pocket in full and request that we not disclose information about that service to your health plan, we will agree, except where disclosure is required by law.
Right to Confidential Communications
You have the right to request that we communicate with you about your PHI in a particular way or at a particular location. For example, you may ask that we contact you only by phone, only by your patient portal, or only at a specific number. We will accommodate reasonable requests.
Right to Notification of a Breach
You have the right to be notified in the event of a breach of your unsecured PHI, as required by federal law.
Right to a Paper Copy of This Notice
You have the right to a paper copy of this Notice at any time, even if you have agreed to receive it electronically. You may request a paper copy by contacting our Privacy Officer.
Our Responsibilities
We are required by law to:
• Maintain the privacy and security of your PHI
• Notify you promptly if a breach occurs that may have compromised the privacy or security of your PHI
• Follow the duties and privacy practices described in this Notice and provide you with a copy of it
• Not use or disclose your PHI other than as described here, unless you tell us in writing that we may
If you tell us we may share information and you change your mind, you may revoke that authorization in writing at any time.
Changes to This Notice
We reserve the right to change the terms of this Notice at any time. Changes will apply to all PHI we maintain. The current Notice will be posted on our website at www.brain-bath.com and a copy will be available at our office and through the patient portal upon request.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer using the contact information below. You may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights:
Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue SW, Room 509F, HHH Building
Washington, DC 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints
We will not retaliate against you for filing a complaint.
Contact Information
Privacy Officer
Noah Freiburger, DNP, PMHNP-BC, CBIS
Brain Bath
29532 Southfield Rd, Suite 115
Southfield, MI 48076
Email: support@brain-bath.com
Phone: 989.465.5707
Fax: 313.432.6019