top of page

Qyana Griffith, MD, PC
dba GTB Psychiatric Wellness Group, PC
PRIVACY NOTICE
Last modified: 01/28/2026

1. INTRODUCTION

This Privacy Notice applies to the website located at https://www.gtbpsych.com (the "Website") operated by Qyana Griffith, MD, PC dba GTB Psychiatric Wellness Group, PC ("we," "us," "our," or the "Practice"). Throughout this Privacy Notice, we refer to any person accessing or using the Website as "you" or the "User."

 

IMPORTANT: We are a healthcare practice subject to the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Notice addresses our Website practices and the collection of information from website visitors. If you become a patient of our Practice, your protected health information (PHI) will be governed by our separate HIPAA Notice of Privacy Practices, which you will receive at your first appointment.

​

This Privacy Notice explains what information we collect through the Website, how we use it, and your rights regarding that information.

​

2. SCOPE OF THIS PRIVACY NOTICE AND RELATIONSHIP TO HIPAA

2.1 What This Privacy Notice Covers

This Privacy Notice covers:

  • Information collected from general website visitors before they become patients

  • Information collected through contact forms and inquiry submissions

  • Information collected through our mobile application

  • Website analytics and functionality data

 

2.2 What This Privacy Notice Does NOT Cover

This Privacy Notice does NOT cover:

  • Protected health information (PHI) collected during patient care

  • Medical records and treatment information

  • Information collected through our HIPAA-compliant electronic medical records (EMR) system

  • Patient portal communications and data

 

These types of health information are governed by our HIPAA Notice of Privacy Practices and federal HIPAA regulations. Under the California Consumer Privacy Act (CCPA), medical information governed by HIPAA is exempt from most CCPA requirements.

 

2.3 Geographic Scope

 

Our Practice is located in California and serves California residents only. Our services are not available to individuals outside of California.

 

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

 

We may collect the following information when you use our Website or express interest in Transcranial Magnetic Stimulation (TMS) treatment:

​

  • Contact Information: Name, email address, phone number, mailing address

  • Identification Information: Driver's license number (for patient registration)

  • Protected Characteristics: Age/date of birth, sex/gender, military/veteran status (for treatment eligibility screening)

  • Payment Information: Credit card information, signatures (processed securely through our payment processors)

  • Health Screening Information: Certain health statuses necessary for TMS treatment eligibility (such as pregnancy status, history of seizures, substance use, presence of metal implants or defibrillators). This information is collected to determine whether TMS treatment is safe and appropriate for you.

 

3.2 How We Collect This Information

We collect information through:

​

  • Contact forms and inquiry forms on our Website

  • Our mobile application

  • In-person at our medical office (through intake forms, verbal communications, and paper documents)

  • Documents or forms sent through postal mail

  • Communications through social media platforms when you contact us through those channels

 

3.3 Automatically Collected Information

When you visit our Website, we automatically collect limited technical information necessary for the Website to function properly:

​

  • Device and Browser Information: Type of device, browser type, operating system

  • Usage Information: Pages viewed, links clicked, time spent on pages

  • Technical Identifiers: IP address (used to derive general geographic location for service availability verification)

 

We do NOT use cookies, pixels, or similar technologies for advertising, behavioral tracking, or cross-device tracking. We only use essential cookies necessary for Website functionality and basic analytics to improve our services.

 

Our Website does not respond to 'Do Not Track' signals from browsers, as we do not track users across third-party websites.

 

3.4 Information We Do NOT Collect from Third Parties

We do not purchase or obtain information about you from data brokers, data aggregators, advertising networks, or similar third-party data suppliers. Any information we have about you comes directly from you or from your use of our Website.

​

4. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

 

4.1 To Provide Healthcare Services

  • To respond to your inquiries about TMS treatment and our services

  • To screen you for treatment eligibility and safety

  • To schedule appointments and provide patient care

  • To process payments for services

 

4.2 To Communicate With You

  • To respond to your questions and requests

  • To provide appointment reminders and follow-up communications

  • To send informational emails about our services (only to individuals who have expressed interest or are current patients)

 

4.3 To Operate and Improve Our Website

  • To maintain and improve Website functionality

  • To analyze how visitors use our Website to enhance user experience

  • To troubleshoot technical issues

 

4.4 To Protect Legal Rights and Comply with Law

  • To comply with applicable laws and regulations

  • To respond to legal process (such as subpoenas or court orders)

  • To protect the safety and rights of our patients, staff, and others

  • To prevent fraud and maintain the security of our systems

 

4.5 What We Do NOT Do With Your Information

We do NOT:

​

  • Sell your personal information to third parties

  • Share your information with advertising networks or data brokers

  • Use your information for behavioral advertising or ad targeting

  • Share your information with marketing partners or content sponsors

  • Track you across multiple websites or devices for advertising purposes

​

5. HOW WE SHARE YOUR INFORMATION

We share your information only in the following limited circumstances:

 

5.1 With Our Staff and Healthcare Team

We share information with our authorized staff members (physicians, nurses, administrative staff) who need access to provide care and operate our Practice. All staff members are trained in HIPAA compliance and patient confidentiality.

 

5.2 With Service Providers

We share information with third-party service providers who assist us in operating our Practice, including but not limited to:

​

  • Electronic Medical Records (EMR) Provider: Our HIPAA-compliant EMR system stores patient information securely

  • Payment Processors: Propelr, PayPal, HSA/FSA processors, and Care Credit process payments on our behalf

  • IT and Website Services: Providers who help maintain our Website and technology systems

  • Business Associates: Other healthcare providers and vendors who have signed HIPAA Business Associate Agreements

 

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

​

5.3 As Required by Law

We may disclose your information when required by law, including:

  • In response to court orders, subpoenas, or other legal process

  • To comply with regulatory requirements

  • To protect against legal liability

  • When necessary to protect the safety of individuals or the public

​​

5.4 Business Transfers

If our Practice is sold, merged, or transferred to another entity, your information may be transferred as part of that transaction. You will be notified of any such change.

​

5.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

 

6. HOW WE PROTECT YOUR INFORMATION

We take the security of your information seriously and maintain administrative, technical, and physical safeguards to protect it:
 

  • HIPAA Compliance: Our electronic medical records system is HIPAA-compliant and meets federal security standards

  • Secure Transmission: Information transmitted through our Website and patient portal is encrypted

  • Access Controls: Only authorized staff members have access to patient information

  • Staff Training: All staff receive regular training on privacy and security requirements

  • Business Insurance: We maintain business insurance that includes coverage for data security incidents

​

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

​

7. HOW LONG WE KEEP YOUR INFORMATION

Medical Records: We retain patient medical records for at least seven (7) years from the date of last service, as required by California law. Some records may be retained longer if required by law or for legal purposes.

 

Non-Patient Inquiries: Information from individuals who contact us but do not become patients is typically retained for up to two (2) years, unless you request earlier deletion.

​

Website Analytics: Automated technical data is retained for up to one (1) year for Website improvement purposes.

 

For patients who are minors, medical records will be retained until the patient reaches age 19, or for seven (7) years from the date of last service, whichever is later, as required by California law.

 

Please note that even if you request deletion of your information, we may be required to retain certain records for legal, regulatory, or safety reasons.

​

8. YOUR RIGHTS AND CHOICES

8.1 Marketing Communications

If you receive marketing emails from us, you may opt out at any time by:

​

 

Please note that even if you opt out of marketing emails, we may still send you important communications about your appointments, treatment, or account.

 

8.2 Mobile Application Permissions

If you use our mobile application, you can manage permissions (such as location access) through your device settings.


8.3 Patient Account Access

If you have a patient portal account, you can review and update certain information by logging into your account. To close your patient portal account, please contact us at drgriffith@gtbpsych.com. Note that closing your portal account does not delete your medical records, which must be retained as required by law.

​

8.4 California Consumer Privacy Act (CCPA) Rights

​

Important: Most information collected by our Practice is protected health information governed by HIPAA, which is exempt from CCPA. However, for information that is not HIPAA-protected (such as information collected before you become a patient), California residents have the following rights:

​

  • Right to Know: You have the right to know what personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we share it.

  • Right to Access: You have the right to request a copy of the specific personal information we have collected about you.

  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements).

  • Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you. To exercise this right, please contact us using the information in Section 12.

  • Right to Non-Discrimination: You have the right to exercise these privacy rights without receiving discriminatory treatment.

  • No Sale of Information: We do not sell your personal information to third parties. Therefore, there is no need to opt out of sales.

​

To exercise your CCPA rights, please contact us at:

​

  • Email: drgriffith@gtbpsych.com (subject line: "CCPA Request")

  • Mail: 2934 1/2 North Beverly Glen Circle, Suite 243, Los Angeles, CA 90077

​

When you submit a CCPA request, we will verify your identity by requesting information such as your name, email address, and phone number to match against our records. For requests to access or delete sensitive personal information, we may require additional verification. We will verify your identity before processing your request and will respond within 45 days.

​

9. CHILDREN'S PRIVACY

Our Website is not designed or intended to attract children under the age of 13. We do not knowingly collect personal information from children under 13 through our Website.

​

However, our Practice may provide medical services to minors with appropriate parental or guardian consent. Medical information about minor patients is governed by our HIPAA Notice of Privacy Practices and applicable state laws regarding minors' healthcare.

​

10. LINKS TO THIRD-PARTY WEBSITES

Our Website may contain links to third-party websites (such as our EMR system, payment processors, or health resources). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

​

11. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will post the updated Privacy Notice on our Website with a new "Last Modified" date.

 

For material changes that significantly affect how we use your information, we will:

​

  • Post a notice on our Website homepage

  • Email registered users (if applicable)

​

12. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Notice or our privacy practices, please contact us:

 

Qyana Griffith, MD, PC dba GTB Psychiatric Wellness Group, PC

2934 1/2 North Beverly Glen Circle, Suite 243

Los Angeles, CA 90077

Email: drgriffith@gtbpsych.com

Website: https://www.gtbpsych.com

 

For CCPA-related requests: Please include "CCPA Request" in the subject line of your email.

 

13. CALIFORNIA CONSUMER PRIVACY ACT (CCPA) DISCLOSURES

The following table provides the disclosures required by the California Consumer Privacy Act. Please note that most information we collect is protected health information governed by HIPAA, which is exempt from CCPA.

​

Categories of Personal Information Collected

 

A. Identifiers

  • Examples: Name, email, phone, address, driver's license number, IP address

  • Collected: Yes

  • Sources: Directly from you, your device

  • Business Purpose: Provide healthcare services, communicate, process payments

  • Shared With: Staff, EMR provider, payment processors, as required by law

 

B. Protected Classification Characteristics

  • Examples: Age, sex/gender, military/veteran status

  • Collected: Yes

  • Sources: Directly from you

  • Business Purpose: Treatment eligibility screening

  • Shared With: Staff, EMR provider, as required by law

 

C. Commercial Information

  • Examples: Payment records, services purchased

  • Collected: Yes

  • Sources: Directly from you

  • Business Purpose: Process payments, provide services

  • Shared With: Payment processors

​

D. Biometric Information

  • Examples: Health statuses (pregnancy, seizures, substance use, implants)

  • Collected: Yes

  • Sources: Directly from you

  • Business Purpose: Treatment safety and eligibility screening

  • Shared With: Staff, EMR provider, as required by law

​​

E. Internet/Network Activity

  • Examples: Website interactions, pages viewed

  • Collected: Yes

  • Sources: Automatically from your device

  • Business Purpose: Improve Website functionality

  • Shared With: IT service providers

 

Sale or Sharing of Personal Information

 

We do not sell or share personal information for cross-context behavioral advertising purposes.

Sensitive Personal Information

 

Health information we collect is considered sensitive personal information under CCPA. We use and disclose sensitive personal information only for purposes permitted by CCPA, including providing healthcare services and as authorized by HIPAA. We do not use sensitive personal information for purposes requiring an opt-out under CCPA.

​

***

This Privacy Notice is effective as of 01/28/2026

bottom of page