Adult ADHD Group Therapy
Legal · Privacy

Privacy Policy

How Pasadena Clinical Group collects, uses, and protects the personal information of our clients, website visitors, and prospective patients. Effective May 1, 2026. Last updated May 1, 2026.

Privacy Policy Sections

1. Scope of This Policy

This Privacy Policy describes how Pasadena Clinical Group (“we,” “our,” or “the Practice”) collects, uses, discloses, and safeguards personal information obtained from individuals who visit our website, inquire about our services, or become patients. This policy applies to information collected through our website at adultadhdgrouptherapy.com, in-person at our Pasadena office, by telephone, by email, and through our telehealth platform.

This policy is governed by California law and is designed to comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), the California Medical Information Act (CMIA, Civil Code § 56 et seq.), and the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. Where multiple laws apply, we comply with the provision that provides the greatest protection for your information.

2. Personal Information We Collect

In the preceding twelve (12) months, we have collected the following categories of personal information from consumers, as defined under the CCPA/CPRA:

  • Identifiers: Full name, mailing address, email address, telephone number, date of birth, Social Security number (when required for insurance billing), insurance member ID, and online identifiers (IP address, cookie identifiers).
  • Personal Information Categories Listed in Cal. Civ. Code § 1798.80(e): Name, address, telephone number, insurance policy number, medical information, and health insurance information.
  • Characteristics of Protected Classifications Under California or Federal Law: Age, race, primary language, gender identity, marital status, disability status (including ADHD diagnosis), and sexual orientation, to the extent relevant to treatment or required by law.
  • Commercial Information: Records of services purchased and payment history, insurance claim details, billing and financial account information.
  • Biometric Information: We do not collect biometric data as part of routine care; if collected in a specific therapeutic context, explicit written consent will be obtained.
  • Internet or Other Electronic Network Activity Information: Browsing history, search history, and information regarding your interaction with our website, cookie preferences, and online forms submitted.
  • Geolocation Data: Approximate location derived from IP address; precise geolocation is not collected unless explicitly provided during telehealth sessions for state licensure compliance.
  • Sensitive Personal Information: Health information (including mental health diagnoses, treatment records, therapy notes, and ADHD assessment results), racial or ethnic origin (to the extent relevant to treatment or voluntarily disclosed), and contents of communications with our therapists (including email, text, and telehealth session content). This category triggers heightened protections under the CPRA.
  • Audio and Visual Information: Call recordings (if you consent to recorded intake calls or telehealth sessions); we do not record sessions without written consent.
  • Professional or Employment-Related Information: Occupation, employer name, and work-related stressors that are clinically relevant to your treatment.

3. Sources From Which We Collect Personal Information

We collect personal information from the following categories of sources:

  • Directly from you: Information you provide when you contact us by phone, email, or through our website contact forms; complete intake paperwork; participate in therapy sessions (in-person or via telehealth); make payments; or communicate with our staff.
  • From your health insurance provider: Eligibility verification, benefit details, authorization approvals, and claim adjudication information received during the insurance verification and billing process.
  • From referring providers: Referral information and relevant clinical records transmitted by your primary care physician, psychiatrist, or other treating professional with your written authorization.
  • From our website and digital platforms: Automatically collected information through cookies, web beacons, server logs, and analytics services (such as Google Analytics) when you visit our website.
  • From third-party service providers: Information from our electronic health record (EHR) vendor, telehealth platform provider, payment processor, and practice management software vendor — all of which are bound by HIPAA Business Associate Agreements (BAAs).

4. Business Purposes for Collection and Use

We collect and use personal information for the following business and commercial purposes, as permitted under California law:

  • Providing healthcare services: Scheduling appointments, conducting intake evaluations, delivering individual and group therapy services, coordinating care with other providers, and managing treatment plans.
  • Billing and payment processing: Verifying insurance eligibility and benefits, submitting claims for reimbursement, collecting patient-responsibility amounts (copays, deductibles, coinsurance), and providing Good Faith Estimates as required by the No Surprises Act.
  • Business operations and quality assurance: Training our clinical staff, conducting internal quality audits, improving our service delivery, and analyzing practice operations.
  • Legal and regulatory compliance: Complying with California and federal healthcare laws, responding to lawful subpoenas and court orders, reporting as required under mandatory reporting statutes (e.g., CANRA, elder/dependent adult abuse), and maintaining records as required by California law (7 years from last date of service for adults).
  • Website functionality and analytics: Operating and improving our website, understanding how visitors interact with our site, diagnosing technical issues, and delivering relevant content.
  • Communications: Responding to inquiries, sending appointment reminders, communicating administrative changes, and providing information about our services (only with your consent where required by law).
  • Security and fraud prevention: Detecting, preventing, and investigating security incidents, fraudulent activity, and violations of our policies.

5. Disclosure of Personal Information

In the preceding twelve (12) months, we have disclosed personal information to the following categories of third parties for business purposes:

  • Healthcare operations partners: Electronic health record (EHR) providers, telehealth platform vendors, and practice management software companies. All such entities execute HIPAA-compliant Business Associate Agreements (BAAs) with our Practice.
  • Health insurance companies and payers: Information necessary for eligibility verification, utilization review, claims submission, and payment adjudication. Disclosure is limited to the minimum necessary information under HIPAA and CMIA.
  • Payment processors and billing services: Financial information required to process patient payments, including credit card transaction processors, all of which are PCI-DSS compliant.
  • Professional service providers: Attorneys, accountants, auditors, and consultants who require access to information to provide services to the Practice, bound by contractual confidentiality obligations.
  • Website infrastructure and security providers: Cloudflare — specifically Cloudflare Turnstile, which protects our contact, careers, and intake forms from automated abuse and which receives your IP address and browser signals for that purpose — and Google Fonts, which delivers the typefaces displayed on our pages and, like any HTTP request, transmits your IP address to Google. We do not currently share data with Google Analytics, Meta Pixel, or any similar advertising or behavioral-analytics provider. Data routed through these infrastructure providers is limited to what is technically necessary to serve the page or validate the form submission, and is not used by us for marketing or advertising. See our Cookie Policy for additional detail.
  • Legal and regulatory authorities: As required by law, including but not limited to mandatory reporting to child protective services (CANRA, Penal Code § 11164), adult protective services (Welf. & Inst. Code § 15630), law enforcement pursuant to Tarasoff duty-to-warn obligations (Civil Code § 43.92), and in response to valid subpoenas and court orders.

We do not sell personal information as defined under the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising purposes. We have not sold or shared personal information in the preceding twelve (12) months and have no plans to do so.

6. Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Specifically:

  • Clinical records: Retained for a minimum of seven (7) years from the last date of service for adult patients, or for minor patients, until the patient reaches age nineteen (19) — whichever is longer — consistent with California record retention requirements.
  • Billing and financial records: Retained for a minimum of seven (7) years in accordance with applicable statutes of limitation and tax requirements.
  • Website analytics data: Retained in accordance with our analytics providers’ default data retention settings (typically 14-26 months for Google Analytics).
  • Inquiry and contact form data: Retained for up to three (3) years for individuals who do not become patients; retained in the clinical record for individuals who do.

7. Your Consumer Rights Under the CCPA/CPRA

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, California residents have the following rights:

Right to Know/Access (§ 1798.100, 1798.110, 1798.115): You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting or disclosing the information, and the categories of third parties with whom we have shared the information. You may request this information for the 12-month period preceding your request.

Right to Delete (§ 1798.105): You have the right to request that we delete personal information we have collected from you, subject to certain exceptions — including, but not limited to, the need to complete a transaction for which the information was collected, comply with a legal obligation, detect security incidents, or maintain records necessary for medical treatment.

Right to Correct (§ 1798.106): You have the right to request that we correct inaccurate personal information we maintain about you. This includes the right to amend your clinical record consistent with HIPAA and CMIA.

Right to Opt Out of Sale or Sharing (§ 1798.120): You have the right to direct us not to “sell” or “share” (as those terms are defined in the CCPA/CPRA) your personal information. As stated above, we do not sell or share personal information. However, California residents may still exercise this right by contacting us using the information in Section 11 below.

Right to Limit Use of Sensitive Personal Information (§ 1798.121): You have the right to limit the use and disclosure of your sensitive personal information to what is necessary to perform the services or provide the goods reasonably expected by an average consumer. Because we use sensitive personal information (including health information) solely for purposes of providing healthcare services as permitted under HIPAA and CMIA, this right is exercised through our standard consent and authorization process. You may request additional limitations at any time.

Right to Non-Discrimination (§ 1798.125): We will not discriminate against you for exercising any of your rights under the CCPA/CPRA. This means we will not deny you services, charge you different prices, or provide a different level or quality of services because you exercise your privacy rights. This protection extends to all aspects of our therapeutic relationship.

8. How to Exercise Your CCPA/CPRA Rights

To exercise any of the rights described above, you — or your authorized agent — may submit a verifiable consumer request by any of the following methods:

  • By email: office@pasadenaclinicalgroup.com with the subject line “CCPA Privacy Request”
  • By telephone: (626) 354-6440
  • By mail: Pasadena Clinical Group, ATTN: Privacy Officer, 301 N. Lake Ave, STE 600, Pasadena, CA 91101

Only you, or a person legally authorized to act on your behalf (an authorized agent), may make a verifiable consumer request related to your personal information. If you use an authorized agent, we may require written proof of authorization before processing the request. We will verify your identity before responding to any request, which may require you to provide at least two pieces of information that match information we have on file. We will respond to verifiable requests within forty-five (45) calendar days of receipt, with the option of a forty-five (45) day extension when reasonably necessary.

9. Do Not Sell or Share My Personal Information

Under the CCPA/CPRA, consumers have the right to direct businesses not to sell or share their personal information. Pasadena Clinical Group does not sell personal information (as defined in Civil Code section 1798.140(ad)) and does not share personal information (as defined in Civil Code section 1798.140(ah)) for cross-context behavioral advertising. We have no actual knowledge of selling or sharing the personal information of consumers under sixteen (16) years of age. Nevertheless, we honor all opt-out preference signals and provide a clear mechanism for you to exercise this right. To submit a Do Not Sell or Share request, contact us using any of the methods listed in Section 8 above, or use the link in the footer of every page on this website labeled “Do Not Sell or Share My Personal Information.”

10. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to ensure basic site functionality, analyze site traffic, and understand user interaction patterns. For a full description of the cookies we use, how they are managed, and how you can control your cookie preferences, please review our Cookie Policy. When you first visit our website, you will see a cookie consent banner that allows you to accept all cookies, reject non-essential cookies, or customize your preferences. You may update your preferences at any time by clicking the “Cookie Preferences” link in the website footer.

11. Children’s Privacy

Pasadena Clinical Group is an adult therapy practice. We do not knowingly provide direct services to children under the age of thirteen (13). Our website is not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen (13) in compliance with the Children’s Online Privacy Protection Act (COPPA). Under California law (Civil Code § 1798.120(c)), businesses are prohibited from selling or sharing the personal information of consumers the business has actual knowledge are under sixteen (16) years of age without affirmative authorization — and for consumers under thirteen (13), only with the consent of a parent or guardian. We comply with this heightened standard. If we learn that we have inadvertently collected information from a child under thirteen (13) without verified parental consent, we will promptly delete that information.

12. Data Security

We implement and maintain reasonable and appropriate security procedures and practices to protect personal information from unauthorized access, destruction, use, modification, or disclosure. These measures include, but are not limited to: encryption of data in transit and at rest; role-based access controls; audit logging; required multi-factor authentication for systems containing protected health information; regular security risk assessments; HIPAA-compliant BAAs with all service providers; and ongoing staff training on privacy and security practices. No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security. In the event of a data breach involving your personal information, we will notify you as required by applicable California and federal law.

13. Informational Only — No Medical Advice; No Self-Diagnosis

The website and any educational materials referenced within it are provided strictly for general informational and educational purposes. Nothing on the website constitutes medical, psychological, psychiatric, or mental-health advice, diagnosis, or treatment, and nothing on the website should be relied upon to self-diagnose, self-screen, or self-treat any condition (including ADHD, anxiety, depression, trauma, or any co-occurring condition). Mental-health diagnoses and treatment plans must be made only through a complete, individualized clinical evaluation by a licensed clinician with whom you have an established treatment relationship. Visiting this site, completing a contact form, or otherwise communicating with us through the website does not by itself create a clinician-patient relationship, which begins only after intake, signed consents, and formal acceptance as a patient. If you are in crisis, call or text 988, call 911, or go to your nearest emergency department.

14. Limitation of Liability and Release Concerning Privacy and Data Handling

To the fullest extent permitted by law (and without diminishing any non-waivable obligation under HIPAA, CMIA, the CCPA/CPRA, or other applicable law), Pasadena Clinical Group and each of its parent companies, subsidiaries, affiliates, owners, members, managers, partners, officers, directors, shareholders, supervising clinicians, employees, independent contractors, supervisees, interns, post-doctoral fellows, externs, trainees, students, volunteers, peer-support workers, administrative staff, vendors, agents, attorneys, accountants, insurers, successors, and assigns (collectively, the “Released Parties”) shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of data, loss of privacy, identity theft, unauthorized access, interception, or disclosure caused by Force Majeure events, by sophisticated third-party criminal activity, or by your own use of unsecured communication channels (such as standard email, unencrypted forms, public Wi-Fi, lost devices, or compromised credentials). You assume the inherent risks of digital communication and release the Released Parties from any Claim arising out of those risks to the maximum extent permitted by law. Each Released Party is an intended third-party beneficiary of this limitation of liability, entitled to enforce it directly.

15. Mandatory Pre-Suit Notice, Mediation, and Binding Individual Arbitration

Before filing any complaint, lawsuit, arbitration demand, or administrative proceeding (other than a complaint to a licensing board or governmental regulator, which is expressly preserved) arising out of or relating to this Privacy Policy or our handling of your personal information, you agree to (a) deliver written notice of the dispute to the Privacy Officer at the address in Section 16 by certified U.S. mail and email, and to engage in good-faith negotiation for at least sixty (60) days; (b) thereafter, if not resolved, submit the dispute to non-binding mediation administered by JAMS or, by mutual written agreement, by the AAA, in Los Angeles County, California; and (c) thereafter, if not resolved, submit the dispute to final and binding individual arbitration in Los Angeles County, California, administered by JAMS pursuant to the JAMS Comprehensive (or Streamlined) Arbitration Rules & Procedures and the JAMS Consumer Minimum Standards (or, by mutual written agreement, by the AAA), governed by the Federal Arbitration Act, 9 U.S.C. § 1 et seq., and the California Arbitration Act, Code of Civil Procedure § 1280 et seq. The parties expressly waive any right to a jury trial and expressly waive any right to participate in a class, collective, mass, consolidated, representative, or private-attorney-general action, except as expressly preserved by non-waivable California or federal statute. The arbitrator shall decide all questions of arbitrability except for the validity of the class-action waiver, which shall be decided by a court. Any Claim arising out of or relating to this Privacy Policy or our data practices must be filed within one (1) year of accrual or be permanently barred. Detailed dispute-resolution terms (including opt-out rights, fee allocations, equitable-relief carve-outs, and severance of unenforceable class waivers) are set forth in our Terms & Conditions, which are incorporated by reference. Nothing in this Section is intended to waive any right to file a complaint with the U.S. Department of Health and Human Services, the California Attorney General, the California Department of Public Health, or any other governmental authority.

16. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy at any time. If we make material changes, we will post the revised policy on this page with an updated effective date and, where appropriate, provide notice through additional channels (such as email to active patients or a notice on our homepage). Your continued use of our website or services after changes become effective constitutes your acknowledgment of the updated policy. We encourage you to review this policy periodically.

17. Contact Information for Privacy Inquiries

For questions about this Privacy Policy or to exercise your privacy rights, contact our Privacy Officer:

  • Pasadena Clinical Group
  • 301 N. Lake Ave, STE 600, Pasadena, CA 91101
  • office@pasadenaclinicalgroup.com
  • (626) 354-6440