logo
Last Updated: 11/13/2025
ReachLink (“ReachLink,” “we,” “our,” or “us”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, protect, disclose, and retain information when you access or use our services, including our websites, mobile applications, telehealth tools, and all related platforms (collectively, the “Services”).
Your use of the Services is subject to:
  • This Privacy Policy
  • Our Terms of Use
  • Our HIPAA Notice of Privacy Practices (the “NPP”)
      • If any terms conflict, the NPP controls regarding protected health information (“PHI”).

1. Definitions

Personal Information

Information that identifies, relates to, describes, or can reasonably be associated with a specific individual. This includes contact information, account information, health information, or any information about an identifiable person.

Protected Health Information (PHI)

Individually identifiable health information created, received, or maintained by ReachLink or its clinicians that is subject to the HIPAA Privacy Rule.

42 CFR Part 2 Information (SUD Information)

If you receive substance-use-related services, certain records may be protected under 42 CFR Part 2, which provides strict confidentiality protections beyond HIPAA.

De-Identified Information

Information that cannot reasonably be used to identify you.

2. Information We Collect

We may collect the following categories of information:

A. Information You Provide Directly

  • Name, date of birth, contact information
  • Demographic details
  • Health Information and PHI provided during signup, assessment, or treatment
  • Insurance information
  • Emergency contact details
  • Messages, forms, questionnaires, and communications
  • Payment or billing details (processed by secure third-party processors)

B. Information Created During Care

  • Clinical notes, assessments, treatment plans, diagnoses
  • Telehealth session metadata
  • Medication or care-coordination information (if applicable)

C. Automatically Collected Information

  • Device information, browser, operating system
  • IP address and location approximations
  • Usage and activity logs
  • Cookies, analytics, and session data
      • Note: We do not allow analytics tools to collect or transmit PHI, in accordance with HIPAA and HHS guidance on tracking technologies.

D. Information From Third Parties

  • Referral sources
  • Analytics partners (non-PHI only)
  • Social media (if you connect voluntarily)
  • Payment processors
  • Employers or plan sponsors (only with authorization)

3. How We Use Personal Information

We may use your information for the following purposes:

A. Treatment, Payment & Healthcare Operations (HIPAA-Permitted Uses)

  • Provide therapy and telehealth services
  • Communicate about scheduling, treatment, and care
  • Supervision and clinical quality improvement
  • Billing, insurance processing, and payment
  • Internal analytics (PHI de-identified unless required)

B. 42 CFR Part 2 Restrictions (If Applicable)

We will not disclose SUD treatment records without your written consent, unless permitted by Part 2, such as:
  • Medical emergencies
  • Court orders meeting strict standards
  • Internal communications within the program
  • Qualified audits or evaluations

C. Security, Fraud Prevention & Legal Compliance

  • Protect the Services from misuse
  • Comply with legal obligations
  • Respond to threats of harm or medical emergencies

D. Marketing & Communication

  • With your consent, we may send newsletters or service updates.
  • We never sell PHI or use PHI for targeted advertising.

E. Creating De-Identified or Aggregated Data

We may de-identify PHI to improve Services, conduct analytics, or for other lawful purposes.

4. How We Share Information

We may share information as permitted or required:

A. With Your Authorization

We will obtain written authorization for uses or disclosures not permitted by HIPAA, 42 CFR Part 2, or this Policy.

B. For Treatment, Payment, or Operations

  • Providers, supervisors, clinical staff
  • Billing partners, clearinghouses
  • Insurance companies
  • Care coordinators (with permission)

C. With Service Providers & Business Associates

Who assist with:
  • Hosting
  • Secure messaging
  • EHR systems
  • Telehealth platforms
  • IT security
  • Data analytics (no PHI)
All Business Associates sign HIPAA-compliant agreements.

D. Legal Exceptions

We may disclose information:
  • To comply with law enforcement requirements
  • To report abuse, neglect, or imminent harm
  • During emergencies
  • Under a valid HIPAA-compliant authorization or court order
  • During a merger or transfer of assets (information remains protected)

E. Never Sold

We never sell your Personal Information or PHI.

5. Telehealth Privacy & Security

ReachLink uses HIPAA-compliant encrypted technology for telehealth.
Before receiving telehealth services, you may be informed of:
  • Risks and benefits of telehealth
  • How information is transmitted and stored
  • Emergency procedures & crisis protocols
  • Limitations relating to technology or privacy

6. Cookies, Analytics & Tracking Technologies

We use only non-PHI tracking technologies, such as:
  • Essential cookies
  • Performance analytics (Google Analytics configured to avoid PHI)
We do not use ad pixels, retargeting tools, or third-party trackers in any manner that accesses PHI.
You may manage cookies in your browser settings.

7. Data Security

We maintain administrative, physical, and technical safeguards required by:
  • HIPAA Security Rule
  • HITECH Act
  • NIST cybersecurity standards
Safeguards include:
  • TLS/SSL encryption
  • Data encryption at rest
  • Access controls
  • Role-based permissions
  • Audit logging
  • Monitoring for threats

8. Data Retention

Records are retained according to federal and state law.
Typical retention:
  • HIPAA: 6 years
  • Mental health records: 5–10 years depending on state
  • Colorado: 7 years
  • Oregon: 7 years
  • North Carolina: 7 years
  • Washington: 5–10 years
We will delete or de-identify data when no longer legally required.

9. Your Privacy Rights (U.S.)

Depending on your state, you may have rights to:
  • Access your information
  • Correct inaccurate information
  • Delete certain personal information
  • Opt out of sales or targeted advertising
  • Receive a copy of information in portable format
These rights do not override HIPAA or 42 CFR Part 2 rules.
To exercise these rights:
hello@reachlink.com

10. GDPR / UK-GDPR Rights (If Applicable)

If you reside in the European Economic Area, UK, or Switzerland, you have rights to:
  • Access
  • Correction
  • Deletion
  • Restriction
  • Objection
  • Data portability
Legal bases for processing include:
  • Consent
  • Contract fulfillment
  • Legitimate interests
  • Legal obligations
  • Vital interests
Data may be transferred internationally under:
  • Standard Contractual Clauses
  • Adequacy decisions
  • Other safeguards
You may contact our Data Protection Officer:
hello@reachlink.com

11. Children’s Privacy

We do not knowingly collect information from individuals under 18 years old.
Parents may contact us if they believe a child has submitted information in error.

12. Breach Notification

If PHI is compromised, we will comply with:
  • HIPAA/HITECH Breach Notification Rule
  • 42 CFR Part 2 (if applicable)
  • State-specific data-breach laws
Notification may include communication to you, HHS, and (if required) media outlets.

13. Third-Party Sites

Our Services may link to third-party websites.
We are not responsible for their privacy practices.

14. Changes to This Privacy Policy

ReachLink may change this Site Privacy Policy from time to time; when updates are made, the Site Privacy Policy version date (located at the bottom of this policy) will also be updated to reflect that revision occurred. We encourage you to periodically reread this policy to see if there have been any changes that may affect you. This statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
If you have questions or concerns about our Site Privacy Practices, or would like to report a violation, please contact us by sending an email to hello@reachlink.com.
ReachLink is the brand name used for products and services provided by one or more professional services entities, including ReachLink Telebehavioral Health Services PA that is managed by or affiliated with Florida ReachLink LLC, a management company.

15. Contact Us

If you have questions or concerns about this Privacy Policy, HIPAA, or 42 CFR Part 2 protections, you may contact:
📧 hello@reachlink.com
📬 ReachLink
3651 FAU BLVD
STE 400
Boca Raton, Fl 33431
Intake/Informed Consent
Terms of Use
Powered by Notaku
Share
Content
Privacy Policy
1. Definitions
Personal Information
Protected Health Information (PHI)
42 CFR Part 2 Information (SUD Information)
De-Identified Information
2. Information We Collect
A. Information You Provide Directly
B. Information Created During Care
C. Automatically Collected Information
D. Information From Third Parties
3. How We Use Personal Information
A. Treatment, Payment & Healthcare Operations (HIPAA-Permitted Uses)
B. 42 CFR Part 2 Restrictions (If Applicable)
C. Security, Fraud Prevention & Legal Compliance
D. Marketing & Communication
E. Creating De-Identified or Aggregated Data
4. How We Share Information
A. With Your Authorization
B. For Treatment, Payment, or Operations
C. With Service Providers & Business Associates
D. Legal Exceptions
E. Never Sold
5. Telehealth Privacy & Security
6. Cookies, Analytics & Tracking Technologies
7. Data Security
8. Data Retention
9. Your Privacy Rights (U.S.)
10. GDPR / UK-GDPR Rights (If Applicable)
11. Children’s Privacy
12. Breach Notification
13. Third-Party Sites
14. Changes to This Privacy Policy
15. Contact Us