This policy is effective January 6, 2020.
We respect the privacy of our users. We do not sell, rent, or loan any identifiable information regarding our customers or website visitors to any third party. Any information you give us is held with the utmost care.
Below is a summary of how we collect and process personal information. A more detailed description is provided after this summary table.
Information That Is Automatically Collected
We and our third-party partners may use various technologies to automatically collect and store certain device and usage information. This may include using cookies and similar tracking technologies, such as pixels and web beacons.
When you visit our site, we may collect basic information about your device such as device type, device model, operating system, and browser ID. We may collect usage data including browsing activities on our website (such as web pages viewed), and any ways that you interact with the site (such as clicking a link, making a web inquiry, or placing a phone call to us). We may also collect Internet protocol addresses and geolocation information, such as the city and state that you are located in.
If you make an inquiry to us, we may automatically collect additional personal information, such as your phone number, email address, and name. This is collected so that we can answer your inquiry and is only collected if you make an inquiry to us.
The information that is automatically collected by us is used for internal purposes only and is not shared with third parties for their business purposes. See the section titled “How we share the information we collect” for more information.
Information That You Provide to Us
If you make an inquiry to us, you may provide us with additional information. The types of information vary and is dependent on whether you have general questions, choose to complete an admissions assessment, and / or enter treatment with us.
Examples of information that we might collect from you include personal identifiers, such as a real name, postal address, unique personal identifier, IP address, email address, social security number, driver’s license number, passport number, or other similar identifiers. We may also record any phone calls that you make to us for quality assurance.
All inquiries are considered confidential and are governed under federal and state health privacy laws including HIPAA. Under no circumstances will this information be shared with third parties (with the exception of vendors covered under health care privacy laws) without your consent, unless required to do so by law.
Information We Do Not Collect
We do not knowingly collect information from, or direct any of our content specifically to, children under 13.
How We Use Personal Information
We may use the information we collect through our site and in connection with our events and marketing activities (alone or in combination with other data we collect) for a variety of reasons including:
- To provide, operate, optimize, and maintain the site.
- To send you marketing information about us, in accordance with your marketing preferences, including information about our products, services, promotions or events as necessary for our legitimate interest in conducting direct marketing or to the extent you have provided your prior consent.
- To respond to your online inquiries and requests, and to provide you with information and access to resources or services that you have requested from us.
- To manage event registrations and attendance, including sending related communications to you.
- To manage the site and system administration and security.
- To improve the navigation and content of the site.
- To identify any server problems or other IT or network issues.
- To process transactions.
- To compile aggregated statistics about site usage and to better understand the preferences of our visitors.
- To help us provide, improve and personalize our marketing activities.
- To carry out research and development to improve our sites, products and services.
- To carry out other legitimate business purposes, as well as other lawful purposes, such as analyzing data, fraud monitoring and prevention, identifying usage trends, and expanding our business activities in reliance on our legitimate interests.
- To cooperate with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of personal information to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our sites and services, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes, or responding to lawful requests.
How We Treat Protected Health Information (PHI)
For those seeking information about treatment or enter into treatment with us, we have additional safeguards for Protected Health Information. Our commitment to each patient’s confidentiality is ensured by our legal responsibility as mandated by state and federal law (including 42 CFR Part 2). Each staff member is dedicated to upholding these standards in all communications and records. Staff, patients, family members, and visitors all sign a confidentiality statement and agree to keep all knowledge or information about our staff, patients, and family members confidential at all times. We go to great lengths to protect the anonymity of everyone who enters or inquires about treatment.
Protected health information includes all individually identifiable health information, including demographic data, medical histories, test results, insurance information, and other information used to identify a patient or provide healthcare services or healthcare coverage. ‘Protected’ means the information is protected under the HIPAA Privacy Rule.
How We Share the Information We Collect
We do not share, sell, rent, or trade user personal information with third parties for their commercial purposes.
For prospective, current, and former patients, we may use and disclose Protected Health Information for the following circumstances:
- For Treatment. Your PHI may be used and disclosed by your medical providers, therapists, program staff, and others outside of our program who are involved in your care for the purpose of providing, coordinating, or managing your healthcare treatment and any related services. This includes coordination or management of your healthcare with a third party, consultation with other healthcare providers, or referral to another provider for healthcare treatment. In addition, we will disclose your protected health information to other healthcare providers (e.g., external pharmacy and laboratory), provided we have a written contract with the business that prohibits it from redisclosing your PHI and requires it to safeguard the privacy of your PHI. Except for emergency services, we will not send your PHI to an outside healthcare provider who is caring for you unless you give us written authorization to do so.
- For Payment. We may use and disclose medical information about you so that we can receive payment for the treatment services provided to you. This will only be done with your authorization. Examples of payment-related activities include the following: making a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization review activities. We may share your PHI with third parties that perform various business activities (e.g., collections) for us, provided we have a written contract with the business that prohibits it from re-disclosing your PHI and requires it to safeguard the privacy of your PHI. We will not use your PHI to obtain insurance payment for your healthcare services without your written authorization.
- For Healthcare Operations. We may use or disclose, as needed, your PHI in order to support the business activities of our program including but not limited to performance improvement activities, employee review activities, training of students, licensing, and conducting or arranging for other business activities. We may share your PHI with third parties that perform various business activities (e.g., audits, legal) for us, provided we have a written contract with the business that prohibits it from re-disclosing your PHI and requires it to safeguard the privacy of your PHI.
- Without Authorization. Applicable law also permits us to disclose information about you without your authorization in a limited number of other situations. The following are some examples of reasons we might disclose information about you without your authorization.
- Consistent with State or Federal Law. We may use or disclose your PHI to the extent that the use or disclosure is required by law, made in compliance with the law, and limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures. Under the law, we must make disclosures of your PHI to you upon your request. In addition, we must make disclosures to the Secretary of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
- Child Abuse or Neglect. We may disclose your PHI to a state or local agency that is authorized by law to receive reports of child abuse or neglect. However, the information we disclose is limited to only that information which is necessary to make the initial mandated report.
- Communicable Disease. We may disclose your PHI to a state or local agency that is authorized by law to receive reports of diagnosed communicable disease. However, the information we disclose is limited to only that information which is necessary to make the initial mandated report.
- Health Oversight. We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the program (such as third-party payors) and peer review organizations performing utilization and quality control.
- Medical Emergencies. We may use or disclose your PHI in a medical emergency situation to medical personnel only. Our staff will try to provide you a copy of this notice as soon as reasonably practicable after the resolution of the emergency.
- Deceased Patients. We may disclose PHI regarding deceased patients for the purpose of determining the cause of death, in connection with laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death.
- Criminal Activity on Program Premises/Against Program Personnel. We may disclose your PHI to law enforcement officials if you have committed a crime on program premises or against program personnel.
- Court Order. We may disclose your PHI if the court issues an appropriate order and follows required procedures. Your PHI will also be released to our Corporate Attorney.
With Authorization. Other uses and disclosures of your PHI will be made only with your written authorization. You may revoke this authorization at any time, except to the extent that action has been taken in reliance on the authorization of the use or disclosure you permitted prior to revocation.
How You Can Access and Control the Information We Collect
You may request a copy of any data we have collected on you. For certain information, you may request that we update, modify, or delete your personal information. Depending on the type of personal information we have collected, we will honor such requests except when to do so would interfere with our ability to provide services to you, would interfere with our ability to perform security audits, violates HIPAA requirements, or otherwise is prohibited by law.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request.
Additional Rights for Prospective, Current, and Former Patients
For prospective, current, and former patients, you have additional rights regarding the use and disclosure of your Protected Health Information and health record.
You have the following rights regarding PHI we maintain about you:
- Right of Access to Inspect and Copy. You may inspect and obtain a copy of PHI that is contained in a designated record set for as long as we maintain the record. A “designated record set” contains medical and billing records and any other records that the program uses for making decisions about you. We will charge you a reasonable cost-based fee for the copies. We can deny you access to your PHI in certain circumstances. In some of those cases, you will have a right to appeal the denial of access. Please contact our Privacy Officer if you have questions about access to your medical record.
- Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information, although we are not required to agree to the amendment. You may request, in writing, that we amend PHI that has been included in a designated record set. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy of it. Please contact the Privacy Officer if you have questions about amending your medical record.
- Right to an Accounting of Disclosures. You have the right to request an accounting of the disclosures that we make of your PHI. You may request an accounting of disclosures for a period of up to six years (excluding disclosures made to you, made for treatment purposes, made as a result of your authorization, and certain other disclosures). We will charge you a reasonable fee if you request more than one accounting in any 12-month period. Please contact the Privacy Officer if you have questions about accounting of disclosures.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the use of your PHI for treatment, payment, or healthcare operations. We are not required to agree to your request.
- Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
- Right to a Copy of This Notice. You have the right to a copy of this notice.
- You have the right to file a complaint in writing to us or to the Secretary of Health and Human Services.
If you believe we have violated your privacy rights. We will not retaliate against you for filing a complaint.