HIPAA Notice of Privacy Practices
Effective Date: September 17, 2021
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. CONFIDENTIALITY OF HEALTH INFORMATION. Health information that Recover Addiction Services Inc. or Recover Medical Group P.C. (“Company”) receives and/or creates about you, personally, relating to your past, present, or future health, treatment, or payment for health care services, is “protected health information” under the federal law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 C.F.R. Parts 160 and 164. The confidentiality of alcohol and drug abuse records maintained by Company is protected by another federal law as well, commonly referred to as the Alcohol and Other Drug (AOD) Confidentiality Law, 42 C.F.R. Part 2. Generally, Company may not say to a person outside Company that you are a client of Company, or disclose any information identifying you as an alcohol or drug abuser, or use or disclose any other protected health information except in limited circumstances as permitted by federal law. Your health information is further protected by any pertinent state law that is more protective or stringent than either of these two federal laws.
2. PLEDGE REGARDING HEALTH INFORMATION. Company understands that health information about you and your health is personal. Company is committed to protecting health information about you. In order to provide you with quality service and to comply with certain state and federal legal requirements, Company creates a record of the services you receive at Company. This Notice of Privacy Practices (the “Notice”) applies to all of the records of your service generated by Company. This Notice will tell you about the ways in which Company may use and disclose protected health information about you. It also describes your rights and certain obligations Company has regarding the use and disclosure of protected health information. Company is required by law to:
(1) Make sure that health information that identifies you is kept private;
(2) Give you this Notice of its legal duties and privacy practices concerning health information about you;
(3) Follow the terms of the Notice that are currently in effect; and
(4) Notify you in case there is an unauthorized use or disclosure of your unsecured health information.
3. WHO IS BOUND BY THIS NOTICE. This Notice describes Company’s practices and those of Company staff, volunteers, and other personnel who are involved in your services. Company and these individuals will follow the terms of this Notice, and may use or disclose protected health information about you as permitted or required by law. This Notice describes your rights to access and control protected health information about you, including information that may identify you and that relates to your past, present, or future physical health or mental condition, and healthcare and related healthcare services. Your personal physician may have other policies that he or she follows and may use his or her own Notice of Privacy Practices.
4. HOW COMPANY MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU. Company collects health information about you and stores it in a chart, on a computer, and/or in a personal health record. This is your medical record. The medical record is the property of Company, but the information in the medical record belongs to you. The following categories describe different ways that Company may use or disclose protected health information. For each category of uses and disclosures, Company will explain what is meant and may give some examples. Not every use or disclosure in a category will be listed. However, all of the ways Company is permitted to use and disclose information will fall within one of the categories. Some information such as certain drug and alcohol information, HIV, or mental health information is entitled to special restrictions.
4.1 For Internal Communications. Your protected health information will be used within Company between and among Company staff who have a need for the information, in connection with Company’s duty to diagnose, treat, or refer you for treatment. This means that your protected health information may be shared between or among personnel for treatment, payment or health care operation purposes. For example, two or more providers within Company may consult with each other regarding your best course of treatment. Company may share your protected health information in a billing effort to receive payment for healthcare services rendered to you. And/or, your protected health information may be discussed within Company about your treatment in connection with others receiving treatment, in an effort to improve the overall quality of care provided by Company. Your protected health information will not be re-disclosed by Company personnel except as is otherwise permitted herein.
4.2. To Qualified Service Organizations and/or Business Associates. Some or all of your protected health information may be subject to disclosure through contracts for services with qualified service organizations and/or business associates, outside of Company, that assist Company in providing healthcare. Examples of qualified service organizations and/or business associates include billing companies, data processing companies, or companies that provide administrative or specialty services. To protect your health information, Company requires these qualified service organizations and/or business associates to follow the same standards held by Company through terms detailed in a written agreement.
4.3. In Medical Emergencies. Your health information may be disclosed to medical personnel in a medical emergency, when there is immediate threat to the health of an individual, and when immediate medical intervention is required.
4.4. To Researchers. Under certain circumstances, Company may use and disclose your protected health information for research purposes. For example, a research project may involve comparing the health and recovery of all clients who received one test or treatment to those who received another, for the same condition. All research projects, however, must be approved by an Institutional Review Board, or other privacy review board as permitted within the regulations, that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
4.5. To Auditors and Evaluators. Company may disclose protected health information to regulatory agencies, funders, third-party payers, and peer review organizations that monitor alcohol and drug programs to ensure that Company is complying with regulatory mandates and is properly accounting for and disbursing funds received.
4.6. Pursuant to Authorizing Court Order. Company may disclose your protected health information pursuant to an authorizing court order. This is a unique kind of court order in which certain application procedures have been taken to protect your identity, and in which the court makes certain specific determinations as outlined in the federal regulations and limits the scope of the disclosure.
4.7. Crime on Company Premises or Against Company Personnel. Company may disclose a limited amount of protected health information to law enforcement when a client commits or threatens to commit a crime on Company premises or against Company personnel. Federal law and regulations do not protect any information about a crime committed by a client either at Company or against any person who works for Company or about any threat to commit such a crime.
4.8. Reporting Suspected Child Abuse and Neglect. Company may report suspected child abuse or neglect as mandated by state law. Federal law and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
4.9. As Required By Law. Company will disclose protected health information as required by state law in a manner otherwise permitted by federal privacy and confidentiality regulations.
4.10. Appointment Reminders. Company reserves the right to contact you, in a manner permitted by law, with appointment reminders or information about treatment alternatives and other health related benefits that may be appropriate to you.
4.11. Other Uses and Disclosure of Protected Health Information. Other uses and disclosures of protected health information not covered by this Notice will be made only with your written authorization or that of your legal representative. If you or your legal representative authorize Company to use or disclose protected health information about you, you or your legal representative may revoke that authorization, at any time, except to the extent that Company has already taken action relying on the authorization.
5. YOUR RIGHTS REGARDING HEALTH INFORMATION COMPANY MAINTAINS ABOUT YOU. You have the following rights regarding your health information. In order to exercise these rights, you must contact the HIPAA Privacy Officer at Company. You may be asked to submit a written request. The HIPAA Privacy Officer may be contacted using the following information:
Recover Medical Group P.C.
Attn: HIPAA Privacy Officer
120 Birmingham Drive, Suite 240A
Cardiff, CA 92007
Phone: (858) 208-0121
5.1. Right to Inspect and Copy. With certain exceptions, you have the right to inspect and receive copies of your health information that Company maintains about you. In some very limited circumstances Company may, as authorized by law, deny your request to inspect and obtain a copy of your protected health information. You will be notified of a denial to any part or parts of your request. Some denials, by law, are reviewable, and you will be notified regarding the procedures for invoking a right to have a denial reviewed. Other denials, however, as set forth in the law, are not reviewable. Each request will be reviewed individually, and a response will be provided to you in accordance with the law.
5.2. Right to Amend Your Health Information. If you believe that protected health information about you is incorrect or incomplete, you may ask Company to amend the information. Company may deny your request if it is not in writing or does not include a reason that supports the request. In addition, Company may deny your request if you ask Company to amend protected health information that Company believes: (i) is accurate and complete; (ii) was not created by Company, unless the person or entity that created the protected health information is no longer available to make the amendment; (iii) is not part of the protected health information kept by or for Company; or (iv) is not part of the protected health information which you would be permitted to inspect and copy. If your right to amend is denied, Company will notify you of the denial and provide you with instructions on how you may exercise your right to submit a written statement disagreeing with the denial and/or how you may request that your request to amend and a copy of the denial be kept together with the protected health information at issue, and disclosed together with any further disclosures of the protected health information at issue.
5.3. Right to an Accounting of Disclosures. You have the right to receive a list of certain disclosures that Company may have made of your protected health information. This list will not include certain disclosures as set forth in the HIPAA regulations, including those made for treatment, payment, or health care operations within Company or made pursuant to your authorization or made directly to you.
5.4. Right to Request Restrictions. You have the right to request a restriction or limitation on the protected health information that Company uses or discloses about your treatment, payment or health care operations within Company. While Company will consider your request, Company is not required to agree to it. If Company does agree to it, Company will comply with your request, except in emergency situations where your protected health information is needed to provide you with emergency treatment. Company will not agree to restrictions on uses or disclosures that are legally required, or those which are legally permitted and which Company reasonably believes to be in the best interest of your health.
5.5. Right to Request Confidential Communications. You have the right to request that Company communicate with you about your protected health information in a specific way or at a specific location. For example, you can ask that Company only contact you at work or by mail. Company will accommodate all reasonable requests.
5.6. Right to File a Complaint. Violation of the federal law and regulations by Company is a crime and suspected violations may be reported to appropriate authorities in accordance with federal regulations. If you have any questions or believe that your privacy rights have been violated, you may contact Company’s HIPAA Privacy Officer in person or mail a written summary of your concern to the address listed above. You may also file a written complaint with the Department of Health and Human Services. You will not be penalized or retaliated against for filing a complaint.
5.7. Right to Receive a Copy. You have the right to obtain a copy of this Notice.
6. CHANGES TO THIS NOTICE. Company reserves the right to change the terms of this Notice at any time. Company reserves the right to make the revised or changed notice effective for protected health information Company already has about you as well as any protected health information Company receives in the future. Company will post a copy of the current Notice. The Notice will contain an effective date.
For questions about our privacy practices, contact our Chief Privacy Officer at:
120 Birmingham Drive, Suite 240A
Cardiff, CA 92007
Phone: (858) 208-0121
Effective Date: September 28, 2021
the types of information we collect through our Services;
how we use and protect that information;
the types of information we may share with others and under what circumstances;
the choices you have regarding our collection, use, and sharing practices; and
details regarding our use of third-party cookies and other tracking technologies.
This Policy applies when you interact with us through our Services. It also applies anywhere it is linked. It does not apply to non-Recover websites and mobile applications that may link to the Services or be linked to from the Services; please review the privacy policies on those websites and applications directly to understand their privacy practices.
INFORMATION WE COLLECT
Information you give us
Our Services may permit you to enter contact information and other information about you. We collect and store any information you enter on our Services. This includes:
Contact and demographic information, and any other information you provide when creating an account with us.
Appointments you book through our site.
Any information or data you provide by interacting in our online forums and chatrooms, or by commenting on content posted on our Services. Please note that these comments are also visible to other users of our Services.
Information you provide when you complete a survey.
Information you submit to inquire about or apply for a job with us.
If you contact us, we may keep a record of that correspondence and any contact information provided.
When you engage in a transaction using a credit or debit card on our site, we use a payment processor to process your payment; Recover does not collect or store payment card information.
Protected Health and/or Medical Information
Our Services include, among other things, the provision of addiction treatment services. If we provide treatment services to you, this may result in the creation of protected health and/or medical information about you. The use and storage of such information will be governed by our HIPAA Notice of Privacy Practices.
Information We Collect Automatically
When you interact with the Services, we collect certain information about your use of our Services automatically. This includes:
Analytics about your interaction with our Services, including traffic data, location data, weblogs and other communication data, the resources that you access, and how you reached our Services.
Details regarding the device you use to access our Services, including, but not limited to, your IP address, operating system, and browser type.
Information that you make available to us on a social media platform (such as by clicking on a social media icon linked from our Services), including your account ID or username and other information included in your posts.
Cookies and Other Tracking Technologies
Combination of Information
We may combine information from the Services together and with other information we obtain from our business records.
HOW WE USE YOUR INFORMATION
We may use the information we collect about you for the following purposes:
To provide you with our products and services, including to take steps to enter into a contract for sale or for services, process payments, fulfill orders, send service communications, and conduct general business operations such as accounting, recordkeeping, and audits.
To give recommendations, deliver personalized marketing and advertising to you about our products and services, and to enable additional features on our Services and to provide you with a personalized service.
To provide you with the best service and improve and grow our business, including to understand how our Services are being used, understand our customer base and purchasing trend, understand the effectiveness of our marketing, and develop new products and services.
To protect and secure our Services, assets, network, and business operations, and to detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal.
To comply with legal process, such as warrants, subpoenas, court orders, and lawful regulatory or law enforcement requests and to comply with legal requirements regarding the provision of products and services.
HOW WE SECURE THE INFORMATION WE COLLECT FROM OR ABOUT YOU
We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Services. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.
HOW WE SHARE YOUR INFORMATION
We share information as follows:
Service Providers: We engage vendors to perform functions on our behalf, and they may receive information about you. These vendors are obligated by contract to (a) use information that we share only for the purpose of providing these Services, and (b) abide by the same restrictions and conditions that apply to us with respect to any protected health information that we may share for the purpose of providing these Services. The business functions our vendors support include: billing and collection; auditing and accounting; professional services; analytics services; security; IT; and marketing emails.
Government Entities: We may also share data when we believe in good faith that we are lawfully authorized or required to do so to respond to lawful subpoenas, warrants, court orders, or other regulatory or law enforcement requests, or where necessary to protect our property or rights or the safety of our employees, our clients, or other individuals.
Potential Purchasers of Our Business: We may change our ownership or corporate organization while providing the Services. We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
We may use and share at our discretion data that has been aggregated (information that has been compiled into summaries) or de-identified (information that has been stripped of all unique identifiers such that it cannot be linked to a particular individual).
CROSS-BORDER TRANSFER OF DATA
If you use our Services outside of the United States, you understand that we may collect, process, and store your information in the United States and other countries. The laws in the United States regarding information may be different from the laws of your country. Any such transfers will comply with safeguards as required by relevant law. By using the Services, you consent to the collection, international transfer, storage, and processing of your data.
OUR PRACTICES REGARDING INFORMATION BELONGING TO CHILDREN
The Services are intended for users age thirteen and older. Recover does not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 13, we will delete that information.
SHARING OF PROTECTED HEALTH AND/OR MEDICAL INFORMATION
To the extent that we receive protected health and/or medical information about you, that information is shared in compliance with our HIPAA Notice of Privacy Practices.
YOUR OPTIONS AND RIGHTS REGARDING YOUR INFORMATION
Your Account: Please contact your care coordinator for help updating your contact information or payment method.
Most web browsers automatically accept cookies but, if you prefer, you can usually modify your browser setting to disable or reject cookies. If you delete your cookies or if you set your browser to decline cookies, some features of the Services may not be available, work, or work as designed. You may also be able to opt out of or block tracking by interacting directly with the other companies who conduct tracking through our Services.
Your browser or device may include “Do Not Track” functionality. We do not respond to Do Not Track signals at this time.
CHANGES TO THIS POLICY
For questions about our privacy practices, contact us at:
120 Birmingham Drive, Suite 240A
Cardiff, CA 92007
Phone: (858) 208-0121