Montco Recovery Center, LLC (“MRC”) values you as a patient and respects your right to privacy. We pledge our commitment to treating your information responsibly. We restrict access to your health information to those employees who need to know in order to provide appropriate treatment or services to you or to conduct MRC business on your behalf.  The Health Insurance Portability & Accountability Act of 1996 (HIPAA) requires all health care records and other individually identifiable health information (Protected Health Information or PHI) used or disclosed to us in any form, whether electronically, on paper, or orally, be kept confidential. The federal law gives you, the patient, significant rights to understand and control how health information is used.

OUR LEGAL DUTY  MRC is required by applicable federal HIPAA law to maintain the privacy of your protected health information, except where federal and state regulations apply regarding ongoing child and/or vulnerable adult abuse, and to notify you following a breach of unsecured protected health information. We are also required to give you this Statement about our privacy policy, our legal duties, and your rights concerning your health information. This statement complies with the Omnibus HIPAA Final Rule published January 25, 2013. We are required to abide by the terms of the Privacy Policy Statement in effect.

  1. Information we collect

Log data

It is MRC’s policy to respect your privacy regarding any information we may collect from you across our website, http://montcorecovery.com, and other sites we own and operate.

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.

Device data

We may also collect data about the device you’re using to access our website. This data may include the device type, operating system, unique device identifiers, device settings, and geo-location data. What we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal information

We may ask for personal information, such as your:

  • Name
  • Email
  • Social media profiles
  • Date of birth
  • Phone/mobile number
  • Home/Mailing address
  • Work address
  • Payment information
  1. Legal bases for processing

We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so. These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:

  • it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
  • it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
  • you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
  • we need to process your data to comply with a legal obligation.

Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.

  1. USES AND DISCLOSURES OF HEALTH INFORMATION

We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to enable you to customize or personalize your experience of our website;
  • to enable you to access and use our website, associated applications and associated social media platforms;
  • to contact and communicate with you;
  • for internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our website, associated applications and associated social media platforms;
  • to run competitions and/or offer additional benefits to you;
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes that we may have; and
  • to consider your employment application.

The following categories describe different ways that we use and disclose Protected Health Information about you only under a signed release.

For Treatment. We may use or disclose your Protected Health Information for your treatment, such as to a doctor or other healthcare provider providing treatment to you.

For Payment. We may use and disclose your Protected Health Information to obtain payment for services we provide to you, such as to obtain reimbursement for services we provided.

Your Authorization. You may give us a written authorization or release to use your Protected Health Information for any purpose that you deem necessary. You may revoke an authorization or release at any time; such revocation must be in writing. Your revocation will not affect any use or disclosures permitted by your release while it was in effect.

Individuals Involved in Your Care or Payment for Your Care. With your signed release, your Protected Health Information may be disclosed to a family member, friend or other person to help with your healthcare.

Marketing. We may not use your protected health related information for marketing purpose. We may not sell your protected health information.

Research. We do not disclose Protected Health Information for research purposes without your written consent. Information without patient identifiable data may be used for generic research.

Workers’ Compensation and Disability. With your signed release, Protected Health Information about you may be disclosed for workers’ compensation, disability, or similar programs. The following categories describe different ways that we may use and disclose Protected Health Information about you without a signed release.

Required by Law. Client records are protected under Federal Confidentiality regulations (42 U.S.C. 290dd-3 and 42 U.S.C. 290ee-3 for Federal laws and 42 CFR Part 2 for Federal regulations) published August 10, 1987. The confidentiality of mental health, alcohol abuse, drug abuse, and/or eating disorder client records maintained by this program are protected by State and Federal laws and regulations. Clients cannot be identified to anyone outside the program as an alcohol or drug abuser, and cannot be disclosed without a client’s written consent unless otherwise provided in the regulations, or under the following circumstances: the Client consents in writing; or, the disclosure is allowed by a court order; or, the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation; or, there is a case of suspected child or elderly abuse or neglect (in which case is required by staff to be reported under State law to appropriate State or local authorities); or, any information about a crime committed by a client either at the program or against any person who works for the program or about any threat to commit such a crime; or, any threats to self or to others.  Federal laws and regulations do not protect any information about a crime committed by a Client either at the program or against any person who works for the program or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child or elderly abuse or neglect from being reported under State law to appropriate State or local authorities.

Coroners, Medical Examiners and Funeral Directors. We may disclose Protected Health Information to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law. We may disclose Protected Health Information to funeral directors, consistent with applicable law, as necessary to carry out their duties.

Business Associates. We may disclose Protected Health Information to our “business associates” who perform certain functions or activities that involve the use or disclosure of Protected Health Information on behalf of, or provides services to us. All of our business associates are obligated to protect the privacy of Protected Health Information and may use the information only for the purposes for which the business associate was engaged.

Secretary of Health and Human Services. We are required to disclose your information to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rules.

  1. Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities;
  • sponsors or promoters of any competition we run;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you; and
  • third parties to collect and process data.
  1. International transfers of personal information

The personal information we collect is stored and processed where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Where we transfer personal information from a non-EEA country to another country, you acknowledge that third parties in other jurisdictions may not be subject to similar data protection laws to the ones in our jurisdiction. There are risks if any such third party engages in any act or practice that would contravene the data privacy laws in our jurisdiction and this might mean that you will not be able to seek redress under our jurisdiction’s privacy laws.

  1. Your rights and controlling your personal information

Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Right to Access: You have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party. You have the right to inspect and/or get copies of your Protected Health Information for as long as we maintain it as required by law. You must submit your request in writing to our Clinical Director. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, staff time or other supplies associated with your request. We may deny your request to inspect and copy in certain circumstances. If you are denied access to Protected Health Information, you may request that the denial be reviewed. Another licensed health care professional chosen by MRC will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or EMR), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity.

Notification of a Breach. You have the right to be notified in the event that we (or one of our Business Associates) discovers a breach of any of your unsecured protected health information.

Right to Amend. You have the right to request that we amend your Protected Health Information if you feel the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, is incorrect, or is incomplete. To request an amendment, your request must be made in writing explaining why the information should be amended and submitted to our Clinical Director. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date. We may deny your request under certain circumstances.

Right to Request Restrictions. You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services. You have the right to request that we place additional restrictions on our use or disclosure of your protected health information. We are not required to agree to any restriction that you may request. If we do agree to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you or unless the use or disclosure is otherwise permitted by law.

Right to an Accounting of Disclosures. You have the right to receive a list of instances in which we disclosed your Protected Health Information. If you request this accounting more than once in a 12 month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.

Out-of-Pocket Payments. If you paid out-of-pocket (or in other words, we did not bill your health plan) in full for a specific item or service, you have the right to request in writing that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.

Notification of data breaches: We will comply laws applicable to us in respect of any data breach.

COMPLAINTS AND QUESTIONS

If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made regarding your health information, you may express your written complaint to us or the U.S. Department of Health & Human Services at the address below. If you want more information about our privacy policy or have questions or concerns, please contact us. Our Clinical Director can be contacted at: 262 Bethlehem Pike, Suite 102, Colmar, PA  18915; 215-398-1888 x 4004. U.S. Department of Health & Human Services If you would like to submit a complaint directly to the U.S. Department of Health & Human Services please send it to the following address: U.S. Department of Health & Human Services Office of Civil Rights 200 Independence Avenue, S.W. Washington, D.C. 20201; 877-696-6775. We support your right to privacy of your protected health information. You will not be retaliated against in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

  1. Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. Please refer to our Cookie Policy for more information.

  1. Business transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.

  1. Limits of our policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

  1. Changes to this policy

At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. Your continued use of this site after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.

If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.

Montco Recovery Center, LLC Data Controller
Caroline Welty
Caroline.Welty@montcorecovery.com

Montco Recovery Center, LLC Data Protection Officer
Caroline Welty
Caroline.Welty@montcorecovery.com

This policy is effective as of 7 September 2018.