Privacy Policy

HIPAA Compliance and Protected Health Information

Elevated Healing Treatment Centers is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). We are committed to protecting your Protected Health Information (PHI) in accordance with HIPAA Privacy and Security Rules and all applicable state and federal healthcare privacy laws.

Our integrated dual-diagnosis treatment approach requires careful coordination of mental health and substance use disorder information. Your privacy protections apply equally to all aspects of your care—whether related to mood disorders, anxiety, trauma, substance use, or medication management.

Protected Health Information We Collect

In the course of providing integrated mental health and addiction treatment, we may collect the following types of PHI:

• Personal identification information (name, address, phone number, email, date of birth, Social Security number)
• Mental health history and assessment information
• Substance use history and addiction-related information
• Medical history and current health conditions
• Psychiatric and psychological evaluations
• Therapy notes and treatment progress documentation
• Medication and psychiatric information
• Insurance and billing information
• Emergency contact information and family history
• Communications with our clinical team

Confidentiality of Dual-Diagnosis Information

Information related to substance use disorders receives enhanced protection under federal law (42 CFR Part 2). This means:

• Substance use treatment records are among the most protected health information
• We cannot disclose substance use disorder information without specific written authorization
• Enhanced protections apply even after treatment ends
• Mental health information receives the same level of protection

How We Collect Information

Information You Provide Directly

We collect information when you:

• Contact us by phone, email, or our website to inquire about treatment
• Schedule initial intake or assessment appointments
• Complete patient intake forms and comprehensive health questionnaires
• Complete mental health and substance use screening assessments
• Attend individual, group, or family therapy sessions
• Participate in psychiatric evaluations and medication management appointments
• Use our patient portal for secure messaging or appointment management
• Submit insurance information and authorization forms
• Engage in treatment planning and progress reviews

Information Collected Automatically

When you visit our website, we may automatically collect certain non-identifiable information, including:

• IP address and browser type
• Pages viewed and time spent on pages
• Referring website information
• Device information and operating system
• General location information

Important: We do not collect health information through our website. Any health information you provide should only be through secure, authenticated channels (patient portal, in-person, or authorized phone lines).

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and improve website functionality. You can control cookie preferences through your browser settings. Disabling cookies may affect some website features.

How We Use Your Information

We use your information for the following treatment, payment, and healthcare operations purposes:

Treatment & Clinical Care

• Providing integrated dual-diagnosis assessment, diagnosis, and treatment
• Coordinating psychiatric care and medication management for mental health conditions
• Providing individual, group, family, and specialized therapies
• Addressing substance use disorders with evidence-based treatment
• Developing and modifying personalized treatment plans
• Facilitating communication among clinical team members for coordinated care
• Monitoring treatment progress and clinical outcomes
• Emergency treatment and crisis response

Payment & Insurance

• Processing insurance claims and prior authorizations
• Billing for services rendered
• Collecting copays and patient responsibility amounts
• Submitting information to insurance companies and third-party payers
• Determining insurance eligibility and benefits

Healthcare Operations

• Improving our services and treatment outcomes
• Quality assurance and clinical audits
• Staff training on integrated dual-diagnosis care and clinical best practices
• Compliance with legal and regulatory requirements
• Business planning and financial management
• Conducting satisfaction and outcome surveys

Patient Communications

• Appointment reminders and follow-up communications
• Treatment recommendations and clinical updates
• Prescription refill requests and medication information
• Important updates to our policies or services

How We Share Your Information

Fundamental Principle: We do not sell, rent, lease, or trade your personal health information to any third parties. We share information only as permitted or required by law, or with your explicit written authorization.

With Your Authorization

We will only share your information with third parties when you provide specific written authorization. For example:

• Releasing records to another healthcare provider you specify
• Sharing information with family members or designated individuals (subject to your authorization)
• Providing information to your employer (for employee assistance programs)
• Sharing information with legal representatives or courts

You retain the right to authorize or deny disclosure at any time.

Business Associates

We work with carefully selected business associates who perform essential functions on our behalf. These include:

• Electronic health record vendors and IT service providers
• Insurance billing and claims processing companies
• Pharmacy and medication management services
• Telehealth platform providers
• Communication and secure messaging platforms
• Transcription and record management services

Legal Requirement: All business associates are required by federal law to execute Business Associate Agreements that obligate them to protect your information with the same safeguards we employ.

As Required or Permitted by Law

We may disclose information when required or authorized by law, including:

• In response to valid court orders, subpoenas, or legal processes
• To report suspected child abuse, elder abuse, or dependent adult abuse
• To report suspected domestic violence (as required by law)
• To prevent or mitigate serious threats to your health and safety or others' safety
• For public health activities and disease reporting
• To comply with workers' compensation laws
• For law enforcement purposes in limited, specified circumstances
• To correctional institutions for inmates receiving our services
• For military and veteran health information if applicable

Insurance Companies and Payers

We must share necessary treatment and billing information with your health insurance company or third-party payers to process claims. This may include:

• Treatment dates and clinical information necessary for authorization
• Diagnostic codes related to mental health and substance use disorders
• Treatment type and duration
• Clinical justification for continued treatment

Your Right to Know: You have the right to request a list of disclosures we have made of your health information. We will provide this accounting within 30 days.

How We Protect Your Information

We implement comprehensive physical, technical, and administrative safeguards consistent with HIPAA Security Rule requirements to protect your personal health information:

Physical Safeguards

• Secure office facilities with controlled access and visitor logs
• Locked doors and restricted access to patient treatment areas
• Secure, locked filing cabinets and storage for paper medical records
• Security cameras and surveillance systems
• Secure disposal and destruction of documents containing PHI
• Confidential disposal protocols exceeding industry standards

Technical Safeguards

• Encrypted electronic health records with access controls
• Secure, HIPAA-compliant communication platforms for patient messaging
• End-to-end encryption for telehealth video conferencing
• Multi-factor authentication for all system access
• Firewalls, intrusion detection, and antivirus protection
• Regular security updates and system patching
• Continuous security monitoring and threat detection
• Secure backup and disaster recovery systems
• Encryption of data in transit and at rest

Administrative Safeguards

• Comprehensive staff training on HIPAA compliance and privacy practices
• Annual HIPAA refresher training for all employees
• Clear policies and procedures for privacy and security
• Regular security risk assessments and vulnerability testing
• Business Associate Agreements with all vendors and partners
• Designated Privacy Officer responsible for HIPAA compliance
• Incident response plan and breach notification procedures
• Workforce security policies and access controls
• Sanctions policy for privacy and security violations

Your Privacy Rights

Under HIPAA and applicable state and federal privacy laws, you have the following rights regarding your health information:

Right to Access Your Records

You have the right to inspect and obtain copies of your medical records and billing information. We will provide this within 30 days of your request. A reasonable fee may apply for copying and mailing costs.

Right to Request Amendments

You may request corrections to your medical records if you believe they are inaccurate or incomplete. We will review your request and notify you of our decision within 60 days.

Right to an Accounting of Disclosures

You may request a list of entities to which we have disclosed your health information in the past six years, including the purpose of each disclosure. We will provide this accounting within 60 days at no cost.

Right to Request Restrictions

You may request limitations on how we use or disclose your health information. While we will consider your request, we are not always required to agree. We will notify you of our decision in writing.

Right to Confidential Communications

You may request that we communicate with you in a specific way or at a specific location (for example, at your work number or by email). We will accommodate reasonable requests.

Right to a Paper Copy

You have the right to receive a paper copy of this Privacy Policy and our Notice of Privacy Practices upon request at any time.

Right to File a Complaint

You may file a complaint if you believe your privacy rights have been violated. You can file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights without fear of retaliation.

Right to Know About Breaches

If an unauthorized access, use, or disclosure of your health information occurs, you have the right to be notified without unreasonable delay. We will provide notice of any breach that poses a risk to your privacy or security.

How to Exercise Your Rights: To request any of these rights, please contact our Privacy Officer using the information in the Contact Us section below. We will respond promptly to all requests.

Telehealth and Virtual Appointments

Elevated Healing offers secure, HIPAA-compliant telehealth services for psychiatric appointments, therapy sessions, and follow-up care. Telehealth enables access to integrated dual-diagnosis treatment regardless of location.

Telehealth Security Measures

• HIPAA-compliant video conferencing platforms with end-to-end encryption
• Secure, authenticated login requiring password and multi-factor verification
• Sessions are encrypted and never recorded without your explicit written consent
• Secure transfer of session recordings (if authorized) using encrypted channels
• Same privacy protections apply to telehealth as in-person appointments
• Audit logs tracking all access to telehealth records

Your Telehealth Responsibilities

To protect your own privacy during telehealth appointments:

• Participate from a private location where others cannot overhear your session
• Ensure your device and internet connection are secure
• Close other applications and windows that may display health information
• Use secure Wi-Fi or hardwired internet connection when possible
• Do not share your appointment link or access code with anyone
• Notify us if you believe your telehealth session was compromised

Technical Limitations

While telehealth is secure, technical issues may occasionally occur. In case of connection loss or technical problems, we will follow up with you to ensure your care continues without disruption. Any sensitive information will only be discussed once secure connection is reestablished.

Website Privacy and Cookies

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to:

• Remember your preferences and website settings
• Analyze website traffic and usage patterns
• Improve website functionality and user experience
• Provide analytics and performance data

We use essential cookies only for legitimate operational purposes. You can control cookies through your browser settings, though disabling them may affect website functionality.

Third-Party Services

Our website may use third-party services such as Google Analytics for website analytics. These services may collect aggregate information about your website usage according to their privacy policies. We do not control or authorize collection of health information through these services.

Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external websites. We encourage you to review the privacy policies of any third-party sites before providing them with information.

Adolescent and Minor Patient Privacy

Elevated Healing provides integrated dual-diagnosis treatment to adolescents and young adults ages 13 and older, as well as adults. For patients who are minors:

• We follow all applicable state laws regarding parental access to mental health and substance use disorder treatment records
• We balance parental rights with the minor's developing autonomy and privacy rights
• We do not knowingly collect personal information from children under 13 without parental consent
• We maintain confidentiality appropriate to the minor's age and legal status
• Parents/guardians have access rights consistent with state law, which may differ for mental health versus substance use information

Special Protections for Substance Use Disorder Treatment: Confidentiality protections for substance use disorder information may limit parental disclosure rights even for minors. We comply with applicable federal confidentiality laws (42 CFR Part 2).

Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or clinical standards. Material changes will be made with notice to you:

• Updated Privacy Policy will be posted on our website with a new effective date
• We will provide notice of significant changes during your appointment
• We will send notification via email or patient portal for major policy changes
• For changes affecting treatment, we may request your written acknowledgment

Your continued use of our services after changes to this Privacy Policy constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, have concerns about our privacy practices, or need to file a complaint, please contact us:

Privacy Officer

Our Privacy Officer oversees compliance with HIPAA and this Privacy Policy. You may request to speak with our Privacy Officer regarding privacy concerns.

File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or with the U.S. Department of Health and Human Services without fear of retaliation: