This Privacy Policy explains how Rolling Hills Recovery Center gathers information about you through our websites, mobile apps, and other services and how we use and share the information. 

 

This policy applies to our websites, services, and other interactions with you. It controls how we use the information we collect and interact with you.

​

Privacy Principles

 

Our privacy policies adhere to the following guidelines:

 

• We don't collect more sensitive data about you than is necessary.

• Unless you are specifically instructed differently, your personal information will only be used for the stated objectives in this Privacy Policy.

• If your data is no longer required, we will delete it.

• We do not disclose your data to any third parties except as stated in this Privacy or as otherwise consented to by you.

 

Changes to this Privacy Policy

 

This Privacy Policy may be updated at any time without any notice. If we alter anything on this policy, we will alert you by publishing the new policy on our website and changing the "Last Updated" timestamp above. Please read this policy each time you use our services to be updated with our practices constantly.

 

Protection of Health Information Under the Health Insurance Portability and Accountability Act (HIPAA)

 

In 1996, the US Congress established IPAA, a Privacy Rule for sharing Protected Health Information (PHI) by insurers and rehab facilities. It stipulates that all a client's personal information be kept private and that disclosing this information must be done only with the patient's express consent.

 

• It is your right to know whether we hold personal information about you.

• You can adjust or update any information we hold about you anytime.

• You have the right to request any personal data we have about you.

• You have the right to complain about how we utilize your personal information.

 

Information you Provide

 

When you contact us via email, sign up on our website, or submit information, we gather the information you supply. For example, we may collect your data, such as your name, phone number,  gender, email address, postal address,  and Social Security number (SSN). 

 

Information We Collect

​

When you visit our website, we learn a variety of things about you; When you use our services, we may automatically collect specific details about your computer or gadgets (including smartphones)

 

Information about the device 

 

When you use our services, we may automatically collect specific detail of smartphones, computers, or gadgets (including smartphones). We might, for instance, gather and evaluate the following data:

 

• Unique device identifiers (UDIs) and details about your cell phone or other mobile devices.

• IP addresses.

• Geolocation information.

• Browser types.

• Browser language.

• Operating system.

• The country or state from which you accessed our services.

 

Information about your interactions with our services

 

We may collect the following types of data concerning your interactions with our services:

​

• Type of platform. 

• URLs and exit pages.

• Landing pages.

• Number of clicks. 

• Names of websites.

• Viewed web pages and content.

• What the reader does on each page. 

• The date you used the service.

• The time you used the service.

• Error logs and other related data.

 

This data can be gathered through third-party analytics tools and technology, such as cookies and related technologies. 

 

Information about your location

​

The location information we collect includes the following:

​

• Details about your location, such as your IP address.

• Facts and figures in general (for example, zip code and IP address).

• Extra information (for example, GPS-based functionalities on a mobile device used to access our services).

 

We may use the data we gather from you to provide our clients accomplish this; we may disclose your geolocation data to our affiliates, suppliers, or marketers.

 

We may disclose your geolocation data to our affiliates, suppliers, or marketers to access. However, disabling location-tracking capabilities such as GPS on your mobile device may prevent you from providing us with location data if your device permits it.

 

Cookies (and Other Online Technologies)

  

We may use the following technologies to get a better understanding of our users:

 

Cookies

 

Cookies are tiny computer files transmitted to your electronic device. They include the date. You may save time using the services pages you've viewed and your actions while using our services.

 

When keeping our services, you may save time by not having to re-enter your login information each time. Instead, we reserve your authentication status in a cookie. Cookies are also used to track visitor behavior and prevent fraudulent transactions.

 

We may use a kind of marketing called online behavioral (interest-based) advertising to promote our services. In practice, particular business associates may use Cookies to show Rolling Hills Recovery Center's advertisements on other sites and apps based on your usage of our services and your interests in those advertisements (based on the information gathered from your online activities).

​

Disclaimer on social media engagement

​

We are not responsible for any repercussions from posting anything on our social media accounts. However, when you publish anything on our social networking sites, you accept the risk that the information you provide is infected with a virus or otherwise dangerous.

 

Any third-party social media platforms or services, or websites to which patients choose to communicate private health information are entirely out of the control of The Rolling Hills Recovery Center. Therefore, Rolling Hills Recovery Center cannot guarantee that user information will be safe on third-party social networks. Therefore, people should be cautious while disclosing sensitive personal information online.

 

If you post or upload material to Rolling Hills Recovery Center's social media pages, it becomes the property of Rolling Hills Recovery Center. This includes comments, images, text, and other media. By uploading content, you grant Rolling Hills Recovery Center an unrestricted right to use, reproduce, distribute, publish, display, change, replace, create derivative works from, and otherwise use your content for any purpose and in any medium.

 

Hyperlinks to other web pages

 

Our website and social media pages may include links to other websites that you will find helpful. We have no control over the privacy practices of these websites. We strongly advise you to read their privacy policies before using these websites. This policy applies only to data obtained by Rolling Hills Recovery Center.

​

Use of Information

​

​The information your share with us (or collect from you) is used:

 

• For the reasons for which you shared the information. 

• We tailor our services to meet your expectations by disseminating more information about Rolling Hills Recovery Center, our associates, our sponsors, or third-party services, initiatives, events, and campaigns that interest you.

• To support, keep improving, or boost our organization and our services.

• To get in touch with you. 

• To deliver alerts to your mobile devices. 

• Email you and deliver other communications with material that interest you. 

• To keep you up to date with our services and send you newsletters.  

• To keep track of and evaluate trends concerning our services. 

• To better understand who uses our services and how we can improve user experience. 

• To merge information obtained from external parties with data we have collected from you or about you and to use the aggregated information for the reasons outlined in this Privacy Policy.

• To help stop, detect, and investigate data breaches, fraud, and other possibly illegal or expressly forbidden practices. 

• To manage and troubleshoot our services.

• Ensure that the legal regulations governing your use of our services are followed.

• To safeguard our properties or rights. 

• We are disclosing this to you for any other reason as part of our services.

 

We may use a third-party service provider to process and store the information you share with us or collect from you.

 

Sharing of Your Private Information

​

We may be required to disclose your personal information to the following third parties:

​

• IT and systems administration service providers.

• Lawyers, bankers, auditors, and insurers are all examples of professional counselors.

• Organs of state require us to provide reports on our activities.

• Rehab facilities in our network of contacts.

• Other people or firms to whom we may transfer our services, sell assets or sell our entire organization.

• Any third party to offer, maintain and enhance our Services. It can arise where a service provider needs access to your information to execute tasks on our behalf.

​

You can rest assured that any third party to whom we disclose your information will do so securely and lawfully. We only permit such a third party to process your data for the purposes stated and in full compliance with our instructions.

​

Client Care and Confidentiality Guidelines

 

Policies related to the confidentiality and management of client care records at our facility, adhering to HIPAA and CFR 42-2 standards. It aims to protect the privacy and rights of our clients by establishing strict guidelines on the handling of their personal and medical information.

 

Confidentiality Policy

 

It is our paramount responsibility to ensure all staff members rigorously maintain the confidentiality of client records. This encompasses all identifying data, diagnostic details, treatment plans, attendance logs, and any information regarding a client's status or location. Disclosure of such information is strictly prohibited without explicit consent from the client.

 

We are committed to upholding the federal laws safeguarding the confidentiality of Alcohol and Drug Abuse Patient Records, thereby protecting the legal and human rights of our clients and their families.

 

Consent and Disclosure Procedures

 

Obtaining Consent

 

• Consent for releasing client information must be detailed, including:

  • Client's name

  • Requester's name and title/organization

  • Disclosure purpose

  • Specific information to be disclosed

  • Consent expiration and signature dates

  • Client's signature and witness verification

 

Handling Requests

 

• For verbal inquiries, staff must:

  • Record the requester's details and inform them of a callback following consent verification in the client's file.

  • If valid consent exists, proceed to share the authorized information. Otherwise, staff should neither confirm nor deny the client's association with the program.

 

Legal Demands

 

• Subpoenas and court orders are to be directed to the Executive Director for appropriate action, ensuring no information is released without their explicit approval.

 

Faxing Confidential Information

 

• Faxes are used only when necessary, ensuring all transmissions include a "Confidentiality Statement." Follow-up calls are made to confirm receipt

 

Grievance Procedures

 

The purpose of this policy is to provide clients with a due process for resolving grievances related to their treatment or issues concerning program and personnel. The procedure for grievances involves:

 

• Initially addressing grievances with the primary counselor.

• If unresolved, escalating the issue to the President or a designated person.

• Making a final appeal in writing to the Executive Director or a designated person if the matter remains unresolved.

• A response to the grievance is to be provided within 30 days.

• Clients are informed that complaints can also be directed to the Division of Addiction Services, with contact information readily available.

 

Client Grievances

 

This policy outlines the procedure for clients to report grievances directly to the governing licensing board of Rolling Hills Recovery Center. It includes:

 

• Posting contact information for the State agency responsible for handling grievances conspicuously throughout the facility.

• Informing clients and their families of their rights upon orientation, including how to contact the New Jersey Department of Human Services, Division of Mental Health and Addiction Services for grievances.

 

Client Rights

 

This policy addresses the rights of individuals served and ethical issues in care and service delivery. Key highlights include:

 

• Providing clients with a written copy of their rights at admission and annually thereafter.

• Rights include being informed of program rules, services available, charges, the option to participate in treatment decisions, refuse treatment, confidentiality, and the right to be treated with respect and dignity.

• Clients have the right to voice grievances, participate in experimental research with consent, and be free from abuse and discrimination.

• Specific procedures for transfers, discharges, and the right to appeal involuntary discharges are outlined.

• Clients are entitled to access and obtain a copy of their clinical record in accordance with applicable laws and the program's policies.

• Clients have the right to revoke releases by providing a written request to Rolling Hills Recovery Center.

 

These policies ensure that clients at Rolling Hills Recovery Center are supported in a respectful and ethical environment, have the means to address concerns, and are provided with clear information about their rights and the services available to them.

 

Safe Guarding Client's Records

 

I. PURPOSE:

 

The purpose of this policy is to outline the Safe Guards for Protection of Privacy for Protected Health Care Information of Rolling Hills Recovery Center.

 

II. POLICY:

 

It is the policy of Rolling Hills Recovery Center to ensure all health care information of clients is kept confidential and protected from disclosure. In order to protect the records of the clients served, Rolling Hills Recovery Center shall put in place the following safeguards to ensure all confidential records are protected:

 

Administrative:

 

• All health records at RHRC are electronic and any paper records or additional client information received will be uploaded into the EHR.

• All faxes containing client information will contain the disclaimer that the information is only for the intended party and is covered by federal regulations. Only authorized staff will have controlled access to client's information/records and will only be limited to those who have a need to know for provisions of services or payments.

 

Technical:

 

• All staff shall be given a protected password for their computers. Only those staff members shall be allowed on their computers along with the Executive Director or designee. If a staff member leaves Rolling Hills Recovery Center for any reason, a new secure password shall be given to new employee using that computer.

• All computers shall be shut off while not in use, and at the end of each business day.

• All faxed letters shall have a red confidential stamp put on the cover page.

 

Physical:

 

• Each office containing any clients' information shall remain locked unless in use.

• There shall be no papers left out in open area with client's names or information on them. All rooms shall be inspected daily.

• Staff shall not use a client's name while talking in common areas.

• Subpoenas and Court Orders must be forwarded to the Executive Director or designee to determine appropriate actions.

• Outdated records in paper form shall be shredded under secure conditions. Records shall be retained for twenty (20) years beyond discharge. All records beyond this time shall be destroyed in accordance with standards of practice and Federal Statute.

 

Importance of Maintaining Confidentiality

 

This includes briefing new hires during orientation and providing refresher training as necessary.

 

1. Employees, students, and other individuals with access to Client information must sign a confidentiality agreement upon commencement of their relationship with Rolling Hills Recovery Center. This agreement outlines their understanding and commitment to maintain confidentiality of all Client information.

2. Regular audits and monitoring of information access and handling will be conducted to ensure compliance with confidentiality policies. This includes checking for unauthorized access to electronic health records, improper sharing of information, and adherence to document handling protocols.

3. In the event of a suspected breach of confidentiality, a thorough investigation will be initiated promptly to determine the extent of the breach, identify the individuals involved, and take appropriate corrective action. This may include disciplinary action up to and including termination, as well as legal action if necessary.

4. Training on confidentiality will include scenarios and examples of potential breaches and the proper steps to take if one becomes aware of a breach or potential breach. This training will also cover the legal and ethical implications of failing to maintain confidentiality.

5. All employees, students, and other individuals will be encouraged to report any concerns or uncertainties about what constitutes a breach of confidentiality or how to handle confidential information. A culture of openness and responsibility towards the safeguarding of Client information will be promoted.

6. The use of encryption and secure communication channels for transmitting Client information will be enforced to prevent unauthorized interception of data. Physical documents containing sensitive information will be stored securely and access will be limited to authorized personnel only.

7. In cases where disclosure of Client information is legally required, such as in the reporting of communicable diseases, gunshot wounds, or child abuse, the procedure for such disclosures will be clearly communicated. This includes who to contact (primary therapists and the Clinical Director), the steps for reporting the incident, and the documentation required to accompany the disclosure.

 

Documentation and Record Keeping

 

• All signed confidentiality agreements will be stored securely in the employee's personal file.

• Records of confidentiality training sessions, including dates, content, and attendees, will be maintained.

• Documentation of any breaches of confidentiality and the subsequent actions taken will be recorded and stored securely.

 

Review and Update of Policy

 

• This policy will be reviewed annually and updated as necessary to reflect changes in legal requirements, organizational practices, or advancements in technology that may affect the confidentiality of Client information. Feedback from employees, audits, and incident reports will be considered during the review process to identify areas for improvement.

​

Our privacy policy adheres to relevant laws and regulations, including but not limited to the United States Health Insurance Portability and Accountability Act of 1996 (HIPAA). We will only share information with third parties as allowed by applicable laws.

​

Privacy Commitment

 

At Rolling Hills Recovery Center, we are dedicated to providing quality behavioral healthcare services. A crucial part of this commitment is safeguarding your health information according to applicable law. This notice (“Notice of Privacy Practices”) outlines your rights and our responsibilities concerning protecting your health information under federal law. Protected health information (“PHI”) includes information about you that may identify you and relate to your past, present, or future physical or mental health; healthcare services provided, or payment for healthcare services.

​

Our Responsibilities

​

We are required by law to maintain the privacy of your PHI, provide you with notice of our legal duties and privacy practices regarding your PHI, and notify you following a breach of unsecured PHI related to you. We must abide by the terms of this Notice of Privacy Practices. This notice is effective as of the date listed on the first page and will remain in effect until revised. We must update this Notice of Privacy Practices when significant changes to your rights, our duties, or other practices are detailed herein.

​

We reserve the right to change our privacy policy and practices and the terms of this Notice of Privacy Practices, in compliance with applicable law and our current business processes, at any time. Any new Notice of Privacy Practices will apply to all PHI we maintain at that time. We will provide notifications of revisions to this Notice of Privacy Practices as follows:

​

1. Upon request;

2. Electronically via our website or other electronic means; and

3. Posted in our place of business.

 

In addition to the above, we have a duty to respond to your requests (e.g., those corresponding to your rights) in a timely and appropriate manner. We value your right to privacy and are committed to maintaining reasonable and appropriate safeguards for your PHI.

 

Confidentiality of Addiction Treatment Records

 

The confidentiality of alcohol and drug abuse patient records maintained by us is protected by federal law and regulations. Generally, we may not disclose any information identifying you as an alcohol or drug abuser without:

​

1. Your written consent;

2. A court order allowing disclosure; or

3. The disclosure is made to medical personnel in a medical emergency or qualified personnel for research, audit, or program evaluation.

 

Violations of federal law and regulations by the treatment center are crimes. Suspected violations may be reported to appropriate authorities in accordance with federal regulations.

​

Federal law and regulations do not protect information about crimes committed by you at the treatment center or against any person working for the treatment center or any threat to commit such a crime.

​

Federal laws and regulations do not protect information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.

​

See 42 U.S.C. 290dd-3 and 42 U.S.C. 290ee-3 for federal laws and 42 CFR part 2 for federal regulations.

 

Usage and Disclosure of PHI

 

Your Protected Health Information (PHI) may be permitted, required, or authorized for use and disclosure. The following categories outline the various ways we use and disclose PHI.

 

Within Rolling Hills Recovery Center Staff: We may use or disclose information among staff members who need the information for their duties related to the provision of diagnosis, treatment, or referral for treatment of alcohol or drug abuse. This communication occurs within our treatment center and is used for purposes such as providing care, billing, tracking charges and credits, checking eligibility for insurance coverage, and preparing insurance claims. We may also use and disclose your PHI for our healthcare business and to perform functions associated with our business activities, including accreditation and licensing.

 

Secretary of Health and Human Services: We are required to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary investigates or determines our compliance with HIPAA Privacy Rules.

​

Business Associates: We may disclose your PHI to Business Associates contracted by us to perform services on our behalf, which may involve receipt, use, or disclosure of your PHI. All Business Associates must agree to protect your PHI’s privacy, use and disclose the information only for the intended purposes, be bound by 42 CFR Part 2, and resist any attempts to access patient records in judicial proceedings unless permitted by law.

Crimes on Premises: We may disclose information related to crimes committed on our premises or against our personnel or threats of such crimes, to law enforcement officers.

​

Suspected Child Abuse and Neglect Reporting: We may disclose information required for reporting suspected child abuse and neglect under state law to the appropriate state or local authorities. However, original patient records may not be disclosed for civil or criminal proceedings arising from suspected child abuse and neglect reports without consent.

​

Court Order: We may disclose information required by a court order, provided certain regulatory requirements are met.

Emergency Situations: We may disclose information to medical personnel to treat you in an emergency.

​

Research: We may use and disclose your information for research if certain requirements are met, such as approval by an Institutional Review Board.

Audit and Evaluation Activities: We may disclose your information to persons conducting audit and evaluation activities, provided they agree to certain restrictions on information disclosure.

​

Cause of Death Reporting: We may disclose information related to the cause of death to an authorized public health authority.

​

Authorization to Use or Disclose PHI

​

Apart from the instances stated above, we will not use or disclose your PHI without your written authorization. We will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes, or sell your PHI unless you have signed an authorization. You or your representative may revoke an authorization in writing at any time to stop future uses or disclosures. We will honor oral revocations upon authenticating your identity until a written revocation is obtained. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.

​

Patient/Client Rights

​

You have several rights regarding the PHI we maintain about you. Information on how to exercise these rights is also provided. We are committed to protecting your PHI and ensuring you have access to it when needed and that you understand your rights as described below.

​

Right to Notice: You have the right to adequate notice of the uses and disclosures of your PHI, our duties, and responsibilities regarding the same, and the right to request both paper and electronic copies of this Notice. You may obtain this Notice on our website at Rolling Hills Recovery Center, from facility staff, or by requesting it at any time.

​

Right to Access, Inspect, and Copy

​

You have the right to access, inspect, and obtain a copy of your PHI as long as we maintain it, as required by law. This right can be limited only under specific circumstances as outlined by applicable law. All requests to access your PHI must be in writing. In some cases, we may deny your request, and any denial will be provided to you in writing. If you are denied access to your PHI, you can request a review of the denial. Another licensed healthcare professional chosen by Rolling Hills Recovery Center will review your request and the denial. The reviewer will not be the person who initially denied your request. We will comply with the decision of the designated professional. If you are still denied, you have the right to have the denial reviewed by an unaffiliated, licensed third-party healthcare professional. We will comply with the decision made by this professional.

​

We may charge a reasonable, cost-based fee for the copying and/or mailing process related to your request. If the PHI is maintained in electronic form and format, you can request a copy in that electronic form and format if readily producible; if not, we’ll provide it in any readable form and format that we agree upon (e.g., PDF). Your request may also include instructions to transmit the information to another individual or entity.

​

Right to Amend

​

If you think that the PHI we possess about you is incorrect or incomplete, you have the right to request an amendment to your PHI as long as we maintain it. The request must be in writing, and you need to provide a reason to support the amendment. In some cases, we may deny your request, including when the PHI: 1. Wasn’t created by us; 2. Is excluded from access and inspection under applicable law; or 3. Is accurate and complete. If we deny the amendment, we’ll provide the rationale for denial in writing. You may write a statement of disagreement if your request is denied. This statement will be part of your PHI and included with any disclosure. If we accept the amendment, we’ll collaborate with you to identify other healthcare stakeholders requiring notification and provide it.

​

Right to Request an Accounting of Disclosures

​

We must create and maintain an accounting (list) of specific disclosures of your PHI. You have the right to request a copy of this accounting within a timeframe specified by applicable law before the date of the request (up to six years). Any request for accounting must be in writing. We aren’t required by law to document certain types of disclosures (like those made with your signed authorization), and a list of these disclosures won’t be provided. If you request this accounting more than once in 12 months, we may charge a reasonable, cost-based fee for responding to additional requests. We’ll notify you of the fee (if any) when you make the request.

​

Right to Request Restrictions

​

You can request restrictions or limitations on how we use and disclose your PHI for treatment, payment, and operations. We aren’t obligated to agree to restrictions for treatment, payment, and healthcare operations except in limited circumstances as described below. This request must be in writing. If we agree to the restriction, we’ll comply with it going forward unless you revoke it or we believe, based on our professional judgment, that an emergency necessitates bypassing the restriction to provide appropriate care or if the use or disclosure is otherwise allowed by law. In rare cases, we reserve the right to end a restriction we previously agreed to, but only after notifying you.

​

Out-of-Pocket Payments

​

If you’ve paid out-of-pocket (meaning you or someone other than your health plan has paid for your care) in full for a specific item or service, you can request that your PHI regarding that item or service not be disclosed to a health plan for payment or healthcare operations purposes. We’re legally required to honor this request unless you terminate it in writing and when disclosures aren’t required by law. This request must be in writing.

​

Right to Confidential Communication

​

You can request that we communicate with you about your PHI and health matters through alternative means or at alternative locations. This request must be in writing and specify the alternative means or location. We’ll accommodate reasonable requests in line with our responsibility to properly protect your PHI.

​

Right to Notification of a Breach

​

You have the right to be informed if we (or one of our Business Associates) discover a breach involving unsecured PHI.

​

Right to Voice Concerns

​

You can file a written complaint with us or the U.S. Department of Health and Human Services if you believe we’ve violated your privacy rights. Any complaints to us should be in writing to our Privacy Official at the address provided below. We won’t retaliate against you for filing a complaint.

 

Questions, Requests For Information, And Complaints

 

For questions, requests for information, more information about our privacy policy or concerns, please contact us:

​

Rolling Hills Recovery Center 

Compliance Officer

425 Main Street

Chester, NJ 07930

info@rollinghillsrecoverycenter.com

 

We support your right to privacy of your Protected Health Information. You will not be retaliated against in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

​

If you believe your rights have been violated and would like to submit a complaint directly to the U.S. Department of Health & Human Services, then you may submit a formal written complaint to the following address:

​

U.S. Department of Health & Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

877.696.6775

OCRMail@hhs.gov

www.hhs.gov