CAREERS | BILL PAY

Privacy Policy

St. Gregory Recovery Center: Privacy Policy

Effective Date: February 16, 2026

This notice describes:
  • How health information about you may be used and disclosed by Summit BHC (“Summit,” “us,” “we,” or “our”).
  • Your rights with respect to your health information, including how you can get access to the information.
  • How to file a complaint concerning a violation of the privacy or security of your health information, or of your rights concerning your health information.
  • You have a right to a copy of this notice (in paper or electronic form) and to discuss it with the Summit BHC Privacy Officer at summitbhc.ethicspoint.com or (844) 920-1197 if you have any questions.
Summit Behavioral Healthcare (“SHBC”,” “us”, “we”, or “our”) operates the stgregoryctr.com  (“Website”), and provides various services to clients in order to manage and care for individuals who suffer from behavioral illnesses, chemical dependencies or addition disorders. Among other services, we offer hospitalization, inpatient treatment, detoxification programs, partial hospitalization programs, and intensive outpatient programs (hereinafter collectively referred to as the “Services”). SBHC cares about your personal integrity. Therefore, this Privacy Policy is provided to equip you with information on how SBHC processes the personal data that you share with us when using contact forms on our website. As noted above, our Privacy Policy is designed to advise you about how we collect, use, protect, and disclose the information that we collect and/or receive about you. It also explains your privacy rights, and how you can manage the privacy of your Personal Information. Please note that this Privacy Policy does not govern the practices of third parties, including our partners, third party service providers, and/or advertisers, even when those services are branded as, or provided on behalf of, SBHC. Information collected from you by others, such as third party websites that you access through links on the Website, are governed by those entities’ privacy policies.

I. Definitions

  • Personal Information (also known as “Personal Data”): Personal Information means data about a particular individual or household that identifies, relates to, describes, could be reasonably linked with, or could be used to identify that person or household (or from those and other information either in our possession or likely to come into our possession). Personal Information includes medical and clinical information (Protected Health Information or PHI). It also includes other information that may be associated with your Personal Information, such as your Usage Data (defined below), location, preferences or interests, if that information can be used to identify you or your household.
  • Services: As noted above, our Services include the stgregoryctr.com website owned and operated by SBHC as well as any services provided, including, but not limited to, on-site guarding, fire and safety services, and corporate risk management.
  • Cookies: Cookies are small files stored on your device (computer or mobile device).
  • Data Controller: The natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Information.
  • Data Processors: Any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
  • User: Any individual who uses our Services and is the subject of Personal Information collected and/or processed.

II. Information Collection and Use

We use your information to provide the Services that you request, and to improve the Services we offer to you. By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. Included below is a list of several different types of information for various purposes to provide and improve our Service to you.
  • Personal Information. While using our Services, we may ask you to provide us with or otherwise obtain certain personally identifiable information that can be used to contact or identify you (“Personal Information,” as defined above). Such Personal Information may include, but is not limited to, your name, address, email address, username, and any other information that may identify you.
  • Generic Information. Generic information is information that does not directly reveal the identity of a SBHC customer, or visitor to the Website. This information may include Usage Data and other aggregate usage metrics such as total number of Website visitors, pages viewed, and usage patterns within the Website, etc. This may also include information about your device. We may automatically gather some Generic Information from our members, customers, and Website visitors. At times, the combination of various types of data, including Generic information and Usage Data, may enable you to be identified, and may therefore qualify as Personal Information.
  • Usage Data: We may also collect information on how you access and use our Services (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
  • Tracking & Cookies Data. We use cookies and similar tracking technologies to track the activity on our Website, and we hold certain information.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Services. Examples of Cookies and other technologies we may use include, but are not limited to:
  • Session Cookies – These are cookies that enable our website to keep track of movement from page to page so you do not get asked for information that you have already provided to the Website.
  • First Party Cookies – This allows SBHC to remember website configurations about out users (e.g. language preferences).
  • Third Party Cookies – SBHC permits third-party service providers, advertisers and other companies to use cookies or other similar technologies on our Website. These companies may collect your information, track your behavior on our Website, and gather information about your use of our Websites or Services and other online services over time and across different services. Additionally, some companies may use information collected to deliver targeted ads on behalf of us or other companies, including on other websites or online services. We are not responsible for the functioning of cookies and other technologies used and placed by third parties on your device.
Your Cookie Choices You may set your browser to block or otherwise control what cookies your browser or mobile device accepts via your browser or mobile device settings. Additionally, you can choose to modify your settings and delete those cookies that are otherwise stored on your device. Please consult the instructions provided by your browser or your mobile device’s manufacturer to determine how you can limit the placement of and/or remove cookies or other technologies. Please note, however, that limiting or disabling the use of cookies and other technologies may impact or adversely affect your ability to perform certain transactions on, use certain functionalities of, and access certain content on our Website.

III. How We Collect Information

SBHC collects and obtains your information in a few ways: there is information that you choose to give to us, information we obtain through your use of our Services – including our Website – and information we obtain from third parties.

a. Information You Give Us

We collect information that you decide to share with us. At times, we may require you to provide certain information – including Personal Information – in order to use certain parts of our Website, fulfill your requests with us, or provide you with certain Services. For instance, we may require you to provide your name, email address or other contact information when you contact us with a question or comment. Additionally, we may need you to provide certain Personal Information to use other portions of our Services.

b. Information We Obtain When You Use Our Services

As noted above, we collect certain information from you through your use of our Services, such as Usage Data. For instance, in using our Website, we may collect information about the device you use to log into, access, and use the Website. We may collect other Generic Information in relation to how you use our Website or other Services (for example, aggregate metrics on how often certain pages on our Website are accessed and viewed). We also may collect information through the use of cookie, pixel tags, or other technologies, as described above.

c. Information We Obtain from Third Parties

We may also obtain information about you from our third party service providers who help us provide our Services to you.

IV. Purposes for Collecting, Processing, and Using Your Information

SBHC collects, processes (or asks our service providers to process on our behalf), and uses your information to provide the Services we make available to you. We therefore will collect and use your information for a variety of reasons, including:
  • To perform a contract with you, or provide those Services you have requested of SBHC.
  • You have otherwise given us your consent and permission to do so.
  • The collection and processing is in our legitimate interests or the legitimate interests of a third party, and is not outweighed by any applicable rights you may have. For instance, we may use your information to assist with fraud prevention, improve the security of our networks, assist with enhancing the physical security of our customers, and reporting suspected criminal activity to law enforcement. We may also use your information in relation to certain direct marketing events.
  • To comply with applicable laws, in response to a lawful and enforceable request by a law enforcement, judicial, or other public authority, or in connection with an applicable legal obligation.

V. How We Use Your Information

As noted elsewhere in this Privacy Policy, SBHC uses your information to provide our Services to you. Such general uses include, but are not limited to:
  • Enhancing user experience and functionality on our Website;
  • To provide and maintain our Services;
  • To notify you about a change to our Services;
  • To provide appropriate information to ensure the health and wellness of our clients;

VI. How We Disclose or Share Your Information

SBHC does not and will not sell your personal information Please note that SBHC may disclose your information in a number of ways in furtherance of our Services to you. For instance, we may share you information with other healthcare providers to ensure that all necessary information is transferred to facilitate necessary treatment and care. We may also disclose or share your information for the following purposes:
  • To comply with a legal obligation;
  • To prevent or investigate wrongdoing or mistakes in connection with our Services;
  • To protect against legal liability;
  • When there is a good faith belief that such action is necessary to investigate or protect against harmful activities to our guests, visitors, associates, or property, or to others (including SBHC itself). This may include disclosures to law enforcement to investigate potential criminal activity or other civil violations.

VII. Security of Data

SBHC takes reasonable, technical, organization, and other measures to protect the personal information we collect from being subject to accidental or unlawful destruction, accidental loss or alteration, disclosure without authorization, and any other unlawful actions taken against otherwise protected information. Moreover, SBHC takes all judicious legal, technical, and organizational measures reasonably necessary to ensure that all personal information is handled with a sufficient level of security. Furthermore, SBHC takes all reasonable measures to protect personal information when it is shared with third parties. Despite the security measures taken, SBHC cannot guarantee the protection of the data you provide to us.

VIII. Your Data Protection and Privacy Rights Under the California Consumer Privacy Act (“CCPA”)

California Residents. SBHC takes reasonable steps to allow you to exercise your rights pursuant to CCPA. As such, where applicable under relevant law, you are entitled to the following[Moran, Th1] :
  • Right to Access / Disclosure: The right to have access to your Personal Information upon simple request – that is, you may receive a copy of such data upon receipt of a verifiable request, along with other information related to the processing.
  • Disclosure of Direct Marketers: The right to have access upon simple request, and free of charge, the categories and names of addresses of third parties that have received Personal Information for direct marketing purposes. SBHC does not disclose your personal information to direct marketers.
  • Selling, Sharing, or Disclosing Personal Information: Upon receipt of a verifiable request, to obtain a list of:
    • The categories of Personal Information collected about you, sold to third parties, or disclosed to third parties for business purposes;
    • The categories of Personal Information sold within the last 12 months;
    • The categories of sources from which Personal Information is collected;
    • The business or commercial purpose for collecting or selling Personal Information; and
    • The categories of third parties with whom Personal Information is shared, sold, or disclosed for a business purpose.
  • Right to Correction: The right to correct your Personal Information if you find it is inaccurate, incomplete or obsolete.
  • Right to Deletion / “Right to be Forgotten”: The right to obtain the deletion of your Personal Information in the situations set forth by applicable data protection law. This right does not apply to many situations involving medical information where treatment is still ongoing or the information is otherwise necessary.
  • Withdraw of Consent to Processing: The right to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Information has been collected and processed based on your consent and not any other basis.
  • Right to Object: The right to object to the processing of your Personal Information under certain circumstances, in which case we may ask you to justify your request by explaining to us your particular situation.
  • Right to Restrict Processing: The right to request limits to the processing of your data, when allowed by and in circumstances set forth under applicable law.
  • Right to Data Portability: The right to have your Personal Information directly transferred by us to a third-party processor of your choice (where technically feasible; may be limited to situations when processing is based on your consent).
  • Right to Non-Discrimination: As defined under relevant law, you have a right to non-discrimination in the Services or quality of Services you receive from us for exercising your rights.
Please contact us using the information in the “Contact Information” section at the very bottom of this document, in relation to exercising these rights.

IX. Exercising Your CCPA Rights

a. Access to Specific Information

California residents have the right to request information from us regarding the manner in which we share certain categories of personal information with this parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address at the conclusion of this policy. You may request the following information: 1. The categories of personal information we collected about you. 2. The categories of sources for the personal information we collected about you. 3. Our business or commercial purpose for collecting that personal information. 4. The categories of third parties with whom we share that personal information. 5. The specific pieces of personal information we collected about you (also called a data portability request). 6. If we disclose or sell your information for a business purpose, you have the right to identify the personal information categories that each category of recipient obtained.

b. Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to limited exceptions. Once we receive a verifiable request, and determine that it is not subject to an exceptions, we will delete your personal information from our records. Please note, personal information involved in the ongoing treatment of our patients, with SBHC or elsewhere, will not be subject to deletion. Moreover, we may deny your deletion request if retaining the information is necessary for us or any applicable third party to: 1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; 2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; 3. Debug products to identify and repair errors that impair existing intended functionality; 4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law; 5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.); 6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent; 7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us; 8. Comply with a legal obligation; Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

c. Making a Request

To exercise the access or deletion rights listed above, please submit a verifiable consumer request to us by either:
  • Write to: Privacy Officer, Summit BHC, 501 Corporate Centre Dr #600, Franklin, TN 37067.
  • Making a request here.
Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests not submitted through one of the above-listed methods of communication. Your request will only be processed if you are a California resident, and your identity can be verified. Furthermore, the CCPA does not apply to healthcare or employee information.

X. Notice of Privacy Practices

We are a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”) and are also subject to other federal and state laws governing the privacy and confidentiality of certain types of health information.  When more than one law applies, we comply with the law that provides greater protection to your information.  Some health information we may receive about you is protected by additional federal laws which provide greater privacy protections than HIPAA.  This includes records related to substance use disorder (“SUD”) treatment that are protected under federal law, 42 CFR Part 2. The standards that apply to records covered under 42 CFR Part 2 identifying an individual as having a substance use disorder (“Part 2 Covered Information”) often vary from the standards that apply to other health information. This notice describes your rights relating to both Part 2 Covered Information and other health information. Except as otherwise outlined below in the section entitled, “Special Terms for Confidentiality of Part 2 Covered Information,” the rights, uses and disclosures, and duties provided below apply both to Part 2 Covered Information and other health information about you. Your Rights When it comes to your health information, you have certain rights. This section explains your rights with respect to your health information. Obtain an electronic or paper copy of your medical record
  • You can ask to inspect or obtain an electronic or paper copy of your medical record and other health information we have about you. We may deny your request in certain very limited circumstances as described in more detail herein.  If you are denied access to health information, you generally may request that the denial be reviewed by another licensed health care professional.  We will comply with the outcome of the review. For more information on how to request a copy of your medical record, please contact the Privacy Officer.
  • Any copy or summary of your health information may be subject to a reasonable, cost-based fee.
Ask us to correct your medical record
  • You can ask us to correct or update your health information if you think it is incorrect or incomplete. To request an amendment, your request must generally be made in writing and submitted to the Privacy Officer at the address set forth in this notice. For more information on how to amend your record, please contact the Privacy Officer.
  • We may say “no” to your request, but we will tell you why in writing within 60 days.
Request confidential communications
  • You can ask us to contact you in a specific way (for example, mobile or office phone) or to send mail to a different address. To request confidential communications, you must make your request in writing to the Privacy Officer.
  • We will comply with a reasonable request for specific means of communication.
Ask us to limit what we use or share
  • You have the right to request that we restrict how your health information is used or disclosed in carrying out treatment, payment, or our health care operations. Except for Part 2 Covered Information and as otherwise described below, we are not required to agree to your request, and we may say “no” if, for example, it would be harmful or affect your care. If we do agree to a request, we will comply with your request unless the information is needed to provide you emergency treatment or the disclosure is otherwise required by law. To request restrictions, you must make your request in writing to the Privacy Officer.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information with a health plan for the purpose of payment or health care operations.
Get a list of those with whom we have shared your health information
  • You can ask for a list (accounting) of the times we have shared your health information for six years prior to the date you ask, with whom we shared it, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We will provide one accounting per year for free but may charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this Notice
  • You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. Copies of this notice will also be available in a prominent location on our website, posted prominently in our service delivery sites, and available for you to take with you upon request.
Choose someone to act for you
  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can typically exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
  • You can complain if you feel we have violated your rights by contacting the Privacy Officer as explained at the end of the notice.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696­-6775, or visiting hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not retaliate against you for filing a complaint.
Your Choices For certain health information, you can tell us your choices about what we share.  If you have a clear preference for how we share your information in the situations described below, let us know. In the following cases, you have both the right and choice to tell us to:
  • Share information with your family, close friends, or others involved in your care, or payment for your care
  • Share information in a disaster relief situation
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest.  We may also share your information when needed to lessen a serious and imminent threat to health or safety. Requirements of Other Laws Some state and federal laws provide even greater rights, including more favorable access and amendment rights, as well as protection for particularly sensitive information. Such information includes HIV/AIDS-related information, alcohol and substance abuse treatment information, mental health information (including psychotherapy notes), and genetic information. Uses and disclosures of this information will be made only in accordance with applicable law, including by obtaining your written authorization for use and disclosure when legally required. Our Uses and Disclosures We typically use or share your health information in the following ways: Provide treatment
  • We may use or disclose health information to provide treatment.
  • For example, a doctor treating you for an injury may ask us about your overall health condition and prior treatments, and we may share your information to assist with your care.
Run our facility
  • We may use or disclose health information to run our facility, improve your care, and contact you when necessary.
  • For example, we may use your health information for business management and general administrative activities, including customer service and resolution of internal grievances.
Obtain payment for our services
  • We may use or disclose your health information to collect payment from third parties, such as your health insurance plan, for the care you receive.
  • For example, we give information about you to your health insurance plan so it will pay for the services we provide to you.
We are allowed or required to share your information in other ways—usually in ways that contribute to the public good, such as public health and research.  We have to meet many conditions in the law before we can share your information for these purposes.  For more information, you can go to this online link: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html for information on privacy protections under the Health Information Portability and Accountability Act (“HIPAA”) and/or https://www.samhsa.gov/about/faqs/confidentiality-regulations for information on 42 CFR Part 2 protections specifically related to Part 2 Covered Information. To avert serious threats and public health and safety issues
  • We may disclose your health information if it is believed that such disclosure is necessary to prevent or lessen a serious or imminent threat to your health or safety or to the health and safety of the public.
  • Where required or permitted by state and federal law, we may disclose health information about you for public health activities such as preventing or controlling disease, injury or disability, reporting births and deaths, reporting child abuse or neglect, reporting reactions to medications or problems with products, notifying people of recalls of products they may be using, and notifying the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make these disclosures if you agree or when required or authorized by law.
Health Oversight Activities
  • We may disclose health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure.  These activities are necessary for the government to monitor the health care system, government Programs, and compliance with civil rights laws.
Conduct research
  • Under certain circumstances, we may use or disclose your information for health research.
Comply with the law
  • We will disclose your health information when we are required to do so by law.
Respond to organ and tissue donation requests
  • We may share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
  • We may share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests/activities
  • We may use or disclose your health information where required or permitted by law:
    • For workers’ compensation claims
    • For law enforcement purposes or with a law enforcement official
    • With health oversight agencies for activities authorized by law
    • For special government functions such as military, national security, and presidential protective services
Respond to lawsuits and legal actions
  • We can share health information about you in response to a court or administrative order, or response to a subpoena, discovery request, or other lawful process. However, records of Part 2 Covered Information, or testimony relaying the content of such records, will not be used or disclosed in civil, criminal, administrative or legislative proceedings against you, absent your specific written consent or a court order accompanied by a subpoena or other similar legal mandate compelling disclosure and, where required by 42 CFR Part 2, after notice and an opportunity to be heard is provided.
Our Responsibilities We are required by law to maintain the privacy and security of your health information, to provide you with notice of our legal duties and privacy practices with respect to records, to follow the duties and privacy practices described in the notice currently in effect, and give you a copy of this notice. Further, we will let you know if a breach compromises your unsecured protected health information (“PHI”) as defined by HIPAA.  We will not use or share your PHI other than as described in this notice unless you tell us we can in writing.  Your written authorization will typically be required for uses and disclosures of psychotherapy notes, for marketing, or involving the sale of PHI.  If you provide us with authorization to use or disclose health information about you, you may revoke that authority, in writing, at any time.  If you revoke your authorization, we will no longer use or disclose health information about you for the reasons covered by your written authorization except to the extent we have already relied upon your authorization. You understand that we are unable to take back any disclosures we have already made in reliance upon your prior authorization, and that we are required to retain our records of the care that we have provided to you. Availability of Language Assistance Services We provide language assistance services and appropriate auxiliary aids and services free of charge, when necessary for compliance with applicable law. Changes to the Terms of this Notice We reserve the right to change the terms of this Notice and such changes will apply to all health information we maintain.  Revised Notices will be available online, at the facility, and upon request. Special Terms for Confidentiality of Part 2 Covered Information (Substance Use Disorder Patient Records under 42 CFR Part 2) The terms below outline special protections that apply to Part 2 Covered Information. The confidentiality of Part 2 Covered Information maintained by a program providing substance use disorder treatment or otherwise characterized as a Part 2 Program under 42 CFR Part 2 (the “Program”) is protected by federal law and regulations. Records of Part 2 Covered Information, or testimony relaying the content of such records, will not be used or disclosed in civil, criminal, administrative or legislative proceedings against you, absent your specific written consent or a court order accompanied by a subpoena or other similar legal mandate compelling disclosure and, where required by 42 CFR Part 2, after notice and an opportunity to be heard is provided. Additional circumstances allowing use and/or disclosure of Part 2 Covered Information without consent include the following:
  • The Program may disclose Part 2 Covered Information between or among personnel having a need for the information in connection with their duties that arise out of the diagnosis, treatment, or referral for treatment of substance use disorders, if communications are within the Program, or between a Program and an entity that has direct administrative management of the Program.
  • The Program may disclose Part 2 Covered Information to a qualified service organization as necessary for the organization to provide services to or on behalf of the Program.
  • We may disclose Part 2 Covered Information to medical personnel of the Food and Drug Administration (FDA) who assert a reason to believe that the health of an individual may be threatened by an error in the manufacture, labeling, or sale of a product under FDA jurisdiction, and that the information would be used for the exclusive purpose of notifying patients or their physicians of potential dangers.
  • In the event of a crime or a threat to commit a crime on the premises of the Program, or against Program personnel, we may disclose Part 2 Covered Information that is directly related to the crime or threat to law enforcement.
  • We may report incidents of suspected child abuse and neglect as required by and in accordance with state law.
  • We may disclose Part 2 Covered Information to medical personnel to the extent necessary to meet a bona fide medical emergency.
  • Subject to certain standards, we may disclose Part 2 Covered Information to qualified personnel for the purpose of conducting scientific research, as determined appropriate by the Program director.
  • We may disclose Part 2 Covered Information to qualified personnel for the purpose of conducting management audits, financial audits, or Program evaluation.
  • Subject to certain standards, we may use and disclose Part 2 Covered Information to audit and evaluate personnel.
  • We may disclose Part 2 Covered Information to federal, state, or local government agencies, and the contractors, subcontractors, and legal representatives of such agencies, in the course of conducting audits or evaluations mandated by statute or regulation, if those audits or evaluations cannot be carried out using deidentified information.
  • We may use and disclose Part 2 Covered Information for the purpose of conducting a Medicare, Medicaid, or Children’s Health Insurance Program (CHIP) audit or evaluation, including an audit or evaluation necessary to meet the requirements for a Centers for Medicare & Medicaid Services (CMS)-regulated accountable care organization (CMS-regulated ACO) or similar CMS-regulated organization (including a CMS- regulated Qualified Entity (QE)).
  • For any period for which the Program director determines that a patient, other than a minor or a patient who has been adjudicated as lacking capacity to make health care decisions, suffers from a medical condition that prevents knowing or effective action on his or her own behalf, the Program director may exercise the right of the patient to consent to a disclosure for the sole purpose of obtaining payment for services from a third party payer.
  • We may make certain disclosures of Part 2 Covered Information for purposes of preventing multiple enrollments in withdrawal management and maintenance treatment Programs, and may make certain disclosures to the criminal justice system where the patient was required to obtain treatment at the facility/department as a condition of the patient’s disposition in a criminal proceeding, parole or release from custody.
  • Under certain circumstances, we may disclose facts relevant to reducing a substantial threat to the life or physical well-being of a minor patient to the parent, guardian, or other person authorized under state law to act in the minor’s behalf.
  • We may disclose Part 2 Covered Information relating to the cause of death of a patient to the extent required by laws relating to the collection of death statistics/information or other vital statistics or permitting inquiry into the cause of death.
With the written consent of the patient and/or the patient’s authorized representative, we may use and disclose Part 2 Covered Information as follows:
  • We may use and disclose information in accordance with that consent to any person or category of persons identified or generally designated in the consent, except that disclosures to central registries and in connection with criminal justice referrals must meet the special requirements below. For example, if you authorize disclosure to treating physicians, we may disclose Part 2 Covered Information to any physician that may provide treatment to you.
  • If a single consent is signed for all future uses and disclosures for treatment, payment, and health care operations, the Program and any HIPAA covered entity or business associate may use and disclose Part 2 Covered Information for treatment, payment, and health care operations as permitted by the HIPAA regulations, until the patient revokes the consent in writing. For example, if you are admitted to a hospital after discharge from the Program, this consent would allow the Program to disclose Part 2 Covered Information to that hospital for your future treatment. This consent would also allow that hospital, for example, to disclose Part 2 Covered Information to physicians providing you care during that hospital admission and to your primary care physician and others, consistent with HIPAA, but the hospital would not be permitted to disclose those records for civil, criminal, administrative, and legislative proceedings against you. If the recipient of the Part 2 Covered Information is not a covered entity or business associate under HIPAA, the recipient may further disclose those records consistent with the consent. Additional examples of uses and disclosures for treatment, payment and health care operations are set forth above, and we refer you to those examples.
  • With written consent, the facility may disclose Part 2 Covered Information to a central registry or to any withdrawal management or maintenance treatment Program not more than 200 miles away for the purpose of preventing multiple enrollments. For example, with written consent, we may disclose Part 2 Covered Information to a central database identified in the consent that is established to avoid circumstances where the patient is enrolled in multiple withdrawal Programs. These disclosures are intended to avoid risks of overdose and similar risks that can arise where a patient is enrolled in multiple Programs.
  • With written consent, we may disclose information from a record to those persons within the criminal justice system who have made participation in the Program a condition of the disposition of any criminal proceedings against the patient or of the patient’s parole or other release from custody. For example, if the patient agreed to enroll in the Program and consents to disclosure of Part 2 Covered Information as part of an agreement with the criminal justice system to consent to parole rather than imprisonment, and the patient consents to the disclosure, the Program may disclose information consistent with that consent.
  • With written consent, the Program and other lawful holders of Part 2 Covered Information may report any substance use disorder medication prescribed or dispensed by the Program to the applicable state prescription drug monitoring Program if required by applicable state law. State prescription drug monitoring Programs are designed to facilitate coordination of care and to avoid risks of overdose and inappropriate use of narcotics.
A patient may provide a single consent for all future uses or disclosures for treatment, payment, and health care operations purposes. The Program will make uses and disclosures of Part 2 Covered Information not described in this notice only with the written consent of the patient or the patient’s authorized representative. A patient may revoke consent in writing, except to the extent that the Program or other lawful holder of patient identifying information that is permitted to make the disclosure has already acted in reliance on it. If you wish to revoke consent, you must notify the Privacy Officer in writing. Program records that are disclosed to another substance use disorder Program, covered entity, or business associate pursuant to the patient’s written consent for treatment, payment, and health care operations may be further disclosed by that Part 2 Program, covered entity, or business associate, without the patient’s written consent, to the extent the HIPAA regulations permit the disclosure. You have a right to request restrictions of disclosures of Part 2 Covered Information made with prior consent for purposes of treatment, payment, and health care operations. You have a right to request and obtain restrictions of disclosures of Program records with Part 2 Covered Information to your health plan for those services for which you have paid in full. You have a right to request an accounting of disclosures of your electronic records with Part 2 Covered Information for the past 3 years, an accounting of disclosures of your records with Part 2 Covered Information by an intermediary for the past 3 years (for example, a health information exchange if you have consented to the Program disclosing Part 2 Covered Information to the health information exchange), and an accounting of disclosures of your records with consent as provided under HIPAA. You have a right to discuss this notice with our Privacy Officer. Contact information for the Privacy Officer is provided below.

XI. Links to Other Sites

Our Privacy Policy is designed to advise you about how we collect, use, protect, and disclose the information that we collect and/or receive about you. However, our website may also contain links that lead to websites neither owned nor operated by us. As such, this Privacy Policy does not govern the practices of third parties, including partners, third-party service providers, and/or advertisers, even when those services are provided on our behalf or in partnership with us. Information gathered about you by others are governed by those distinct entities’ privacy policies. Therefore, we strongly recommend that you review the privacy policy of every website you visit. We exercise no control over and assume no responsibility for the content, privacy policies or practices of any third party site or services.

XI. Changes to Our Privacy Policy

We reserve the right to amend this privacy notice at our discretion and at any time.

XIII. Contact Information

If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us by mailing: Privacy Officer, Summit BHC, 501 Corporate Centre Dr #600, Franklin, TN 37067. You can also contact the Privacy Officer through the confidential website at summitbhc.ethicspoint.com or phone number (844) 920-1197.
Scroll to Top