WEBSITE PRIVACY POLICY

This Policy was last updated on June 25, 2021.

INTRODUCTION

JourneyPure (referred to herein as “JourneyPure,” “we,” “us,” and “our”) is committed to protecting the privacy and security of the information we collect, use, share, and otherwise process as part of our operations. We also believe in transparency, and we are committed to informing you about how we treat your information.

Our “Notice of Privacy Practices” describes how Protected Health Information (PHI) about you may be used and disclosed and the rights you have regarding that information. This Policy serves a different purpose, and it applies to information that is not PHI, which we may collect when you visit our website, https://journeypure.com/ (JourneyPure). This Policy does not apply to PHI. (See below “Notice of Privacy Practices for PHI information).

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR INFORMATION AND WHAT CHOICES AND RIGHTS YOU HAVE IN THIS REGARD. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE THE SITE.

THIS SITE IS INTENDED FOR USERS LOCATED IN THE UNITED STATES, AND IT IS NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA. BY USING THIS SITE, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING THE SITE FROM WITHIN THE UNITED STATES.

WHAT INFORMATION DO WE COLLECT?

We collect and use the following information from you for the purposes set forth in the “How Do We Use Your Information” section of this Policy. We may also share this information as set forth in the “How Do We Share Information” section below. However, any information that is PHI is governed by our Notice of Privacy Practices and is not subject to the Policy.

Category Description of Data

When you visit the Site, we may ask you for your name, telephone number, email address, or other contact details. Depending on the context in which we collect this information, this information may be PHI.

Cookies and Similar

We use cookies and similar technologies when you visit the Site. Please see the “Cookies and Similar Technologies” section of this Policy for information regarding these technologies and how we use them. If you choose to disable cookies and similar technologies, some features of the Site may not work properly.

Technical Data and Location Information

When you visit the Site, we automatically collect information from your browser or your mobile device, which includes [the date and time of your visit, your Internet Protocol (IP) address or device identifier, your browser type, your device type, your location, your operating system, your internet service provider (ISP), URLs of any referring or exited webpages, your domain server, data about which pages you visit, and information about your interaction with the Site]. To learn more about our collection of technical data, please see the “Cookies and Similar Technologies” section of this Policy.

Email Interconnectivity

If you receive email communications from us, we use certain tools to capture [data related to if/when you open our message and if/when you click on any links or banners it contains]. Other information collected through this email tracking feature includes: [your email address, the date and time of your “click” on the email, a message number, the name of the list from which the message was sent, a tracking URL number, and a destination page].

Dynamic Telephone

The telephone number(s) displayed on the Site are dynamic, and different numbers appear depending on how you first arrive at the Site. This information is created and stored via cookies and similar technologies. When you call us, we collect your name, phone number, city, the length of our call, and information about how you came to our site based on the dynamic number that you dial. Depending on the context in which we collect this information, this information may be PHI.

Chat Function

We use a chat widget through which you can communicate with a member of our admissions team. We will collect your email address, and you may provide other information as you deem appropriate. Depending on the context in which we collect this information, this information may be PHI.

Cookies and Similar Technologies

1. First-Party and Third-Party Cookies

A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website.

First-party cookies are set by the Site, and they can only be read by the Site. Third-Party Cookies are set by a party other than us. The information collected via cookies on the Site includes: [browsing history; search history; internet service provider (ISP); type of computer; type of web browser; URLs of any referring or exited webpages; operating system; information about your interaction with the Site or advertisements on it; data about which pages you visit; the date and time of your visit; your domain server; and your browser type].

2. Similar Technologies

In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with the Site:

• Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisible on web pages when you open a page.
• Social Widgets: These are buttons or icons provided by third-party social media providers that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
• UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the HTTP or HTTPS address entered to go to a web page) when you move from one webpage or website to another, where the string can represent information about browsings, such as which advertisement, page, or publisher sent the user to the receiving website.

We use Google Tag Manager, which allows marketed website tags to be managed using an interface. The tool itself (which implements the tags) is a cookie-less domain and does not register identifiable data. The tool causes other tags to be activated which may, for their part, register personal data under certain circumstances. Google Tag Manager does not access this information. Google Tag Manager is subject to the Google Privacy Policy located https://www.google.com/intl/en/policies/privacy/.

We use Google Analytics to collect and process statistical data about the number of people using the Site and to better understand how they find and use our web pages. Any data collected is used in accordance with this Privacy Policy and Google’s privacy policy. You may learn more about Google Analytics and the cookies used by Google by visiting https://www.google.com/policies/privacy/partners/ and https://support.google.com/analytics/answer/6004245. You can learn more about Google’s restrictions on data use by visiting the Google Privacy Policy at: https://www.google.com/policies/privacy. To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout and install the opt-out browser add-on feature. For more details, visit the “Google Analytics opt-out browser add-on” page (located at https://support.google.com/analytics/answer/181881).

We use DoubleClick, an ad-serving service provided by Google. DoubleClick uses cookies to personalize ads. Your browser is assigned a pseudonymous ID used to track the ads that have been served to your browser and to identify those on which you’ve clicked. The cookies enable Google and its partners to select and display ads based on your browsing behavior. For more information about how Google uses this information, visit https://support.google.com/admanager/answer/7670381. To block certain ads served by Google, please visit https://support.google.com/ads/answer/2662922.

We use Facebook Connect to track Facebook ad-driven visitor activity on the Site. Facebook Connect also gives you the option to post information about your activities to your profile page to share with others within your network by using a single sign-in service to authenticate your identity. You may learn more about Facebook Connect by visiting https://www.facebook.com/policy.php, where you can also find instructions for opting out of receiving advertisements.

3. Other Third-Party Technologies

Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.

4. Choices About Cookies

We provide you with choices regarding the information you provide to us, and we have created ways to give you control over your information. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may [choose to not allow cookies via the cookies consent banner or] set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. You may adjust your browser settings to opt-out of accepting a “persistent” cookie and to only accept “session” cookies, but you will need to log in each time you want to enjoy the full functionality of the Site.

Please be aware that, if you decline the use of cookies, you may not have access to the full benefits of the Site. In addition, adjusting the cookie settings on the Site may not fully delete all of the cookies that have already been created. To delete them, visit your web browser settings after you have changed your Cookie Settings on the Site. Additional information is provided below about how to disable cookies or manage the cookie settings for some of the leading web browser providers:

• Google Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
• Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471

To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website at: https://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html.

For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices/, and http://youronlinechoices.eu/.

HOW DO WE USE YOUR INFORMATION

Our Notice of Privacy Practices describes how we may use PHI. Where the data is not PHI, we may use the types of information listed above in order to:

• Comply with federal, state, or local laws;
• Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
• Cooperate with law enforcement agencies;
• Exercise or defend legal claims;
• Honor our Terms of Use https://journeypure.com/terms-of-use/
• Provide you with the services you have requested;
• Detect fraud and prevent loss;
• Contact you about services that may be of interest to you;
• Establish and maintain your user account with us;
• Manage our relationship with you;
• Allow you to contact us and facilitate your communication with us;
• Respond to your feedback, requests, questions, or inquiries;
• Provide you more tailored advertising;
• Operate the Site and prepare aggregate traffic information;
• Determine and track customer interests, needs, and preferences;
• Improve our customer service and marketing efforts;
• Operate our business;
• Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers;
• Ensure the safety of person or property;
• Recognize your browser/device and remember your preferences and interactions;
• Operate, enable, and improve the Site and its content/functionality;
• Understand how you interact with the Site and enhance your experience on the Site by providing a more personal and interactive experience;
• Track visits to the Site and usage analytics (e.g. page response times, download errors, length of visit, webpages visited, etc.);
• Track telephone calls and call metrics via dynamic telephone numbers;
• Manage and maintain the security of the Site; and
• Provide notice of changes to the Site or the services we offer or provide though it.

HOW DO WE SHARE AND DISCLOSE YOUR INFORMATION?

Our Notice of Privacy Practices describes how we may disclose PHI. Where the data is not PHI, we may use the types of information listed above in order to:

Category Disclosure Contexts

Subsidiaries and Acquisitions – We may share your information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys, and agents. In addition, we may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us about the Site’s users is among the assets transferred. For example, if another company acquires us, we will share your information with that company.

Disclosures With Your Consent – We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your information in this context with your consent.

Disclosures Without Your Consent – We may disclose your information in response to subpoenas, warrants, court orders, or other legal processes, or to comply with relevant laws. We may also share your information in order to establish or exercise our legal rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, the safety of person or property, or a violation of our Terms of Use https://journeypure.com/terms-of-use/.

Service Providers – We may share your information with our service providers that need access to your information to provide operational or other support services on our behalf. Among other things, service providers may help us to administer the Site; support our provision of services requested by you; provide technical support; send marketing, promotions, and communications to you about our services; and assist with other legitimate purposes permitted by law.

HOW LONG DO WE STORE YOUR INFORMATION?

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (“Notice”) is given to you by JourneyPure to describe the ways in which we may use and disclose your medical information (called “protected health information” or “PHI”) and notify you of your rights with respect to PHI in the possession of JourneyPure. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition; the provision of health care products and services to you; or the payment for such services.

JourneyPure has designated itself as a hybrid entity under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and this Notice applies to those functions of JourneyPure that have been designated as being covered by HIPAA. As a result, this Notice only applies when JourneyPure is providing treatment.

JourneyPure is committed to protecting the privacy of PHI, which is protected from disclosure by state and federal law. In certain circumstances, pursuant to this Notice, patient authorization, or applicable laws and regulations, PHI can be used by JourneyPure or disclosed to other parties. The categories below describe these uses and disclosures and include some examples to help you better understand each category.

JourneyPure is required by law to maintain the privacy of your PHI, to provide individuals with notice of the legal duties and privacy practices with respect to PHI, and to abide by the terms described in this Notice. JourneyPure reserves the right to change the terms of this Notice and its privacy policies and to make the new terms applicable to all of the PHI it maintains. Before JourneyPure makes an important change to its privacy policies, we will promptly revise this Notice and post the new Notice in registration areas and online.

Uses and Disclosures of PHI for Which Authorization is Not Required

JourneyPure may use or disclose your PHI for purposes of treatment, payment, and health care operations, as described in more detail below, without obtaining written authorization from you. The protections afforded to substance use disorder information are discussed in the “Your Rights Related to Substance Use Disorder Records” section below.

FOR TREATMENT: JourneyPure may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities at another healthcare facility. These types of uses and disclosures may take place between physicians, nurses, technicians, students, and other health care professionals who provide your health care services or are otherwise involved in your care. For example, if you are being treated by a primary care physician, JourneyPure may need to disclose PHI to that physician when we consult regarding your condition.

FOR PAYMENT: JourneyPure may use and disclose PHI in order to collect payment for the health care services provided to you. For example, JourneyPure may need to give PHI to your health plan in order to be reimbursed for the services provided to you. JourneyPure may also disclose PHI to business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. JourneyPure may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans.

FOR HEALTH CARE OPERATIONS: JourneyPure may use and disclose PHI as part of its operations, including for quality assessment and improvements, such as evaluating the treatment and services you receive and the performance of our staff in caring for you. Other activities include training, underwriting activities, compliance and risk management activities, planning and development, as well as management and administration. JourneyPure may disclose PHI to doctors, nurses, technicians, students, attorneys, consultants, accountants, and others for review and learning purposes. These disclosures help make sure that JourneyPure is complying with all applicable laws and is continuing to provide health care to patients at a high level of quality. JourneyPure may also disclose PHI to other health care facilities and plans for certain of their operations, including their quality assessment and improvement activities, credentialing, peer review activities, and health care fraud and abuse detection or compliance, provided that those other facilities and plans have, or have had in the past, a relationship with the patient who is the subject of the information.

In addition to using or disclosing PHI for treatment, payment, and health care operations, JourneyPure may use and disclose PHI without your written authorization under the following circumstances:

BUSINESS ASSOCIATES: JourneyPure may use or disclose your PHI with outside companies that perform services for us, such as accreditation, legal, computer, or auditing services. These outside companies are called “Business Associates,” and they are required by HIPAA and by contract to keep your PHI confidential.

INDIVIDUALS INVOLVED IN YOUR CARE: JourneyPure may share your PHI with a family member, guardian, or other individuals who are involved in your care, or who help pay for your care. If you have any objection to sharing your PHI in this way, please contact JourneyPure’s Privacy Official, whose contact information is listed at the end of this Notice.

TO YOU OR YOUR PERSONAL REPRESENTATIVE: JourneyPure may disclose your PHI to you or to a representative that is appointed by you or designated by applicable law.

AS REQUIRED BY LAW AND LAW ENFORCEMENT: JourneyPure may use or disclose PHI when required by law. JourneyPure may also disclose PHI when ordered to do so in judicial or administrative proceedings; in response to subpoenas or discovery requests; to identify or locate a suspect, fugitive, material witness, or missing person; when dealing with gunshot and other wounds; when about criminal conduct; to report a crime, its location, the victims, or the identity, description, or location of a person who committed a crime; or for other law enforcement purposes.

JUDICIAL AND ADMINISTRATIVE PROCEEDINGS: Your PHI may be disclosed in response to a court or administration order, subpoena, discovery request, or other lawful processes.

FOR PUBLIC HEALTH ACTIVITIES AND PUBLIC HEALTH RISKS: JourneyPure may disclose PHI to government officials in charge of collecting information about births and deaths; preventing and controlling disease; reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence; reactions to medications; or product defects or problems. JourneyPure may also disclose PHI to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.

FOR HEALTH OVERSIGHT ACTIVITIES: JourneyPure may disclose PHI to the government for oversight activities authorized by law, such as audits; investigations; inspections; licensure or disciplinary actions; and other proceedings, actions, or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.

CORONERS, MEDICAL EXAMINERS, AND FUNERAL DIRECTORS: JourneyPure may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.

ORGAN, EYE, AND TISSUE DONATION: JourneyPure may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.

RESEARCH: Under certain circumstances, JourneyPure may use and disclose PHI for medical research purposes. A researcher may have access to information that identifies you only through the special review process, or with your written permission. In addition, researchers may contact patients regarding their interest in participating in certain research studies. Researchers may only contact you if they have been given the approval to do so by the special review process. You will only become a part of one of these research projects if you agree to do so and sign a consent form.

TO AVOID A SERIOUS THREAT TO HEALTH OR SAFETY: JourneyPure may use and disclose PHI to law enforcement personnel or other appropriate persons in order to prevent or lessen a serious threat to the health or safety of a person or the public.

SPECIALIZED GOVERNMENT FUNCTIONS: JourneyPure may use and disclose PHI of military personnel and veterans under certain circumstances as required by military command authorities. JourneyPure may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities; for the provision of protective services to the President or other authorized persons or foreign heads of state; or to conduct special investigations.

WORKERS’ COMPENSATION: JourneyPure may disclose PHI to comply with workers’ compensation or other similar laws that provide benefits for work-related injuries or illnesses.

HEALTH-RELATED BENEFITS AND SERVICES; LIMITED MARKETING ACTIVITIES: JourneyPure may use and disclose PHI to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs.

DISASTER RELIEF: JourneyPure may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.

DISCLOSURES FOR HIPAA COMPLIANCE INVESTIGATIONS: JourneyPure must disclose your PHI to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate compliance with privacy regulations issued under HIPAA.

Other Uses and Disclosures of PHI for Which Authorization Is Required

Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which you have the limited right to revoke in writing. Your PHI may not be used or disclosed for marketing purposes or sold by JourneyPure without your prior written authorization. If you sign a written authorization permitting uses and disclosures of your PHI other than those described in this Notice, you may revoke your authorization by submitting a written request to JourneyPure’s Privacy Official at any time. However, JourneyPure is unable to retract or invalidate any uses or disclosures that were made with your permission before you revoked your authorization.

HIPAA provides additional protection for psychotherapy notes, and most uses or disclosures of psychotherapy notes require your written permission. Psychotherapy notes are the personal notes of mental health professionals about a private or group counseling session.

In addition, other types of information may have greater protection under federal or state law, such as certain drug and alcohol information (discussed in more detail below), HIV/AIDS and other communicable disease information, genetic information, mental health information, or information about developmental disabilities. For this type of information, we may be required to get your written permission before disclosing it to others. We may seek that permission in our intake forms if permitted by law. If you have any questions about this, please contact JourneyPure’s Privacy Official, whose contact information is provided at the end of this Notice.

You have the following rights regarding your PHI

You have the following rights regarding your PHI. All requests must be submitted in writing to JourneyPure’s Privacy Official. Please contact the Privacy Official for additional information regarding any of these rights. The contact information for the Privacy Official can be found at the end of this Notice.

You may request that JourneyPure restrict the use and disclosure of your PHI. JourneyPure is not required to agree to any restrictions you request; but, if we do, we will be bound by the restrictions to which we agree, except in emergency situations. To request restrictions, you must make your request in writing. In your request, you must tell us: (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse).

You have the right to request that communications of PHI to you from JourneyPure be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be in writing and sent to the Privacy Official. JourneyPure will accommodate your reasonable requests without requiring you to provide a reason.

Generally, you have the right to inspect and/or copy your PHI in the possession of JourneyPure within a Designated Record Set. JourneyPure will inform you of the extent to which your request has or has not been granted. In some cases, JourneyPure may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, JourneyPure may impose a reasonable fee to cover copying, postage, and related costs. If JourneyPure denies access to your PHI, we will explain the basis for the denial and your opportunity to have the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official. If JourneyPure does not maintain the PHI you request, but we know where that PHI is located, we will tell you how to redirect your request.

If you believe that your PHI, maintained by JourneyPure in a Designated Record Set, contains an error or needs to be updated, you have the right to request that JourneyPure correct or supplement your PHI. Your request must be made in writing, and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), JourneyPure will inform you of the extent to which your request has or has not been granted. JourneyPure generally can deny your request if your request relates to PHI that (i) is not created by JourneyPure; (ii) is not part of the records JourneyPure maintains; (iii) is not subject to being inspected by you; or (iv) is accurate and complete. If your request is denied, JourneyPure will give you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) submit a request that any future disclosures of the relevant PHI be made with a copy of your request and JourneyPure’s denial attached if you do not file a statement of disagreement; and (iii) complain about the denial.

You generally have the right to request and receive a list of certain types of disclosures of your PHI that JourneyPure has made during the six (6) years prior to your request. The list will not include disclosures (i) for which you have provided a written authorization; (ii) for treatment, payment, and health care operations; (iii) made to you; (iv) for a JourneyPure patient directory or to persons involved in your health care; (v) for national security or intelligence purposes; (vi) to correctional institutions or law enforcement officials; or (vii) of a limited data set. You should submit any such request to the Privacy Official, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), JourneyPure will respond to you regarding the status of your request. JourneyPure will provide the first accounting you request in any 12-month period free of charge. JourneyPure may impose a reasonable, cost-based fee for each subsequent request for accounting within the 12-month period. JourneyPure will notify you of the fee in advance and provide you with an opportunity to withdraw or modify your request.

You have the right to receive PHI in an electronic format if electronic medical records are in use in the facility.

You have the right to receive a paper copy of this notice upon request even if you have agreed to receive this notice electronically. You can view a copy of this notice on our website. To obtain a paper copy of this notice, please contact the Privacy Official, whose contact information is provided at the end of this Notice.

You have the right to receive notice in the event of a breach of confidentiality. As required by law, JourneyPure will notify you of any breach of your PHI that is unsecured, as defined by law

You have the right to opt out of fundraising communications.

You have the right to restrict disclosures of PHI to health plans if you have paid for services out of pocket in full.

Your Rights Related to Substance Use Disorder Records

Federal law and regulations, 42 USC § 290dd-2 and 42 CFR Part 2 provide additional protections for the confidentiality of information related to the diagnosis, treatment, and referral for treatment or prevention of substance use disorders. Generally, JourneyPure will not disclose to anyone outside the program that a person attends the program or disclose any protected substance use disorder information identifying an individual without written authorization. JourneyPure may, however, disclose your information pursuant to your written authorization.

In addition, JourneyPure may disclose information identifying an individual as having or having had a substance use disorder without authorization, in the following situations (1) when the disclosure is made to medical personnel in a medical emergency; (2) to law enforcement agencies that are directly related to a patient’s commission or threat of a crime on JourneyPure’s premises or against JourneyPure personnel; (3) when relating to the cause of death of a patient under laws requiring the collection of death or other vital statistics; (4) when the disclosure is made under state law to report suspected child abuse or neglect; (5) when the disclosure is allowed by a court order in limited circumstances; (6) to individuals within the criminal justice system who have made participation in the program a condition of the disposition of a criminal proceeding or of the patient’s parole; (7) to medical personnel of the FDA in limited circumstances; and (8) for audit and evaluation purposes, subject to certain requirements.

The restrictions on disclosure also do not apply to, and JourneyPure may also disclose substance use disorder information through, communications of information between or among personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment of patients with substance use disorders if the communications are either (a) within JourneyPure, or (b) between JourneyPure and an entity that has direct administrative control over the program. Similarly, federal law permits communications between JourneyPure and a “qualified service organization” (QSO) of information needed by the QSO to provide services to JourneyPure.

JourneyPure is required by law to inform you that information related to a patient’s commission of a crime on JourneyPure’s premises or against JourneyPure personnel is not protected and that reports of suspected child abuse and neglect made under state law to appropriate state or local authorities are not protected.

Violation of federal law and regulations by JourneyPure is a crime, and suspected violations with respect to substance use disorder information may be reported to the United States Attorney for the judicial district in which the violation occurs:

Northern District of Florida

• Gainesville: (352) 380-2400
• Panama City: (850) 691-0770
• Pensacola: (850) 435-8440
• Tallahassee: (850) 521-3501

Middle District of Florida

• Fort Myers: (239) 461-2000
• Jacksonville: (904) 549-1900
• Ocala: (352) 369-4860
• Orlando: (407) 835-4200
• Tampa: (813) 301-5400

Western District of Kentucky

• Bowling Green: (270) 393-2500
• Louisville: (502) 625-3500
• Owensboro: (270) 689-4400
• Paducah: (270) 415-6400

Eastern District of Kentucky

• Lexington: (859) 233-2503
• Ashland: (606) 329-2465
• Covington: (859) 392-7925
• Frankfort: (502) 223-5225
• London: (606) 877-7910
• Pikeville: (606) 437-6160

Middle District of Tennessee

• Nashville: (615) 736-5498
• Columbia: (615) 736-5498
• Northeastern: (615) 736-5498

Eastern District of Tennessee

• Greenville: (423) 639-3105
• Knoxville: (865) 545-4228
• Winchester: (931) 967-1444
• Chattanooga: (423) 752-5200

Reporting to the Substance Abuse and Mental Health Services Administration (www.SAMHSA.gov) may also be appropriate.

Patients who have consented to disclose their patient identifying information using a general designation will be provided, upon submitting a written request to the Privacy Official, a list of the entities to which their information has been disclosed pursuant to the general designation. The request must be made in writing and is limited to disclosures made within the last two years. JourneyPure will respond within thirty (30) days and provide the following for each disclosure: the names of the entities to which the disclosure was made, the date of the disclosure, and a brief description of the patient identifying information disclosed.

Changes to this Notice

We reserve the right to change this Notice and make the new Notice apply to information we already have as well as any information we receive in the future. We will post a copy of the new Notice on our website and at our facilities. The Notice will contain the effective date on the final page.

Complaints

You may complain to JourneyPure if you believe your privacy rights with respect to your PHI have been violated by contacting JourneyPure’s Privacy Official, whose contact information provided at the end of this Notice, and submitting a written complaint. JourneyPure will not penalize you or retaliate against you for filing a complaint regarding our privacy practices.

You also have the right to file a complaint with the Secretary of the Department of Health and Human Services. To submit a complaint to the Department of Health and Human Services, you must contact the Office for Civil Rights of the Department of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Avenue, SW, Room 509F, Washington, D.C. 20201. Further information and regional contact information are also available on the Office for Civil Rights’ website at www.hhs.gov/ocr/hipaa.

Contact Information

If you have any questions about this Notice, please contact the Privacy Official at the address or telephone number provided below:

JourneyPure — Nashville Alcohol & Drug Rehab
Attn: Privacy Official
105 Westpark Dr. Suite 450
Brentwood, TN 37027

Effective: November 21, 2019