This Policy was last updated on January 14, 2020.
JourneyPure (referred to herein as “JourneyPure,” “we,” “us,” and “our”) is committed to protecting the privacy and security of the information we collect, use, share, and otherwise process as part of our operations. We also believe in transparency, and we are committed to informing you about how we treat your information.
Our “Notice of Privacy Practices” describes how Protected Health Information (PHI) about you may be used and disclosed and the rights you have regarding that information. This Policy serves a different purpose, and it applies to information that is not PHI, which we may collect when you visit our website, https://journeypure.com/ (JourneyPure). This Policy does not apply to PHI. (See below "Notice of Privacy Practices for PHI information).
THIS SITE IS INTENDED FOR USERS LOCATED IN THE UNITED STATES, AND IT IS NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA. BY USING THIS SITE, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING THE SITE FROM WITHIN THE UNITED STATES.
WHAT INFORMATION DO WE COLLECT?
We collect and use the following information from you for the purposes set forth in the “How Do We Use Your Information” section of this Policy. We may also share this information as set forth in the “How Do We Share Information” section below. However, any information that is PHI is governed by our Notice of Privacy Practices and is not subject to the Policy.
Category Description of Data
When you visit the Site, we may ask you for your name, telephone number, email address, or other contact details. Depending on the context in which we collect this information, this information may be PHI.
Cookies and Similar
Technical Data and Location Information
When you visit the Site, we automatically collect information from your browser or your mobile device, which includes [the date and time of your visit, your Internet Protocol (IP) address or device identifier, your browser type, your device type, your location, your operating system, your internet service provider (ISP), URLs of any referring or exited webpages, your domain server, data about which pages you visit, and information about your interaction with the Site]. To learn more about our collection of technical data, please see the “Cookies and Similar Technologies” section of this Policy.
If you receive email communications from us, we use certain tools to capture [data related to if/when you open our message and if/when you click on any links or banners it contains]. Other information collected through this email tracking feature includes: [your email address, the date and time of your “click” on the email, a message number, the name of the list from which the message was sent, a tracking URL number, and a destination page].
The telephone number(s) displayed on the Site are dynamic, and different numbers appear depending on how you first arrive at the Site. This information is created and stored via cookies and similar technologies. When you call us, we collect your name, phone number, city, the length of our call, and information about how you came to our site based on the dynamic number that you dial. Depending on the context in which we collect this information, this information may be PHI.
We use a chat widget through which you can communicate with a member on our admissions team. We will collect your email address, and you may provide other information as you deem appropriate. Depending on the context in which we collect this information, this information may be PHI.
Cookies and Similar Technologies
1. First-Party and Third-Party Cookies
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website.
First-party cookies are set by the Site, and they can only be read by the Site. Third-Party Cookies are set by a party other than us. The information collected via cookies on the Site includes: [browsing history; search history; internet service provider (ISP); type of computer; type of web browser; URLs of any referring or exited webpages; operating system; information about your interaction with the Site or advertisements on it; data about which pages you visit; the date and time of your visit; your domain server; and your browser type].
2. Similar Technologies
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with the Site:
- Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisible on web pages when you open a page.
- Social Widgets: These are buttons or icons provided by third-party social media providers that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
- UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the http or https address entered to go to a web page) when you move from one webpage or website to another, where the string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
We use Facebook Connect to track Facebook ad-driven visitor activity on the Site. Facebook Connect also gives you the option to post information about your activities to your profile page to share with others within your network by using a single sign-in service to authenticate your identity. You may learn more about Facebook Connect by visiting https://www.facebook.com/policy.php, where you can also find instructions for opting out of receiving advertisements.
3. Other Third-Party Technologies
Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
4. Choices About Cookies
We provide you with choices regarding the information you provide to us, and we have created ways to give you control over your information. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may [choose to not allow cookies via the cookies consent banner or] set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. You may adjust your browser settings to opt-out of accepting a “persistent” cookie and to only accept “session” cookies, but you will need to log in each time you want to enjoy the full functionality of the Site.
To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website at: https://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html.
For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices/, and http://youronlinechoices.eu/.
HOW DO WE USE YOUR INFORMATION
Our Notice of Privacy Practices describes how we may use PHI. Where the data is not PHI, we may use the types of information listed above in order to:
- Comply with federal, state, or local laws;
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
- Cooperate with law enforcement agencies;
- Exercise or defend legal claims;
- Provide you with the services you have requested;
- Detect fraud and prevent loss;
- Contact you about services that may be of interest to you;
- Establish and maintain your user account with us;
- Manage our relationship with you;
- Allow you to contact us and facilitate your communication with us;
- Respond to your feedback, requests, questions, or inquiries;
- Provide you more tailored advertising;
- Operate the Site and prepare aggregate traffic information;
- Determine and track customer interests, needs, and preferences;
- Improve our customer service and marketing efforts;
- Operate our business;
- Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers;
- Ensure safety of person or property;
- Recognize your browser/device and remember your preferences and interactions;
- Operate, enable, and improve the Site and its content/functionality;
- Understand how you interact with the Site and enhance your experience on the Site by providing a more personal and interactive experience;
- Track visits to the Site and usage analytics (e.g. page response times, download errors, length of visit, webpages visited, etc.);
- Track telephone calls and call metrics via dynamic telephone numbers;
- Manage and maintain the security of the Site; and
- Provide notice of changes to the Site or the services we offer or provide through it.
HOW DO WE SHARE AND DISCLOSE YOUR INFORMATION?
Our Notice of Privacy Practices describes how we may disclose PHI. Where the data is not PHI, we may use the types of information listed above in order to:
Category Disclosure Contexts
Subsidiaries and Acquisitions - We may share your information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys, and agents. In addition, we may disclose your information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us about the Site’s users is among the assets transferred. For example, if another company acquires us, we will share your information with that company.
Disclosures With Your Consent - We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your information in this context with your consent.
Service Providers - We may share your information with our service providers that need access to your information to provide operational or other support services on our behalf. Among other things, service providers may help us to administer the Site; support our provision of services requested by you; provide technical support; send marketing, promotions and communications to you about our services; and assist with other legitimate purposes permitted by law.
HOW LONG DO WE STORE YOUR INFORMATION?
Our Notice of Privacy Practices describes how we maintain PHI. Where the information is not PHI, we will retain and use your information for as long as is necessary to (1) fulfill the purposes for which it was collected, (2) comply with our business requirements and legal obligations, (3) resolve disputes, (4) protect our assets, (5) provide our services, and (6) enforce our agreements.
[When we no longer have a reason for retaining your information, we will securely destroy your information in accordance with applicable law and our policies.] We take reasonable steps to delete the information we collect about you, where we have a legal obligation to do so. To the extent permitted by law, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement.
HOW DO WE PROTECT YOUR INFORMATION?
We have put some security measures in place to protect the information that you share with us from being accidentally lost, used, altered, or disclosed or accessed in an unauthorized manner. From time to time, we review our security procedures to consider appropriate new technology and methods. However, no security system is perfect, and no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee or warrant the security of any information you transmit to or from our Site, and you do so at your own risk. We cannot promise that your information will remain absolutely secure in all circumstances.
If a data breach compromises your information, we will notify you and any applicable regulator when we are required to do so by applicable law.
RIGHTS AND CHOICES ABOUT YOUR INFORMATION
Our Notice of Privacy Practices describes your rights with respect to any PHI we may maintain about you. If you would like to manage, change, limit, or delete other information or if you no longer want to receive any email, postal mail, or telephone contact from us in the future, such requests may be submitted via the Contact Us details at the end of this Policy.
Email Opt-Out - If you no longer wish to receive communications from us via email, you may opt-out by clicking the “unsubscribe” link available at the bottom of our email communications or by contacting us at [firstname.lastname@example.org] and providing your [name and email address] so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action.
Cookies - You may [choose to not allow cookies via the cookies consent banner or] set your browser to refuse all or some browser cookies or to alert you when cookies are being set. For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/,http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
Online Tracking - We do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site or on third-party websites or online services where we may collect information.
Accuracy and Updating Your Information - Our goal is to keep your information accurate, current, and complete. If any of the information you have provided to us changes, please let us know via “Contact Us” details provided at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient, or incomplete information that you provide to us.
Complaints - If you believe that your rights relating to your information have been violated, you may lodge a complaint with us by contacting us using the information provided in the “Contact Us” section of this Policy.
No Disclosure of Your Information for Third-Party Advertising. We do not share your information with unaffiliated third parties for promotional purposes.
This Policy is applicable only to the Site, and it does not apply to any third-party websites.
The Site may contain links to, and media and other content from, third-party websites. These links are to external websites and third parties with which we may have no relationship. Because of the dynamic media capabilities of the Site, it may not be clear to you which links are to the Site and which are to external, third-party websites. If you click on an embedded third-party link, you will be redirected away from the Site to the external third-party website. You can check the URL to confirm that you have left this Site.
We cannot and do not (1) guarantee the adequacy of the privacy and security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services, or websites that may be reached through embedded links on this Site.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT COMPLIANCE
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. The Site and our services are not directed to children aged 16 or younger, nor is information knowingly collected from children under the age of 16. No one under the age of 16 may access, browse, or use the Site or provide any information to or on the Site. If you are under 16, please do not use or provide any information on the Site (including, for example, your name, telephone number, email address, or username). If we learn that we have collected or received personal information from a child under the age of 16 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 16, please contact us using the contact information provided below.
For more information about COPPA, please visit the Federal Trade Commission's website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
UPDATES AND CHANGES TO THIS POLICY
We reserve the right, at any time and without notice, to add to, change, update, or modify this Policy to reflect any changes to the way in which we treat your information or in response to changes in law. Should this Policy change, we will post all changes we make to this Policy on this page. If we make material changes to how we treat your information, we will also notify you through a notice on the home page of the Site for a reasonable period of time. Any such changes, updates, or modifications shall be effective immediately upon posting on the Site. The date on which this policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of any changes. Your continued use of the Site after the “Last Updated” date will constitute your acceptance of and agreement to such changes and to our collection and sharing of your information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, do not access, view, or use any part of the Site.
- In Writing: 624 Grassmere Park Suite 11, Nashville, TN 37211
- By Telephone: 800-311-1677
- By Email: email@example.com
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (“Notice”) is given to you by JourneyPure to describe the ways in which we may use and disclose your medical information (called “protected health information” or “PHI”) and to notify you of your rights with respect to PHI in the possession of JourneyPure. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition; the provision of health care products and services to you; or the payment for such services.
JourneyPure has designated itself as a hybrid entity under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and this Notice applies to those functions of JourneyPure that have been designated as being covered by HIPAA. As a result, this Notice only applies when JourneyPure is providing treatment.
JourneyPure is committed to protecting the privacy of PHI, which is protected from disclosure by state and federal law. In certain circumstances, pursuant to this Notice, patient authorization, or applicable laws and regulations, PHI can be used by JourneyPure or disclosed to other parties. The categories below describe these uses and disclosures and include some examples to help you better understand each category.
JourneyPure is required by law to maintain the privacy of your PHI, to provide individuals with notice of the legal duties and privacy practices with respect to PHI, and to abide by the terms described in this Notice. JourneyPure reserves the right to change the terms of this Notice and its privacy policies and to make the new terms applicable to all of the PHI it maintains. Before JourneyPure makes an important change to its privacy policies, we will promptly revise this Notice and post the new Notice in registration areas and online.
Uses and Disclosures of PHI for which Authorization is Not Required
JourneyPure may use or disclose your PHI for purposes of treatment, payment, and health care operations, as described in more detail below, without obtaining written authorization from you. The protections afforded to substance use disorder information are discussed in the “Your Rights Related to Substance Use Disorder Records” section below.
FOR TREATMENT: JourneyPure may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities at another healthcare facility. These types of uses and disclosures may take place between physicians, nurses, technicians, students, and other health care professionals who provide your health care services or are otherwise involved in your care. For example, if you are being treated by a primary care physician, JourneyPure may need to disclose PHI to that physician when we consult regarding your condition.
FOR PAYMENT: JourneyPure may use and disclose PHI in order to collect payment for the health care services provided to you. For example, JourneyPure may need to give PHI to your health plan in order to be reimbursed for the services provided to you. JourneyPure may also disclose PHI to business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. JourneyPure may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans.
FOR HEALTH CARE OPERATIONS: JourneyPure may use and disclose PHI as part of its operations, including for quality assessment and improvement, such as evaluating the treatment and services you receive and the performance of our staff in caring for you. Other activities include training, underwriting activities, compliance and risk management activities, planning and development, as well as management and administration. JourneyPure may disclose PHI to doctors, nurses, technicians, students, attorneys, consultants, accountants, and others for review and learning purposes. These disclosures help make sure that JourneyPure is complying with all applicable laws and is continuing to provide health care to patients at a high level of quality. JourneyPure may also disclose PHI to other health care facilities and plans for certain of their operations, including their quality assessment and improvement activities, credentialing, peer review activities, and health care fraud and abuse detection or compliance, provided that those other facilities and plans have, or have had in the past, a relationship with the patient who is the subject of the information.
In addition to using or disclosing PHI for treatment, payment and health care operations, JourneyPure may use and disclose PHI without your written authorization under the following circumstances:
BUSINESS ASSOCIATES: JourneyPure may use or disclose your PHI with outside companies that perform services for us, such as accreditation, legal, computer, or auditing services. These outside companies are called “Business Associates,” and they are required by HIPAA and by contract to keep your PHI confidential.
INDIVIDUALS INVOLVED IN YOUR CARE: JourneyPure may share your PHI with a family member, guardian, or other individuals who are involved in your care, or who help pay for your care. If you have any objection to sharing your PHI in this way, please contact JourneyPure’s Privacy Official, whose contact information is listed at the end of this Notice.
TO YOU OR YOUR PERSONAL REPRESENTATIVE: JourneyPure may disclose your PHI to you or to a representative that is appointed by you or designated by applicable law.
AS REQUIRED BY LAW AND LAW ENFORCEMENT: JourneyPure may use or disclose PHI when required by law. JourneyPure may also disclose PHI when ordered to do so in a judicial or administrative proceedings; in response to subpoenas or discovery requests; to identify or locate a suspect, fugitive, material witness, or missing person; when dealing with gunshot and other wounds; when about criminal conduct; to report a crime, its location, the victims, or the identity, description, or location of a person who committed a crime; or for other law enforcement purposes.
JUDICIAL AND ADMINISTRATIVE PROCEEDINGS: Your PHI may be disclosed in response to a court or administration order, subpoena, discovery request, or other lawful process.
FOR PUBLIC HEALTH ACTIVITIES AND PUBLIC HEALTH RISKS: JourneyPure may disclose PHI to government officials in charge of collecting information about births and deaths; preventing and controlling disease; reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence; reactions to medications; or product defects or problems. JourneyPure may also disclose PHI to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.
FOR HEALTH OVERSIGHT ACTIVITIES: JourneyPure may disclose PHI to the government for oversight activities authorized by law, such as audits; investigations; inspections; licensure or disciplinary actions; and other proceedings, actions, or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.
CORONERS, MEDICAL EXAMINERS, AND FUNERAL DIRECTORS: JourneyPure may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.
ORGAN, EYE, AND TISSUE DONATION: JourneyPure may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.
RESEARCH: Under certain circumstances, JourneyPure may use and disclose PHI for medical research purposes. A researcher may have access to information that identifies you only through the special review process, or with your written permission. In addition, researchers may contact patients regarding their interest in participating in certain research studies. Researchers may only contact you if they have been given approval to do so by the special review process. You will only become a part of one of these research projects if you agree to do so and sign a consent form.
TO AVOID A SERIOUS THREAT TO HEALTH OR SAFETY: JourneyPure may use and disclose PHI to law enforcement personnel or other appropriate persons in order to prevent or lessen a serious threat to the health or safety of a person or the public.
SPECIALIZED GOVERNMENT FUNCTIONS: JourneyPure may use and disclose PHI of military personnel and veterans under certain circumstances as required by military command authorities. JourneyPure may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities; for the provision of protective services to the President or other authorized persons or foreign heads of state; or to conduct special investigations.
WORKERS’ COMPENSATION: JourneyPure may disclose PHI to comply with workers’ compensation or other similar laws that provide benefits for work-related injuries or illnesses.
HEALTH-RELATED BENEFITS AND SERVICES; LIMITED MARKETING ACTIVITIES: JourneyPure may use and disclose PHI to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs.
DISASTER RELIEF: JourneyPure may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
DISCLOSURES FOR HIPAA COMPLIANCE INVESTIGATIONS: JourneyPure must disclose your PHI to the Secretary of the U.S. Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate compliance with privacy regulations issued under HIPAA.
Other Uses and Disclosures of PHI for Which Authorization Is Required
Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which you have the limited right to revoke in writing. Your PHI may not be used or disclosed for marketing purposes or sold by JourneyPure without your prior written authorization. If you sign a written authorization permitting uses and disclosures of your PHI other than those described in this Notice, you may revoke your authorization by submitting a written request to JourneyPure’s Privacy Official at any time. However, JourneyPure is unable to retract or invalidate any uses or disclosures that were made with your permission before you revoked your authorization.
HIPAA provides additional protection for psychotherapy notes, and most uses or disclosures of psychotherapy notes require your written permission. Psychotherapy notes are the personal notes of a mental health professional about a private or group counseling session.
In addition, other types of information may have greater protection under federal or state law, such as certain drug and alcohol information (discussed in more detail below), HIV/AIDS and other communicable disease information, genetic information, mental health information, or information about developmental disabilities. For this type of information, we may be required to get your written permission before disclosing it to others. We may seek that permission in our intake forms if permitted by law. If you have any questions about this, please contact JourneyPure’s Privacy Official, whose contact information is provided at the end of this Notice.
You have the following rights regarding your PHI
You have the following rights regarding your PHI. All requests must be submitted in writing to JourneyPure’s Privacy Official. Please contact the Privacy Official for additional information regarding any of these rights. The contact information for the Privacy Official can be found at the end of this Notice.
You may request that JourneyPure restrict the use and disclosure of your PHI. JourneyPure is not required to agree to any restrictions you request; but, if we do, we will be bound by the restrictions to which we agree, except in emergency situations. To request restrictions, you must make your request in writing. In your request, you must tell us: (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse).
You have the right to request that communications of PHI to you from JourneyPure be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be in writing and sent to the Privacy Official. JourneyPure will accommodate your reasonable requests without requiring you to provide a reason.
Generally, you have the right to inspect and/or copy your PHI in the possession of JourneyPure within a Designated Record Set. JourneyPure will inform you of the extent to which your request has or has not been granted. In some cases, JourneyPure may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, JourneyPure may impose a reasonable fee to cover copying, postage, and related costs. If JourneyPure denies access to your PHI, we will explain the basis for the denial and your opportunity to have the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official. If JourneyPure does not maintain the PHI you request, but we know where that PHI is located, we will tell you how to redirect your request.
If you believe that your PHI, maintained by JourneyPure in a Designated Record Set, contains an error or needs to be updated, you have the right to request that JourneyPure correct or supplement your PHI. Your request must be made in writing, and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), JourneyPure will inform you of the extent to which your request has or has not been granted. JourneyPure generally can deny your request if your request relates to PHI that (i) is not created by JourneyPure; (ii) is not part of the records JourneyPure maintains; (iii) is not subject to being inspected by you; or (iv) is accurate and complete. If your request is denied, JourneyPure will give you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) submit a request that any future disclosures of the relevant PHI be made with a copy of your request and JourneyPure’s denial attached, if you do not file a statement of disagreement; and (iii) complain about the denial.
You generally have the right to request and receive a list of certain types of disclosures of your PHI that JourneyPure has made during the six (6) years prior to your request. The list will not include disclosures (i) for which you have provided a written authorization; (ii) for treatment, payment, and health care operations; (iii) made to you; (iv) for a JourneyPure patient directory or to persons involved in your health care; (v) for national security or intelligence purposes; (vi) to correctional institutions or law enforcement officials; or (vii) of a limited data set. You should submit any such request to the Privacy Official, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), JourneyPure will respond to you regarding the status of your request. JourneyPure will provide the first accounting you request in any 12-month period free of charge. JourneyPure may impose a reasonable, cost-based fee for each subsequent request for accounting within the 12-month period. JourneyPure will notify you of the fee in advance and provide you with an opportunity to withdraw or modify your request.
You have the right to receive PHI in an electronic format, if electronic medical records are in use in the facility.
You have the right to receive a paper copy of this notice upon request even if you have agreed to receive this notice electronically. You can view a copy of this notice on our website. To obtain a paper copy of this notice, please contact the Privacy Official, whose contact information is provided at the end of this Notice.
You have the right to receive notice in the event of a breach of confidentiality. As required by law, JourneyPure will notify you of any breach of your PHI that is unsecured, as defined by law
You have the right to opt-out of fundraising communications.
You have the right to restrict disclosures of PHI to health plans if you have paid for services out of pocket in full.
Your Rights Related to Substance Use Disorder Records
Federal law and regulations, 42 USC § 290dd-2 and 42 CFR Part 2, provide additional protections for the confidentiality of information related to the diagnosis, treatment, and referral for treatment or prevention of substance use disorders. Generally, JourneyPure will not disclose to anyone outside the program that a person attends the program or disclose any protected substance use disorder information identifying an individual without written authorization. JourneyPure may, however, disclose your information pursuant to your written authorization.
In addition, JourneyPure may disclose information identifying an individual as having or having had a substance use disorder without authorization, in the following situations (1) when the disclosure is made to medical personnel in a medical emergency; (2) to law enforcement agencies that are directly related to a patient’s commission or threat of a crime on JourneyPure’s premises or against JourneyPure personnel; (3) when relating to the cause of death of a patient under laws requiring the collection of death or other vital statistics; (4) when the disclosure is made under state law to report suspected child abuse or neglect; (5) when the disclosure is allowed by a court order in limited circumstances; (6) to individuals within the criminal justice system who have made participation in the program a condition of the disposition of a criminal proceeding or of the patient’s parole; (7) to medical personnel of the FDA in limited circumstances; and (8) for audit and evaluation purposes, subject to certain requirements.
The restrictions on disclosure also do not apply to, and JourneyPure may also disclose substance use disorder information through, communications of information between or among personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment of patients with substance use disorders if the communications are either (a) within JourneyPure, or (b) between JourneyPure and an entity that has direct administrative control over the program. Similarly, federal law permits communications between JourneyPure and a “qualified service organization” (QSO) of information needed by the QSO to provide services to JourneyPure.
JourneyPure is required by law to inform you that information related to a patient’s commission of a crime on JourneyPure’s premises or against JourneyPure personnel is not protected and that reports of suspected child abuse and neglect made under state law to appropriate state or local authorities are not protected.
Violation of federal law and regulations by JourneyPure is a crime, and suspected violations with respect to substance use disorder information may be reported to the United States Attorney for the judicial district in which the violation occurs:
Northern District of Florida
Middle District of Florida
- Gainesville: (352) 380-2400
- Panama City: (850) 691-0770
- Pensacola: (850) 435-8440
- Tallahassee: (850) 521-3501
Western District of Kentucky
- Fort Myers: (239) 461-2000
- Jacksonville: (904) 549-1900
- Ocala: (352) 369-4860
- Orlando: (407) 835-4200
- Tampa: (813) 301-5400
Eastern District of Kentucky
- Bowling Green: (270) 393-2500
- Louisville: (502) 625-3500
- Owensboro: (270) 689-4400
- Paducah: (270) 415-6400
Middle District of Tennessee
- Lexington: (859) 233-2503
- Ashland: (606) 329-2465
- Covington: (859) 392-7925
- Frankfort: (502) 223-5225
- London: (606) 877-7910
- Pikeville: (606) 437-6160
Eastern District of Tennessee
- Nashville: (615) 736-5498
- Columbia: (615) 736-5498
- Northeastern: (615) 736-5498
- Greenville: (423) 639-3105
- Knoxville: (865) 545-4228
- Winchester: (931) 967-1444
- Chattanooga: (423) 752-5200
Reporting to the Substance Abuse and Mental Health Services Administration (www.SAMHSA.gov) may also be appropriate.
Patients who have consented to disclose their patient identifying information using a general designation will be provided, upon submitting a written request to the Privacy Official, a list of the entities to which their information has been disclosed pursuant to the general designation. The request must be made in writing and is limited to disclosures made within the last two years. JourneyPure will respond within thirty (30) days and provide the following for each disclosure: the names of the entities to which the disclosure was made, the date of the disclosure, and a brief description of the patient identifying information disclosed.
Changes to this Notice
We reserve the right to change this Notice and make the new Notice apply to information we already have as well as any information we receive in the future. We will post a copy of the new Notice on our website and at our facilities. The Notice will contain the effective date on the final page.
You may complain to JourneyPure if you believe your privacy rights with respect to your PHI have been violated by contacting JourneyPure’s Privacy Official, whose contact information provided at the end of this Notice, and submitting a written complaint. JourneyPure will not penalize you or retaliate against you for filing a complaint regarding our privacy practices.
You also have the right to file a complaint with the Secretary of the Department of Health and Human Services. To submit a complaint to the Department of Health and Human Services, you must contact the Office for Civil Rights of the Department of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Avenue, SW, Room 509F, Washington, D.C. 20201. Further information and regional contact information is also available on the Office for Civil Rights’ website at www.hhs.gov/ocr/hipaa.
If you have any questions about this Notice, please contact the Privacy Official at the address or telephone number provided below:
Attn: Privacy Official
5080 Florence Road
Murfreesboro, TN 37129]
Effective: November 21, 2019