Privacy Policy

As of July 10, 2012

Balboa Horizons Recovery Services have a strong commitment to providing excellent service to all of our clients, alumni and visitors, including respecting your concerns about privacy. We understand that you might wonder whether and how this Website collects and uses information. This statement contains numerous general and technical details about the steps we take to respect your privacy concerns.

Browsing:

This website does not collect any personal information from your computer when browsing this site. Unless you give us written permission to post information on our Alumni Information Form or request a reply using one of our feedback or reply forms, we will not know your name, your e-mail address, or any other information that identifies you.

Internet Protocol (IP) Address:

An IP address is a number that is automatically assigned to your computer every time you browse the Internet. When you request a page from our site, our server logs your current IP address. We would only use your IP address to help diagnose problems that affect the integrity of our computer systems, not for personal identification of any users.

Cookies:

“Cookies” are small pieces of information stored on your computer. We may use cookies or, in a limited number of cases IP addresses, for a number of reasons. Cookies allow us to better understand how users use our site and can help us to tailor our Website or a marketing message to better match your needs and interests. Cookies can also help you remember your user name and password on protected areas of Websites. You are always free to decline our cookies and continue to use our Website if the tools in your browser permits, but some parts of our site may not work properly or as efficiently if you do.

Information Needed to Execute the Transaction You Request:

When we need to collect information from you, we will ask you to voluntarily supply us with the information we need. For example, if you would like to receive information about admissions to Balboa Horizons Recovery Services, you may fill out the Contact Us/ Inquiry Form in the footer section which requests information about your name, address, phone number and e-mail address plus a place to place notes regarding specific info you wish to receive, plus questions about how you heard about us (for evaluation of our own marketing practices). We will use your e-mail address only to provide the information you requested, or to communicate news as you requested. If at any time you decide you do not want to receive this information, you may let us know by reply e-mail or use the form to request that we no longer contact you. Providing information to us using any of our on-line forms is voluntary and the information we collect is used only for the purpose for which the information was collected and is not shared with any other companies.

Balboa Horizons Recovery Services Use of Information:

We treat the information that you provide to us as confidential information. It is, accordingly, subject to the Center’s security procedures and strict corporate policies regarding protection and use of information. We will only disclose this information to individuals at the Center on a need-to-know basis and person(s) authorized by you. Patient and Alumni information is additionally protected under the Code of Federal Regulations, Title 42 and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Balboa Horizons Recovery Services maintains strict compliance with each of these laws and regulations.

The laws applicable to personal information vary from country to country. The information we process and store is kept in accordance with the applicable United States legal requirements, which may not be as comprehensive as the data protection laws found in other countries, such as those in the European Union.

E-Mails and Opt-Out:

Our goal is to only send e-mails that are likely to be of interest to you. All e-mail is generated from Balboa Horizons Recovery Services and not from an outside third-party e-mail service provider. Balboa Horizons Recovery Services does not make e-mail addresses available to any partners in Balboa Horizons Recovery Services Network or to any others for their use. You may at any time request not to receive e-mails from Balboa Horizons Recovery Services by replying to any e-mail with your request to opt-out.

Disclosure of Information to Third Parties:

Balboa Horizons Recovery Services prohibits the sale or transfer of personal information to anyone outside the Balboa Horizons Recovery Services Treatment Centers.

Links to Other Sites:

Other sites linked to by the Balboa Horizons Recovery Services web site are offered for your convenience only. Balboa Horizons Recovery Services are not responsible for the privacy policies of those sites, or for cookies those sites might use.

Legal Issues:

This is a United States web site and subject to United States law. Balboa Horizons Recovery Services will disclose personal health information without your permission only when required by law, or in a good faith belief that such action is necessary to investigate or protect against harmful activities to Balboa Horizons Recovery Services patients, staff, volunteers, alumni, property (including this site) or to others or as authorized by federal medical privacy rules under the Health Insurance Portability and Accountability Act.

Balboa Horizons Recovery Services Privacy Statement Changes:

In the future, we may need to change the privacy statement for www.balboahorizons.com. All changes will be made here so that you will always know what information we gather, how we might use that information and whether we will disclose it to anyone. Any changes made in the future will only apply to information collected after any new policy is established.

How to Contact Us:

If you have any questions about this privacy statement or privacy concerns, please send an e-mail to: info@balboahorizons.com.

HIPAA

Disclosures to You or for HIPAA Compliance Investigations. Entity may disclose your PHI to you or to your personal representative, and is required to do so in certain circumstances described below in connection with your rights of access to your PHI and to an accounting of certain disclosures of your PHI. Entity must disclose your PHI to the Secretary of the United States Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate Entity’s compliance with privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Uses and Disclosures To Which You Have an Opportunity to Object. You will have the opportunity to object to these categories of uses and disclosures of PHI that Entity may make:

Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care. Unless you object, Entity may disclose your PHI to a family member, other relative, friend, or other person you identify as involved in your health care or payment for your health care. Entity may also notify those people about your location or condition.

Other Uses and Disclosures of PHI For Which Authorization is Required. Most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require authorization. Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which with some limitations you have the right to revoke in writing.

Uses and Disclosures Subject to State and Other Laws. In addition to the federal privacy regulations that require this notice (called the “HIPAA” regulations), there are state and other federal health information privacy laws. These laws on occasion may require your specific written permission prior to disclosures of certain particularly sensitive information (such as mental health, drug/alcohol abuse, or HIV/AIDS information) in circumstances that the HIPAA regulations would permit disclosure without your permission. Entity is required to comply not only with the HIPAA regulations but also with any other applicable laws that impose stricter nondisclosure requirements. For example, the California Confidentiality of Medical Information Act limits the disclosure of patient medical information by providers, health plans and many businesses. Other California laws also provide enhanced protections that limit the disclosure of patient medical information by clinics and health facilities, HIV testing information and information about individuals detained voluntarily or involuntarily. California law also imposes requirements on businesses seeking medical information from individuals for direct marketing.

Regulatory Requirements. Entity is required by law to maintain the privacy of your PHI, to provide individuals with notice of its legal duties and privacy practices with respect to PHI, to abide by the terms described in this Notice and to notify affected individuals following a breach of unsecured PHI. Entity reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all of the PHI it maintains. Before Entity makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice on our Web site. You have the following rights regarding your PHI:

You may request that Entity restrict the use and disclosure of your PHI. Except as noted below, Entity is not required to agree to any restrictions you request, but if Entity does so it will be bound by the agreed restriction except in emergency situations. Entity is required to agree to a requested restriction for disclosures to a health plan for payment or health care operations purposes relating solely to an item or service that you have paid for out-of-pocket in full.

You have the right to request that communications of PHI to you from Entity be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be made in writing and sent to privacy@balboahorizons.com. Entity will accommodate your reasonable requests without requiring you to provide a reason for your request.

Generally, you have the right to inspect and copy your PHI that Entity maintains, provided that you make your request in writing and sent to privacy@balboahorizons.com. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. In some cases, Entity may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, Entity may impose a reasonable fee to cover copying, postage, and related costs. If Entity denies access to your PHI, it will explain the basis for denial and your opportunity to have your request and the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official. If Entity does not maintain the PHI you request, if it knows where that PHI is located it will tell you how to redirect your request.

If you believe that your PHI maintained by Entity contains an error or needs to be updated, you have the right to request that Entity correct or supplement your PHI. Your request must be made in writing and sent to privacy@balboahorizons.com, and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. Entity generally can deny your request if your request relates to PHI: (i) not created by Entity; (ii) that is not part of the records Entity maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, Entity will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that any future disclosures of the relevant PHI be made with a copy of your request and Entity’s denial attached; and (iii) complain about the denial. You generally have the right to request and receive a list of the disclosures of your PHI Entity has made at any time during the six (6) years prior to the date of your request. The list will not include disclosures for which you have provided a written authorization, and does not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations; (ii) made to you; (iii) for Entity’s patient directory or to persons involved in your health care; (iv) for national security or intelligence purposes; or (v) to correctional institutions or law enforcement officials. You should submit any such request to privacy@balboahorizons.com, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will respond to your request. You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically.

You may complain to Entity if you believe your privacy rights with respect to your PHI have been violated by contacting privacy@balboahorizons.com and submitting a written complaint. Entity will in no manner penalize you or retaliate against you for filing a complaint regarding Entity’s privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services.

If you have any questions about this notice, please contact privacy@balboahorizons.com

FORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

As a health care provider, Balboa Horizons, (“Entity”) uses confidential personal health information about patients, referred to below as protected health information (“PHI”). Entity protects the privacy of this information, and it is also protected from disclosure by state and federal law. In certain specific circumstances, pursuant to this Notice of Privacy Practices (“Notice”), patient authorization or applicable laws and regulations, PHI can be used by Entity or disclosed to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category..

Uses and Disclosures for Treatment, Payment and Health Care Operations. Entity may use or disclose your PHI for the purposes of treatment, payment and health care operations, described in more detail below, without obtaining written authorization from you

For Treatment. Entity may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities of another health care provider. Information obtained by Entity will be used to furnish health care services, items and supplies to you. We will document in your record information related to the items dispensed to you and services provided to you.

For Payment. Entity may use and disclose PHI in order to bill and collect payment for the health care services provided to you. For example, Entity may contact your insurer or to determine whether it will pay for your health care or to determine the amount of your copayment. We will bill your health plan for health care items and services supplied to you, and we may bill you as well. The information on the bill may include information that identifies you, as well as items and services you are receiving.

For Health Care Operations. Entity may use and disclose PHI as part of its operations, including for quality assessment and improvement, such as evaluating the treatment and services you receive and the performance of our staff in caring for you, provider training, compliance and risk management activities, planning and development, and management and administration. Entity may disclose PHI to attorneys, consultants, accountants, and others to help make sure Entity is complying with all applicable laws, and to help Entity continue to provide health care to its patients at a high level of quality.

Other Uses and Disclosures For Which Authorization is Not Required. In addition to using or disclosing PHI for treatment, payment and health care operations, Entity may use and disclose PHI without your written authorization under the following circumstances:

As Required by Law and Law Enforcement. Entity may use or disclose PHI when required to do so by applicable law. Entity also may disclose PHI when ordered to do so in a judicial or administrative proceeding, to identify or locate a suspect, fugitive, material witness, or missing person, when dealing with gunshot and other wounds, about criminal conduct, to report a crime, the location of the crime or victims, or the identity, description, or location of a person who committed a crime, or for other law enforcement purposes.

For Public Health Activities and Public Health Risks. Entity may disclose PHI to government officials in charge of collecting information about births and deaths, preventing and controlling disease, reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence, reactions to medications or product defects or problems, or to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.

For Health Oversight Activities. Entity may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.

Coroners, Medical Examiners, and Funeral Directors. Entity may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.

Organ, Eye, and Tissue Donation. Entity may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.

Research. Under certain circumstances, Entity may use and disclose PHI for medical research purposes.

To Avoid a Serious Threat to Health or Safety. Entity may use and disclose PHI, to law enforcement personnel or other appropriate persons, to prevent or lessen a serious threat to the health or safety of a person or the public.
Specialized Government Functions. Entity may use and disclose PHI of military personnel and veterans under certain circumstances. Entity may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities, and for the provision of protective services to the President or other authorized persons or foreign heads of state or to conduct special investigations.
Workers’ Compensation. Entity may disclose PHI to comply with workers’ compensation or other similar laws. These programs provide benefits for work-related injuries or illnesses.

Prescription Refill/Appointment Reminders; Health-related Benefits and Services; Marketing. Entity may use and disclose your PHI to contact you and remind you of a prescription refill, or to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs. Entity may use and disclose your PHI to encourage you to purchase or use a product or service through a face-to-face communication or by giving you a promotional gift of nominal value.

Disclosures to You or for HIPAA Compliance Investigations. Entity may disclose your PHI to you or to your personal representative, and is required to do so in certain circumstances described below in connection with your rights of access to your PHI and to an accounting of certain disclosures of your PHI. Entity must disclose your PHI to the Secretary of the United States Department of Health and Human Services (the “Secretary”) when requested by the Secretary in order to investigate Entity’s compliance with privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Uses and Disclosures To Which You Have an Opportunity to Object. You will have the opportunity to object to these categories of uses and disclosures of PHI that Entity may make:

Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care. Unless you object, Entity may disclose your PHI to a family member, other relative, friend, or other person you identify as involved in your health care or payment for your health care. Entity may also notify those people about your location or condition.

Other Uses and Disclosures of PHI For Which Authorization is Required. Most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require authorization. Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which with some limitations you have the right to revoke in writing.

Uses and Disclosures Subject to State and Other Laws. In addition to the federal privacy regulations that require this notice (called the “HIPAA” regulations), there are state and other federal health information privacy laws. These laws on occasion may require your specific written permission prior to disclosures of certain particularly sensitive information (such as mental health, drug/alcohol abuse, or HIV/AIDS information) in circumstances that the HIPAA regulations would permit disclosure without your permission. Entity is required to comply not only with the HIPAA regulations but also with any other applicable laws that impose stricter nondisclosure requirements. For example, the California Confidentiality of Medical Information Act limits the disclosure of patient medical information by providers, health plans and many businesses. Other California laws also provide enhanced protections that limit the disclosure of patient medical information by clinics and health facilities, HIV testing information and information about individuals detained voluntarily or involuntarily. California law also imposes requirements on businesses seeking medical information from individuals for direct marketing.

Regulatory Requirements. Entity is required by law to maintain the privacy of your PHI, to provide individuals with notice of its legal duties and privacy practices with respect to PHI, to abide by the terms described in this Notice and to notify affected individuals following a breach of unsecured PHI. Entity reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all of the PHI it maintains. Before Entity makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice on our Web site.

You have the following rights regarding your PHI:

You may request that Entity restrict the use and disclosure of your PHI. Except as noted below, Entity is not required to agree to any restrictions you request, but if Entity does so it will be bound by the agreed restriction except in emergency situations. Entity is required to agree to a requested restriction for disclosures to a health plan for payment or health care operations purposes relating solely to an item or service that you have paid for out-of-pocket in full.
You have the right to request that communications of PHI to you from Entity be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be made in writing and sent to privacy@balboahorizons.com. Entity will accommodate your reasonable requests without requiring you to provide a reason for your request.
Generally, you have the right to inspect and copy your PHI that Entity maintains, provided that you make your request in writing and sent to privacy@balboahorizons.com. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. In some cases, Entity may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, Entity may impose a reasonable fee to cover copying, postage, and related costs. If Entity denies access to your PHI, it will explain the basis for denial and your opportunity to have your request and the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official. If Entity does not maintain the PHI you request, if it knows where that PHI is located it will tell you how to redirect your request.
If you believe that your PHI maintained by Entity contains an error or needs to be updated, you have the right to request that Entity correct or supplement your PHI. Your request must be made in writing and sent to privacy@balboahorizons.com, and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will inform you of the extent to which your request has or has not been granted. Entity generally can deny your request if your request relates to PHI: (i) not created by Entity; (ii) that is not part of the records Entity maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, Entity will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that any future disclosures of the relevant PHI be made with a copy of your request and Entity’s denial attached; and (iii) complain about the denial. You generally have the right to request and receive a list of the disclosures of your PHI Entity has made at any time during the six (6) years prior to the date of your request. The list will not include disclosures for which you have provided a written authorization, and does not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations; (ii) made to you; (iii) for Entity’s patient directory or to persons involved in your health care; (iv) for national security or intelligence purposes; or (v) to correctional institutions or law enforcement officials. You should submit any such request to privacy@balboahorizons.com, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), Entity will respond to your request. You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically.
You may complain to Entity if you believe your privacy rights with respect to your PHI have been violated by contacting privacy@balboahorizons.com and submitting a written complaint. Entity will in no manner penalize you or retaliate against you for filing a complaint regarding Entity’s privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services.
If you have any questions about this notice, please contact privacy@balboahorizons.com