Privacy Policy

Charles River Recovery (“We” or “Us”) is dedicated to preserving your privacy and safeguarding your personal health information (PHI). This Privacy Policy (“Policy”) outlines how we manage the collection, use, disclosure, and protection of your information, adhering to the Health Insurance Portability and Accountability Act (HIPAA) and Massachusetts law 201 CMR 17.00.

Information We Collect

We gather various types of PHI, such as medical history, treatment details, insurance data, and other essential information for delivering our services. We also collect Personal Information including your name, social security number, driver’s license number, and financial account details.

How We Use Your Information

Your PHI and Personal Information are utilized for treatment, payment, healthcare operations, and as permitted or required by law. We might share your information in situations like medical emergencies, for public health purposes, or if we determine you pose a threat to yourself or others.

Disclosure of Information

Your information will not be disclosed without your consent, except when necessary for treatment, payment, healthcare operations, or as mandated by law, such as in cases of potential public safety threats.

Your Rights under HIPAA

Under HIPAA, you have several rights:

  1. Right to Access: You’re entitled to inspect and get copies of your PHI.
  2. Right to Amend: You may ask for corrections to your PHI if it’s incorrect or incomplete.
  3. Right to Disclosure Accounting: You can receive an accounting of certain disclosures of your PHI.
  4. Right to Request Restrictions: You may request limitations on the use and disclosure of your PHI.
  5. Right to Request Confidential Communications: You can ask for specific methods or locations for communicating about your PHI.
  6. Right to Complain: You can file a complaint if you believe your rights have been violated.

Our Legal Duties

We’re legally obligated to protect your PHI, provide you with this notice of our legal duties and privacy practices, and adhere to this notice’s terms.

Data Security

We’ve established a comprehensive information security program with administrative, technical, and physical safeguards. These measures are designed to prevent unauthorized access, use, disclosure, alteration, and destruction of your Personal Information and PHI, in line with 201 CMR 17.00.

Third-Party Service Providers

We ensure that any third-party service providers with access to your information commit to maintaining its confidentiality and integrity, abiding by the same regulations and privacy protections as this policy.

Changes to this Policy

We may revise this Policy as necessary and will notify you of any changes in how we handle your PHI.

Contact Us

For more information about our privacy practices, or to exercise your rights, please contact our Privacy Officer:

Rebecca Sheridan:

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. Filing a complaint will not result in retaliation.

This Policy is in line with HIPAA and Massachusetts law 201 CMR 17.00, emphasizing the security and confidentiality of your information, protection against threats, and prevention of unauthorized access or use.