Your privacy is important to us. This Privacy Policy explains how Valley Spring Recovery Center ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website, contact us, or receive services at our facility.
1. Introduction
Valley Spring Recovery Center is a CARF-accredited outpatient addiction and mental health treatment center located at 830 Broadway, Norwood, NJ 07648. We are committed to protecting the privacy of every individual who visits our website, inquires about our services, or participates in our treatment programs.
This Privacy Policy applies to information collected through our website (valleyspringrecovery.com), phone inquiries, online forms, email communications, and in-person interactions at our facility. By using our website or engaging with our services, you acknowledge that you have read and understand this Privacy Policy.
We comply with all applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), New Jersey state privacy regulations, and 42 CFR Part 2 governing the confidentiality of substance use disorder patient records.
2. Information We Collect
Personal Information
When you contact us, submit a form, or begin the admissions process, we may collect the following personal information:
- Full name, date of birth, and gender
- Phone number, email address, and mailing address
- Emergency contact information
- Insurance information and policyholder details
- Government-issued identification numbers (as required for treatment and billing)
Health Information
As a healthcare provider, we collect health-related information necessary for diagnosis, treatment, and continuity of care. This may include:
- Medical history, including substance use history and mental health diagnoses
- Current medications and allergies
- Treatment plans, progress notes, and clinical assessments
- Referral information from other healthcare providers
- Lab results, drug screening results, and other clinical data
Website Usage Data
When you visit our website, we may automatically collect certain technical information, including:
- IP address and approximate geographic location
- Browser type, device type, and operating system
- Pages viewed, time spent on pages, and navigation paths
- Referring website or search terms that led you to our site
- Date and time of your visit
3. How We Use Your Information
We use the information we collect for the following purposes:
Treatment and Care
- Providing and coordinating your addiction treatment and mental health services
- Developing and updating your individualized treatment plan
- Communicating with your treatment team and, when authorized, your referring providers
- Conducting clinical assessments, progress evaluations, and discharge planning
Communication
- Responding to your inquiries, requests, or questions about our programs
- Scheduling appointments and sending treatment reminders
- Providing you with information about services, programs, or resources that may be relevant to your recovery
Administration and Operations
- Processing insurance verification and billing
- Maintaining accurate records as required by law and accreditation standards
- Improving our website, services, and patient experience
- Conducting quality assurance and compliance audits
Legal Obligations
- Complying with federal and New Jersey state laws and regulations
- Responding to lawful requests from government agencies, courts, or law enforcement when legally required
- Reporting as mandated by law (e.g., suspected child or elder abuse, threats of harm)
4. How We Share Your Information
We take your privacy seriously and do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
With Your Consent
We will share your protected health information (PHI) with other parties only when you have provided a valid, written authorization. This includes sharing records with family members, other treatment providers, employers, or any other third party you designate.
For Treatment, Payment, and Operations
As permitted under HIPAA and 42 CFR Part 2, we may share your information with:
- Healthcare providers involved in your treatment or referral
- Insurance companies for verification of benefits and claims processing
- Accreditation organizations (such as CARF) during quality reviews
Legal Requirements
We may disclose information without your authorization when required by law, including:
- Responses to valid court orders, subpoenas, or warrants
- Mandatory reporting of suspected abuse or neglect
- Reports to public health authorities as required by law
- Situations involving an immediate threat to health or safety
Business Partners and Service Providers
We may share limited information with trusted third-party vendors who assist in operating our website, processing payments, or providing technology services. These partners are bound by strict confidentiality agreements and are prohibited from using your information for any purpose other than the specific services they provide to us.
5. HIPAA Compliance
Valley Spring Recovery Center is a HIPAA-covered entity. We are fully committed to protecting your Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule.
Our HIPAA compliance measures include:
- Notice of Privacy Practices: We provide all patients with a detailed Notice of Privacy Practices upon intake, which outlines how your PHI may be used and disclosed, and your rights regarding your health information.
- Administrative Safeguards: Staff training on HIPAA requirements, designated privacy officer, established policies and procedures for handling PHI.
- Physical Safeguards: Secure facilities, restricted access to records, locked storage for physical documents.
- Technical Safeguards: Encrypted electronic health records, secure communication channels, access controls and audit trails for digital systems.
- 42 CFR Part 2 Protections: As a substance use disorder treatment provider, we adhere to the additional federal privacy protections under 42 CFR Part 2, which impose stricter requirements on the disclosure of substance use disorder treatment records.
6. Your Rights
Under HIPAA and applicable New Jersey state laws, you have the following rights regarding your personal and health information:
- Right to Access: You have the right to request and obtain a copy of your medical records and other personal information we maintain about you.
- Right to Correction: If you believe any information in your records is inaccurate or incomplete, you have the right to request a correction (amendment).
- Right to Restriction: You may request that we limit how we use or disclose your information for treatment, payment, or operations.
- Right to Confidential Communications: You may request that we communicate with you through specific means or at specific locations (e.g., only by phone at a certain number).
- Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your health information.
- Right to Opt-Out: You may opt out of receiving marketing communications at any time by contacting us or using the unsubscribe mechanism in any promotional email.
- Right to File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.
To exercise any of these rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within 30 days as required by law.
7. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and help us understand how visitors use our site.
Types of Cookies We Use
- Essential Cookies: Necessary for basic website functionality, such as page navigation and form submissions. These cannot be disabled.
- Analytics Cookies: Help us understand visitor behavior, including which pages are most popular and how users navigate through the site. We use this data to improve our website and services.
- Functional Cookies: Remember your preferences (such as language or region) to provide a more personalized experience.
Third-Party Services
We may use third-party analytics services (such as Google Analytics) that collect anonymized usage data. These services use their own cookies and are governed by their respective privacy policies. We do not share any personally identifiable health information through these analytics tools.
Managing Cookies
You can control or delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block all cookies from specific or all websites
- Delete all cookies when you close your browser
8. Data Security
We implement robust administrative, technical, and physical safeguards to protect your personal and health information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:
- Encryption of data in transit (SSL/TLS) and at rest
- Secure, access-controlled electronic health record systems
- Regular security assessments and vulnerability testing
- Employee background checks and ongoing security training
- Role-based access controls that limit information access to authorized personnel only
- Secure disposal of physical documents containing personal information
- Incident response procedures for potential data breaches
While we take every reasonable precaution to protect your information, no method of electronic transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
9. Children's Privacy
Our website and services are intended for individuals aged 18 and older. We do not knowingly collect personal information from children under the age of 18 through our website.
If we become aware that we have inadvertently collected personal information from a child under 18 without appropriate parental or guardian consent, we will take steps to delete such information promptly. If you believe we may have collected information from a minor, please contact us immediately so we can address the matter.
When providing treatment services to individuals under 18, all information is collected with appropriate parental or guardian consent and handled in accordance with HIPAA, New Jersey state laws regarding minor patients, and 42 CFR Part 2 requirements.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Post the revised policy on our website
- Provide additional notice for significant changes (such as a prominent notice on our homepage)
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes constitutes your acceptance of the revised policy.