HIPAA Compliant Addiction Treatment

Better Choice Treatment Center is fully compliant with HIPAA (Health Insurance Portability and Accountability Act) and 42 CFR Part 2 regulations. Your addiction treatment records receive the highest level of privacy protection under federal law.

Your Treatment Records Are Protected by Federal Law

Addiction treatment records are protected by TWO layers of federal privacy law:

  • 1. HIPAA: Protects all medical records including treatment, payment, and healthcare operations
  • 2. 42 CFR Part 2: Provides extra protection specifically for substance use disorder treatment records—stricter than regular HIPAA protections

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law enacted in 1996 that sets national standards for protecting sensitive patient health information. HIPAA requires healthcare providers, insurance companies, and their business associates to implement safeguards to protect the privacy and security of health information.

Privacy Rule

Establishes standards for who can access your protected health information (PHI) and under what circumstances. You have the right to control how your information is used and disclosed.

Security Rule

Requires physical, technical, and administrative safeguards to protect electronic health information from unauthorized access, breaches, and cyber threats.

42 CFR Part 2: Extra Protection for Addiction Treatment

Federal regulation 42 CFR Part 2 provides additional privacy protections beyond HIPAA specifically for substance use disorder treatment records. This law was created to encourage people to seek addiction treatment without fear of legal, employment, or social consequences.

Key Protections Under 42 CFR Part 2:

  • We cannot confirm or deny you are a patient without your written consent
  • Records cannot be used in criminal, civil, or administrative proceedings without consent
  • Stricter requirements for releasing information than regular medical records
  • Violations carry criminal penalties including fines and imprisonment

This means if someone calls asking if you're a patient here, we legally cannot answer—even to your family, employer, or law enforcement—without your specific written authorization.

How We Protect Your Privacy

Physical Safeguards

  • • Secure facility with controlled access
  • • Locked file rooms and cabinets for paper records
  • • Confidential treatment areas
  • • Staff identification and access control
  • • Visitor sign-in and monitoring

Technical Safeguards

  • • Encrypted electronic health records (EHR)
  • • Secure, password-protected systems
  • • Firewalls and intrusion detection
  • • Regular security updates and patches
  • • Encrypted email communications

Administrative Safeguards

  • • Staff HIPAA training required annually
  • • Privacy Officer appointed
  • • Written policies and procedures
  • • Background checks for all employees
  • • Disciplinary action for violations

Business Associate Agreements

  • • Third-party vendors sign BAAs
  • • Vendors must meet HIPAA standards
  • • Limited information sharing
  • • Audit rights and oversight
  • • Breach notification requirements

Your Privacy Rights

Under HIPAA and 42 CFR Part 2, you have the following rights:

Right to Access Your Records

Request copies of your treatment records within 30 days. Small fees may apply for copying costs.

Right to Amend Your Records

Request corrections to inaccurate or incomplete information in your records.

Right to Request Restrictions

Ask us to limit how we use or share your information. We'll consider your request but may not always be able to agree.

Right to Confidential Communications

Request we contact you at a specific phone number, address, or through secure email.

Right to an Accounting of Disclosures

Receive a list of when and why your information was shared (excluding treatment, payment, and routine operations).

Right to Revoke Authorization

Withdraw your consent for us to share information at any time (except for disclosures already made).

Notice of Privacy Practices

All patients receive a complete Notice of Privacy Practices (NPP) at admission that explains in detail how we may use and disclose your health information, your rights, and our legal obligations. You will be asked to acknowledge receipt of this notice.

To request a copy of our full Notice of Privacy Practices or to exercise any of your privacy rights, contact our Privacy Officer at (888) 555-1234 or [email protected].

How to File a Privacy Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint:

  • 1. Contact us: File a complaint with our Privacy Officer at (888) 555-1234
  • 2. Contact HHS: File with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr/privacy

You will NOT be retaliated against for filing a complaint.

Questions About Privacy & HIPAA Compliance?

Contact our Privacy Officer for questions about how we protect your information or to exercise your privacy rights.