Footprints to Recovery
HIPAA NOTICE OF PRIVACY PRACTICES
Effective Date: 01/23/2020
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT
The terms of this Notice of Privacy Practices (“Notice”) apply to Footprints to Recovery, its affiliates and its
employees. Footprints to Recovery will share protected health information of patients as necessary to carry out
treatment, payment, and health care operations as permitted by law.
We are required by law to maintain the privacy of our patients’ protected health information and to provide
patients with notice of our legal duties and privacy practices with respect to protected health information.
We are required to abide by the terms of this Notice for as long as it remains in effect. We reserve the right
to change the terms of this Notice as necessary and to make a new notice of privacy practices effective for
all protected health information maintained by Footprints to Recovery. We are required to notify you in the event of
a breach of your unsecured protected health information. We are also required to inform you that there may
be a provision of state law that relates to the privacy of your health information that may be more stringent
than a standard or requirement under the Federal Health Insurance Portability and Accountability Act
(“HIPAA”). A copy of any revised Notice of Privacy Practices or information pertaining to a specific State law
may be obtained by mailing a request to the Privacy Officer at the address below.
USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION:
Authorization and Consent: Except as outlined below, we will not use or disclose your protected health
information for any purpose other than treatment, payment or health care operations unless you have signed
a form authorizing such use or disclosure. You have the right to revoke such authorization in writing, with
such revocation being effective once we actually receive the writing; however, such revocation shall not be
effective to the extent that we have taken any action in reliance on the authorization, or if the authorization
was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to
contest a claim under the policy or the policy itself.
Uses and Disclosures for Treatment: We will make uses and disclosures of your protected health
information as necessary for your treatment. Doctors and nurses and other professionals involved in your
care will use information in your medical record and information that you provide about your symptoms and
reactions to your course of treatment that may include procedures, medications, tests, medical history, etc.
Uses and Disclosures for Payment: We will make uses and disclosures of your protected health
information as necessary for payment purposes. During the normal course of business operations, we may
forward information regarding your medical procedures and treatment to your insurance company to arrange
payment for the services provided to you. We may also use your information to prepare a bill to send to you
or to the person responsible for your payment.
Uses and Disclosures for Health Care Operations: We will make uses and disclosures of your protected
health information as necessary, and as permitted by law, for our health care operations, which may include
clinical improvement, professional peer review, business management, accreditation and licensing, etc. For
instance, we may use and disclose your protected health information for purposes of improving clinical
treatment and patient care.
Individuals Involved In Your Care: We may from time to time disclose your protected health information
to designated family, friends and others who are involved in your care or in payment of your care in order to
facilitate that person’s involvement in caring for you or paying for your care. If you are unavailable,
incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be
in your best interest, we may share limited protected health information with such individuals without your
approval. We may also disclose limited protected health information to a public or private entity that is
authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons
that may be involved in some aspect of caring for you.
Business Associates: Certain aspects and components of our services are performed through contracts
with outside persons or organizations, such as auditing, accreditation, outcomes data collection, legal
services, etc. At times it may be necessary for us to provide your protected health information to one or
more of these outside persons or organizations who assist us with our health care operations. In all cases,
we require these associates to appropriately safeguard the privacy of your information.
Appointments and Services: We may contact you to provide appointment updates or information about
your treatment or other health-related benefits and services that may be of interest to you. You have the
right to request and we will accommodate reasonable requests by you to receive communications regarding
your protected health information from us by alternative means or at alternative locations. For instance, if
you wish appointment reminders to not be left on voice mail or sent to a particular address, we will
accommodate reasonable requests. With such request, you must provide an appropriate alternative
address or method of contact. You also have the right to request that we not send you any future marketing
materials and we will use our best efforts to honor such request. You must make such requests in writing,
including your name and address, and send such writing to the Privacy Officer at the address below.
Research: In limited circumstances, we may use and disclose your protected health information for
research purposes. In all cases where your specific authorization is not obtained, your privacy will be
protected by strict confidentiality requirements applied by an Institutional Review Board which oversees the
research or by representations of the researchers that limit their use and disclosure of your information.
Fundraising: We may use your information to contact you for fundraising purposes. We may disclose this
contact information to a related foundation so that the foundation may contact you for similar purposes. If
you do not want us or the foundation to contact you for fundraising efforts, you must send such request in
writing to the Privacy Officer at the address below.
Other Uses and Disclosures: We are permitted and/or required by law to make certain other uses and
disclosures of your protected health information without your consent or authorization for the following:
• Any purpose required by law;
• Public health activities such as required reporting of immunizations, disease, injury, birth and
death, or in connection with public health investigations;
• If we suspect child abuse or neglect; if we believe you to be a victim of abuse, neglect or
• To the Food and Drug Administration to report adverse events, product defects, or to
participate in product recalls;
• To your employer when we have provided health care to you at the request of your employer;
• To a government oversight agency conducting audits, investigations, civil or criminal
• Court or administrative ordered subpoena or discovery request;
• To law enforcement officials as required by law if we believe you have been the victim of
abuse, neglect or domestic violence. We will only make this disclosure if you agree or when
required or authorized by law;
• To coroners and/or funeral directors consistent with law;
• If necessary to arrange an organ or tissue donation from you or a transplant for you;
• If you are a member of the military, we may also release your protected health
information for national security or intelligence activities; and
• To workers’ compensation agencies for workers’ compensation benefit determination.
DISCLOSURES REQUIRING AUTHORIZATION:
Psychotherapy Notes: We must obtain your specific written authorization prior to disclosing any
psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we
may disclose psychotherapy notes, without obtaining your written authorization, including the following: (1) to
carry out certain treatment, payment or healthcare operations (e.g., use for the purposes of your treatment,
for our own training, and to defend ourselves in a legal action or other proceeding brought by you), (2) to the
Secretary of the Department of Health and Human Services to determine our compliance with the law, (3) as
required by law, (4) for health oversight activities authorized by law, (5) to medical examiners or coroners as
permitted by state law, or (6) for the purposes of preventing or lessening a serious or imminent threat to the
health or safety of a person or the public.
Genetic Information: We must obtain your specific written authorization prior to using or disclosing your
genetic information for treatment, payment or health care operations purposes. We may use or disclose
your genetic information, or the genetic information of your child, without your written authorization only
where it would be permitted by law.
Marketing: We must obtain your authorization for any use or disclosure of your protected health information
for marketing, except if the communication is in the form of (1) a face-to-face communication with you, or (2)
a promotional gift of nominal value.
Sale of Protected Information: We must obtain your authorization prior to receiving direct or indirect
remuneration in exchange for your health information; however, such authorization is not required where the
purpose of the exchange is for:
• Public health activities;
• Research purposes, provided that we receive only a reasonable, cost-based fee to cover the
cost to prepare and transmit the information for research purposes;
• Treatment and payment purposes;
• Health care operations involving the sale, transfer, merger or consolidation of all or part of our
business and for related due diligence;
• Payment we provide to a business associate for activities involving the exchange of protected
health information that the business associate undertakes on our behalf (or the subcontractor
undertakes on behalf of a business associate) and the only remuneration provided is for the
performance of such activities;
• Providing you with a copy of your health information or an accounting of disclosures;
• Disclosures required by law;
• Disclosures of your health information for any other purpose permitted by and in accordance
with the Privacy Rule of HIPAA, as long as the only remuneration we receive is a reasonable,
cost-based fee to cover the cost to prepare and transmit your health information for such
purpose or is a fee otherwise expressly permitted by other law; or
• Any other exceptions allowed by the Department of Health and Human Services.
RIGHTS THAT YOU HAVE REGARDING YOUR PROTECTED HEALTH INFORMATION:
Access to Your Protected Health Information: You have the right to copy and/or inspect much of the
protected health information that we retain on your behalf. For protected health information that we maintain
in any electronic designated record set, you may request a copy of such health information in a reasonable
electronic format, if readily producible. Requests for access must be made in writing and signed by you or
your legal representative. You may obtain a “Patient Access to Health Information Form” from the front
office person. You will be charged a reasonable copying fee and actual postage and supply costs for your
protected health information. If you request additional copies you will be charged a fee for copying and
Amendments to Your Protected Health Information: You have the right to request in writing that
protected health information that we maintain about you be amended or corrected. We are not obligated to
make requested amendments, but we will give each request careful consideration. All amendment requests,
must be in writing, signed by you or legal representative, and must state the reasons for the
amendment/correction request. If an amendment or correction request is made, we may notify others who
work with us if we believe that such notification is necessary. You may obtain an “Amendment Request
Form” from the front office person or individual responsible for medical records.
Accounting for Disclosures of Your Protected Health Information: You have the right to receive an
accounting of certain disclosures made by us of your protected health information after April 14, 2003.
Requests must be made in writing and signed by you or your legal representative. “Accounting Request
Forms” are available from the front office person or individual responsible for medical records. The first
accounting in any 12-month period is free; you will be charged a fee for each subsequent accounting you
request within the same 12-month period. You will be notified of the fee at the time of your request.
Restrictions on Use and Disclosure of Your Protected Health Information: You have the right to
request restrictions on uses and disclosures of your protected health information for treatment, payment, or
health care operations. We are not required to agree to most restriction requests, but will attempt to
accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure
of your protected health information to a health plan if the disclosure is for the purpose of carrying out
payment or health care operations and is not otherwise required by law, and the protected health information
pertains solely to a health care item or service for which you, or someone other than the health plan on your
behalf, has paid Footprints to Recovery in full. If we agree to any discretionary restrictions, we reserve the right to
remove such restrictions as we appropriate. We will notify you if we remove a restriction imposed in
accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by
communicating your desire to do so to the individual responsible for medical records.
Right to Notice of Breach: We take very seriously the confidentiality of our patients’ information, and we
are required by law to protect the privacy and security of your protected health information through
appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving
your unsecured health information and inform you of what steps you may need to take to protect yourself.
Paper Copy of this Notice: You have a right, even if you have agreed to receive notices electronically, to
obtain a paper copy of this Notice. To do so, please submit a request to the Privacy Officer at the address
Complaints: If you believe your privacy rights have been violated, you can file a complaint in writing with
the Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and
Human Services at the below address. There will be no retaliation for filing a complaint.
Office for Civil Rights
Department of HHS
Jacob Javits Federal Building
26 Federal Plaza – Suite 3312
New York, NY 10278
Voice Phone (212) 264-3313
FAX (212) 264-3039
TDD (212) 264-2355
For Further Information: If you have questions, need further assistance regarding or would like to submit a
request pursuant to this Notice, you may contact the Footprints to Recovery Privacy Officer by phone at 55-628-2899 or at the following address: 6640 W Touhy Ave Niles, IL 60714 .
I. Information Footprints to Recovery Collects
A. Personal Information and Non-Identifying Information
When you access or use our Website or Services, we may ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). Personal Information may include, but is not limited to, your name, username (if it identifies you), phone number, email address, home and business postal addresses, and any other information that you provide to Footprints to Recovery that could be used to personally identify you.
We also collect other information that you may provide when using our Website or Services that does not identify you (“Non-Identifying Information”). Non-Identifying Information includes, but is not limited to, your zip code (on its own), gender, age, and individual preferences. Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences).
We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) mainly to provide portions of the Website and Services and respond to correspondence from you. For example, we may use your Personal Information to contact you with newsletters and other information that you request. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications.
We may also combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other End Users to attempt to provide you with a better experience, to improve the quality and value of the Website and Services, and to analyze and understand how the Website and Services are used.
B. Usage Data
When you visit the Website, our servers automatically record information that your browser sends whenever you visit a website. The information sent automatically by your browser is referred to as “Usage Data.” This Usage Data may include information such as the manufacturer and model of your mobile device or other hardware; your Internet Service Provider (ISP); your device’s Internet Protocol (“IP”) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; pages of the Website that you visit, the time spent on those pages or interacting with certain portions of the Website or Services, information you search for on the Website and Services, Website access times and dates; and other statistics. Usage Data may also include certain geographic data that identifies your general location when accessing the Website and Services.
We use this information to monitor and analyze use of the Website and Services and for technical administration of the same, to increase the functionality and user-friendliness of the Website and Services, and to better tailor it to our End Users’ needs. For example, some of this information is collected so that when you visit the Website time after time, it will recognize you and serve information appropriate to your interests. Geographic Usage Data may be used to prioritize information about a Footprints to Recovery location near you.
Usage Data may be non-identifying or it may be associated with you. Whenever we associate Usage Data with Personal Information, we will treat it as Personal Information.
II. Collection of Information
A. Collection of Personal Information and Non-Identifying Information
Please note that if you use any blog, bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Website or Services, or post any information available for viewing by other End Users, any of the information that you share will be visible to other End Users. The information that you make available can be read, used, and collected by other End Users to send you unsolicited messages outside of the Website and Services. Footprints to Recovery is not responsible for the manner in which the Personal Information that you decide to share will be used by other End Users.
B. Collection of Usage Data
Usage Data are collected automatically by the Website and Services servers and software. For example, because the Website automatically collects Usage Data for all End Users that visit the Website, your session on our Website will be tracked by Footprints to Recovery.
Additionally, in some of our email messages, Footprints to Recovery may use a “click-through URL” linked to content on the Website and Services. When an End User clicks onto one of these URLs, the End User will pass through our server before arriving at the destination Web page. Footprints to Recovery tracks this click-through data to help us determine End User interest in certain subject matter and measure the effectiveness of these End User communications. You can avoid being tracked in this way by not clicking text or graphic links in emails from Footprints to Recovery.
Finally, we may use clear gifs or pixel tags, which are tiny graphic images, in order: (i) to advise us of what parts of the Website and Services End Users have visited, (ii) to measure the effectiveness of any searches End Users perform, and (iii) to enable us to send emails in a format that End Users can read and tell us whether such emails have been opened in order to ensure us that we are sending messages that are of interest to End Users.
Some Web browsers may be configured to send Do Not Track signals to websites, or users may use similar mechanisms, to indicate a user’s preference that certain web technologies not be used to track the user’s online activity. Our Website does not accept or process such Do Not Track signals or similar mechanisms.
III. Use and Sharing of Information by Footprints to Recovery
The End User information that Footprints to Recovery collects may be added to our databases and used for business purposes, including for Footprints to Recovery’s marketing and promotional purposes, for a statistical analysis of End Users’ behavior, for product development, for content improvement, or to customize the content and layout of the Website and Services. If you’ve provided information to Footprints to Recovery in order to receive e-mail content and at any time do not want to receive email from us, visit the “Opt Out” or “Unsubscribe” link at the bottom of any Footprints to Recovery email to remove yourself from continued receipt of such email messages.
Footprints to Recovery’s policy is not to share the End User information it collects with third parties other than as specified below, or where an End User expressly consents to our sharing of certain information with a third party. We may share End User information with third parties under the following circumstances:
We may employ third party companies and individuals for any of the following: to facilitate the Website and Services; to provide the Website and Services or portions of the Website and Services on our behalf; to perform related services, including without limitation, maintenance services, database management, fulfillment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how the Website and Services are being used. Such parties may have access to and use End User information in order to provide such services to or on behalf of Footprints to Recovery.
B. Campaigns and Promotions
C. Business Transfers
As we continue to develop our business, we may buy, sell, or share assets in connection with, for example, a merger, acquisition, reorganization, sale of assets, or bankruptcy. In such transactions, information about End Users is often a transferred business asset. In the event of such a business transaction, information about our End Users may be one of the transferred assets.
D. Compliance with Law and Protection of Footprints to Recovery and Others
We may release End User information when we believe, in our sole discretion, that release is appropriate: to comply with the law, including but not limited to, in response to a subpoena served on Footprints to Recovery; to enforce or apply the Agreement, including the Terms and Conditions and other agreements, rules, and policies; to protect the rights, property, or safety of Footprints to Recovery, our End Users, or others; or to prevent activity that we believe, in our sole discretion, may be or may become illegal, unethical, or legally actionable (including exchanging End User information with other companies and organizations for fraud protection).
E. Aggregate Site Use Information
We may release aggregate End User information (without revealing any Personal Information about you) to advertisers and other third parties in order to promote or describe use of the Website and Services.
IV. International Transfer
V. Deleting Your Information
You may request that Footprints to Recovery completely delete all Personal Information you have provided to Footprints to Recovery through the Website or Services by contacting [email protected] We will use commercially reasonable efforts to honor such a request. We may, however, retain an archived copy of your records consistent with our records retention policies or as required by law.
We are very concerned with safeguarding your information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. For example, we use commercially reasonable security measures such as encryption, firewalls, and secure socket layers (SSL) to protect End User information.
Please note that no security system is impenetrable. Accordingly, we do not guarantee the security of our databases, nor that information you supply won’t be intercepted while being transmitted to us over the Internet or other network. Any information you transmit to Footprints to Recovery, you do at your own risk. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email (when available) or a conspicuous posting through the Website and Services in the most expedient time possible and without unreasonable delay, as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
VII. Children’s Privacy
We are committed to protecting the privacy of children. By using the Website and Services, you represent and warrant that you are thirteen (13) years of age or older and that you agree to and agree to abide by all of the terms and conditions of the Agreement. If Footprints to Recovery believes that you are under the age of thirteen (13) or that you are not old enough to consent to and be legally bound by the Agreement, Footprints to Recovery may, at any time, in its sole discretion, and with or without notice: (i) terminate your access to or use of the Website and Services (or any portion, aspect, or feature of them), or (ii) delete any content or information that you have posted through the Website and Services.
VIII. Contacting Us