Brook Rcovery Centers Privacy Policy**

Brook Rcovery Centers (“We” or “Us”) is committed to safeguarding your privacy and ensuring your personal health information (PHI) is protected. This Privacy Policy (“Policy“) explains the collection, use, disclosure, and protection of your information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and Massachusetts law 201 CMR 17.00. 

**Information We Collect**

We collect various types of PHI, including medical history, treatment records, insurance information, and other details necessary for providing you with our services. Additionally, we collect Personal Information, such as your name, social security number, driver’s license number, or financial account number.

**How We Use Your Information**

We use your PHI and Personal Information for treatment, payment, healthcare operations, and when otherwise permitted or required by law. We may share your information in circumstances such as a medical emergency, for public health activities, or if we assess you as a threat to yourself or others. 

**Disclosure of Information**

We will not disclose your information without your consent, unless such disclosure is necessary for treatment, payment, healthcare operations, or as mandated by law, such as in instances of potential threats to public safety.

**Your Rights under HIPAA**

You have several rights under HIPAA:

1. **Right to Access**: You have the right to inspect and obtain a copy of your PHI.
2. **Right to Amend**: You can request amendments to your PHI if you believe it is incorrect or incomplete.
3. **Right to Disclosure Accounting**: You have a right to receive an accounting of certain disclosures we have made of your PHI.
4. **Right to Request Restrictions**: You can request restrictions on the use and disclosure of your PHI.
5. **Right to Request Confidential Communications**: You can request that we communicate with you about your PHI in a certain way or at a certain location.
6. **Right to Complain**: You can complain if you feel we have violated your rights.

**Our Legal Duties**

We are required by law to maintain the privacy of your PHI, provide you with this notice of our legal duties and privacy practices, and comply with the terms of this notice.

**Data Security**

We have implemented a comprehensive information security program that includes administrative, technical, and physical safeguards. These measures protect against unauthorized access, use, disclosure, alteration, and destruction of your Personal Information and PHI, in compliance with 201 CMR 17.00.

**Third-Party Service Providers**

We take reasonable steps to ensure any third-party service providers with access to your information are committed to maintaining its confidentiality and integrity. They are required to abide by the same regulations and privacy protections as outlined in this policy.

**Changes to this Policy**

We reserve the right to revise this Policy as required and will do so at least annually or whenever there is a significant change in our business practices. We will notify you of any changes in the way we handle your PHI.

**Contact Us**

For further information about our privacy practices, or to exercise your rights as detailed in this policy, please contact our Privacy Officer:

Connor Kellet

[email protected]