Recover and Thrive Health Services

Notice of Privacy Practices (Patient Privacy Policy)
Effective date: December 1, 2025
Last updated: December 1, 2025

This notice describes how protected health information (PHI) and drug and alcohol treatment records about you may be used and disclosed and how you can get access to this information. Please review it carefully. (This format and content reflect common industry practice for HIPAA Notices of Privacy Practices and substance use disorder confidentiality requirements.) [hhs.gov], [cms.gov], [hipaajournal.com], [congress.gov]

General Information

Information regarding your health care—including payment for health care and treatment—is primarily protected by three federal laws:

  1. HIPAA (Health Insurance Portability and Accountability Act of 1996): 42 U.S.C. § 1320d et seq.; 45 C.F.R. Parts 160 & 164 (Privacy, Security, Breach Notification Rules). [hhs.gov], [cms.gov]

  2. HITECH Act (Health Information Technology for Economic and Clinical Health Act): additional privacy and security requirements, including safeguards for electronic PHI. [hhs.gov]

  3. Confidentiality of Substance Use Disorder Patient Records (“Part 2”): 42 U.S.C. § 290dd‑2; 42 C.F.R. Part 2, which provides extra protections for records of individuals receiving substance use disorder diagnosis, treatment, or referral. [congress.gov]

Under these laws, Recover and Thrive Health Services (“Recover and Thrive,” “we,” “us,” “our”) may not disclose information identifying you as receiving substance use disorder services, nor other protected information about you, except as permitted by applicable federal and state law.

How We May Use and Disclose Medical Information About You

The following describes ways we may use and disclose your medical information. Examples illustrate common scenarios and are not exhaustive.

1) For Treatment

We may use and disclose PHI to provide, coordinate, or manage your health care and related services—for example, sharing information with physicians, counselors, labs, or other providers involved in your care. Disclosures of Part 2 records for treatment generally require your written consent unless a specific Part 2 exception applies. [hhs.gov], [congress.gov]

2) For Payment

We may use and disclose PHI to bill and collect payment from you, your health plan, or a third party, including prior authorizations, eligibility checks, and claims management. Certain Part 2 disclosures for payment may require your written consent. [hhs.gov]

3) For Health Care Operations

We may use and disclose PHI for operations such as quality assessment, training, accreditation, auditing, and compliance activities to ensure you receive quality care. Where Part 2 applies, additional restrictions limit operational disclosures without consent or specific exceptions. [hhs.gov], [congress.gov]

4) Treatment Reminders and Program Notices

We may contact you to remind you of appointments or share updates related to your care (e.g., schedule changes, preparation instructions). If messages could contain PHI, we will take reasonable safeguards and honor your communication preferences.

5) Business Associates

We may disclose PHI to third parties performing services for us (e.g., claims processing, utilization review, legal/accounting, IT, secure messaging) under Business Associate Agreements that require them to protect your information. Some Part 2 functions may necessitate Qualified Service Organization agreements and/or specific consent. [hhs.gov]

6) As Required by Law

We may disclose PHI when required by federal, state, or local law, subpoenas, court orders, or as permitted under HIPAA/Part 2—for example, reporting certain public health information to authorities where allowed. Part 2 disclosures generally require a court order meeting specific criteria. [hhs.gov], [cdc.gov]

7) Public Health and Safety

We may disclose limited PHI to public health authorities for activities such as disease reporting or to prevent or reduce a serious and imminent threat to health or safety, consistent with HIPAA and applicable law. Part 2 imposes additional constraints—disclosure must meet specific exceptions or court order requirements. [hhs.gov], [cdc.gov]

8) Health Oversight and Audits

We may disclose PHI to health oversight agencies for audits, licensure, inspections, or investigations. Part 2 permits limited disclosures to qualified personnel for audits/evaluations, subject to strict conditions. [hhs.gov]

9) Research

We may use or disclose PHI for research under Institutional Review Board (IRB) approval or waiver criteria. For Part 2 records, specific research requirements and approvals apply before any disclosure. [hhs.gov]

10) De-identified and Limited Data Sets

We may use or share de-identified information (not identifiable to you) or Limited Data Sets under data use agreements for approved purposes. [hhs.gov]

Special Protections for Substance Use Disorder Records (Part 2)

Records identifying you as having or having had a substance use disorder, or as having received related services, are subject to heightened protections under 42 C.F.R. Part 2. Generally, Recover and Thrive cannot disclose those records without your written consent, unless a specific Part 2 exception applies (e.g., medical emergencies, qualified audits/evaluations, valid court orders that meet Part 2 standards). [congress.gov]

Your Rights Regarding Medical Information

You have the following rights under HIPAA and, where applicable, under Part 2 or state law:

  • Right to Inspect and Obtain Copies of your PHI, including electronic copies where maintained electronically, with limited exceptions. [hhs.gov]

  • Right to Request Amendments to your records if you believe they are inaccurate or incomplete. [hhs.gov]

  • Right to Request Restrictions on certain uses/disclosures (e.g., restricting a health plan’s access to information about services you paid for entirely out-of-pocket). While we may not always agree to requested restrictions, we will honor those mandated by law. [cms.gov]

  • Right to Request Confidential Communications (e.g., contacting you at an alternative address/phone). [hhs.gov]

  • Right to an Accounting of Disclosures of PHI (non-treatment/payment/operations disclosures) during the prior six years, subject to legal limits. [hhs.gov]

  • Right to a Paper Copy of this notice at any time, even if you agreed to receive it electronically. [hhs.gov]

  • Right to Revoke Consent/Authorization in writing, except to the extent we have already relied on it. Part 2 revocations follow specific rules. [congress.gov]

To exercise these rights, contact: Katie Creighton/CEO, info@recoverandthrivehealthservices.com, 615-544-5205, 100 S Mulberry Street, LL 123, Dickson, TN 37055.

Our Duties

  • We are required by law to maintain the privacy and security of your PHI, provide you this notice, and abide by the terms of the notice currently in effect. [hhs.gov]

  • We will notify you following a breach of your unsecured PHI as required by law (Breach Notification Rule). [hhs.gov]

  • We may revise this notice and will post the current version on our website and in our facilities, and provide it upon request. [hhs.gov]

Uses and Disclosures Requiring Your Written Authorization

Certain uses/disclosures of PHI—such as most marketing, sale of PHI, and psychotherapy notes—require your written authorization. For Part 2 records, disclosures generally require a specific written consent identifying the recipient, purpose, and scope of information. You may revoke an authorization at any time in writing, except to the extent actions have already been taken based on your authorization. [hhs.gov], [congress.gov]

Communications and Digital Contact (Web, Email, SMS)

We recognize the importance of privacy in digital communications. If you opt in to text messages, emails, patient portals, or telehealth tools, these may contain appointment information or limited PHI needed to support your care (e.g., date/time/location, provider name, instructions). Message frequency varies by service. Standard message/data rates may apply. You may opt out of SMS at any time by replying “STOP”; for assistance reply “HELP” or contact us using the details below. We implement safeguards and will honor your preferences; however, sending/receiving PHI via text/email may carry risks of inadvertent access by unauthorized parties.

For detailed information about our website and digital privacy practices (cookies, analytics, forms, social media interactions), please see our Web Privacy Policy at https://www.recoverandthrivehealthservices.com/web-privacy-policy.

Fundraising

We may contact you to raise funds to support our mission. You have the right to opt out of receiving such communications. We will honor opt-out requests promptly. [hhs.gov]

Minors & Personal Representatives

We comply with rules regarding the rights of personal representatives and minors under HIPAA, Part 2, and state law. In some cases, minors may have privacy rights related to specific services (e.g., substance use treatment) and disclosures may require the minor’s consent. [hhs.gov]

Complaints

If you believe your privacy rights have been violated, you may file a complaint:

  • With Recover and Thrive: Katie Creighton/CEO, info@recoverandthrivehealthservices.com, 615-544-5205, 100 S Mulberry Street, LL 123, Dickson, TN 37055.

  • With HHS Office for Civil Rights (OCR): Online at https://www.hhs.gov/ocr/privacy/hipaa/complaints/ or by mail to your regional office. We will not retaliate against you for filing a complaint. [hhs.gov]

Contact Information

Recover and Thrive Health Services
Privacy Officer: Katie Creighton/CEO
Address: 100 S Mulberry Street, LL 123, Dickson, TN 37055
Phone: 615-544-5205
Email: info@recoverandthrivehealthservices.com
Website: www.recoverandthrivehealthservices.com

State-Specific Notices

Depending on your state, additional privacy protections may apply (e.g., mental health, HIV-related information, genetic information, reproductive health services). We will comply with applicable state laws that provide greater protections than federal law. (HIPAA permits more stringent state protections; adapt with counsel based on your operating states.) [hhs.gov]

Important Notes & Sources

  • Legal references and patient rights sections are grounded in HIPAA/HITECH guidance (HHS/CMS), Part 2 confidentiality rules, and standard NPP models published by HHS. [hhs.gov], [cms.gov], [congress.gov], [hhs.gov]