HIPAA Compliance at Integrity Treatment Partners

At Integrity Treatment Partners, your privacy is our highest priority. As a New York State OASAS-licensed outpatient addiction treatment provider, accredited by the Joint Commission we strictly adhere to all federal and state regulations governing the confidentiality of your health information.

This page explains how we comply with the Health Insurance Portability and Accountability Act (HIPAA) and 42 CFR Part 2, the federal regulation that provides even stricter protections for substance use disorder (SUD) patient records. Our practices are reviewed by our Medical Director,Dr. Stuart Wasser, MD, and Clinical Director, Samantha Callister, LCSW, CASAC-M.

HIPAA is a federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information, known as Protected Health Information (PHI). HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses.

Under HIPAA, we are required to safeguard your PHI, limit how it is used and disclosed, and provide you with certain rights regarding your health information.

Because we provide substance use disorder treatment, your records receive additional protections under 42 CFR Part 2, a federal regulation specifically designed to address the stigma associated with addiction. This means:

• Your SUD treatment records cannot be disclosed without your explicit written consent, except in limited emergency situations.
• We cannot share your information with employers, family members, law enforcement, or legal entities without your permission.
• Your records are protected from subpoena in most legal proceedings.
• Any disclosure requires a specific consent form that details exactly what information is shared, with whom, and for what purpose.

We implement comprehensive administrative, physical, and technical safeguards to protect your health information:

Under HIPAA and 42 CFR Part 2, you have the following rights regarding your health information:

We may use and disclose your health information in the following circumstances:

With Your Written Consent:

• Coordination of care with other healthcare providers
• Communication with family members or designated individuals
• Insurance claims and payment processing
• Referrals to higher levels of care or support services

Without Your Consent (Limited Exceptions):

• Medical emergencies: To prevent an imminent threat to your life or safety
• Child abuse reporting: As required by New York State law
• Court orders: Only with a specific court order that meets 42 CFR Part 2 requirements
• Qualified service organizations: Entities performing services on our behalf under strict agreements
• Research: With appropriate safeguards and institutional review board approval

Our facility and systems are designed with your privacy in mind:

In the unlikely event of a breach of your unsecured PHI, we will:

• 1Notify you in writing within 60 days of discovering the breach, describing what happened, what information was involved, and steps you can take to protect yourself.
• 2Report the breach to the U.S. Department of Health and Human Services (HHS) as required.
• 3For breaches affecting 500+ individuals, notify prominent media outlets in the state.
• 4Take immediate steps to mitigate the breach and prevent future incidents.

If you have questions about our privacy practices, wish to exercise your rights, or have concerns about how your information has been handled, please contact us:

Related Policies