Privacy Policy

Guidance Recovery Services (“we,” “us,” or “our”) is committed to safeguarding the privacy of every individual who visits our website, contacts us, or receives treatment through our substance abuse treatment programs located in Granada Hills, California. This Privacy Policy describes how we collect, use, disclose, and protect your personal information, including Protected Health Information (“PHI”), in accordance with the Health Insurance Portability and Accountability Act (“HIPAA”), 42 CFR Part 2 (Confidentiality of Substance Use Disorder Patient Records), the California Consumer Privacy Act (“CCPA”), and other applicable federal and state privacy laws.

1. Information We Collect

We may collect the following categories of information:

a. Personal Information Voluntarily Provided

• Full name, date of birth, mailing address, email address, and telephone number
• Insurance information, including carrier name, member ID, and group ID
• Emergency contact details
• Information submitted through our Contact Us form, Insurance Verification form, or by telephone

b. Protected Health Information (PHI)

• Medical and behavioral health records related to your treatment
• Diagnosis and treatment plan information
• Substance use history and assessment results
• Information obtained during the admissions and intake process

c. Information Collected Automatically

• IP address and browser type
• Pages visited on our website and time spent
• Referring website URLs
• Device information and operating system

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, coordinate, and manage substance abuse treatment services
• To verify insurance coverage and process billing
• To respond to inquiries submitted through our website or by phone
• To communicate with you regarding your treatment, appointments, and aftercare
• To comply with federal and state regulatory and reporting requirements
• To improve our website, services, and patient experience
• To maintain the safety and security of our facility, staff, and patients

3. HIPAA and 42 CFR Part 2 Compliance

As a substance abuse treatment provider, we are bound by HIPAA and the federal regulations under 42 CFR Part 2, which provide heightened protections for substance use disorder patient records. Under these regulations:

• Your PHI will not be disclosed without your written consent except as specifically permitted by law (e.g., medical emergencies, qualified audits, court orders meeting specific legal criteria, or crimes committed on program premises)
• Your substance use disorder treatment records receive additional protections beyond standard medical records
• We will not re-disclose your information to third parties without your explicit authorization
• A separate Notice of Privacy Practices is provided to all patients at the time of admission, describing your rights under HIPAA in full detail

4. Disclosure of Information

We may disclose your information in the following limited circumstances:

• Treatment, Payment, and Healthcare Operations: As permitted under HIPAA for care coordination, claims processing, and quality assurance
• With Your Written Consent: When you provide a signed authorization for disclosure to a specific individual or entity
• As Required by Law: In response to valid court orders, subpoenas, or mandatory reporting obligations (e.g., child abuse, threat of harm)
• Business Associates: To third-party service providers who perform services on our behalf and are bound by HIPAA Business Associate Agreements
• De-identified Data: We may use or share aggregated, de-identified data that cannot reasonably be used to identify you for research, analytics, or quality improvement purposes

We do not sell, rent, or trade your personal information or PHI to any third party for marketing purposes.

5. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information, including:

• AES-256-GCM encryption for sensitive data stored in our systems
• Secure HTTPS encryption for all data transmitted through our website
• Access controls and role-based permissions for staff
• Regular security assessments and monitoring
• Rate-limited form submissions to prevent automated abuse
• Input validation and sanitization to prevent injection attacks

While we take every reasonable precaution to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable notification laws.

6. Your Rights Under HIPAA

As a patient, you have the right to:

• Access your PHI and request copies of your medical records
• Request amendments to your PHI if you believe it is inaccurate or incomplete
• Request restrictions on certain uses and disclosures of your PHI
• Receive an accounting of disclosures of your PHI made by us
• Request confidential communications (e.g., contact you only at a specific address or phone number)
• File a complaint if you believe your privacy rights have been violated, without fear of retaliation

To exercise any of these rights, please contact us at [email protected] or call (866) 490-9355.

7. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA, including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information, subject to legal exceptions
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

Please note that PHI governed by HIPAA and 42 CFR Part 2 is generally exempt from the CCPA. However, we extend CCPA protections to all personal information where applicable.

8. Cookies and Tracking Technologies

Our website may use essential cookies necessary for site functionality. We do not use third-party advertising cookies or sell data collected through tracking technologies. You may adjust your browser settings to decline cookies, though this may affect your experience on our website.

9. Third-Party Links

Our website may contain links to third-party websites or resources. We are not responsible for the privacy practices or content of those external sites. We encourage you to review the privacy policies of any third-party website before providing your personal information.

10. Children’s Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors without verified parental or guardian consent. If we become aware that we have collected information from a minor without proper consent, we will take steps to delete such information promptly.

11. Data Retention

We retain personal information and PHI in accordance with applicable federal and state regulations, professional standards, and our internal records retention schedule. Treatment records are retained for a minimum period as required by California law. When information is no longer required, it is securely destroyed.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated “Last Updated” date. We encourage you to review this page periodically. Your continued use of our website or services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is handled, please contact us:

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated. Visit www.hhs.gov/ocr for more information.