• Real Healing. Real Growth. Real Freedom
713-766-1330

Altura Recovery Privacy Policy & Your PHI Rights Under HIPAA

Notice of Privacy Practices
Effective Date: June 1, 2025
This Notice of Privacy Practices describes how Altura Recovery LLC (“we,” “us,” or “our”) may use and disclose your protected health information (PHI), and how you can access and control this information. We are committed to maintaining the privacy and security of your PHI as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state laws.
Please read this notice carefully to understand your rights and our responsibilities regarding your medical information.
1. Our Responsibilities Under the Law
At Altura Recovery, we are committed to protecting your privacy and the confidentiality of your health information. Under the Health Insurance Portability and Accountability Act (HIPAA), we are permitted to use and disclose your Protected Health Information (PHI) for specific purposes without your written authorization. These uses are described below.
Treatment:
We may use and share your PHI with doctors, therapists, counselors, and other health care providers involved in your care. For example, if you are seeing a therapist and also attending our group program, we may share updates with your therapist (with your consent) to ensure continuity and coordination of care. This may include your diagnoses, treatment plans, or progress updates.
Payment:
We may use and disclose your PHI to obtain payment for the services we provide. This includes submitting claims to your insurance company, billing, and related activities. For example, we may provide your insurance company with information about your diagnosis and services received to verify coverage and process reimbursement.
Healthcare Operations:
We may use and share your PHI as necessary to operate our organization and improve your care. These activities may include training staff, quality assurance reviews, internal audits, licensing, compliance activities, accreditation processes, and administrative management.
Required by Law:
We will disclose your PHI when required to do so by federal, state, or local law. This may include public health reporting, court orders, or reporting abuse or neglect.
Emergency Situations:
If you are in a life-threatening or emergency situation and are unable to communicate, we may disclose relevant PHI to first responders, emergency personnel, or others involved in your care. If necessary to prevent serious harm to yourself or others, we may disclose limited information to the appropriate parties, consistent with ethical and legal guidelines.
Public Health and Safety:
We may disclose PHI to public health authorities to report suspected abuse, neglect, or domestic violence, prevent or control disease, injury, or disability, and respond to threats to the health or safety of individuals or the public.
Health Oversight Activities:
We may share PHI with government agencies for audits, investigations, inspections, and licensure activities, as authorized by law.
Business Associates:
We may share PHI with contractors, vendors, and consultants (called “business associates”) who perform services on our behalf and require access to PHI. All business associates are required by law to maintain the confidentiality and security of your information and are bound by strict data use agreements.
Appointment Reminders and Health Services:
We may use your PHI to contact you with reminders about your appointments or to inform you about treatment alternatives or health-related benefits and services that may be of interest to you.
With Your Authorization:
For any other purpose not described above, we will obtain your written authorization before using or disclosing your PHI. You have the right to revoke this authorization at any time in writing.
2. How We May Use and Disclose Your Health Information
We may use and disclose your PHI without your written authorization in the following circumstances:
a. Treatment
We may use and disclose PHI to coordinate or manage your care. For example, we may share your information with therapists, doctors, case managers, or other healthcare providers who are involved in your treatment.
b. Payment
We may use your PHI to bill and receive payment for the services we provide to you. This includes communicating with your insurance company or a third-party payer to verify coverage or obtain prior authorization.
c. Healthcare Operations
We may use and disclose PHI for administrative and quality improvement activities. These may include staff performance reviews, licensing, legal compliance, accreditation, clinical audits, and program evaluation.
d. Required by Law
We may disclose your PHI if required to do so by federal, state, or local laws, including disclosures to public health authorities and law enforcement.
e. To Prevent a Serious Threat
We may disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of another person or the public. This may include disclosure to law enforcement, medical professionals, or a crisis team.
f. Health Oversight Activities
We may disclose PHI to regulatory agencies or other authorities responsible for overseeing healthcare systems, such as audits, licensing, or investigations.
g. Public Health Risks
We may disclose PHI to public health authorities for purposes such as reporting abuse or neglect, controlling disease outbreaks, and preventing or controlling other health risks.
h. Judicial and Administrative Proceedings
We may disclose PHI in response to a court or administrative order, a subpoena, discovery request, or other lawful processes, if certain legal requirements are met.
i. Law Enforcement
We may disclose PHI to law enforcement officials for purposes such as locating a suspect, victim, or missing person, or to report a crime that occurred on our premises.
j. Victims of Abuse, Neglect, or Domestic Violence
If we reasonably believe you are a victim of abuse or neglect, we may disclose PHI to the appropriate authority, such as a protective services agency, if permitted or required by law.
k. Business Associates
We may share PHI with third-party contractors or service providers (known as “Business Associates”) who perform services on our behalf, such as billing, IT services, or legal services. These Business Associates are bound by HIPAA and must protect your PHI.
3. Uses and Disclosures Requiring Your Authorization
At Altura Recovery, we are committed to maintaining the privacy and security of your Protected Health Information (PHI). We are required by law to comply with federal and state regulations governing the use and disclosure of health information. These legal duties include:
a. Duty to Maintain the Privacy of Your PHI
We are legally required under the Health Insurance Portability and Accountability Act (HIPAA) to protect the confidentiality of your health information. This includes any information that can be used to identify you and relates to your past, present, or future physical or mental health or condition, the provision of healthcare to you, or the payment for that care.
 
  • We implement physical, administrative, and technical safeguards to protect your PHI.
  • Staff members are trained on privacy and confidentiality protocols to ensure compliance.
b. Duty to Provide You with a Notice of Privacy Practices
We are required to give you a copy of this Notice of Privacy Practices, which describes:
  • How we may use and disclose your PHI;
  • Your legal rights regarding your PHI;
  • Our legal duties to protect your information;
  • Who to contact if you have questions or concerns.
You may request a paper or electronic copy of this notice at any time.
c. Duty to Follow the Terms of This Notice
We must comply with the terms outlined in this current Notice of Privacy Practices. If we make any changes to our privacy policies or practices, we will update this notice and make the revised version available to you.
 
  • Revised notices will be posted on our website and in our office.
  • Material changes will apply to all PHI we maintain, including information collected prior to the change.
d. Duty to Notify You of a Breach
In the event of a breach that compromises the privacy or security of your unsecured PHI, we are required by law to notify you without unreasonable delay and no later than 60 days after discovery.
  • The notification will include a description of what happened, the types of information involved, recommended steps to protect yourself, and what we are doing to prevent future breaches.
e. Duty to Accommodate Your Rights
We are also required to honor your rights under HIPAA, including your right to:
  • Access your records;
  • Request amendments;
  • Request restrictions;
  • Obtain an accounting of disclosures;
  • Receive confidential communications.
We are committed to upholding these rights in accordance with federal law.
4. Your Rights Regarding Your PHI
As a client of Altura Recovery, you have several important rights regarding how your Protected Health Information (PHI) is used, accessed, and disclosed. These rights empower you to make informed decisions about your care and how your information is handled. Below are your rights and how you can exercise them:
a. Right to Access
You have the right to review or request a copy of your medical records and other PHI that we maintain. This includes progress notes, assessments, billing records, and any other documentation used to make decisions about your care.
 
  • Requests must be submitted in writing.
  • We will provide access within 30 days, or notify you if we need an extension (up to an additional 30 days).
  • We may charge a reasonable, cost-based fee for copies.
  • You may request records in electronic or paper format.
b. Right to Request Amendments
If you believe that the information in your records is inaccurate or incomplete, you may request an amendment.
  • You must submit the request in writing with a reason for the amendment.
  • We may deny your request if the record was not created by us, if it is already accurate and complete, or if we are not permitted to alter it by law.
  • If denied, we will inform you in writing and allow you to submit a statement of disagreement for inclusion in your record.
c. Right to an Accounting of Disclosures
You have the right to request a list (an "accounting") of certain disclosures of your PHI made by Altura Recovery over the past six years.
  • This list will not include disclosures made for treatment, payment, healthcare operations, or those you authorized.
  • We will provide one free accounting per year; additional requests may incur a reasonable fee.
d. Right to Request Confidential Communications
You may request that we communicate with you in a specific way (e.g., via email, phone, or mail) or at a specific location (e.g., at your home instead of work).
  • We will accommodate all reasonable requests without requiring a reason.
e. Right to Request Restrictions
You have the right to request limitations on how we use or disclose your PHI for treatment, payment, or healthcare operations.
  • While we are not legally required to agree to every request, if we do, we will honor it unless the information is needed for emergency treatment.
  • You may also request that we not share information with your health insurance if you have paid for the service in full out-of-pocket.
f. Right to Receive a Paper or Electronic Copy of This Notice
You are entitled to receive a copy of our Notice of Privacy Practices at any time, even if you have previously agreed to receive it electronically.
g. Right to Revoke Authorization
If you previously gave written permission for a specific use or disclosure of your PHI (e.g., to a school, employer, or external provider), you may revoke that authorization at any time in writing.
  • Revocations do not affect any disclosures already made while the authorization was valid.
h. Right to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS).
  • You will not be retaliated against for filing a complaint.
  • Complaints can be submitted in writing to:
5. Confidentiality of Substance Use Records
There are certain types of uses and disclosures of your Protected Health Information (PHI) that require your written authorization under federal law. Altura Recovery will never disclose these types of information without your signed permission unless required by law:
a. Marketing & Fundraising
We will not use or disclose your PHI for marketing purposes or fundraising communications unless you provide explicit, written consent.
b. Psychotherapy Notes
If our clinicians maintain separate psychotherapy notes (as defined by HIPAA), we will not share them without your signed authorization unless legally required.
c. Substance Use Disorder Treatment Records (42 CFR Part 2)
Records related to your participation in substance use disorder treatment are protected by federal confidentiality regulations (42 CFR Part 2). These records may not be disclosed without your written consent, except under very limited circumstances, such as:
 
  • Medical emergency,
  • Mandated court order,
  • Qualified audits or evaluations,
  • Or as otherwise permitted by law.
You have the right to revoke any previously signed authorization at any time in writing. Revocations apply going forward and do not affect disclosures made while the authorization was valid.
6. How We Safeguard Your Information
Altura Recovery takes the privacy and security of your health information seriously. We have implemented physical, technical, and administrative safeguards to protect your PHI from unauthorized access, use, or disclosure.
a. Physical Safeguards
 
  • All paper records are stored in locked file cabinets within secure office spaces.
  • Access to our offices and storage areas is restricted to authorized personnel only.
  • Visitors are escorted and monitored while in confidential spaces.
b. Technical Safeguards
  • Electronic health records (EHRs) are hosted in HIPAA-compliant platforms with encryption.
  • All data in transit (e.g., emails, uploads) is encrypted using industry-standard SSL/TLS protocols.
  • Multi-factor authentication (MFA) is required for staff to access clinical systems.
c. Administrative Safeguards
  • All staff and contractors are trained annually in HIPAA compliance, including privacy, security, and breach protocols.
  • Role-based access controls ensure that staff can only access information necessary for their duties.
  • Security audits are conducted regularly to assess risk and ensure ongoing compliance with privacy standards.
d. Breach Notification
In the unlikely event of a data breach involving your PHI, we will notify you without unreasonable delay, in accordance with HIPAA’s Breach Notification Rule. Notifications will include:
 
  • A description of the breach,
  • The type of information involved,
  • Steps you can take to protect yourself,
  • And what Altura is doing to mitigate harm.
7. How to File a Complaint
If you believe your privacy rights have been violated, you may file a complaint with:
Privacy Officer
Altura Recovery LLC
5555 West Loop South, Suite 240
Bellaire, TX 77401
Email: info@alturarecovery.com
Phone: 713-766-1330
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights:
https://www.hhs.gov/ocr/privacy/hipaa/complaints/
We will not retaliate against you for filing a complaint.
8. SMS Text Messaging Policy
Altura Recovery LLC respects your privacy and is committed to protecting your personal information. This section outlines our SMS communication practices:
We may use your mobile number to send SMS messages related to appointment reminders, program updates, follow-ups, and limited promotional content, only if you have provided explicit consent.
No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the stated categories in this Privacy Policy exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
End users may opt out of receiving further messages at any time by replying STOP. For more information, reply HELP.
Message frequency may vary. Message and data rates may apply.
By consenting to receive SMS messages, you acknowledge and agree to the terms outlined in this section.
9. Changes to This Notice
We reserve the right to revise this Notice at any time. The revised Notice will apply to all PHI we maintain and will be posted on our website and made available at our offices.
10. Contact Information
For more information about this Notice or your privacy rights, please contact:
Privacy Officer
Altura Recovery LLC
Email: info@alturarecovery.com
Phone: 713-766-1330
Website: www.alturarecovery.com
 
Altura Recovery Logo
5555 West Loop South #240
Bellaire, TX 77401
If you’ve been following us here at Altura Recovery, you know we’re always looking for ways to expand our approach to addiction and mental health treatment.
Quick Links
Our Services
  • LegitScript Certified seal, indicating trusted certification for Altura Recovery's addiction and mental health treatment services.
Join Us
Copyright © 2025 Altura Recovery  - PRIVACY POLICY


FacebookInstagramTiktokIcon-google-map
Skip to content