Privacy Policy

FIRST STEPS RECOVERY WEBSITE PRIVACY POLICY

NOTICE OF PRIVACY PRACTICES (HIPAA)

NOTICE OF CONFIDENTIALITY PRACTICES (42 CFR PART 2)

Effective Date: February 16, 2026

IMPORTANT NOTICE

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

You have the right to receive a paper or electronic copy of this Notice and to discuss it with our Privacy Officer.

ORGANIZATION INFORMATION

First Steps Recovery

Owned and operated by True North Detox LLC

DBA First Steps Recovery

Privacy Officer (HIPAA & 42 CFR Part 2):

Michael Ivemeyer

Chief of Compliance and Strategic Development

• Licensing@firststepsrecovery.com, (559) 801‑1490, 

General Privacy Contact (Website):

• Info@firststepsrecovery.com, (559) 272‑7775

IMPORTANT NOTE ABOUT SCOPE

This Notice applies to two distinct situations:

A. Website Visitors & Prospective Clients

(Website Privacy Policy)

Applies when you:

• Visit our website
• Submit contact or admissions forms
• Request information
• Verify insurance benefits
• Communicate with admissions

B. Patients & Patient Records

(HIPAA & 42 CFR Part 2 Notice)

Applies to health information we create, receive, maintain, or transmit about you, including:

• Medical records
• Behavioral health records
• Substance Use Disorder (SUD) treatment records

Substance Use Disorder patient records receive additional protections under 42 CFR Part 2.

If HIPAA and Part 2 conflict, the more protective rule applies.

PART 1: WEBSITE PRIVACY POLICY (ONLINE PRIVACY)

Information We Collect

Information You Provide Voluntarily

• Name
• Date of birth
• Email address
• Phone number
• Address (city, state, ZIP)
• Insurance information
• Information submitted through forms or communications

Automatically Collected Information

• IP address
• Browser and device type
• Pages visited
• Dates/times of access
• Referral URLs

Cookies & Tracking We use cookies and similar technologies to:

• Improve website functionality
• Analyze website usage
• Evaluate marketing effectiveness

You may disable cookies through your browser settings; some features may not function properly.

Analytics Tools We may use:

• Google Analytics – https://policies.google.com/privacy
• Microsoft Clarity – https://privacy.microsoft.com/privacystatement

Website Communications & Security

Information submitted through website forms may include health‑related or insurance information, but website communications are not always transmitted through HIPAA‑secure systems.

Do not submit emergency or highly sensitive clinical information through website forms.

If you become a patient, your information will be protected under:

• HIPAA
• 42 CFR Part 2 (when applicable)

Call Monitoring & Recording

Calls to and from First Steps Recovery may be recorded or monitored for quality assurance, training, and service improvement purposes.

How We Use Website Information

• Respond to inquiries
• Verify insurance benefits
• Support admissions
• Improve website functionality
• Send administrative communications
• Send marketing communications (opt‑out available)
• Prevent fraud or misuse
• Comply with legal obligations

How We Share Website Information

We do not sell personal information.

Information may be shared with:

• Website hosting providers
• Analytics providers
• Communication platforms
• Call tracking systems
• Admissions and insurance verification vendors

We may disclose information when required by law or to protect safety or legal rights.

Data Retention & Security

We retain website data only as long as necessary and apply reasonable administrative, technical, and physical safeguards.

Children’s Privacy

We do not knowingly collect personal information from children under age 13 without parental consent.

PART 2: NOTICE OF PRIVACY PRACTICES (HIPAA)

Uses and Disclosures Without Authorization

We may use or disclose your Protected Health Information (PHI) for:

Treatment – Coordinating your care

Payment – Billing and reimbursement

Health Care Operations – Quality improvement, compliance, training

Business Associates may receive PHI and are required by law and contract to protect it.

Other Uses Permitted or Required by Law

• Public health reporting
• Health oversight activities
• Legal proceedings
• Law enforcement requests
• Workers’ compensation
• Organ donation coordination
• Military or national security purposes

Special Protections

Certain information (e.g., mental health records, HIV/AIDS status) may receive additional protections under federal or state law.

Your HIPAA Rights

You have the right to:

• Access and obtain copies of your records
• Request amendments
• Request confidential communications
• Request restrictions on disclosures
• Request that information about services you paid for in full out‑of‑pocket not be disclosed to your health plan
• Receive an accounting of disclosures
• Receive a copy of this Notice

PART 3: NOTICE OF CONFIDENTIALITY PRACTICES (42 CFR PART 2)

Federal law protects the confidentiality of Substance Use Disorder patient records.

Written Consent

Most disclosures of SUD records require your written consent, including for treatment, payment, and operations.

You may provide:

• A single general consent for future TPO disclosures
• A limited consent for specific recipients

Limited Disclosures Without Consent

Permitted only in limited circumstances, including:

• Medical emergencies
• Program operations
• Audits or evaluations
• Research with safeguards
• Reporting child abuse or neglect
• Crimes on program premises

Legal Proceedings

SUD records generally cannot be used against you without:

• Your written consent, or
• A qualifying court order

REQUIRED FEDERAL NOTICE

Violations of the federal confidentiality protections for Substance Use Disorder patient records may be subject to criminal penalties.

Suspected violations may be reported to appropriate authorities.

PART 4: WHEN AUTHORIZATION IS REQUIRED

Written authorization is required for:

• Marketing using health information
• Sale of health information
• Disclosure of psychotherapy notes (with limited exceptions)

You may revoke authorization in writing at any time.

PART 5: OUR RESPONSIBILITIES

We are required by law to:

• Maintain the privacy and security of your information
• Follow the terms of this Notice
• Notify you of breaches when required
• Obtain written consent for most Part 2 disclosures

PART 6: CHANGES TO THIS NOTICE

We may change this Notice at any time. Updated versions will be:

• Available upon request
• Posted at our facilities
• Posted on our website

PART 7: QUESTIONS OR COMPLAINTS

Contact our Privacy Officer listed above.

You may also file a complaint with:

U.S. Department of Health and Human Services – Office for Civil Rights

https://www.hhs.gov/hipaa/filing-a-complaint/index.html

We will not retaliate for filing a complaint.