Get Help: (319) 390-4611
Donate

Privacy Policy

Notice of Privacy Practices

EFFECTIVE DATES: 03/01/2025

THIS NOTICE DESCRIBES HOW MEDICAL AND DRUG AND ALCOHOL RELATED INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

We are required by federal and state law to maintain the privacy of your medical information and to give you our Notice of Privacy Practices (this “Notice”) that describes our privacy practices, our legal duties and your rights concerning your medical information. Specifically, ASAC is required to follow the federal HIPAA Privacy and Security rules (which are collectively sometimes referred to as the HIPAA Final Omnibus Rule.) As a federally funded substance abuse treatment program, ASAC is also required to follow the federal Substance Abuse Privacy Regulations, 42 CFR Part 2. In addition, ASAC follows Iowa law concerning mental health treatment and AIDS/HIV treatment information.

We are committed to protecting medical information about you. We need your medical information to provide you with quality care and services in addition to complying with the applicable legal requirements.

This notice applies to and will be followed by all counseling staff, employees and other personnel of the Area Substance Abuse Council.

We reserve the right to revise or amend our Notice of Privacy Practices without additional notice to you. Any revision or amendment to this Notice will be effective for all your records we have created or maintained in the past, and for any of your records we may create or maintain in the future. We will post a copy of our current Notice and any amended Notice at all our locations and on our website.

Our Obligations to You

We are required by law to:

  • Make sure that medical information that identifies you is kept private except as otherwise provided by federal or state law.
  • Give you this notice of our legal duties and privacy practices with respect to medical information about you;
  • Follow the terms of the notice that is currently in effect.
  • Inform you of any unauthorized access, use or disclosure of your unencrypted confidential medical information in the event its privacy or security is compromised (i.e. if a reportable breach occurs as provided by the HIPAA Final Omnibus Rule.) We will provide such notice to you without unreasonable delay but in no case later than sixty days after we discover the breach.

How We May Use and Disclose Your Medical Information

Uses and Disclosures Without Your Written Consent or Authorization:

  • Generally, ASAC may not disclose to persons outside our facilities that a patient is being or has been treated at our facilities, or disclose any medical information about a patient unless:
    1. The patient consents in writing.
    2. The disclosure is required by court order.
    3. The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
    4. The disclosure is made to the Secretary of the Department of Health and Human Services to investigate our compliance with HIPAA.
  • We may use your medical information with a single written consent or authorization for all future uses as follows:
    1. For Treatment: We may use medical information about you to provide you with medical treatment. We may share your medical information with
      doctors, therapists, or other ASAC staff who are involved in taking care of you or providing services to you.
    2. For Payment: We may use medical information about you so that treatment and services you receive at ASAC may be billed to you, an insurance company or a third party. For example, our billing department will use your medical information to prepare claims.
    3. For “Health Care Operations”: We may use your medical information for our “health care operations,” which include internal administration and
      planning and quality improvement and to evaluate the quality and competence of our clinical staff. We will limit our use of your medical information to the minimum amount necessary to achieve a permissible purpose.
  • We may use your medical information for the following external uses or disclosures without your consent:
    1. To tell you about treatment alternatives if we do not receive monetary compensation from a third party in doing so.
    2. To contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you if we do not receive monetary compensation from a third party in doing so.
    3. To provide information about you as required by federal or state law, or for public health purposes.
    4. To certain entities or individuals, called business associates, who perform services to ASAC using your medical information. These entities are bound by the confidentiality requirements of the HIPAA Privacy and Security Rules and 45 CFR Part 2.
    5. To law enforcement, if you commit a crime at ASAC or against any person who works at ASAC or if you threaten to commit such a crime.
    6. To the Iowa Department of Human Services, if you are suspected of child abuse or neglect.
  • Uses and Disclosures With Your Written Consent or Authorization:
    • You may provide a single consent for all future uses or disclosures for treatment, payment, and health care operations purposes.
    • For any purpose other than the ones described above, ASAC may only use or disclose your medical information when you grant us your written consent or authorization on a form provided by ASAC for that purpose.

Your Rights

All requests to exercise the following rights must be in writing. We will follow written policies to handle requests, and we will notify you of our decision or actions and your rights. Contact the ASAC Privacy Officer using the contact information at the end of this Notice for more information or to obtain request forms.

  • Access to Medical Information: You may request to inspect and copy much of the medical information we maintain about you, with some exceptions. This includes most medical and billing records but does not include psychotherapy notes. For any medical information maintained by us in electronic form, your written request may include a request to provide a copy in electronic form. In addition, we will transmit information from your electronic medical record directly to a person or entity of your choosing, if the request is made in writing and you sign an authorization. We will usually respond within 30 days of your request.
  • Fees: We may charge a fee for the costs of copying, mailing, and other supplies associated with your request.
  • Request for Restrictions: You have the right to request a restriction on how we use or disclose your medical information, including to someone who is involved in your care. We are not required to grant the request unless the disclosure is to a health plan or other payer for purposes of carrying out payment and you have paid for the services yourself in their entirety at the time the services are rendered.
  • Amendment: You may request that we amend certain portions of your medical information if you believe that it is incorrect or incomplete, including medical and billing records, but not psychotherapy notes. We may require you to give a reason to support your request. We are not required to make all requested amendments, but we will give each request careful consideration and will respond within 60 days of the request. We will deny a request for amendment if the information:
    • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
    • Is not part of the medical information kept by ASAC.
    • Is not part of the information which you would be permitted to inspect or copy; or
    • Is accurate and complete.
    • If we deny your request, we will provide you with a written explanation of the reason(s) and your rights.
  • Accounting: You have the right to receive a list of certain disclosures of your medical information made by us or our business associates for a period not to exceed six years. An accounting will not include disclosures for treatment, payment or health care operations. The first accounting in any 12-month period will be provided to you for free; you may be charged a fee for each subsequent list you request within the same 12-month period.
  • Confidential Communications: You have the right to request that we communicate with you about medical matters in a different manner or at a different place. We will agree to your request if it is reasonable, and you specify an alternative means or location to contact you.
  • Paper Notice: You are entitled to receive a written copy of this Notice at any time.

How to Exercise These Rights

  • Complaints: If you believe your privacy rights have been violated, you may file a complaint with ASAC using the contact information at the end of this Notice. You may also submit a complaint to the Secretary of the Department of Health and Human Services. All complaints must be submitted in writing. You will not be penalized or retaliated against for filing a complaint.
  • Questions: If you have questions about this Notice, please contact your counselor or the Privacy Officer at the telephone number listed below.

AREA SUBSTANCE ABUSE COUNCIL (ASAC)
3601 16th Avenue SW
Cedar Rapids, IA 52404
Phone: (319) 390-4611 | Fax: (319) 390-4381

Our Web Policies

INTRODUCTION

Area Substance Abuse Council is committed to protecting the privacy of our customers and visitors. This statement details the steps we take to protect personal information provided on our websites. It describes the types of personal information that we collect, the purposes for which we use such information, and the choices our users have regarding our use of it. The steps we take to protect personal information and how it can be reviewed and corrected are also covered here. By accessing our websites, users are consenting to the information collection and use practices described in this privacy statement.

OUR COLLECTION OF INFORMATION

In the course of a visit to asac.us and any of our sub-domains, we collect a variety of information directly from visitors and customers. Anyone can visit our site without entering any personal information. On certain pages, users may be asked for personal information to provide a service or carry out a transaction that they have requested. The personal information we collect from a user in any of these circumstances may include:

  • contact details, such as a user’s name, company/organization name, e-mail address, telephone and fax numbers, and physical address;
  • information about the user’s company/organization and role;
  • country of residence;
  • email marketing preferences;
  • information used to customize and facilitate the use of our websites;
  • inquiries about and for our services;
  • information that assists us in identifying the services that best meet visitors’ needs;
  • event and service registration information;
  • feedback from users about our websites and about our products and services in general;
  • the content of a testimonial, rating, review or comment, or other user-generated content that may be posted publicly on our sites. We also collect and securely store information about our customers from sources other than our websites.

INFORMATION WE COLLECT FROM VISITORS TO OUR WEBSITE

WEB SERVER LOGS

As is common with websites, a record of all visits to Area Substance Abuse Council’s site is stored on our web servers. These log files include data that is not associated with any visitor’s identity that is not used to associate with personally identifiable information provided by any visitors to our sites. Information collected in these logs includes details such as a visitor’s IP address, browser type, referring page and time of visit. We also collect information about visits to our sites, including what pages are viewed, the number of bytes transferred, the links clicked, the materials accessed, and other actions taken within Area Substance Abuse Council sites/subdomains.

COOKIES

Many of the advanced functions available to users of our sites require the use of files called cookies, which store a small digital record of user preferences and recent activity on our visitor’s computers. While cookies are not required in order to browse our site, they are an integral part of the browsing.

EMAIL ADDRESSES

When customers register an account with a Area Substance Abuse Council site, we gather the email address and password provided. Passwords are stored in an encrypted format for the protection of our customers. Email addresses provided to us for the purposes of creating an account or subscribing to a newsletter are stored securely on our servers. With our customers’ permission, we may use their personal information gathered via our website to inform them of products or services available from Area Substance Abuse Council. When collecting information that might be used to contact subscribers about our products and services, we will always provide the opportunity to opt-out of receiving such communications. Moreover, each e-mail communication we send includes an unsubscribe link allowing customers to stop delivery of that type of communication. If they elect to unsubscribe, we will remove them from the relevant list immediately.

COMMENTS

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

MEDIA

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

HOW WE USE THE COLLECTED DATA

We use our subscriber’s personal information to deliver information and communicate in a permission-based manner, facilitating the use of our websites, and so forth. In order to offer a more consistent experience in interactions with Area Substance Abuse Council, information collected by our websites may be combined with information we collect by other means.

 

COOKIES AND TRACKING PIXELS

We may use session cookies to store elements of user profiles, to facilitate movement around our site and other information useful in administering the session. We may also use this information to make our websites easier to use by eliminating the need for customers to repeatedly enter the same information or by customizing our site to their particular preference or interests. Our sites also may contain electronic images known as tracking pixels that allow us to count the number of users who have visited those pages. We may include tracking pixels in promotional e-mail messages or newsletters in order to determine whether messages have been opened and acted upon.

We use Google Analytics, Google AdWords Conversion tracker, and other Google services that place cookies on browsers visiting our websites. These cookies are set and read by Google, and they are used to increase the effectiveness of our websites for our visitors. To opt out of Google tracking, please visit this page.

We may use Google AdWords remarketing to market our sites across the web, which places a cookie on browsers visiting our sites. Google reads these cookies and may serve ads on other sites based on pages and products viewed on our sites. You may opt out of this advertising program by visiting Google’s opt out page. If you are concerned about 3rd party cookies served by other networks, you should also visit the Network Advertising Initiative opt-out page.

We may use a CRM to collect insights on user behavior and manage our content marketing to subscribers and contacts who provide us with their contact information for the purpose of communications.

DATA STORAGE/DATA RETENTION POLICY

Records of online customer communications are stored securely on our servers and platform, and accessible to members of Area Substance Abuse Council’s employees. We will retain records of those communications unless requested otherwise by the contact. We consider our contacts, whether they are active clients or not, an active contact in the course of doing business, unless otherwise requested.

CREDIT CARD INFORMATION

Credit card information collected from customers is used to process payment for invoices and will not be stored by Area Substance Abuse Council. 

OUR USE OF WEB ANALYTICS

Area Substance Abuse Council uses industry standard web analytics to track web visits. Users may opt out of web analytics by installing the following tools on their computer. Please visit https://tools.google.com/dlpage/gaoptout for more information.

DISCLOSURE OF PERSONAL INFORMATION

Except as described below, personal information provided to Area Substance Abuse Council through our website will not be shared outside of Area Substance Abuse Council without permission. Area Substance Abuse Council contracts with other companies to provide services on our behalf, such as hosting websites, sending out information, processing transactions, and analyzing our websites. We provide these companies with only those elements of our customers’ personal information they need to deliver those services. These companies and their employees are prohibited from using that personal information for any other purpose.

We may disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal requirements or with legal process served on us, to protect and defend our rights or property, or in urgent circumstances to protect the personal safety of any individual.

SECURITY

Area Substance Abuse Council is committed to protecting the security of the non-public personal information shared with us by our contacts. We maintain physical, electronic and procedural safeguards to help protect that non-public personal information from unauthorized access, use, or disclosure. Our payment processing systems, as well as those of our partners in payment processing, are PCI compliant, using industry-standard Secure Socket Layer (SSL) technology to encrypt sensitive customer data both in transit and in storage. This technology is designed to prevent unauthorized persons from accessing your personal information in the course of a transaction.

REVIEWING PERSONAL INFORMATION

Contacts may request to review and correct any personal information collected via our websites, or request to stop using it by emailing us through our Contact Form. We may take steps to verify the identity of the person making the request before providing any access to personal information. Contacts can help us to maintain the accuracy of their information by notifying us of any change to their mailing address, phone number, or e-mail address.

 LINKS TO OTHER SITES

Our websites may contain links to other sites and content such as social media, video archives, professional, non-profit and government organizations, and publications. We also link to third-party providers that host, maintain and operate a variety of web-based services. While we try to link only to sites and services that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other companies and their sites.

COMPLIANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDPR)

Area Substance Abuse Council procedures and policies meet the general spirit of GDPR. In the event of a security breach of our contact’s private data, all reporting protocols will be met. Data collection will be considered valid until a contact requests to be removed from communications, have their data deleted or otherwise requests clarification on data use.

Should a contact residing in the EU at the time submit their information, Area Substance Abuse Council will follow GDPR requirements as they pertain to all policies stated within this statement.

ENFORCEMENT OF THIS PRIVACY STATEMENT

Questions regarding this statement or our handling of personal information should be addressed through our Contact Form. We will promptly address any concerns and strive to reach a satisfactory resolution.

CHANGES TO THIS PRIVACY STATEMENT

Area Substance Abuse Council may occasionally update this privacy statement. When we do, we will revise the “last updated” date at the top of the privacy statement.