Effective Date: January 1, 2026 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. I. Our Legal Duty We are required by law to maintain the privacy of your protected health information (PHI) and to provide you with this notice of our legal duties and privacy practices. We must follow the terms of the notice currently in effect and notify you following a breach of unsecured PHI. II. How We May Use and Disclose Your Health Information Treatment: To provide, coordinate, or manage your healthcare. Payment:  We may use and disclose your PHI to obtain payment for the healthcare services we provide. This includes activities such as billing directly, or if applicable submitting claims to your health insurance company or other third-party payers to receive reimbursement for your care. We never market or sell protected health information. Healthcare Operations: To run our practice and ensure quality care. As Required by Law: We will disclose PHI when required by federal, state, or local law. Mandatory Redisclosure Warning: Information disclosed pursuant to this notice may be subject to redisclosure by the recipient and may no longer be protected by federal privacy laws.

III. 42 CFR Part 2 If we maintain records protected under 42 CFR Part 2, the following heightened protections apply: Consent for TPO: Use or disclosure of SUD records for Treatment, Payment, or Healthcare Operations (TPO) generally requires your written consent. Prohibition on Use in Legal Proceedings: We will not use or disclose SUD records, or testimony describing them, in any civil, criminal, administrative, or legislative proceedings against you without your specific written consent or a court order. Fundraising Opt-Out: If we intend to use or disclose SUD records for fundraising, you will be provided a clear and conspicuous opportunity to opt out of such communications. IV. Your Rights Access and Amendment: You have the right to inspect, copy, and request corrections to your medical and billing records. Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI. Restriction Requests: You have the right to request restrictions on how we use or share your information. If you pay for a service out-of-pocket in full, you may request that we not share information about that service with your health plan. Complaints: You may file a complaint with us if you believe your privacy rights have been violated.

V. Massachusetts State Law Protections Massachusetts law provides additional safeguards that take precedence over HIPAA when they are more stringent: Sensitive Data: We strictly prohibit the sale of sensitive healthcare information, including genetic or biometric data. Mental Health Records: Written consent is required for most disclosures of mental health information, even between providers. Minors: We maintain heightened data protections for the personal information of minors. Breach Notification: In the event of a breach involving personal information (e.g., Social Security numbers), Massachusetts law requires expedited notification to you and the state Attorney General.

VI. Enforcement Clauses Third-Party Liability & Association Termination: We maintain strict standards for data privacy. Any unauthorized access, misuse, or release of Protected Health Information (PHI) of our clients by a third party or Business Associate constitutes a material breach of trust. We reserve the absolute right to immediately terminate any and all association with any entity or person who causes, allows, or fails to prevent such unauthorized access. Right to Prosecute: In the event of an intentional or criminally negligent acquisition and release of our patient data by any third party, we reserve the right to pursue all available legal remedies, including civil litigation and referral for criminal prosecution under federal and state privacy laws. Strict Access Control: Patient data is not accessible by any third party unless such access is strictly required and only under a legally binding contract that mandates equivalent security standards. Any representation or 'illusion' of broader open access is false, with reckless disregard, and may be subject to legal action.

IMPORTANT PRIVACY NOTICE: To ensure your data remains secure and protected under federal privacy laws, do not message or transmit any sensitive Protected Health Information (PHI) via consumer platforms, including but not limited to Apple (iMessage/iCloud), Google (personal Gmail/Chat), or Meta (Facebook, Instagram, WhatsApp). 

Last updated on: 1/10/2026 17 U.S.C. § 106 - U.S. Code - Unannotated Title 17. Copyrights § 106. Copyright © 2026 - All Rights Reserved.

 U.S. Department of Health and Human Services Office for Civil Rights: * Mail: 200 Independence Avenue, S.W., Washington, D.C. 20201 * Phone: 1-877-696-6775 * Online: HHS OCR Complaint Portal