Privacy Policy

NOVA ViA and NOVAViA.health

Effective Date: August 11, 2025
Last Updated: July 26, 2025

Introduction

NovaVia (“we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of your health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your protected health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA), 42 CFR Part 2 federal regulations for substance use disorder treatment records, and other applicable privacy laws.

As a healthcare provider specializing in outpatient addiction treatment, we understand the sensitive nature of the information you share with us and are committed to maintaining the highest standards of privacy protection.

Scope of This Policy

This Privacy Policy applies to:

All health information created, received, maintained, or transmitted by NovaVia
Information collected through our website (novavia.health)
Clinical services provided at our facilities
Telehealth services (if applicable)
Administrative and billing activities
All NovaVia workforce members, contractors, and business associates

Protected Health Information (PHI)

What is PHI?

Protected Health Information includes any information we collect that could identify you and relates to:

Your past, present, or future physical or mental health condition
Healthcare services provided to you
Payment for healthcare services
Demographics and contact information
Treatment plans and clinical notes
Billing and insurance information

Categories of PHI We Collect:

Demographic Information: Name, address, phone number, email, date of birth, Social Security number
Health Information: Medical history, current symptoms, treatment plans, progress notes, diagnostic information
Substance Use Information: Details related to alcohol or drug use, treatment history, assessment results
Insurance Information: Insurance provider details, policy numbers, billing information
Emergency Contacts: Information about individuals to contact in case of emergency
Legal Information: Court orders, legal documentation (when applicable)

Special Protections for Substance Use Disorder Records

42 CFR Part 2 Protections

Records related to substance use disorder diagnosis, treatment, or referral are protected by federal regulations (42 CFR Part 2) that provide stricter confidentiality protections than HIPAA. These protections apply to all our substance use disorder treatment records.

Key Protections Include:

Written Consent Required: We cannot disclose substance use disorder records without your written consent, except in very limited circumstances
Criminal Justice Restrictions: We cannot disclose information to law enforcement without a court order or your consent
No Acknowledgment: We cannot acknowledge your presence in our program without your consent
Limited Exceptions: Disclosures may be made without consent only for medical emergencies, child abuse reporting, or pursuant to valid court orders

Redisclosure Prohibition

Any person or organization that receives your substance use disorder records from us is prohibited from making further disclosure without your written consent, except as permitted by federal regulations.

How We Use and Disclose Your Health Information

Uses and Disclosures With Your Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes other than treatment, payment, or healthcare operations, including:

Marketing communications
Sale of PHI
Psychotherapy notes (separate authorization required)
Most uses and disclosures of substance use disorder records

Uses and Disclosures Without Your Authorization

Treatment

We may use and disclose your PHI to provide, coordinate, or manage your healthcare treatment, including:

Sharing information among your treatment team
Consulting with other healthcare providers
Coordinating care with family members or support persons (with your consent)
Providing referrals to other healthcare providers

Payment

We may use and disclose your PHI for payment activities, including:

Billing you or your insurance company
Determining eligibility for benefits
Processing claims and payments
Utilization review and pre-authorization

Healthcare Operations

We may use and disclose your PHI for healthcare operations, including:

Quality assessment and improvement activities
Clinical training and education
Accreditation and licensing activities
Business planning and administrative functions

Required by Law

We may disclose your PHI when required by federal, state, or local law, including:

Public Health Activities: Disease reporting, public health investigations
Health Oversight Activities: Audits, investigations, inspections by health agencies
Judicial and Administrative Proceedings: In response to court orders or administrative subpoenas
Law Enforcement: When required by law or court order (limited for substance use records)
Child Abuse Reporting: Suspected child abuse or neglect
Threats to Health or Safety: Serious threats to your health and safety or that of others

Emergencies

In medical emergencies, we may disclose PHI necessary to prevent serious harm to your health and safety.

Your Rights Regarding Your Health Information

Right to Request Restrictions

You have the right to request restrictions on how we use or disclose your PHI. While we will consider your request, we are not required to agree to restrictions except in certain circumstances involving payment to health plans.

Right to Access Your Records

You have the right to inspect and obtain copies of your PHI that we maintain, with some exceptions. We will respond to your request within 30 days and may charge reasonable fees for copying.

Right to Request Amendment

If you believe your PHI is incorrect or incomplete, you may request that we amend the information. We may deny your request if the information is accurate and complete.

Right to an Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by us in the six years prior to your request.

Right to Request Confidential Communications

You may request that we communicate with you about your PHI in a certain way or at a certain location to protect your privacy.

Right to File a Complaint

You have the right to file a complaint if you believe your privacy rights have been violated. You may file complaints with:

NovaVia Privacy Officer: [Contact information below]
U.S. Department of Health and Human Services: www.hhs.gov/hipaa/filing-a-complaint

We will not retaliate against you for filing a complaint.

Website and Digital Privacy

Website Information Collection

Our website may collect:

Voluntary Information: Information you provide through contact forms, appointment requests, or registration
Automatic Information: IP addresses, browser type, pages visited, time spent on site
Cookies: Small files stored on your device to improve website functionality

Online Communications

Email and online communications may not be secure
Please do not include sensitive health information in unsecured communications
We use secure patient portals for confidential health information exchange

Third-Party Services

We may use third-party services (analytics, chat features) that have their own privacy policies. We ensure these services meet our privacy and security standards.

Security Safeguards

We implement comprehensive security measures to protect your PHI:

Administrative Safeguards

Privacy and security training for all workforce members
Access controls and user authentication
Incident response procedures
Regular security risk assessments

Physical Safeguards

Secured facilities with controlled access
Workstation security controls
Secure storage of physical records
Proper disposal of PHI-containing materials

Technical Safeguards

Encryption of electronic PHI in transit and at rest
Access controls and user authentication systems
Audit logs and monitoring systems
Secure backup and recovery procedures

Business Associates

We may share your PHI with business associates who perform services on our behalf (billing companies, IT support, legal counsel). All business associates must sign agreements requiring them to protect your PHI according to HIPAA standards.

Telehealth Services

When we provide telehealth services:

We use HIPAA-compliant platforms with appropriate security features
You are responsible for ensuring privacy on your end during sessions
Sessions may be recorded only with your explicit consent
Technical issues may affect the quality or security of communications

Changes to This Policy

We reserve the right to change this Privacy Policy and make the new provisions effective for all PHI we maintain, including information created or received before the change. We will:

Post the updated policy on our website
Provide copies upon request
Notify you of material changes as required by law

Contact Information

Privacy Officer

Name: [Privacy Officer Name]
Title: Privacy Officer
Address: [Business Address]
Phone: [Phone Number]
Email: [Privacy Email Address]

General Contact

NovaVia
Address: [Business Address]
Phone: [Main Phone Number]
Website: novavia.health

Office Hours

[Insert office hours]

Emergency Contact

For mental health emergencies, please call 911 or go to your nearest emergency room.

Crisis Hotline: 988 (Suicide & Crisis Lifeline)
SAMHSA National Helpline: 1-800-662-4357

Additional Resources

HIPAA Information: www.hhs.gov/hipaa
Substance Abuse Privacy Rights: www.samhsa.gov/about-us/who-we-are/laws-regulations/confidentiality-regulations-faqs
Arizona Department of Health Services: www.azdhs.gov

Notice: This Privacy Policy complies with HIPAA Privacy Rule, 42 CFR Part 2, and applicable state laws. If you have questions about this policy or your privacy rights, please contact our Privacy Officer.

Document Version: 1.0

Book an Appointment