Privacy Policy

Effective Date: 6/9/2026

Crozier Recovery, LLC Privacy Policy

Crozier Recovery, LLC ("Crozier Recovery," "we," "our," or "us") is committed to protecting the privacy, confidentiality, and security of our patients' personal and health information. As an office-based opioid treatment (OBOT) provider serving patients in Tennessee, we comply with applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act ("HIPAA"), the HIPAA Privacy Rule and Security Rule, and the federal confidentiality regulations governing substance use disorder treatment records under 42 CFR Part 2.

This Privacy Policy explains how we collect, use, disclose, and safeguard information obtained through our healthcare services, patient portal, website, and related communications.

1. Information We Collect

Personal Information

We may collect personal information, including:

  • Name

  • Address

  • Telephone number

  • Email address

  • Date of birth

  • Emergency contact information

  • Insurance information

  • Government-issued identification information

  • Payment and billing information

  • Information submitted through contact or intake forms

  • Appointment and communication details

  • SMS consent preferences

  • Website usage data (IP address, browser type, pages visited)

Health Information

As part of providing medical care and opioid use disorder treatment services, we may collect:

  • Medical history

  • Substance use disorder treatment information

  • Medication-assisted treatment (MAT) records

  • Prescription information

  • Laboratory and toxicology testing results

  • Mental health information as permitted by law

  • Treatment plans and progress notes

  • Insurance and billing records

  • Other information necessary to provide healthcare services

Website and Portal Information

When you visit our website or access our patient portal, we may collect:

  • IP address

  • Browser type and version

  • Device information

  • Operating system

  • Access dates and times

  • Usage and navigation information

  • Cookies and similar technologies

2. How We Use Information

We use information for purposes including:

Treatment

  • Providing healthcare services

  • Evaluating and managing opioid use disorder treatment

  • Coordinating care among authorized healthcare providers

  • Managing prescriptions and medication-assisted treatment

  • Communicating with patients regarding care

Payment

  • Billing patients and insurance providers

  • Verifying insurance eligibility

  • Processing payments

  • Conducting collections activities as permitted by law

Healthcare Operations

  • Quality improvement and patient safety activities

  • Staff training and credentialing

  • Compliance and auditing activities

  • Practice administration and management

  • Security and fraud prevention

Communications

We may contact patients regarding:

  • Appointment reminders

  • Treatment-related communications

  • Prescription information

  • Patient portal notifications

  • Billing matters

  • Administrative updates

  • Respond to inquiries and provide services

  • Schedule and manage appointments

  • Send SMS messages, including appointment reminders, treatment updates, and administrative notifications

  • Communicate important service-related information

  • Improve our website and services

  • Comply with legal and regulatory requirements

SMS Consent,  and phone numbers collected for SMS communication purposes will not be shared with any third party or affiliates for marketing purposes.

SMS Communications

If you opt in to receive SMS messages, we may send you informational or transactional messages related to our services.
Message frequency may vary. Message and data rates may apply.

You may opt out at any time by replying STOP.
For assistance, reply HELP or visit www.crozierrecovery.com

3. HIPAA and 42 CFR Part 2 Protections

Crozier Recovery maintains protected health information ("PHI") in accordance with HIPAA and applicable Tennessee law.

Because we provide treatment for substance use disorders, certain patient records may also be protected by 42 CFR Part 2. These federal regulations provide additional confidentiality protections for substance use disorder treatment records.

In many situations, substance use disorder treatment information cannot be disclosed without a patient's written consent unless disclosure is specifically authorized or required by law. We maintain policies and procedures designed to ensure compliance with these enhanced confidentiality requirements.

4. When We May Share Information

We do not sell patient information or personal information.

We may disclose information as permitted or required by law, including:

  • To healthcare providers involved in your treatment

  • To health plans and insurance carriers for payment purposes

  • To business associates who perform services on our behalf

  • To public health authorities when required by law

  • To government agencies conducting authorized oversight activities

  • In response to valid court orders or legal requirements

  • To prevent a serious threat to health or safety when authorized by law

Any disclosure of substance use disorder treatment information is subject to HIPAA, 42 CFR Part 2, and other applicable legal requirements.

5. Patient Portal

Crozier Recovery provides a secure patient portal to facilitate communication and access to health information.

Through the portal, patients may be able to:

  • View portions of their medical record

  • Receive secure messages

  • Access appointment information

  • Complete forms

  • Review laboratory results when available

Patients are responsible for maintaining the confidentiality of their portal credentials and should notify us immediately of any suspected unauthorized access.

6. Website Cookies and Analytics

Our website may use cookies and similar technologies to:

  • Improve website functionality

  • Analyze website performance and usage

  • Maintain security

  • Enhance user experience

Users may adjust browser settings to manage cookies. Disabling cookies may affect website functionality.

7. Security Measures

We maintain administrative, physical, and technical safeguards designed to protect patient information from unauthorized access, use, disclosure, alteration, or destruction.

These safeguards include:

  • Secure electronic medical record systems

  • Access controls and authentication measures

  • Encryption where appropriate

  • Workforce training on privacy and security requirements

  • Ongoing monitoring and risk management procedures

While we take reasonable measures to protect information, no method of electronic transmission or storage can be guaranteed to be completely secure.

8. Patient Rights

Patients may have rights under HIPAA and applicable law, including the right to:

  • Access their health information

  • Request amendments to records

  • Request restrictions on certain uses or disclosures

  • Request confidential communications

  • Obtain an accounting of certain disclosures

  • Receive a copy of our Notice of Privacy Practices

  • File a complaint regarding privacy concerns

CLIENT RIGHTS Section 0940-05-06-.06

(1) The following rights shall be afforded to all clients:

(a) Clients have the right to be fully informed before or upon admission about their rights and responsibilities and about any limitation on these rights imposed by rules of the facility. The facility will ensure that the client is given information about his or her rights that shall include at least the following:

  1.  A statement of the specific rights guaranteed the client by these rules and applicable state and federal laws;

  2.  A description of the facility’s complaint and grievance procedures;

  3.  A listing of all available advocacy services;

  4.  A copy of all general facility rules and regulations for clients; and,

  5.  The information will be presented in a manner or format that promotes understanding by clients of their rights and an opportunity will be given to clients to ask questions about the information. If a client who is unable to understand this information at the time of admission later becomes able to do so, the information will be presented to the client at that time. If a client is likely to continue indefinitely to be unable to understand this information, the facility will promptly attempt to provide the required information to a parent, guardian, or other appropriate person or agency responsible for protecting the rights of the client;

(b) Clients have the right to voice grievances to staff of the facility, to the licensee, and to outside representatives of their choice with freedom from restraint, interference, coercion, discrimination or reprisal;

(c) Clients have the right to be treated with consideration, respect and full recognition of their dignity and individuality;

(d) Clients have the right to be protected by the licensee from neglect; from physical, verbal and emotional abuse (including corporal punishment); and from all forms of misappropriation and/or exploitation;

(e) Clients have the right to be assisted by the facility in the exercise of their civil rights;

(f) Clients have the right to be free of any requirement by the facility that they perform services which are ordinarily performed by facility staff;

(g) Clients have the right to privacy while receiving services;

(h) Clients have the right to have their personal information kept confidential in accordance with state and federal confidentiality laws;

(i) Clients have the right to ask the facility to correct information in their records. If the facility refuses, the client may include a written statement in the records of the reasons they disagree;

(j) Clients have the right to be informed about their care in a language they understand; and,

(k) Clients have the right to vote, make contracts, buy or sell real estate or personal property, or sign documents, unless the law or a court removes these rights.

(2) The following rights will be afforded to all clients in accordance with rules 0940-05-06-.07 or 0940-05-06-.08:

(a) Clients have the right to participate in the development of the client’s individual program or treatment plans and to receive sufficient information about proposed and alternative interventions and program goals to enable them to participate effectively;

(b) Clients have the right to participate fully, or to refuse to participate, in community activities including cultural, educational, religious, community services, vocational and recreational activities;

(c) Clients have the right to be accorded privacy and freedom for the use of bathrooms when needed;

Tenn. Comp. R. & Regs. 0940-05-06-.06

PATIENT RIGHTS Section 0940-05-35-.18 

(1) Patients shall have a right to present complaints, either orally or in writing, and to have their complaints addressed and resolved as appropriate in a timely manner.

(2) All applications, certificates, records, reports, and all legal documents, petitions and records made or information received pursuant to treatment directly or indirectly identifying a patient shall be kept confidential in accordance with T.C.A. § 33-3-103; Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations at 45 Code of Regulations (CFR) Parts 160 and 164, Subparts A and E; and Confidentiality of Alcohol and Drug Abuse Patient Records regulations at 42 CFR Part 2.

(3) Patients have the right to a humane treatment environment that affords reasonable protection from harm, exploitation, and coercion.

Tenn. Comp. R. & Regs. 0940-05-35-.18

Disclosure for Relatives, Close Friends, and Other Caregivers:We may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if we (1) obtain your agreement (2) provide you with the opportunity to object to the disclosure and you do not object; and (3) reasonably infer that you do not object to the disclosure.

We may exercise our professional judgment to determine whether a disclosure is in your best interest if you’re not present, or if you do not have the opportunity to agree or to object to a use or disclosure of your information. If we disclose information to a family member, other relative or a close personal friend, we would disclose only information that we believe is directly relevant to the person’s involvement in your health care or payment related to your health care. We may also disclose your PHI in order to notify (or assist in notifying) such persons of your location or general condition.

9. Retention of Records

Crozier Recovery retains records in accordance with federal law, Tennessee law, professional standards, and applicable regulatory requirements.

10. Third-Party Services and Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of external websites. Users should review the privacy policies of any third-party services they access.

11. Changes to This Privacy Policy

We may revise this Privacy Policy periodically. Updated versions will be posted on our website with a revised effective date.

12. Contact Information

If you have questions regarding this Privacy Policy or our privacy practices, please contact:

Crozier Recovery, LLC
205 Powell Place, Suite 233
Brentwood, TN 37027
Phone: 615-814-4797
Email: info@crozierrecovery.com

13. Complaints

If you believe your privacy rights have been violated, you may contact Crozier Recovery directly. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against any individual for filing a complaint regarding privacy practices.