Privacy Policy

Privacy Policy

Effective Date: February 13, 2026

HHAT Clinic - Mental Health Service ("HHAT Clinic," "we," "our," or "us") is committed to protecting the privacy and confidentiality of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at hhatclinic.website, contact us by phone, email, or in person, or receive treatment at our facility located at 3403 W 7th Ave, Eugene, OR 97402.

By using our website or services, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our services.

Information We Collect

We may collect the following types of information when you interact with our facility, website, or staff:

Personal Identification Information

• Full name, phone number, email address, and mailing address
• Date of birth, gender, and emergency contact information
• Information provided when you complete an inquiry form, request a callback, or contact our admissions team

Protected Health Information (PHI)

• Medical history, substance use history, and mental health records
• Treatment records, clinical assessments, and discharge summaries
• Insurance information, billing records, and payment details
• Prescription and medication-assisted treatment records
• Lab results and diagnostic evaluations

Website Usage Data

• IP address, browser type, operating system, and device information
• Referring URLs, pages visited, time spent on pages, and click patterns
• Other analytical data collected automatically through cookies and similar technologies

Communication Records

• Records of phone calls, emails, live chat transcripts, and other correspondence with our staff
• Voicemails, text messages, and callback request submissions

How We Use Your Information

We use the information we collect for the following purposes:

• To provide mental health treatment, behavioral health services, addiction treatment, and clinical care at our Eugene facility
• To process admissions, verify insurance benefits, and coordinate care with referring providers
• To respond to your inquiries, schedule appointments, and provide information about our treatment programs
• To develop and manage individualized treatment plans
• To improve our website functionality, patient experience, and quality of care
• To comply with federal, state, and local legal and regulatory obligations, including HIPAA requirements
• To protect the safety and security of our patients, staff, and visitors
• To send treatment-related communications, aftercare planning materials, and alumni program information
• To conduct internal quality assurance, outcome tracking, and program evaluation

HIPAA Compliance & Protected Health Information

As a healthcare provider offering mental health treatment and behavioral health services, HHAT Clinic - Mental Health Service is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We maintain administrative, technical, and physical safeguards to protect the privacy and security of your protected health information (PHI) in accordance with the HIPAA Privacy Rule (45 CFR Parts 160 and 164) and the HIPAA Security Rule.

Our staff receives regular training on HIPAA compliance, and we conduct periodic risk assessments to identify and address potential vulnerabilities in our information handling practices. All employees, contractors, and business associates who may access PHI are bound by confidentiality agreements and our internal privacy policies.

Information Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• Treatment Coordination: With healthcare providers, specialists, and insurance companies involved in your care, as permitted by law and with appropriate written authorization.
• Payment Processing: With insurance companies and third-party billing services to process claims and verify coverage for treatment services.
• Legal Requirements: When required by federal, state, or local law, including court orders, subpoenas, or mandatory reporting obligations (e.g., suspected child abuse or neglect).
• Service Providers: With trusted third-party vendors who assist in operating our website and business operations, provided they agree to maintain confidentiality and are bound by appropriate data protection agreements.
• Emergency Situations: When necessary to prevent or address a serious and imminent threat to the health or safety of a person or the public.
• Public Health Activities: For public health purposes as required or permitted by law, such as disease prevention, reporting adverse events, or workplace safety.
• With Your Consent: When you provide written authorization for the disclosure of your information.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect analytical data. Cookies are small text files stored on your device when you visit our site.

• Essential Cookies: Required for basic website functionality, including page navigation, form submissions, and security features. These cookies cannot be disabled.
• Analytics Cookies: Help us understand how visitors use our website by collecting anonymous usage data such as page views, session duration, and traffic sources. We may use Google Analytics or similar services for this purpose.
• Performance Cookies: Help us monitor website performance, identify technical issues, and optimize page load times.

You can manage cookie preferences through your web browser settings. Most browsers allow you to block or delete cookies, though disabling certain cookies may affect the functionality of our website. We do not use cookies to collect protected health information or substance use disorder treatment records.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you, including your medical and treatment records.
• Right to Correction: You may request that we correct inaccurate or incomplete personal information.
• Right to Deletion: You may request that we delete your personal information, subject to certain legal exceptions and regulatory retention requirements.
• Right to Restrict Processing: You may request that we limit how your information is used in certain circumstances.
• Right to Opt Out: You may opt out of receiving marketing communications at any time by contacting us directly.
• Right to Data Portability: Where technically feasible, you may request that your personal information be transferred to another provider.

To exercise any of these rights, please contact our Privacy Officer using the contact information provided at the bottom of this page. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

HIPAA Notice — Protected Health Information

As a patient of HHAT Clinic - Mental Health Service, you have specific rights under HIPAA regarding your protected health information. This section serves as a summary of those rights and our obligations.

Your Rights Under HIPAA

• Right to Access: You have the right to inspect and obtain a copy of your medical and treatment records maintained by our facility.
• Right to Amend: You may request amendments to your health information if you believe it is inaccurate or incomplete.
• Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI that we have made to third parties.
• Right to Request Restrictions: You may request restrictions on certain uses and disclosures of your PHI, although we are not required to agree to all requests.
• Right to Confidential Communications: You may request that we communicate with you about health matters through specific means or to specific addresses.
• Right to a Paper Copy: You have the right to receive a paper copy of our Notice of Privacy Practices upon request at any time.
• Right to Be Notified of a Breach: You have the right to be notified in the event of a breach of your unsecured PHI.

42 CFR Part 2 — Substance Use Disorder Records

Records relating to substance use disorder (SUD) treatment at HHAT Clinic - Mental Health Service are additionally protected by the federal confidentiality regulations under 42 CFR Part 2. These regulations impose stricter privacy protections on SUD treatment records than HIPAA alone.

Under 42 CFR Part 2:

• Your substance use disorder treatment records cannot be disclosed without your prior written consent, except in limited circumstances explicitly permitted by federal regulation.
• Permitted exceptions include genuine medical emergencies, qualified personnel conducting audits or evaluations, communications within our treatment program, and court orders that meet specific regulatory criteria.
• Information disclosed with your consent is accompanied by a written notice prohibiting the recipient from further re-disclosure unless permitted by 42 CFR Part 2.
• Violations of 42 CFR Part 2 are subject to criminal penalties under federal law.

Breach Notification

In the event of a breach of unsecured protected health information, HHAT Clinic - Mental Health Service will notify affected individuals, the U.S. Department of Health and Human Services, and, where required, the media, in accordance with HIPAA breach notification requirements (45 CFR Parts 164.400–414). Notifications will be provided without unreasonable delay and in no case later than 60 days following the discovery of the breach.

Data Security

HHAT Clinic - Mental Health Service implements comprehensive administrative, technical, and physical safeguards designed to protect your personal and health information from unauthorized access, disclosure, alteration, and destruction. Our security measures include:

• Encrypted data transmission using SSL/TLS protocols for all website communications
• Secure server environments with restricted access controls
• Role-based access to electronic health records, limiting information access to authorized personnel only
• Regular security risk assessments and vulnerability testing
• Employee training on HIPAA privacy and security requirements
• Physical safeguards including locked file storage, secure workstations, and controlled facility access
• Business associate agreements with all third-party service providers who handle PHI

While we strive to protect your personal information, no method of electronic transmission or data storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our safeguards in accordance with industry best practices and regulatory requirements.

Children's Privacy

Our website is not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected information from a child under 13 without verifiable parental consent, we will take immediate steps to delete that information from our systems. If you believe a child under 13 has provided us with personal information, please contact us using the information below so we can take appropriate action.

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will post the revised policy on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after changes are posted constitutes your acceptance of the updated Privacy Policy.

Contact for Privacy Concerns

If you have questions about this Privacy Policy, wish to exercise your privacy rights, need to request access to or amendment of your health records, or wish to file a complaint regarding the handling of your personal or health information, please contact our Privacy Officer:

• Privacy Officer: HHAT Clinic - Mental Health Service
• Phone: (971) 509-8585
• Email: [email protected]
• Address: 3403 W 7th Ave, Eugene, OR 97402

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your HIPAA privacy rights have been violated. You can file a complaint online at hhs.gov/ocr/complaints or by calling 1-800-368-1019. Filing a complaint will not affect the quality of care you receive at our facility.