Privacy Policy

Effective Date: January 1, 2026

MSH Mental Support – Helpline & Addiction Treatment Specialists (“MSH Treatment,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mshtreatment.com, contact our facility, or receive treatment services at our center located at 18118 Parthenia St, Northridge, CA 91325, USA.

By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our website or services.

1. Information We Collect

Personal Information You Provide

We may collect personal information that you voluntarily provide to us, including but not limited to:

• Contact Information: Name, email address, phone number, and mailing address
• Inquiry Details: Information you provide when you submit a contact form, request a callback, or inquire about our treatment programs
• Admissions Information: Insurance details, medical history, and other information relevant to the admissions process
• Payment Information: Billing address, insurance policy numbers, and other financial information necessary for processing payments
• Emergency Contacts: Names and phone numbers of individuals you designate as emergency contacts

Protected Health Information (PHI)

As a licensed addiction treatment center, we collect and maintain Protected Health Information as defined under the Health Insurance Portability and Accountability Act (HIPAA). This includes medical records, treatment plans, diagnostic information, and substance use history. The handling of PHI is governed by our HIPAA Notice of Privacy Practices described in Section 7 below.

Information Collected Automatically

When you visit our website, we may automatically collect certain information, including:

• Device Information: Browser type, operating system, device type, and screen resolution
• Usage Data: Pages visited, time spent on pages, click patterns, and referring URLs
• Network Information: IP address, internet service provider, and approximate geographic location
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and pixel tags (see Section 5)

2. How We Use Your Information

We use the information we collect for the following purposes:

• Treatment Services: To provide, coordinate, and manage your addiction treatment and recovery services
• Communication: To respond to your inquiries, send appointment reminders, and provide information about our programs and services
• Admissions Processing: To evaluate eligibility, verify insurance coverage, and facilitate the admissions process
• Payment and Billing: To process payments, submit insurance claims, and manage billing activities
• Legal Compliance: To comply with applicable federal and state laws, including HIPAA, 42 CFR Part 2 (Confidentiality of Substance Use Disorder Patient Records), and California privacy laws
• Quality Improvement: To improve our treatment programs, website functionality, and overall patient experience
• Safety and Security: To protect the health and safety of our patients, staff, and visitors, and to detect and prevent fraud or unauthorized access
• Website Analytics: To analyze website traffic patterns, measure the effectiveness of our content, and optimize user experience

We process your information in compliance with HIPAA, 42 CFR Part 2, the California Consumer Privacy Act (CCPA), and other applicable privacy regulations. We will never sell your personal or health information to third parties.

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

With Your Consent

We may share your information when you provide explicit, written authorization. For substance use disorder treatment records protected under 42 CFR Part 2, a specific written consent form is required before any disclosure.

Treatment, Payment, and Healthcare Operations

As permitted by HIPAA, we may share your Protected Health Information with other healthcare providers involved in your treatment, with insurance companies for payment purposes, and for internal healthcare operations such as quality assurance and staff training.

Service Providers

We may share information with trusted third-party service providers who assist us in operating our website, conducting business, or servicing you, provided those parties agree to keep this information confidential. These may include:

• IT and hosting service providers
• Payment processors
• Insurance verification services
• Analytics providers

Legal Requirements

We may disclose your information when required by law, including:

• In response to a valid court order or subpoena
• To comply with government audits or investigations
• To report suspected abuse, neglect, or domestic violence as required by California law
• To prevent or mitigate a serious and imminent threat to health or safety
• As otherwise required by federal or state law

4. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and gather analytical data.

Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly, including session management and security features. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting information such as pages visited, time on site, and traffic sources. We may use services such as Google Analytics for this purpose.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and form inputs.

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable cookies, some portions of our website may not function properly.

Google Analytics

We may use Google Analytics to collect anonymized data about website usage. Google Analytics uses cookies to track visitor interactions. The data collected is aggregated and anonymous. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Do Not Track Signals

Our website respects “Do Not Track” browser signals. When we detect a Do Not Track signal, we do not engage in tracking your activity across other websites.

5. Your Rights

General Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct any inaccurate or incomplete personal information
• Deletion: Request that we delete your personal information, subject to certain exceptions required by law
• Opt-Out: Opt out of receiving marketing communications at any time by contacting us or using the unsubscribe link in our emails
• Data Portability: Request your personal data in a structured, commonly used, and machine-readable format

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which information is collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. However, you have the right to opt out of the sale or sharing of your personal information if this practice were to change in the future.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different level of service because you exercised your privacy rights.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information collected about you.

To exercise any of these rights, please contact us using the information provided in Section 11 below. We will respond to verifiable consumer requests within 45 days of receipt. If we need additional time, we will inform you of the reason and the extension period (up to an additional 45 days).

6. HIPAA Notice of Privacy Practices

As a healthcare provider, MSH Treatment is required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. This section summarizes our obligations and your rights concerning your Protected Health Information (PHI).

What is Protected Health Information?

Protected Health Information (PHI) includes any individually identifiable health information that relates to your past, present, or future physical or mental health condition, the provision of healthcare to you, or the payment for such care. This includes medical records, treatment plans, diagnostic assessments, progress notes, and billing records.

How We May Use and Disclose Your PHI

We may use and disclose your PHI without your written authorization for the following purposes:

• Treatment: To provide, coordinate, and manage your healthcare and related services, including consultations with other healthcare providers involved in your care
• Payment: To obtain reimbursement for your healthcare services, including billing your insurance company and determining eligibility and coverage
• Healthcare Operations: For our internal operations, such as quality improvement, staff training, compliance auditing, and business planning
• As Required by Law: When federal, state, or local law requires disclosure
• Public Health Activities: To public health authorities for purposes such as preventing or controlling disease
• Abuse or Neglect Reporting: To appropriate government authorities if we reasonably believe you are a victim of abuse, neglect, or domestic violence
• Judicial and Administrative Proceedings: In response to a court order or administrative tribunal, or in response to a subpoena with appropriate safeguards

42 CFR Part 2 Protections

Because MSH Treatment provides substance use disorder treatment, your records are additionally protected under federal regulation 42 CFR Part 2. This regulation provides stricter confidentiality protections than HIPAA alone. Under 42 CFR Part 2:

• Your substance use disorder treatment records cannot be disclosed without your specific written consent, except in limited circumstances
• Records may be disclosed without consent only in cases of a medical emergency, for research purposes (with safeguards), for audit or evaluation purposes, or pursuant to a court order that meets specific criteria
• Information disclosed with your consent may not be re-disclosed by the recipient without additional authorization from you

Your HIPAA Rights

Under HIPAA, you have the following rights regarding your PHI:

• Right to Access: You may request to inspect and obtain a copy of your PHI maintained in our designated record set. We may charge a reasonable fee for copies.
• Right to Amend: You may request an amendment to your PHI if you believe it is inaccurate or incomplete. We may deny the request under certain circumstances, but we will provide a written explanation.
• Right to an Accounting of Disclosures: You may request a list of disclosures of your PHI that we have made, other than for treatment, payment, healthcare operations, and certain other exceptions.
• Right to Request Restrictions: You may request restrictions on certain uses and disclosures of your PHI. We are not required to agree to all restrictions, but we must comply with any restriction to which we agree.
• Right to Request Confidential Communications: You may request that we communicate with you about health matters using a particular method or at a certain location.
• Right to a Paper Copy: You have the right to obtain a paper copy of this notice upon request, even if you have agreed to receive it electronically.
• Right to Be Notified of a Breach: You have the right to be notified if there is a breach of your unsecured PHI.

To exercise any of these rights, please submit a written request to our Privacy Officer using the contact information in Section 11.

7. Data Security

We take the security of your personal and health information seriously. We implement a variety of administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, alteration, or disclosure. These measures include:

• Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our website. Sensitive data stored in our systems is encrypted at rest using industry-standard encryption protocols.
• Access Controls: Access to personal and health information is restricted to authorized personnel who require it to perform their job duties. We employ role-based access controls and require strong authentication.
• Employee Training: All staff members receive regular training on privacy and security best practices, HIPAA compliance, and 42 CFR Part 2 requirements.
• Physical Safeguards: Paper records and physical media containing sensitive information are stored in locked, secure locations with restricted access.
• Incident Response: We maintain an incident response plan to promptly address any suspected data breach or security incident. In the event of a breach involving your PHI, we will notify you as required by HIPAA and California law.
• Regular Audits: We conduct periodic security assessments and audits to identify and address potential vulnerabilities in our systems and processes.

While we strive to protect your information using commercially reasonable measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information.

8. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 through our website. If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately using the information in Section 11 below. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our systems.

Treatment services for minors are only provided with appropriate parental or guardian consent and in accordance with applicable California laws regarding the treatment of minors for substance use disorders.

9. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will:

• Update the “Effective Date” at the top of this page
• Post the revised Privacy Policy on our website
• For material changes that significantly affect how we handle your personal information, provide prominent notice on our website or through direct communication
• For changes affecting the use or disclosure of your PHI, provide an updated HIPAA Notice of Privacy Practices

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website and services after any changes to this policy constitutes your acceptance of the updated terms.

10. Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal information, or our privacy practices, please contact our Privacy Officer:

If you believe your privacy rights have been violated, you may also file a complaint with:

• U.S. Department of Health & Human Services (HHS), Office for Civil Rights: www.hhs.gov/ocr/complaints
• California Attorney General’s Office: oag.ca.gov/privacy

We will not retaliate against you for filing a complaint.

This Privacy Policy was last updated on January 1, 2026, and applies to MSH Mental Support – Helpline & Addiction Treatment Specialists, doing business as MSH Treatment.