top of page

Corporate Compliance and Privacy Practices


REACH Medical / Project (REACH) employs a Corporate Compliance Program designed to prevent, detect and report incidents of noncompliance. The Corporate Compliance Plan establishes a framework in accordance with applicable law to promote and ensure ethical business practice and provide guidance to each employee for their conduct. We will hold our Board of Director members, contracted practitioners, volunteers and vendors to these same standards.

REACH Corporate Compliance Program includes:

  • Corporate Compliance Officer.

  • Corporate Compliance Plan.

  • Training for all employees, supervisors and Board of Directors.

  • Code of Ethics.

  • Screening procedures for all employees, independent contractors and vendors to ensure that they have not been sanctioned by federal and state law enforcement.

  • On-going risk management of business and service functions.

  • Anonymous whistle-blower reporting line. 


This notice describes how medical and / or substance use related information about you may be used and disclosed and how you can get access to this information. Please review it carefully.


General Information

Information about your treatment and care, including payment for care, is protected by two federal laws: The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)*, Confidentiality of Records Law**. Under these laws the program may not say to a person outside of the program that you attended the program, nor may the program disclose any information identifying you as a recipient of alcohol or drug use services, or disclose any other protected information except as permitted by the federal laws referenced below.


* Public Law 104-191; **42 U.S.C. § 290dd-2, 42 C.F.R. Part 2

The Practice / Program must obtain your written consent before it can disclose information about you for payment purposes. For example, the program must obtain your written consent before it can disclose information to your health insurer in order to be paid for services. Generally, you must also sign a written consent before the program can share information for treatment purposes or for health care operations. However, federal law permits the program to disclose information in the following circumstances without your written permission:

  1. To Practice / Program staff for the purposes of providing treatment and maintaining the clinical record;

  2. Pursuant to an agreement with a business associate (e.g. clinical laboratories, pharmacy, record storage services, billing services);

  3. For research, audit or evaluations (e.g. State licensing review, accreditation, program data reporting as required by the State and/or Federal government);

  4. To report a crime committed on the program’s premises or against program personnel;

  5. To medical personnel in a medical/psychiatric emergency;

  6. To appropriate authorities to report suspected child abuse or neglect;

  7. To report certain infectious illnesses as required by State law;

  8. As allowed by a court order.

Before the Practice / Program can use or disclose any information about your health in a manner which is not described above, it must first obtain your specific written consent allowing it to make the disclosure. Any such written consent may be revoked by you in writing. (NOTE: Revoking a consent to disclose information to a court, probation department, parole office, etc. may violate an agreement that you have with that organization. Such a violation may result in legal consequences for you.)


Your Rights

  • Under HIPAA you have the right to request restrictions on certain uses and disclosures of your health and treatment information. The program is not required to agree to any restrictions that you request, but if it does agree with them, it is bound by that agreement and may not use or disclose any information which you have restricted except as necessary in a medical emergency.

  • You have the right to request that we communicate with you by alternative means or at an alternative location (e.g. another address). The program will accommodate such requests that are reasonable and will not request an explanation from you.

  • Under HIPAA you also have the right to inspect and copy your own health and treatment information maintained by the program, except to the extent that the information contains psychotherapy notes or information compiled for use in a civil, criminal or administrative proceeding or in other limited circumstances.

  • Under HIPAA you also have the right, with some exceptions, to amend health care information maintained in the program’s records, and to request and receive an accounting of disclosures of your health related information made by the program during the six (6) years prior to your request.

  • Under 42 CFR Part 2, you have the right to ensure that your records are not shared without your consent to another provider or to a court. 

  • If your request to any of the above is denied, you have the right to request a review of the denial by the Director of Operations. .

  • To make any of the above requests, you must fill out the appropriate form that will be provided by the program.

  • You also have the right to receive a paper copy of this notice.


The Use of Your Information at the Practice / Project 

In order to provide you with the best care, the program will use your health and treatment information in the following ways:

  • Communication among Practice / Program program staff (including students or other interns) for the purposes of treatment needs, treatment planning, progress reporting and review, staff supervision, incident reporting, medication administration, billing operations, medical record maintenance, discharge planning and other treatment related processes.

  • Communication with Business Associates such as clinical laboratories (blood work, urinalysis), agencies that provide on-site services (presentations, trainings, guests or speakers at group therapy sessions, etc.).

  • Reporting data to the NYS OASAS Client Data System.


The Practice / Project’s Duties

The Practice / Program is required by law to maintain the privacy of your health information and to provide you with notice of its legal duties and privacy practices with respect to your health information. The program is required by law to abide by the terms of this notice. The program reserves the right to change the terms of this notice and to make new notice provisions effective for all protected health information it maintains. The program will provide current patients with an updated notice, and will provide affected former patients with new notices when substantive changes are made in the notice.



REACH endorses an “open door” policy and suggests that individuals share their questions, concerns, suggestions, or complaints with someone who can address them properly. In most cases, an employee or supervisor is in the best position to address an area of concern. For suspected fraud, or if an individual is not satisfied or uncomfortable with following the organization’s open door policy, the compliance officer should be contacted directly.

Anonymous reports may be made by sending a written or typed report through the U. S. mail to the confidential attention of the compliance officer at the following address:

Compliance Officer, REACH, 1001 Seneca St., Ithaca NY 14850 or the compliance hotline: for confidential reporting.



You will not be retaliated against for filing such a complaint.

No person who in good faith reports a concern or violation shall suffer harassment, retaliation, or any adverse consequence. The reporting procedures and non-retaliation policy are intended to encourage and enable persons to raise serious concerns about the organization prior to seeking outside resolution.

Compliance Officer: Emily England

bottom of page