Privacy Policy

Milestones Ranch – Privacy Policy & Notice of Privacy Practices

Effective Date: 2/10/2026

Milestones Ranch (“we,” “our,” or “the Program”) is committed to protecting your privacy and the confidentiality of your health and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • 42 CFR Part 2 (Confidentiality of Substance Use Disorder Treatment Records)
  • CMIA (California Medical Information Act)
  • CCPA/CPRA (California Consumer Privacy Rights Act)
  • ADA (Americans with Disabilities Act) Website Accessibility Requirements

This Notice applies to all information collected through our treatment services, website, electronic health records, and any other interactions you have with Milestones Ranch.

1. OUR LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI)

We are legally required to:

  • Maintain the privacy and security of your Protected Health Information (“PHI”)
  • Provide you with this Notice of Privacy Practices
  • Follow the terms of this Notice
  • Notify you if a breach compromises your PHI

PHI includes any information that identifies you and relates to your physical or mental health, substance use disorder treatment, or payment for health care services.

We reserve the right to update this Notice at any time. Updated versions will be posted on our website and available upon request.

2. HOW WE MAY USE AND DISCLOSE YOUR PHI

A. Uses and Disclosures Requiring Your Written Consent (42 CFR Part 2)

Because Milestones Ranch provides substance use disorder treatment, 42 CFR Part 2 requires your written authorization for most disclosures, including:

  • Coordination of care with outside providers
  • Communication with family members
  • Insurance billing and payment
  • Release of treatment records
  • Sharing information with other health care professionals

You may revoke your authorization at any time unless we have already relied on it.

B. Uses and Disclosures for Treatment, Payment, and Health Care Operations

1. Treatment

With your written consent, we may use and disclose PHI to provide, coordinate, or manage your care. This may include sharing information with:

  • Physicians, psychiatrists, psychologists, therapists, and nurses
  • Laboratories, pharmacies, or specialists
  • Other health care providers involved in your treatment
2. Payment

With your authorization, we may disclose PHI to:

  • Submit insurance claims
  • Verify benefits
  • Obtain reimbursement for services

We will not disclose substance use disorder treatment information for payment without your written consent.

3. Health Care Operations

We may use PHI internally for:

  • Quality improvement
  • Staff training and supervision
  • Licensing, accreditation, and audits
  • Administrative and business operations

We may share PHI with qualified service organizations (QSOs) that contract with us and agree to protect your confidentiality.

C. Uses and Disclosures Allowed Without Your Authorization

We may disclose PHI without your written consent only in the following limited circumstances:

  • Medical emergencies
  • Court orders that meet strict federal requirements
  • Mandatory reporting of child or elder abuse
  • Crimes on program premises or against staff
  • Serious and imminent threats to health or safety
  • Health oversight activities (audits, inspections)
  • Research under strict confidentiality safeguards
  • Compliance with the U.S. Department of Health and Human Services

These exceptions are narrowly defined by HIPAA and 42 CFR Part 2.

D. Uses and Disclosures Requiring Your Opportunity to Agree or Object

With your written agreement (or if you do not object), we may:

  • Share limited information with family or caregivers involved in your care
  • Communicate with individuals assisting with payment

You may withdraw consent at any time.

3. YOUR RIGHTS REGARDING YOUR PHI

  1. Right to Access and Copies
    You may request to inspect or obtain copies of your PHI. Reasonable fees may apply.
  2. Right to Amend
    If you believe your PHI is incorrect or incomplete, you may request an amendment.
  3. Right to an Accounting of Disclosures
    You may request a list of certain disclosures made in the past six years.
  4. Right to Request Restrictions
    You may request limits on how we use or disclose your PHI. We are not required to agree, except in limited cases.
  5. Right to Confidential Communications
    You may request alternative communication methods (e.g., email, work address).
  6. Right to a Paper or Electronic Copy of This Notice
    You may request a copy at any time.
  7. Right to File a Complaint
    You may file a complaint without fear of retaliation.

4. CALIFORNIA SPECIFIC PRIVACY RIGHTS

A. California Medical Information Act (CMIA)

CMIA provides additional protections for medical information, including:

  • Restrictions on unauthorized disclosures
  • Requirements for safeguarding your information
  • Rights to access and correct your medical information

CMIA protections apply in addition to HIPAA and 42 CFR Part 2.

B. California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)

Most information collected by Milestones Ranch is exempt from CCPA/CPRA because it is protected under HIPAA, CMIA, or 42 CFR Part 2.

However, non medical personal information collected through our website may be subject to CCPA/CPRA, including:

  • Website analytics
  • Contact form submissions
  • Marketing inquiries
  • Employment related information

Your CCPA/CPRA Rights Include:

  • Right to know what personal information we collect
  • Right to request deletion (with exceptions)
  • Right to correct inaccurate information
  • Right to opt out of the sale or sharing of personal information
  • Right to limit the use of sensitive personal information
  • Right to non discrimination for exercising privacy rights

Milestones Ranch does not sell personal information.

To submit a CCPA/CPRA request, contact: Milestones Ranch Malibu customer support
(866) 874- 9774

5. WEBSITE ADA ACCESSIBILITY STATEMENT

Milestones Ranch is committed to ensuring that our website is accessible to all individuals, including those with disabilities. We strive to meet or exceed WCAG 2.1 AA accessibility standards.

Our Accessibility Measures Include:

  • Screen reader compatibility
  • Text alternatives for images
  • Keyboard navigation support
  • High contrast design
  • Clear headings and semantic HTML
  • Regular accessibility audits

Need Assistance?
If you experience difficulty accessing our website or need information in an alternative format, please contact:

ADA Accessibility Coordinator
Contact Milestones Ranch (866) 874-9774
We will make reasonable efforts to accommodate your needs.

6. CONTACT INFORMATION

For questions, requests, or complaints regarding this Privacy Policy or your rights, contact:
Privacy Officer / Compliance Department: Milestones Ranch
203 Vera Canyon Dr., Malibu CA 90265
(866) 874-9774
Accounting@milestonesranch.com

You may also file a complaint with:

Department of Health Care Services
P.O. Box 99413
Sacramento, CA 95899-7413

We will not retaliate against you for filing a complaint.