Upstate Caring Partners Privacy Policy
1. NOTICE OF PRIVACY PRACTICES
Effective Date: February 16, 2026
This Notice describes how medical, behavioral health, educational, and Substance Use Disorder (SUD) information may be used and disclosed, and how you may access this information. Please review carefully.
OUR LEGAL DUTIES
We must maintain the privacy of your Protected Health Information (PHI) and Substance Use Disorder (SUD) records, provide this Notice, follow HIPAA and 42 CFR Part 2, and notify you of breaches involving unsecured PHI or SUD information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described in this notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
USES AND DISCLOSURES
We may use or disclose PHI for treatment, payment, and health care operations as permitted under HIPAA. We can use and share your health information to bill and get payment from health plans or other entities. Additional protections apply to SUD records, which may not be disclosed without written consent, a court order, or an applicable regulatory exception.
HOW ELSE CAN WE USE OR SHARE YOUR HEALTH INFORMATION?
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We must meet many conditions in the law before we can share your information for these purposes. In all cases, including those listed below, if we have substance use disorder patient records about you, subject to 42 CFR part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena.
Help with public health and safety issues:
• We can share health information about you for certain situations such as:
• Preventing disease
• Helping with product recalls
• Reporting adverse reactions to medications
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety
Do research
• We can use or share your information for health research.
Comply with the law
• We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests
• We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
• We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests
We can use or share health information about you:
• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services
Respond to lawsuits and legal actions
• We can share health information about you in response to a court or administrative order, or in response to a subpoena.
YOUR CHOICES
Your Choices You have some choices in the way that we use and share information as we:
• Tell family and friends about your condition
• Provide disaster relief Include you in a hospital directory
• Provide mental health care
• Market our services and sell your information
• Raise funds
STATE REGULATORY DISCLOSURES
As an organization regulated by NYSED, the Justice Center, and OMH/Office of Mental Hygiene, we may disclose information for audits, investigations, compliance monitoring, and safety requirements.
YOUR RIGHTS
You have rights to receive this Notice, request restrictions, request confidential communications, inspect and copy records, request corrections, and receive an accounting of disclosures. You have right to get an electronic or paper copy of your medical record. You can ask us to correct health information about you that you think is incorrect or incomplete. We may say “no” to your request, but we’ll tell you why in writing within 60 days.
COMPLAINTS
You may file complaints with our Privacy Officer. Upstate Caring Partners Privacy Officer is Constantine Gleboff and he can be reached at (315)927-2050 or stan.gleboff@upstatecp.org., also you could mail your complaint to Privacy Officer at 125 Business Park Drive, Utica, NY 13502.
Additionally, you can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html
We will not retaliate against you for filing a complaint.
2. EMBEDDED CONTENT
Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged-in to that website. Below you can find a list of the services we use:
The Facebook page plugin is used to display our Facebook timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: Facebook Privacy Policy .
We use the Twitter API to display our tweets timeline on our site. Twitter has its own cookie and privacy policies over which we have no control. Your IP is not sent to a Twitter server until you consent to it. See their privacy policy here: Twitter Privacy Policy .
YOUTUBE
We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.
3. COOKIES
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymized tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
NECESSARY COOKIES (ALL SITE VISITORS)
- cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
- PHPSESSID: To identify your unique session on the website.
NECESSARY COOKIES (ADDITIONAL FOR LOGGED IN CUSTOMERS)
- wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
- wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
- wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
- wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
4. WHO HAS ACCESS TO YOUR DATA
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself.
If you are a client with a registered account, your personal information can be accessed by:
- Our system administrators.
- Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
5. THIRD PARTY ACCESS TO YOUR DATA
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:
ENVATO PTY LTD
For the purpose of validating and getting your purchase information regarding licenses for our theme, we send your provided tokens and purchase keys to Envato Pty Ltd and use the response from their API to register your validated support data. See the Envato privacy policy here: Envato Privacy Policy.
TICKSY
Ticksy provides the support ticketing platform we use to handle support requests. The data they receive is limited to the data you explicitly provide and consent to being set when you create a support ticket. Ticksy adheres to the EU/US “Privacy Shield” and you can see their privacy policy here: Ticksy Privacy Policy.
6. HOW LONG WE RETAIN YOUR DATA
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation.
If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
7. SECURITY MEASURES
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personal identifiable information is not captured/hijacked by third parties without authorization.
In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
8. YOUR DATA RIGHTS
GENERAL RIGHTS
If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.
You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.
GDPR RIGHTS
Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. ThemeREX permits residents of the European Union to use its Service. Therefore, it is the intent of ThemeREX to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.
9. THIRD PARTY WEBSITES
ThemeREX may post links to third party websites on this website. These third party websites are not screened for privacy or security compliance by ThemeREX, and you release us from any liability for the conduct of these third party websites.
All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties, unless you explicitly click on them.
Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Service or Site. ThemeREX bears no responsibility for the information collected or used by any advertiser or third party website. Please review the privacy policy and terms of service for each site you visit through third party links.
10. RELEASE OF YOUR DATA FOR LEGAL PURPOSES
At times it may become necessary or desirable to ThemeREX, for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.
Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.
11. AMENDMENTS
We may amend this Privacy Policy from time to time. When we amend this Privacy Policy, we will update this page accordingly and require you to accept the amendments in order to be permitted to continue using our services.