Privacy Policy and Practices

 Effective Date - January 1, 2022


This notice describes

1) The types of information that is collected and recorded by and how we use it.

2) How medical information about you may be used and disclosed, and how you may obtain access to this information

Please review this document carefully

Privacy Policy for

At CRC, accessible from, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by and how we use it. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us at

Log Files follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Third Party Privacy Policies Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You can choose to disable cookies through your individual browser options. To find more detailed information about cookie management with specific web browsers, you can refer to the browsers' respective websites.

Children's Information

A priority of ours is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

Online Privacy Policy Only

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in This policy is not applicable to any information collected offline or via channels other than this website.


By using our website, you hereby consent to our Privacy Policy and agree to its Terms and Conditions.

Protecting your Health Information is our Commitment

Comprehensive Rehab Consultants, CRC, is dedicated to keeping the privacy of your health and medical records protected. This commitment is in line with the Health Insurance Portability and Accountability (HIPAA) Act, a United States federal legislation that provides data privacy and safeguards to medical information. Upon your treatment with us, nurse practitioners, physician assistants, physicians, and other staff may gather information about your health care history including the present. This Notice discusses how that “Protected Health Information,”(PHI) may be used and made available to others. The terms of this Notice cover the health records produced or gathered by Comprehensive Rehab Consultants.

What is Considered Private

Information used by a government authority, financial institution or insurance carrier to distinguish a person from other individuals such as but not limited to insurance policy number, social security number, credit card number is private. Such information can be used to identify an individual and certain information may be used to contact a person directly.

The aforementioned information are considered to be Personal Information (“PI”) and is private. Information about an individual’s health, such as insurance and billing information, is considered to be Personal Health Information (also known as “PHI”) and is private.

This Policy also will apply to non-personal information if such information can be used in combination with other Personal Information or non-personal information to identify an individual.

Please be aware that this Policy only covers information manually submitted to, or automatically collected by, us through use of this Site and/or our Services.

Our Legal Responsibility

Comprehensive Rehab Consultants is required by law to uphold the privacy of your PHI and to advise this Notice about our privacy practices that discusses your rights as our patient and how, when, and why we may give out or make use of your PHI.

The federal law requires us to conform to the privacy practices detailed in this Notice, though we reserve the right to revise our privacy practices and the terms stated in this Notice at any time and to apply those conditions to the entire PHI in our custody. If we amend our privacy practices and the conditions of this Notice, we will post a copy in our office in a highly visible location, have copies of the amended Notice available at our headquarters, and give you a copy of the said Notice upon your request. The revised Notice will also be published on our website.

Other partners or third-party establishments or individuals that carry out services on our behalf must also comply in keeping the privacy of your data. These partners are not permitted to issue your information to anyone else unless specifically allowed by law. In addition, there could be other federal or state policies, which may provide further safeguards related to mental conditions, communicable disease, alcohol or substance abuse, or other medical conditions.

As a healthcare provider we are subject to laws and regulations governing the use and disclosure of PHI. In the United States, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI. Healthcare providers are considered to be Covered Entities under HIPAA and are subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI in order to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. To enforce protection, HIPAA requires Covered Entities to execute a “Business Associate Agreement” or ”BAA” with each of its Business Associates. Our U.S.-based customers are required to sign a BAA with us. As a Business Associate, we are required to use reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of PHI that is stored and processed on behalf of Covered Entities.

How Your Health Information May be Used and Disclosed

We will discuss below the possible ways on how we will use or release your Protected Health Information for treatment, payment, or health care operations. We also cited some examples below, although we may not include every potential use or applications in specific categories.


We could use and may disclose health records about you for your medical treatments and health care purposes. A nurse practitioner or physician assistant may request for a medical record about you to update your health information as an example. Possibly, one of our physicians may use your medical information for consultation and referral should another physician handle your treatment and decide which option will be best for your medical needs. Excluding emergency situations, we will do our best effort, in good faith, to get your consent prior to making disclosures outside of your health facility or CRC for medical purposes.


We could use and may disclose health records about you to get payment for the medical care that we have successfully delivered to you. We may give your health plan provider a copy of the information about you including your diagnosis and the services administered to you while under our care so that your insurer could provide us payment, or recompense you, for the treatment. We may also get in touch with your health insurance provider to obtain prior consent about a possible treatment.

Health Care Operations

We could use and may disclose health records about you for CRC’s health care operations, which may include management, therapy sessions, quality assessment, and planning for the health services that we provided. Possibly, we may utilize your health records to assess the capability of our physicians and other health care workers in providing care for you. We may also use your data to evaluate health and quality results. In cases where we should share your health information outside CRC or other health facilities, we will ask your consent first before making any disclosures.

Communications and Appointment Reminders

We could use and may disclose PHI to remind you of scheduled facility visits and to advise essential information about your appointment. We may also use or share health information to advise you on recommended potential alternative or medical options that you find interesting, or, subject to specific limitations, or to let you know about health- related advantages, and services. We may utilize email, phone calls or written communications to provide these types of information.

Persons Assisting in Your Health Care

In some specific situations, CRC may share your important health information to people who are providing help on your treatment, either physically or financially, such as relatives, family members, or friends.

We may share information with them only if it’s necessary for these individuals to have the records in order to help you. For instance, we may give specific information to a family member so that they may purchase a prescription on your behalf. In most cases, we will get your consent first before any disclosure is made. In some instances where you are not capable of making health-related decisions, or there’s an emergency, CRC may choose to share relevant health information about you to the individual helping in your care.

In addition, we could use and may disclose your health record for the purpose of finding and informing your family or close personal friends of your location, health condition, or death, and to groups that are involved in those responsibilities during disasters.


Federal law authorizes CRC to use or disclose your health information for purposes of research, provided an Institutional Review Board reviewed and approved the research

to safeguard the confidentiality of your health data prior to the start of the study. With your written consent, we may share your health record. In some cases, researchers may be permitted to use information about you with some restrictions to determine

whether the possible research participants are appropriate. CRC will make sure, in good faith, to get your permission or refusal to partake in any study before disclosing any private information about you.


CRC maintains a normative database with de-identified information that is used for certain commercial purposes. All pieces of data (data elements) that can, individually or in combination, be used to uniquely identify an individual are removed. These data elements are:

  • Names
  • Geographic locators including Zip Codes but excluding state
  • All elements of dates (except the year) that are related to an individual. This
  • information includes admission and discharge dates, birthdate, date of death, all ages over 89 years old, and elements of dates (including year) that are indicative of age.
  • Telephone, cellphone, and fax numbers Email addresses
  • IP addresses and IP addresses can be used to identify physical addresses Social Security Numbers
  • Medical record numbers
  • Health plan beneficiary numbers (i.e. the member ID on a patient’s health insurance card)
  • Device identifiers and serial numbers (medical devices are assigned unique serial numbers)
  • Certificate/license numbers (e.g., driver license numbers and birth certificate numbers)
  • Account numbers (e.g., bank account numbers)
  • Vehicle identifiers and serial numbers, including license plates
  • Website URLs and URLs if a URL is logged within a specific application and the URL can be used to uniquely identify an individual
  • Full face photos and comparable images
  • Biometric identifiers (including fingerprints, voice prints, and retinal images) Any unique identifying numbers, characteristics or codes
  • Any unique identifying numbers, characteristics or codes

Other Purposes and Disclosures Approved by the HIPAA Privacy Rule

We could use and release PHI about you in the circumstances listed below, with compliance to certain legal conditions described in the HIPAA Privacy Rule.

  • Required by Law: We could use or may release PHI as obliged by federal, state, or local law if the disclosure conforms with the law and is restricted to the boundaries of the law.
  • Neglect, Abuse, or Domestic Violence: We could use or may release PHI to authorized government officials if we have a reason to believe that you or anyone may have suffered neglect, abuse, or domestic violence.
  • Public Health Activities: We could use or may share PHI with public health officers or other authorities to fulfill certain campaigns related to public health, such as :
  • Control or prevent injury, disease, and disability, or account injury, disease, birth, or death;
  • Report child abuse or neglect;
  • Take into account information about the safety, quality, or effectiveness of products or services under the federal Food and Dmg Administration;
  • Inform an individual who may have been exposed to infectious disease and prevent further contracting or spreading of the disease;
  • Notify employers, under restricted conditions, data related mainly to workplace injuries or disease or workplace health investigation.

Specific Government Functions

If you are military personnel or a veteran, we could disclose health information about you as ordered by command authorities; or if you have given us written consent. We may also share your health records for other specific government functions including intelligence work or national security.

Employees Compensation

If you are eligible for compensation due to an injury related to work, we may disclose health information about you for the purpose of compliance with the Workers Compensation claims.


We could use and release health information to your company if you are under health treatment with us upon the request of your employer, and there’s a provision of medical services either to conduct an assessment concerning the medical review of the workplace or to determine whether you have a work-related injury or disease. In such situations, we will send you a notice about the PHI disclosure. Further disclosures to your employer will only happen if you authorize the disclosure of that information.

Health Oversight Undertakings

We must share health information with a government health oversight department for activities that are obliged by state, federal, or local law. Oversight undertaking may include inspections, audits, and industry inspections and licenses. These events are needed to allow government agencies to observe various health care systems, government programs, and healthcare industry compliance with civil rights laws. Almost every state requires that classifying information about you be omitted from the records for health oversight reasons unless you have provided written content for the disclosure.

Disputes and Lawsuits

We could release health information if you are implicated in a dispute, lawsuit, or other legal proceedings, as may be required by a court or other lawful process, as last option should all efforts have been exhausted to notify you about the order, or acquire an order withholding the information asked for.

Law Enforcement

We may share your health information with a law enforcement authority if obliged by law, including some burns and gunshot wounds. We may also release information about you to law enforcement that is not related to your health data because of the following reasons:

  • To classify or trace a fugitive, suspect, material witness, crime victim, or missing person
  • About a death, we suspect that could be a result of a criminal act
  • About criminal acts in our vicinity

Correctional Facilities

We may disclose your health information if you are a prisoner of a correctional institution or under the custody of a law enforcement agency, only as the law requires it or with written consent from you. The disclosure is for the purpose of others and your health and safety, as well as for the safety and security of the penal institution.

Coroners, Medical Examiners, and Funeral Directors

We may disclose your PHI to an authorized medical examiner or coroner. This may be needed, for instance, to identify a deceased person’s body or to establish the cause of death. For a funeral director to perform his/her duties, we may also disclose your PHI whenever necessary.

HIPAA Law Requirement

In cases of privacy violations, the Secretary of the Department of Health and Human

Services (HHS) may decide to investigate. If requested, we must share your information with HHS as part of their investigation.

Circumstances in which your Health Information may be shared with your Written Authorization

For other purposes which were not included above, we could only use or may disclose your health information upon your valid authorization. For instance, you should sign a consent form before we can send your medical records to your life insurance company. At any given time, you can opt to revoke your authorization.

Advertising and Marketing

We must also seek your written consent before your health information can be used for advertising and marketing purposes except to the following :

We can give you marketing resources with a face-to-face meeting or a sponsored gift of a small value should we choose to.

We may inform you about products or services related to your medication, supervise your care, or provide you with data about other treatments, and providers.

Highly Confidential Information

Federal and state law mandates distinct privacy safeguards for specific “Highly Confidential Information” about you, including any aspect of your health information that is regarding:

  • Child abuse and mistreatment
  • Domestic mistreatment of an adult with a disability
  • Mental illness or developmental disability care or services
  • Alcohol or drug addiction diagnosis, treatment, or medical appointment HIV/AIDS testing, diagnosis, or treatment
  • Sexually transmitted disease Sexual abuse
  • Genetic tests
  • In Vitro Fertilization (IVF)
  • The information documented in psychotherapy transcripts

Prior to sharing your Highly Confidential Information for a purpose outside the law permits, we are required to ask for your written consent.

Your Rights About the Health Information We Keep About You

Right to Review and Copy

It is your right to review and be given a copy of your PHI. Before inspecting your records. your nurse, doctor, or the Medical Records Department should be notified with a request. Prior to disclosing copies of your PHI, the Medical Records Department should be advised first. For PHI in a selected recordset that is kept in an electronic format, you can request an electronic copy of such data. There may be a fee for requesting copies of your PHI.

Right to Ask for Revision

Should you notice that there’s a possible error or lacking data on your health record, you are allowed to ask us to change the information, provided that CRC keeps the information. A written and a signed request is required for CRC to apply such correction. If your request is denied, we shall provide you with an explanation in writing. You may reply with a statement of disagreement and it will be added to your existing record. If we agree to your request to change the information, our process would be to notify others,

including those you identified, of the revision and to include the amendments in any future releases of that information.

Right to Request Restrictions on Use and Disclosure

It is your right to request a limitation or restraint on certain uses and sharing of your health information.

To request limitations, you must submit a written request to CRC with the following details :

  • What data do you request to restrict
  • Whether you request to limit our usage, disclosure, or both
  • The coverage of the restrictions you wish to apply – for instance, if you want to exclude insurance payment for your disclosures, health care processes, for disaster relief activities, to individuals involved in your care, or to your spouse.

You or your authorized representative must sign it.

While we are not obliged to approve your request, it will be in our best effort to assess all reasonable requests when suitable. We maintain the right to dismiss an agreed-to restriction if we believe such is necessary and appropriate. In the event of cessation, we will notify you of such termination. You also have the right to dismiss, either in oral or writing, any agreed-to restriction.

Right to an Accounting of Information to Disclose

With some specific exceptions, you have the right to obtain a record of certain releases of your PHI. Your documentation request must be in writing and signed by you or your authorized representative and submitted to CRC. Your request must include the specific time in which the disclosures were made. The disclosures can only cover up to six years from the date of your request. You could get a one-time free record in any 12-month period. Additional requests will require certain fees.

Right to Request Alternative Communication Channel

It is your right to request that we discuss with you medical concerns in a confidential manner or at a particular location. You may request that we only notify you via mail to a post office box as an example. You must submit a written request to CRC. We will not question the reason for your request. Your request must also stipulate how or where you want to be contacted. All reasonable requests will be accommodated by CRC.

Right to Acquire a Copy of this Notice

Even if you arranged to receive the Notice electronically, you have the right to request a paper copy of this Notice of Privacy Practices. At any time, you could request us to give you a copy of this Notice.

Right to Cancel Permission to Use or Disclose

Other uses and releases of your health information not discussed in this Notice or covered by the laws that govern us will be furnished only with your written consent. It is within your right to retract your permission in writing at any moment, and CRC will cease future uses and disclosures of your health information for the grounds covered by your authorization. We will no longer be able to renounce any disclosures that were already arranged with your authorization, and we are required to maintain the information of the care that we provided to you.

For More Inquiries

If you have inquiries or would like to know further details, you may contact CRC at

To File a Grievance

You may submit any grievances regarding the violations of your privacy rights, you may contact CRC at

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you believe that your rights have been violated. Rest assured that CRC will apply its non-retaliation policy for all valid complaints.

Revisions to this Notice

If we apply a substantial modification to this Notice, we will provide a revised Notice available at our facility or on our web site,

Contact Information

Except where otherwise stated, to implement any of the rights defined in this Notice, for further information, or to file a complaint, please contact CRC at or by mail at the address below

Comprehensive Rehab Consultants

17W110 22nd St, Suite 618

Oakbrook Terrace, IL 60181


Get in touch

We would love to hear from you. Fill out our contact form and our team will get back to you as soon as possible.

Thank you!

We received your submission

Oops! Something went wrong. Try again or refresh the page.