Privacy Policy

1. Introduction and Clinical Integrity

Our Mission 

Welcome to Ascent Behavioral Hospital. We understand that families visiting our website are often navigating a challenging and sensitive time. Our website is designed to serve as a secure, professional portal for families seeking high-quality mental health services and acute hospital care. We are committed to protecting your privacy and ensuring that any information you share with us, whether online or via telephone, is handled with the highest level of clinical and technical integrity. 

The "Intake Gateway" Concept 

This Privacy Policy governs the information collected through our website. While our primary intake and assessment process currently occurs via direct telephone consultation, this policy also covers any preliminary inquiry or Verification of Benefits (VOB) forms that may be made available on this site. It is important to understand that our digital platform acts as a secure "gateway." Any sensitive information submitted via our digital forms is transmitted through encrypted channels directly into our HIPAA-compliant Clinical Record System (CRM) for professional review. 

Our Editorial Policy

In an era of digital misinformation, we believe that parents deserve accurate, truthful, and evidence-based information regarding mental health treatment. To ensure the integrity of our resources, every page and clinical article on our website is reviewed by a licensed therapist prior to publication. This ensures that the content you read is not only medically accurate but also represents our treatment philosophy and the mental health space with the utmost transparency.

2. Information We Collect

To provide an accurate clinical assessment and verify insurance coverage, we collect specific, limited information through our website forms. We follow a "lean data" philosophy, requesting only what is essential to begin the intake process.

Information Provided by Guardians When you reach out to us or begin an intake inquiry, we collect contact details for the parent or legal guardian, including:

• Full Name
• Email Address
• Phone Number

Information Regarding the Prospective Patient (Minor) Because our services are specialized for specific age groups and clinical needs, we collect basic information about the child seeking treatment. This information is provided exclusively by the parent or guardian and includes:

• Full Name
• Gender
• Date of Birth and Current Age

Insurance and Coverage Verification To assist families in determining the cost of care, our Verification of Benefits (VOB) form collects information found on your insurance card, such as:

• Insurance Provider Name
• Member ID Number
• Group Number

What We Do Not Collect To further minimize your data footprint and enhance security, our website is intentionally designed not to collect or store the following:

• Social Security Numbers: We do not request SSNs through our website forms.
• Financial & Payment Data: We do not collect or process credit card numbers or bank account information on this site.
• User Accounts: We do not require you to create an account, username, or password to use our website or submit an inquiry.

3. How Data is Handled (The "Pass-Through" Model)

We prioritize a "minimal footprint" data strategy to ensure the highest level of security for your family's sensitive information. Our website is engineered to function as a secure conduit rather than a data repository.

Encryption in Transit Every form on our website, from simple contact requests to detailed Verification of Benefits (VOB) inquiries, is protected by industry-standard SSL/TLS encryption. This ensures that as your data travels from your browser to our systems, it is encrypted and shielded from unauthorized interception.

Secure Direct-to-CRM Transmission To maintain strict clinical privacy, all Personal Information (PII) and Protected Health Information (PHI) submitted through our website is transmitted via a secure API directly to our HIPAA-compliant Clinical Record System (CRM). This integration ensures that your sensitive data immediately enters a medically-vetted environment designed specifically for healthcare privacy and compliance.

4. Cookies & Technical Security

To maintain the security of our "Intake Gateway" and understand the effectiveness of our outreach, our website uses cookies and similar tracking technologies. We categorize these into two distinct functions: Essential Security and Internal Attribution.

Strictly Necessary Security Cookies The integrity of our intake forms is our highest priority. We use essential cookies to manage secure sessions and deploy technical safeguards, including:

• CSRF Tokens: These protect you from "Cross-Site Request Forgery" by ensuring that only you, and not a malicious third party, can submit information through your browser session.
• Session Identifiers: These maintain your secure connection as you navigate our forms, preventing data loss or session hijacking.
• Rate Limiting & Bot Protection: We use technical markers to identify and block automated "bot" attacks and prevent cross-site scripting (XSS), ensuring our servers remain available and secure for legitimate families.

Internal Marketing Attribution We use analytics and tracking cookies to understand how families discover our program (e.g., whether you found us through a search engine or a specific educational resource). This "attribution" data helps us manage our marketing resources responsibly and ensure we are reaching the families who need our help most.

The Data Firewall We maintain a strict technical "firewall" between our marketing tools and our clinical intake process. While we may use third-party pixels (such as Google or Meta) for general website traffic analysis and attribution, these tools are never permitted to access, "see," or collect the sensitive information you type into our intake or VOB forms. Your clinical and insurance data is transmitted directly to our secure CRM and is never shared with social media or advertising platforms for their own use.

5. The "No Sell" Stance & Data Sharing

At the core of our organization is a commitment to ethical clinical practice, which extends to how we handle your data. We believe that your family’s journey toward healing should never be treated as a commodity.

Our "No Sell" Guarantee We do not sell, rent, lease, or trade your personal information, your child’s information, or your insurance details to any third parties for any purpose, including marketing, profiling, or advertising. Period. Your trust is more valuable to us than data monetization, and we maintain a strict "No Sell" stance across all our programs and digital platforms.

Limited Disclosure for Clinical and Legal Purposes We only share the information you provide in very specific circumstances necessary to facilitate care and safety:

• Internal Clinical & Admissions Staff: Information is shared with our professional internal team to assess program fit and determine the best clinical path for your child.
• Insurance Providers: We share necessary details with your insurance carrier solely to perform a Verification of Benefits (VOB) and help you understand your coverage options.
• As Required by Law: In accordance with our professional and legal obligations, we may disclose information if required to do so by law, specifically in cases involving the safety of a minor, mandated reporting requirements, or a valid legal order.

6. Special Note Regarding Minors

Given the nature of our services, we take the privacy of children and adolescents with the utmost seriousness. Our data collection practices regarding minors are designed to be transparent and compliant with federal protections.

Parental Consent and Provided Information While our website facilitates the intake process for minors, we do not solicit or collect information directly from children. All information regarding a prospective student, such as name, gender, and date of birth, is collected exclusively from the parent or legal guardian. By providing this information through our intake or VOB forms, you represent that you are the parent or legal guardian of the minor and consent to the collection and processing of this data for clinical assessment purposes.

COPPA Compliance In accordance with the Children’s Online Privacy Protection Act (COPPA), our website is intended for use by adults (parents, guardians, and referring professionals) and is not directed at children under the age of 13. We do not knowingly allow children under 13 to create profiles, sign up for newsletters, or submit data independently. If we become aware that a child under 13 has provided us with personal information without parental consent, we will take immediate steps to delete that information from our systems.

Protection Against Profiling We believe that a child’s mental health journey should remain private. Unlike many commercial websites, we do not use the information provided about minors to build marketing profiles, nor do we use it for behavioral advertising or any form of automated tracking.

7. State-Specific Rights and Regulatory Compliance

We operate under strict state and federal oversight to ensure that our programs meet the highest standards for both clinical care and data privacy.

Utah Department of Health and Human Services Licensing As a licensed provider in the State of Utah, we are accountable to the Office of Licensing. If you have concerns regarding our compliance with state regulations or your rights as a consumer, you may contact the Utah Office of Licensing:

• Address: 195 North 1950 West, Salt Lake City, UT 84116
• Phone: (801) 538-4242
• Website: https://hslic.utah.gov/

State Privacy Rights (California and Others) Various state laws, such as the California Consumer Privacy Act (CCPA/CPRA), provide residents with specific rights regarding their personal information, including the right to request access to the data collected, the right to request deletion, and the right to opt-out of the sale of personal information.

• A Note on Clinical Data: Please be aware that most information collected by our program is classified as Protected Health Information (PHI) and is governed by the Health Insurance Portability and Accountability Act (HIPAA) and the Utah Health Records Act, rather than general consumer privacy laws.
• Exercise Your Rights: Regardless of your state of residence, we provide all families with the ability to inquire about the data we have collected through this website. We do not discriminate against any user for exercising these rights, and as stated previously, we do not sell your data.

8. Contact and Accountability

The Transition to Clinical Privacy (HIPAA) It is important to note that this Privacy Policy governs your interactions with our website. Once your information is transmitted from our "Intake Gateway" into our Clinical Record System, it becomes part of your child’s protected health record. At that stage, your data is further protected by our Patient Privacy Notice, which outlines our strict adherence to HIPAA and federal healthcare privacy laws.

Contact Our Privacy Team If you have any questions about this policy, wish to exercise your data rights, or have concerns about how your information is handled on this website, please reach out to our compliance team:

• Attention: Privacy & Compliance Officer
• Address:
  Ascent Behavioral Hospital
  1624 E 4500 S
  Millcreek, UT 84117
  United States

Ongoing Oversight To ensure we are always meeting the highest technical and legal standards, we review this policy regularly. Updates are made to reflect changes in our "minimal footprint" data architecture and evolving state and federal privacy regulations.

Last Updated: May 2026