The cost of a single news cycle linking a recognizable name to "rehab" can exceed the cost of treatment several times over. It is rarely the medical condition that does the lasting damage. It is the disclosure. For public figures — executives at named brands, elected officials, judges, fund managers, partners at named firms, surgeons whose patient calendar is published, public-board directors, and family members of people in any of those roles — the privacy infrastructure of the treatment program is not a luxury feature. It is the load-bearing wall that lets treatment happen at all.
The published guidance on this question is unhelpfully brief. Most articles cite HIPAA and stop. HIPAA is the federal floor. The floor is not high enough. This is the longer answer — the actual layered protections that serious integrative residences operate, written out so families can read what to ask for before the call.
HIPAA — the federal floor, not the ceiling
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes the baseline privacy obligations for any healthcare provider, payer, or business associate handling protected health information (PHI). The Department of Health and Human Services Office for Civil Rights enforces HIPAA at the federal level. Per the HHS HIPAA portal, the framework defines what information is protected, what disclosures require authorization, what disclosures are permitted, and what civil and criminal penalties apply to breach.
HIPAA covers a great deal of what a sophisticated guest would want covered: prohibition on unauthorized disclosure to family, friends, employers, media, or law enforcement (with narrow exceptions); a right to request the records, request restrictions on uses, and request communication by specified means; civil penalties up to $50,000 per violation; criminal penalties for knowing-disclosure-for-gain up to $250,000 and ten years imprisonment.
But HIPAA has gaps. It does not protect against accidental staff disclosure (only intentional). It does not prevent staff from confirming whether a person is currently or formerly in treatment when asked outside formal authorization channels. It does not regulate vendor staff (housekeeping, kitchen, grounds, drivers) who are not "business associates" under HIPAA. And it has limited reach against media that obtain information from non-covered-entity sources (paparazzi at the airport, a former employee, a delivery driver).
This is where the additional layers begin.
42 CFR Part 2 — the stricter regulation specific to substance use treatment
Title 42 of the Code of Federal Regulations, Part 2 — usually shortened to "42 CFR Part 2" — is a separate federal regulation that applies specifically to substance use disorder treatment programs receiving federal funding or registered to dispense controlled substances. It is meaningfully stricter than HIPAA.
Under 42 CFR Part 2, a treatment program cannot even confirm or deny that an individual is a patient without specific written consent. HIPAA permits some disclosures without authorization (payment, treatment coordination, public health reporting); 42 CFR Part 2 narrows these substantially. Re-disclosure of information obtained under Part 2 is also restricted — a clinician receiving Part 2-protected records from another provider may not pass them on without separate consent from the patient.
The SAMHSA confidentiality FAQ details what Part 2 requires. The 2024 Final Rule amendments aligned several Part 2 provisions more closely with HIPAA (notably for payment and operations), but core protections — including the prohibition on acknowledging patient status — remain intact.
For a public figure, the operational effect is significant. If an inquiry arrives at the residence — by phone, by email, by physical visit — staff cannot lawfully confirm whether the named individual is or was a patient. This is not a courtesy. This is regulatory.
NDA-bound clinical and household staff
Federal law governs what staff can disclose. It does not govern what staff can observe. The kitchen attendant who sees you in the dining room, the housekeeper who serves the residence, the groundskeeper who recognizes your face from a magazine — none of these people are violating HIPAA or 42 CFR Part 2 if they later tell a friend at a bar what they saw. They were not covered by either regulation. The information was obtained outside the framework.
A serious integrative residence closes this gap with employment contracts. Every staff member with line-of-sight to the residence signs a non-disclosure agreement at hire. The agreement typically covers: identity of guests; physical descriptions; presence at the residence; clinical observations; any photographs or recordings; conversations overheard; and a tail period after employment ends (typically twelve to twenty-four months).
NDAs are imperfect — they require enforcement, and a leaked story is often already in print before remedy is available. But they raise the cost of leaking, change the calculation of staff considering it, and create legal recourse that does not otherwise exist. They also signal something operationally important: the residence treats privacy as part of the product, not an afterthought.
What to ask: request a redacted copy of the standard staff NDA before admission. A serious residence will share it. The clauses to look for are: scope (full staff coverage, not just clinical), tail period (twelve months minimum), enforcement provisions (liquidated damages clauses for breach), and exception language (lawful subpoena, life-safety reporting only).
The architectural choice — undisclosed address vs gated brand-name property
Two opposite philosophies coexist in luxury treatment. One is the gated brand-name property — high-profile facility, recognizable name, expensive landscaping, frequently photographed by aerial drones, well-known among local journalists. The brand is marketing capital. The brand is also vulnerability: every journalist with a tip knows the address, every paparazzo with a long lens has a list of possible angles, every former employee with a grievance has a single recognizable target.
The opposite philosophy is the undisclosed campus. The residence is operated under a holding-company name, not the treatment brand. The physical address is not published on the website, not given to vendors except clinical-medical suppliers (and those under NDA), and not disclosed to insurance carriers (a billing address PO box handles claim correspondence). The brand is intentionally lower-profile, and the operation is geographically harder to locate.
For a recognizable guest, the undisclosed model offers materially better protection. The paparazzi cannot stake out an address they cannot identify. The former-employee disclosure has less news value because the location-specific detail is missing.
The trade-off: undisclosed campuses are less visible in marketing, less common in published "best luxury rehab" lists, and require more trust from the guest at the inquiry stage (you are being asked to commit before seeing the property). For most public figures, the trade-off is worth taking. For some — particularly when the operational risk is from a specific known threat actor — only the undisclosed model offers adequate protection.
Press-handling protocol — chain of custody for media inquiry
The press inquiry is going to come. Sometimes during treatment, sometimes after, sometimes not at all. The program that has no written press protocol will improvise in the moment, which is when most disclosures happen — the staff member who says "we cannot comment" in a tone that confirms, the publicist who returns a call too quickly, the family member who panics and over-shares.
A serious residence operates a written press-handling protocol with five elements.
Designated spokespersons. The single person authorized to respond to media inquiry is named in writing before treatment begins. For most public figures, this is the family attorney or a designated crisis-communications counsel — not the family, not the residence, not the guest. The residence will not respond to any media inquiry under any circumstances, citing 42 CFR Part 2.
Holding statements. Pre-drafted holding language for three scenarios — inquiry without specific knowledge ("We do not comment on private medical matters"), inquiry with specific knowledge ("[Person] is on a personal medical leave"), and confirmed-fact inquiry ("[Person] is taking time to address a personal health matter and intends to return to [role] when their physician advises"). The holding statements are reviewed and updated weekly during treatment.
Chain of custody. Any inquiry that arrives at the residence — by phone, email, fax, mail, or in person — is logged with date, time, requester name and outlet, channel, and exact wording of the inquiry. The log is forwarded to the designated spokesperson within two hours. The residence does not respond. This log creates a record that becomes important if a leak is later traced back to an inquiry stage.
Operational security review. If a credible inquiry arrives during treatment, the program conducts a same-day operational security review — checking for any vulnerability that might have produced the leak (staff turnover, vendor visits, family communication patterns), with appropriate remediation.
Post-discharge handoff. The press-handling protocol does not end at discharge. The designated spokesperson and the holding statements continue. The guest's family receives a written briefing on what to say if asked and what to refuse to say.
Private arrival logistics
The arrival is often the most exposed moment. A guest who flies into a major-hub commercial airport (LAX, SFO, MIA, JFK) and exits through public arrivals is photographable for the full transit. A guest who flies into a private aviation FBO (Van Nuys VNY, Santa Monica SMO, Naples APF, Westchester HPN) and is met by an enclosed-vehicle ground transport at the ramp is photographable for roughly six seconds.
For most public figures, private aviation arrival is the appropriate choice. The FBO costs are modest relative to the treatment cost, and the privacy gain is large. For guests for whom private aviation is not feasible, the next-best option is a regional commercial airport at a less-monitored hour — typically arrival between 5:30 a.m. and 7:30 a.m. on a weekday at a smaller airport (Burbank BUR, Long Beach LGB, Oakland OAK, Westchester HPN) with an enclosed-vehicle pickup at the curb.
Ground transport is by NDA-bound livery or private driver, not Uber or Lyft (which produce trip records and driver identification that can be subpoenaed or sold). The vehicle is enclosed, not an open SUV with visible passengers. The route avoids common paparazzi-monitored zones near major hotels and restaurants. The arrival at the residence is direct, with the vehicle entering a covered or screened receiving area when available.
What to verify: ask the program to walk you through the actual arrival logistics for a guest with your level of recognizability. A serious program will name the FBOs, the livery service, the route considerations, and the receiving protocol. A program that improvises arrival logistics is not equipped for the level of privacy a recognizable guest requires.
Photography and social-media policy
The default in most environments is permissive. Phones come with cameras. Social media is constant. The default at a serious residence is the opposite.
The written policy typically prohibits, for both staff and guests, photography of any kind within the residence and grounds; recording of any kind (audio, video); social-media posting about the residence by current or former staff during employment and for twelve months thereafter; and discussion of the residence — including positive discussion — on personal social accounts during the same period.
Compliance is enforced through hiring (the NDA includes the photography and social-media provisions), policy reminders, and a culture of discretion. Violations are grounds for immediate termination and pursuit of liquidated damages under the NDA.
The policy works imperfectly. Phones cannot be confiscated from guests under most state laws, and a determined party could violate the policy and accept the consequence. But the policy substantially lowers the probability of accidental disclosure and creates clear recourse if disclosure occurs.
Family communication boundaries
Some of the most common privacy leaks are not from journalists or paparazzi. They are from family members in distress, talking to other family members or friends, in good faith but without strategic awareness of what they are saying or to whom.
A serious residence works with the guest in week one to define explicit family communication boundaries. The framework: each family member receives information at a defined level, with written consent from the guest specifying what may be shared, by whom, in what context. The clinical team has access to the agreement and refers any family inquiry that does not match it back to the designated communications coordinator.
The agreement covers, at minimum: who may be told the guest is in treatment (versus on a generic "medical leave"); who may be told the residence location (almost always, only the inner circle); who may be told the diagnosis; who may attend family-therapy sessions; what the boundaries are on each family member's discussion of the situation with their own friends, partners, or therapists; and what happens if a family member breaches.
The agreement is reviewed and updated weekly during treatment. After discharge, a six-month family-communication boundary review is standard.
State-level confidentiality protections
Federal law sets the floor for everyone. State law can add protections. Three states have meaningfully stronger frameworks than the federal floor, and serious residences in those states benefit from the additional protection.
California — the Confidentiality of Medical Information Act (CMIA) extends HIPAA-style protections to entities that HIPAA does not cover, and provides for civil penalties payable directly to the patient (up to $1,000 per violation for negligent disclosure, up to $25,000 for knowing disclosure). California-based residences accept claims by the patient directly without requiring the HHS OCR enforcement pathway.
New York — the State Office of Addiction Services and Supports (OASAS) certified programs are subject to additional state-level confidentiality regulations that mirror and extend 42 CFR Part 2.
Florida — the Florida Substance Abuse Confidentiality Statute (Florida Statute Chapter 397) provides state-level enforcement of confidentiality requirements, with criminal misdemeanor penalties for breach.
For public figures whose primary residence is in one of these states, treatment in-state has the advantage of state-court-of-residence remedy if a breach occurs. For others, location choice should weigh state protection levels among other factors.
What to ask, in writing, before admission
The conversation about privacy should not be conducted by promise alone. The protections described above are operational protocols that can be reviewed in writing. A serious program will share, before admission:
- A redacted standard NDA used with all staff and vendors
- The written press-handling protocol
- The written photography and social-media policy
- The arrival logistics document specific to your level of recognizability
- The family-communication-agreement template
- A summary of state-law protections applicable to the program location
If a program is unable or unwilling to provide these documents, the privacy infrastructure is not real. The brochure language about "discretion" is marketing, not operational reality. The protections you need require operational documents, not promises.
Frequently asked questions
Does HIPAA fully protect my privacy in treatment?
HIPAA establishes the federal floor — prohibitions on unauthorized disclosure, civil and criminal penalties for breach, and rights to access and restrict your records. But HIPAA does not regulate vendor staff, does not prevent accidental disclosures, and has limited reach against media obtaining information from non-covered sources. Serious residences add NDA contracts, 42 CFR Part 2 protections (substance-use-specific), and operational protocols to close these gaps.
What is 42 CFR Part 2 and how does it differ from HIPAA?
42 CFR Part 2 is a federal regulation specific to substance use disorder treatment programs receiving federal funding or controlled-substance registration. It is stricter than HIPAA — programs cannot even confirm or deny that an individual is a patient without specific written consent. Re-disclosure is restricted. The SAMHSA confidentiality FAQ details the framework. Most luxury treatment programs are 42 CFR Part 2-covered and operate under the stricter standard.
What is the difference between an undisclosed campus and a gated luxury facility?
An undisclosed campus operates under a holding-company name with the physical address not published on the website or given to vendors. A gated luxury facility is named, recognized, and photographable. For public figures, undisclosed campuses offer materially better protection — paparazzi cannot stake out an address they cannot identify. The trade-off is reduced marketing visibility and more trust required at the inquiry stage.
How is a press inquiry handled during treatment?
A serious program operates a written press-handling protocol: a designated spokesperson (typically the family attorney) is named before treatment; the residence does not respond to media under any circumstances, citing 42 CFR Part 2; pre-drafted holding statements address common scenarios; every inquiry is logged with chain of custody and forwarded to the spokesperson within two hours; a same-day operational security review follows any credible inquiry during treatment.
What private arrival logistics protect a recognizable guest?
Private aviation arrival at an FBO (Van Nuys, Santa Monica, Naples, Westchester, etc.) limits exposure to roughly six seconds at the ramp. Ground transport is by NDA-bound livery or private driver (not Uber or Lyft), in an enclosed vehicle, on a route that avoids paparazzi-monitored zones. For guests without private aviation access, regional commercial airports at low-traffic hours with curbside enclosed-vehicle pickup are the next-best option.
What documents should I request before admission?
A redacted standard staff NDA; the written press-handling protocol; the written photography and social-media policy; the arrival logistics specific to your recognizability level; the family-communication-agreement template; and a summary of applicable state-law protections. If a program cannot provide these in writing before admission, the privacy infrastructure is marketing language rather than operational reality.
