This notice describes how information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
HealthPlan Holdings, Inc. (HPHI) and its subsidiaries are sensitive to your concerns about privacy. The law defines your personal information, referred to in this document as "your information", "protected health information" or "PHI", as individually identifiable health information on the physical or mental condition of an individual that is transmitted or maintained in any form or medium. This includes facts about the provision of and payment for health care service for individuals. This personal information is covered by federal and state privacy rules. The use and disclosure of your information is also strictly regulated. Therefore, this privacy statement describes how we use and protect your personal information. It will help you understand how we treat the personal information that we obtain from you or other sources, including your health plan, its business associates, agents or subcontractors, in the course of providing you with our products and services. When you are conducting business with HPHI or one of its subsidiaries, you can have confidence that we respect your privacy and that we will protect information that we may obtain about you. At HPHI:
- We have established physical, electronic, and procedural safeguards to protect your personal information. All personnel within HPHI are trained on the importance of protecting your personal information.
- We require any persons or businesses that provide services on our behalf to keep your personal information confidential and to use and disclose it only to provide the services we have asked them to perform.
- We do not sell your personal information.
- We may share your personal information, in limited situations, with persons, companies, or organizations outside of HPHI or one of its subsidiaries that would use this information to contact you about their own products and services.
Although we perform payment and healthcare operations activities, which require the use and disclosure of your personal information to properly administer your plan benefits, the law does not generally require us to seek your authorization for these purposes. However, there are instances that may require your authorization. Although we currently do not perform functions or services outside of payment and healthcare operations to do business, we have included within this statement examples of when written authorization may be required from you.
YOUR HEALTH INFORMATION RIGHTS: Your health record is the physical property of the healthcare provider that compiled it. However, the information belongs to you. You have the right to:
- Request a restriction on certain uses and disclosures of your information
- Inspect and obtain a copy of your health information
- Request amendment of your health information
- Obtain a listing of disclosures of your health information
- Request communications of your health information by other means or at other locations
- Cancel your authorization to use or disclose health information, except to the extent that action has already been taken
- Obtain a paper copy of privacy statements from your provider or group health plan upon request
OUR RESPONSIBILITIES: HPHI and its subsidiaries will maintain the privacy of your health information. We will provide you with this statement regarding our legal duties and privacy practices with respect to information we collect and maintain about you. We will abide by our privacy practices as outlined in this statement. As directed by one of our clients through a Business Associate contract or upon request, we will notify you if we are unable to agree to a requested restriction and/or to accommodate reasonable requests you may have to communicate health information by other means or at other locations. We reserve the right to change our practices and to make the new provisions effective for all protected health information we maintain. Should our privacy practices change, we will post a revised statement on our web site. If we are asked to provide services or activities that fall outside the normal business functions of payment or healthcare operations to properly administer your plan benefits, we will not use or disclose your health information without your written authorization, except as described in this statement.
EXAMPLES OF DISCLOSURES FOR PAYMENT, HEALTHCARE OPERATIONS: We will use your health information for payment. For example: Our claims examiners may use your information to review and determine your eligibility and plan benefits as well as to reimburse providers for services rendered. An Explanation of Benefits (EOB) may be sent to a third-party payer to coordinate benefits for the payment of claims. The information on or accompanying the EOB may include information that identifies you, as well as your diagnosis, procedures, and supplies used. We will use your health information for regular healthcare operations. For example: Members of our workforce will use health information provided by your physician or other health care provider or facility, to properly administer and communicate benefit information and to determine eligibility and risk for enrollment purposes. We may also use your personal information when conducting and arranging for medical review to determine your eligibility for covered services under your plan. Protected health information ("PHI") may be disclosed to reinsurers for underwriting, audits or claim review. PHI may also be disclosed to a potential purchaser of one of our businesses in order to make an informed decision about the prospective purchase. Business partners: There are some services provided by our organization through contracts with covered entities and their business associates. Therefore, we may disclose your personal health information to these covered entities, which includes insurance carriers, Trust Funds, healthcare providers and network repricing vendors; other business associates, including third party payers, benefit administrators and preferred provider organizations; and our affiliated companies. Examples of these services include claims scanning, destruction of old claim documents, claims repricing, data processing, prescription benefit administration. When these services are contracted, we may disclose your health information to our business partners or subcontractors so that they can perform the job we have asked them to do. We require these business partners to appropriately protect and safeguard your information. Research: We do not disclose information to researchers. Care Coordination: We may contact you to provide information about health insurance benefits and services that may be of interest to you. We may also provide your personal information, in limited situations, to third parties who have been contracted to provide services to you. Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability. Law enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena. Federal law makes provision for your PHI to be released to an appropriate health oversight agency, public health authority or attorney.
- How we obtain information. Some of the personal information that we collect comes directly from you. When submitting your application for insurance, you may give us information such as your name, address, and Social Security number. We collect information from outside sources, primarily health care providers and third party administrators. This information includes medical information related to treatment that has been provided to you and billed to us for payment. We also keep information about your transactions, such as the types of products and services you purchase from us, premiums that you have paid, account balances, and payment history.
- What we do with your personal information.We use personal information to provide certain services to you on behalf of our clients, including insurance companies, group health plans and Trust Funds. We may, without authorization but only as permitted or required by law, provide personal information to persons or organizations both inside and outside of HPHI businesses to handle and/or investigate claims, fulfill a transaction you have requested, service your policy, detect and/or prevent fraud, or comply with lawful requests from regulatory and law enforcement authorities. For example, we may share claim payment information with your physician, other physicians who have provided services (such as a radiologist who interprets your x-rays), your hospital, or a medical lab.
- How do we protect your personal information? Personal information within our organization is only available to those individuals who need to see it in order to fulfill and service your needs. All HPHI workforce members, agents and subcontractors who handle this information are instructed on the need to protect personal information. In addition, we have established physical, electronic, and procedural safeguards to protect this information. HPHI and its subsidiaries have established legal agreements with our clients, companies working with us or those working on our behalf that require all parties to protect your information and to use that information only to provide the services they have been asked to perform. Should your relationship with us end, your personal information will remain protected in accordance with our privacy practices and as outlined in this Privacy Statement.
- How can you find out what information we have about you? You may request to obtain the customer information about you in our records from us by mail. If you believe that information is incomplete or inaccurate, you may request that we make any necessary corrections, additions or deletions to the disputed information. You may also request a description of the entities to whom we disclose customer information, or the circumstances which might warrant such disclosures. Please send any of the requests listed above in writing to the address provided by your insurance company, group health plan, Trust Fund or to the HPHI address listed below.
- Where can you register complaints regarding privacy practices? If you believe your privacy rights have been violated, you can file a complaint with us at: HealthPlan Holdings, Inc. ATTN: HIPAA Privacy Office P.O. Box 30208 Tampa, Florida 33630-3208 You may also file a complaint with the Secretary of Health and Human Services. There will be no retaliation for filing a complaint.
- How we protect your privacy. We use security measures to protect against the loss, misuse and alteration of data used by our system.
- Sharing and Usage. We will never share, sell, or rent individual personal information with anyone without your advance permission or unless ordered by a court of law. Information submitted to us is only available to employees managing this information for purposes of contacting you or sending you emails based on your request for information and to contracted service providers for purposes of providing services relating to our communications with you.
- How can you stop receiving email from us? Each email sent contains an easy, automated way for you to cease receiving email from us, or to change your expressed interests. If you wish to do this, simply follow the instructions at the end of any email. If you have received unwanted, unsolicited email sent via this system or purporting to be sent via this system, please forward a copy of that email with your comments to email@example.com for review.
SOCIAL SECURITY NUMBER PRIVACY: This Policy provides for the confidentiality of social security numbers obtained by HealthPlan Holdings Inc. (HPHI) in the ordinary course of business. References in the Policy to “social security number” mean an individual’s social security number or more than four sequential digits of that number. References in the Policy to “documents” include all documents regardless of form (i.e., paper, electronic, microfiche, etc.).
I. Access to Social Security Numbers: HPHI restricts access to information or documents containing social security numbers to employees who have a legitimate HPHI business reason to access such information or documents. Unit supervisors/unit managers are responsible for implementing this restriction through appropriate unit training and oversight procedures.
II. Prohibited Disclosures: HPHI employees shall maintain the confidentiality of HPHI information and documents containing social security numbers. HPHI employees shall not do any of the following with the social security number of an individual:
- Publicly display the social security number.
- Visibly print the social security number on any identification card.
- Mail a document containing an individual’s social security number unless it falls within one of the following exceptions:
- State or federal law, rule, regulation, or court order or rule authorizes, permits, or requires that the social security number appear in the document.
- The document is sent as part of an application or enrollment process initiated by the individual.
- The document is sent to establish, confirm the status of, service, amend, or terminate an account, contract, policy, or employee or health insurance benefit, or to confirm the accuracy of a social security number of an individual who has an account, contract, policy, or employee or health insurance benefit.
- The document is mailed in connection with an ongoing administrative use to provide or administer employee or health insurance benefits, claims, or retirement programs.
- The document is mailed by or at the request of the individual whose social security number appears in the document or at the request of his/her parent or legal guardian.
- The document is mailed in a manner or for a purpose consistent with the federal Gramm-Leach-Bliley Act (GLB) and/or Health Insurance Portability and Accountability Act (HIPAA).
- Require an individual to transmit his/her social security number over the Internet or a computer system or network unless the connection is secure, or the transmission is encrypted.
- Require an individual to use or transmit his/her social security number to gain access to an Internet website or a computer system or network unless the connection is secure, or the transmission is encrypted.
- Mail any document containing a social security number that is visible on or from outside the envelope or packaging for the document.
III. Authorized Uses: This Policy does not prohibit the use of social security numbers where the use is authorized or required by state or federal statute, rule, regulation, or court order or rule, or pursuant to legal discovery or process.
IV. Disposal of Social Security Numbers: Documents that contain social security numbers shall be properly destroyed when those documents no longer need to be retained pursuant to HPHI document retention policies. Paper documents containing social security numbers should be shredded. Electronic documents containing social security numbers should be destroyed in a manner consistent with the HPHI’s Electronic Data Disposal Policy.
V. Violations: Violations of this Policy may result in disciplinary action, up to and including termination of employment. Individuals who violate this Policy may also be subject to the civil and criminal penalties provided by HIPAA and other state agencies.