Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice tells you about the ways in which PIBT referred to as “we” or “the Plan”, may collect, use and disclose your Protected Health Information (PHI) and your rights concerning your PHI. “PHI” is information about you, including demographic information, that can reasonably be used to identify you and that relates to your past, present or future physical or mental health or condition, the provision of health care to you or the payment for that care.
We are required by federal and state laws to provide you with this Notice about your rights and our legal duties and privacy practices with respect to your PHI. We must follow the terms of this Notice while it is in effect. Some of the uses and disclosures described in this Notice may be limited in certain cases by applicable state laws that are more stringent than the federal standards.
This Notice is intended to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), theHealth Information Technology for Economic and Clinical Health Act of 2009, the Genetic Information Nondiscrimination Act and regulations issued under these statues and is effective September 23, 2013.
OUR RESPONSIBILITIES
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We are obligated to provide you with a copy of this Notice of our legal duties and of our privacy practices with respect to PHI, and we must abide by the terms of this Notice. We reserve the right to change the provisions of our Notice and make the new provisions effective for all PHI that we maintain. If we make a material change to this Notice, we will mail a revised Notice to the address that we have on record to you.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
We may use and disclose your PHI for different purposes.The examples below are provided to illustrate the types of uses and disclosures we may make without your authorization for payment, health care operations and treatment.
Payment We use and disclose your PHI in order to pay for your covered health expenses. For example, we may use your PHI to process claims or be reimbursed by another insurer that may be responsible for payment.
Health Care Operations We use and disclose your PHI in order to perform our plan activities, such as quality assessment activities or administrative activities, including data management or customer service. In some cases, we may use or disclose the information for underwriting or determining premiums.
Business Associates We contract with individuals and entities (Business Associates) to perform various functions on our behalf or to provide certain types of services. To perform these functions or to provide the services, our Business Associates will receive, create, maintain, use or disclose PHI, but only after we require the Business Associate to agree in writing to contract terms designed to appropriately safeguard your information.
We may use and disclose your PHI to assist your health care providers (doctors, dentists, pharmacies, hospitals and others) in your diagnosis and treatment.For example, we may disclose your PHI to providers to provide information about alternative treatments.
Plan Sponsor If you are enrolled through a group health plan, we may provide summaries of claims and expenses for enrollees in a group health plan to the plan sponsor, who is usually the employer.
POTENTIAL IMPACT OF STATE LAW
The HIPAA Privacy Regulations generally do not preempt (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the HIPAA Privacy Regulations, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of PHI concerning HIV or AIDS, mental health, substance abuse dependency, genetic testing, and reproductive rights.
OTHER PERMITTED OR REQUIRED DISCLOSURES
As Required by Law We must disclose PHI about you when required to do so by law.
Public Health Activities We may disclose PHI to public health agencies for reasons such as preventing or controlling disease, injury or disability.
Victims of Abuse, Neglect or Domestic Violence We may disclose PHI to government agencies about abuse, neglect or domestic violence.
Health Oversight Activities We may disclose PHI to government oversight agencies (e.g., state insurance departments) for activities authorized by law.
Judicial and Administrative Proceedings We may disclose PHI in response to a court or administrative order. We may also disclose PHI about you in certain cases in response to a subpoena, discovery request or other lawful process.
Law Enforcement We may disclose PHI under limited circumstances to a law enforcement official in response to a warrant or similar process; to identify or locate a suspect; or to provide information about the victim of a crime.
Coroners, Funeral Directors, Organ Donation We may release PHI to coroners or funeral directors as necessary to allow them to carry out their duties.We may also disclose PHI in connection with organ or tissue donation.
Research Under certain circumstances, we may disclose PHI about you for research purposes, provided certain measures have been taken to protect your privacy.
To Avert a Serious Threat to Health or Safety We may disclose PHI about you, with some limitations, when necessary to prevent a serious threat to your health and safety or the health and safety of the public.
Special Government Functions We may disclose information as required by military authorities or to authorized federal officials for national security and intelligence activities.
Workers’ Compensation We may disclose PHI to the extent necessaryto comply with state law for workers’ compensation programs.
OTHER USES OR DISCLOSURES WITH AN AUTHORIZATION
Other uses or disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law. You may revoke an authorization at any time in writing, except to the extent that we have already taken action on the information disclosed or if we are permitted by law to use the information to contest a claim or coverage under the Plan.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
You have certain rights regarding PHI that the Plan maintains about you.
Right To Access Your Protected Health Information You have the right to review or obtain copies of your PHI records, with some limited exceptions. Usually the records include enrollment, billing, claims payment and case or medical management records. Your request to review and/or obtain a copy of your PHI records must be made in writing. We may charge a fee for the costs of producing, copying and mailing your requested information, but we will tell you the cost in advance.
Right To Amend Your Protected Health Information If you feel that PHI maintained by the Plan is incorrect or incomplete, you may request that we amend the information. Your request must be made in writing and must include the reason you are seeking a change. We may deny your request if, for example, you ask us to amend information that was not created by the Plan, as is often the case for health information in our records, or you ask to amend a record that is already accurate and complete.
If we deny your request to amend, we will notify you in writing. You then have the right to submit to us a written statement of disagreement with our decision and we have the right to rebut that statement.
Right to an Accounting of Disclosures by the Plan You have the right to request an accounting of disclosures we have made of your PHI. The list will not include our disclosures related to your treatment, our payment or health care operations, or disclosures made to you or with your authorization. The list may also exclude certain other disclosures, such as for national security purposes.
Your request for an accounting of disclosures must be made in writing and must state a time period for which you want an accounting. This time period may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically).The first accounting that you request within a 12-month period will be free. For additional lists within the same time period, we may charge for providing the accounting, but we will tell you the cost in advance.
Right To Request Restrictions on the Use and Disclosure of Your PHI. You have the right to request that we restrict or limit how we use or disclose your PHI for treatment, payment or health care operations. We may not agree with your request. If we do agree, we will comply with your request unless the information is needed for an emergency. Your request for a restriction must be made in writing. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit how we use or disclose your information, or both; and (3) to whom you want the restrictions to apply.
Right To Receive Confidential Communications. You have the right to request that we use a certain method to communicate with you about the Plan or that we send Plan information to a certain location if the communication could endanger you. Your request to receive confidential communications must be made in writing. Your request must clearly state that all or part of the communication from us could endanger you. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to a Paper Copy of This Notice You have a right to request a paper copy of this Notice at any time, even if you had previously agreed to receive an electronic copy.
Right to a Notice of Breach of Unsecured Protected Health Information. You have the right to be notified following a breach of unsecured PHI. In the event of a breach requiring notice, you will be notified by the Plan or, if applicable, the business associates responsible for the breach.
Contact Information for Exercising Your Rights. You may exercise any of the rights described above by contacting our privacy office. See the end of this Notice for the contact information.
HEALTH INFORMATION SECURITY
PIBT requires their employees to follow the PIBT security policies and procedures that limit access to health information about members to those employees who need it to perform their job responsibilities. In addition, PIBT maintains physical, administrative and technical security measures to safeguard your PHI.
CHANGES TO THIS NOTICE
We reserve the right to change the terms of this Notice at any time, effective for PHI that we already have about you as well as any information that we receive in the future. We will provide you with a copy of the new Notice whenever we make a material change to the privacy practices described in this Notice. We also post a copy of our current Notice on our website at www.piasc.org. Any time we make a material change to this Notice, we will promptly revise and issue the new Notice with the new effective date.
If you believe that your privacy rights have been violated, you may file a complaint with us and/or with the Secretary of the Department of Health and Human Services. All complaints to the Plan must be made in writing and sent to the privacy office listed at the end of this Notice.
We support your right to protect the privacy of your PHI. We will not retaliate against you or penalize you for filing a complaint.
CONTACT THE PLAN
If you have any complaints or questions about this Notice or you want to submit a written request to the Plan as required in any of the previous sections of this Notice, please contact:
Plan Administrator
Phone #: (323) 728-9500 ext. 274 or (800) 449-4898 outside Southern California
Fax #: (324) 430-9459
Email:Lou@piasc.org