|
HIPAA Notice of Privacy Practices
EFFECTIVE
DATE
This
Notice of Privacy Practices becomes effective on April 14,
2003.
This
Notice of Privacy Practices describes how protected health
information may be used or disclosed by BEST Life and Health
Insurance Company (BEST Life) to carry out treatment, payment,
health care operations, and for other purposes that are permitted
or required by law. This Notice also sets out our legal obligations
concerning your protected health information, and describes
your rights to access and control your protected health information.
This Notice may refer to BEST Life by using the terms us,
we or our.
Protected health information (or “PHI”) is individually identifiable
health information, including demographic information, collected from you or
created or received by a health care provider, a health plan, your employer
(only when functioning on behalf of the group health plan), or a health care
clearinghouse and that relates to: (i) your past, present, or future physical
or mental health or condition; (ii) the provision of health care to you; or
(iii) the past, present, or future payment for the provision of health care
to you.
This Notice of Privacy Practices has been drafted to be consistent with what
is known as the “HIPAA Privacy Rule,” and any of the terms not
defined in this Notice should have the same meaning as they have in the HIPAA
Privacy Rule. HIPAA stands for the Health Insurance Portability and Accountability
Act of 1996.
OUR
RESPONSIBILITIES
We
are dedicated to maintaining the privacy of your identifiable
health information. In conducting our business, we will create
records regarding you and the services we provide to you.
We are required by law to maintain the privacy of your protected
health information. We are obligated to provide you with
a copy of this Notice of our legal duties and of our privacy
practices with respect to protected health information, and
we must abide by the terms of this Notice. We reserve the
right to change the provisions of our Notice and make the
new provisions effective for all PHI that we maintain. If
we make a material change to our Notice, we will mail or
e-mail a revised Notice to the address that we have on record
for you. E-mail will be used only if we offer delivery by
e-mail and only if you agree to such delivery.
Primary Uses and Disclosures of Protected Health Information
The following is a description of how we are most likely to use and/or disclose
your protected health information.
• Payment
and Health Care Operations
We
have the right to use and disclose your protected health
information for all activities that are included within the
definitions of “payment” and “health care
operations” as set out in 45 C.F.R. § 164.501
(this provision is a part of the HIPAA Privacy Rule). We
have not listed in this Notice all of the activities included
within these definitions, so please refer to 45 C.F.R. § 164.501
for a complete list.
• Payment
We
will use or disclose your PHI to pay claims for services
provided to you or to otherwise fulfill our responsibilities
for coverage and providing benefits. For example, we may
disclose your protected health information when a provider
requests information regarding your eligibility for coverage
under your health plan, or we may use your information to
determine if your insurance coverage will pay for the services
or treatment you received.
• Health
Care Operations
We
will use or disclose your protected health information to
support our business functions. These functions include,
but are not limited to: quality assessment and improvement,
reviewing provider performance, licensing, underwriting,
business planning, and business development. We may use or
disclose your protected health information: (i) to provide
you with information about one of our disease management
programs; (ii) to respond to a customer service inquiry from
you; or (iii) in connection with fraud and abuse detection
and compliance programs.
• Treatment
In
various instances we may disclose PHI to individuals who
may assist in your care or are otherwise involved in your
treatment such as physicians, therapists, centers of excellence
and in some cases, spouses, children and parents.
• Business
Associates
We
contract with individuals and entities (Business Associates)
to perform various functions on our behalf or to provide
certain types of services. To perform these functions or
to provide the services, our Business Associates will receive,
create, maintain, use, or disclose protected health information,
but only after we require the Business Associates to agree
in writing to contract terms designed to appropriately safeguard
your information. For example, we may disclose your protected
health information to a Business Associate to administer
claims or to provide service support, utilization management,
subrogation, or pharmacy benefit management. Examples of
our business associates would be a third party administrator,
the sales broker or agent, the retail pharmacy; the mail
order pharmacy, PPO networks, reinsurers, and actuaries.
• Other
Covered Entities
We
may use or disclose your protected health information to
assist health care providers in connection with their treatment
or payment activities, or to assist other covered entities
in connection with payment activities and certain health
care operations. For example, we may disclose your protected
health information to a health care provider when needed
by the provider to render treatment to you, and we may disclose
protected health information to another covered entity to
conduct health care operations in the areas of quality assurance
and improvement activities, or accreditation, certification,
licensing or credentialing. This also means that we may disclose
or share your protected health information with other insurance
carriers in order to coordinate benefits, if you or your
family members have coverage through another carrier.
• Plan
Sponsor
We
may disclose your protected health information to the plan
sponsor of your group health plan for purposes of plan administration
or pursuant to an authorization request signed by you.
Potential Impact of State Law
The HIPAA Privacy Regulations generally do not “preempt” (or take
precedence over) state privacy or other applicable laws that provide individuals
greater privacy protections. As a result, to the extent state law applies,
the privacy laws of a particular state, or other federal laws, rather than
the HIPAA Privacy Regulations, might impose a privacy standard under which
we will be required to operate. For example, where such laws have been enacted,
we will follow more stringent state privacy laws that relate to uses and disclosures
of protected health information concerning HIV or AIDS, mental health, substance
abuse/chemical dependency, genetic testing, reproductive rights, etc.
Other Possible Uses and Disclosures of Protected Health Information
The following is a description of other possible ways in which we may (and
are permitted to) use and/or disclose your protected health information.
• Required
by Law
We
may use or disclose your protected health information to
the extent that federal law requires the use or disclosure.
When used in this Notice, “required by law” is
defined as it is in the HIPAA Privacy Rule. For example,
we may disclose your protected health information when required
by national security laws or public health disclosure laws.
• Public
Health Activities
We
may use or disclose your protected health information for
public health activities that are permitted or required by
law. For example, we may use or disclose information for
the purpose of preventing or controlling disease, injury,
or disability, or we may disclose such information to a public
health authority authorized to receive reports of child abuse
or neglect. We also may disclose protected health information,
if directed by a public health authority, to a foreign government
agency that is collaborating with the public health authority.
• Health
Oversight Activities
We
may disclose your protected health information to a health
oversight agency for activities authorized by law, such as:
audits; investigations; inspections; licensure or disciplinary
actions; or civil, administrative, or criminal proceedings
or actions. Oversight agencies seeking this information include
government agencies that oversee: (i) the health care system;
(ii) government benefit programs; (iii) other government
regulatory programs; and (iv) compliance with civil rights
laws.
• Abuse
or Neglect
We
may disclose your protected health information to a government
authority that is authorized by law to receive reports of
abuse, neglect, or domestic violence. Additionally, as required
by law, we may disclose to a governmental entity authorized
to receive such information your protected health information
if we believe that you have been a victim of abuse, neglect,
or domestic violence.
• Legal
Proceedings
We
may disclose your protected health information: (1) in the
course of any judicial or administrative proceeding; (2)
in response to an order of a court or administrative tribunal
(to the extent such disclosure is expressly authorized);
and (3) in response to a subpoena, a discovery request, or
other lawful process, once we have met all administrative
requirements of the HIPAA Privacy Rule. For example, we may
disclose your protected health information in response to
a subpoena for such information, but only after we first
meet certain conditions required by the HIPAA Privacy Rule.
• Law
Enforcement
Under
certain conditions, we also may disclose your protected health
information to law enforcement officials. For example, some
of the reasons for such a disclosure may include, but not
be limited to: (1) it is required by law or some other legal
process; (2) it is necessary to locate or identify a suspect,
fugitive, material witness, or missing person; and (3) it
is necessary to provide evidence of a crime that occurred
on our premises.
• Coroners,
Medical Examiners, Funeral Directors, and Organ Donation
We
may disclose protected health information to a coroner or
medical examiner for purposes of identifying a deceased person,
determining a cause of death, or for the coroner or medical
examiner to perform other duties authorized by law. We also
may disclose, as authorized by law, information to funeral
directors so that they may carry out their duties. Further,
we may disclose protected health information to organizations
that handle organ, eye, or tissue donation and transplantation.
• Research
We
may disclose your protected health information to researchers
when an institutional review board or privacy board has:
(1) reviewed the research proposal and established protocols
to ensure the privacy of the information; and (2) approved
the research.
• To
Prevent a Serious Threat to Health or Safety
Consistent
with applicable federal and state laws, we may disclose your
protected health information if we believe that the disclosure
is necessary to prevent or lessen a serious and imminent
threat to the health or safety of a person or the public.
We also may disclose protected health information if it is
necessary for law enforcement authorities to identify or
apprehend an individual.
• Military
Activity and National Security, Protective Services
Under
certain conditions, we may disclose your protected health
information if you are, or were, Armed Forces personnel for
activities deemed necessary by appropriate military command
authorities. If you are a member of foreign military service,
we may disclose, in certain circumstances, your information
to the foreign military authority. We also may disclose your
protected health information to authorized federal officials
for conducting national security and intelligence activities,
and for the protection of the President, other authorized
persons, or heads of state.
• Inmates
If
you are an inmate of a correctional institution, we may disclose
your protected health information to the correctional institution
or to a law enforcement official for: (1) the institution
to provide health care to you; (2) your health and safety
and the health and safety of others; or (3) the safety and
security of the correctional institution.
• Workers’ Compensation
We
may disclose your protected health information to comply
with workers’ compensation laws and other similar programs
that provide benefits for work-related injuries or illnesses.
• Others
Involved in Your Health Care
Using
our best judgment, we may make your protected health information
known to a family member, other relative, close personal
friend or other personal representative that you identify.
Such a use will be based on how involved the person is in
your care, or payment that relates to your care. We may release
information to parents or guardians, if allowed by law. We
also may disclose your information to an entity assisting
in a disaster relief effort so that your family can be notified
about your condition, status, and location. If you are not
present or able to agree to these disclosures of your protected
health information, then, using our professional judgment,
we may determine whether the disclosure is in your best interest.
Required
Disclosures of Your Protected Health Information
The
following is a description of disclosures that we are required
by law to make.
• Disclosures
to the Secretary of the U.S. Department of Health and Human
Services
We
are required to disclose your protected health information
to the Secretary of the U.S. Department of Health and Human
Services when the Secretary is investigating or determining
our compliance with the HIPAA Privacy Rule.
Disclosures
to You
We
are required to disclose to you most of your protected health
information in a “designated record set” when
you request access to this information. Generally, a “designated
records set”’ contains medical and billing records,
as well as other records that are used to make decisions
about your health care benefits. We also are required to
provide, upon your request, an accounting of most disclosures
of your protected health information that are for reasons
other than treatment, payment and health care operations
and are not disclosed through a signed authorization.
We
will disclose your protected health information to an individual
who has been designated by you as your personal representative
and who has qualified for such designation in accordance
with relevant state law. However, before we will disclose
protected health information to such a person, you must submit
a written notice of his/her designation, along with the documentation
that supports his/her qualification (such as a power of attorney).
Even
if you designate a personal representative, the HIPAA Privacy
Rule permits us to elect not to treat the person as your
personal representative if we have a reasonable belief that:
(i) you have been, or may be, subjected to domestic violence,
abuse, or neglect by such person; (ii) treating such person
as your personal representative could endanger you; or (iii)
we determine, in the exercise of our professional judgment,
that it is not in your best interest to treat the person
as your personal representative.
Other
Uses and Disclosures of Your Protected Health Information
Other
uses and disclosures of your protected health information
that are not described above will be made only with your
written authorization. If you provide us with such an authorization,
you may revoke the authorization in writing, and this revocation
will be effective for future uses and disclosures of protected
health information. However, the revocation will not be effective
for information that we already have used or disclosed, relying
on the authorization.
YOUR
RIGHTS
The
following is a description of your rights with respect to
your protected health information.
• Right
to Request a Restriction
You
have the right to request a restriction on the protected
health information we use or disclose about you for payment
or health care operations. We are not required to agree to
any restriction that you may request. If we do agree to the
restriction, we will comply with the restriction unless the
information is needed to provide emergency treatment to you.
To
request a restriction you must make your request in writing
and tell us: (1) the information whose disclosure you want
to limit; and (2) how you want to limit our use and/or disclosure
of the information.
• Right
to Request Confidential Communications
If
you believe that a disclosure of all or part of your protected
health information may endanger you, you may request that
we communicate with you regarding your information in an
alternative manner or at an alternative location. For example,
you may ask that we only contact you at your work address
or via your work e-mail.
To
request confidential communications, you must make your request
in writing and specify how or where you wish to be contacted.
We will accommodate all reasonable requests. Once we receive
all of the information for such a request (along with the
instructions for handling future communications), the request
will be processed usually within five business days.
Prior
to receiving the information necessary for this request,
or during the time it takes to process it, protected health
information may be disclosed (such as through an Explanation
of Benefits, “EOB”). Therefore, it is extremely
important that you contact us as soon as you determine that
you need to restrict disclosures of your protected health
information. If you terminate your request for confidential
communications, the restriction will be removed for all your
protected health information that we hold, including protected
health information that was previously protected. Therefore,
you should not terminate a request for confidential communications
if you remain concerned that disclosure of your protected
health information will endanger you.
• Right
to Inspect and Copy
You
have the right to inspect and copy your protected health
information that is contained in a “designated record
set.” Generally, a “designated record set” contains
medical and billing records, as well as other records that
are used to make decisions about your health care benefits.
However, you may not inspect or copy psychotherapy notes
or certain other information that may be contained in a designated
record set.
To
inspect and copy your protected health information that is
contained in a designated record set, you must submit your
request in writing. If you request a copy of the information,
we may charge a fee for the costs of copying, mailing, or
other supplies associated with your request.
We
may deny your request to inspect and copy your protected
health information in certain limited circumstances. If you
are denied access to your information, you may request that
the denial be reviewed. To request a review, you must contact
us in writing at the address on the back of this brochure.
A licensed health care professional chosen by us will review
your request and the denial. The person performing this review
will not be the same one who denied your initial request.
Under certain conditions, our denial will not be reviewable.
If this event occurs, we will inform you in our denial that
the decision is not reviewable.
• Right
to Amend
If
you believe that your protected health information is incorrect
or incomplete, you may request that weamend your information.
Any request to amend your information must be writing. In
certain cases, we may deny your request for an amendment.
For example, we may deny your request if the information
you want to amend is not maintained by us, but by another
entity. If we deny your request you have the right to file
a statement of disagreement with us. Your statement of disagreement
will be linked with the disputed information and all future
disclosures of the disputed information will include your
statement.
• Right
to an Accounting
You
have a right to an accounting of certain disclosures of your
protected health information that are for reasons other than
treatment, payment, or health care operations. No accounting
of disclosures is required for disclosures made pursuant
to a signed authorization by you or your personal representative.
You should know that most disclosures of protected health
information will be for purposes of treatment, payment or
health care operations, and, therefore, will not be subject
to your right to an accounting. There also are other exceptions
to this right.
An
accounting will include the date(s) of the disclosure, to
whom we made the disclosure, a brief description of the information
disclosed, and the purpose for the disclosure. A request
for an accounting must be made in writing. Your request may
be for disclosures made up to 6 years before the date of
your request, but not for disclosures made before April 14,
2003. The first list you request within a 12-month period
will be free. For additional lists, we may charge you for
the costs of providing the list. We will notify you of the
cost involved and you may choose to withdraw or modify your
request at the time before any costs are incurred.
• Right
to a Paper Copy of This Notice
You
have the right to a paper copy of this Notice, even if you
have agreed to accept this Notice electronically.
COMPLAINTS
You
may complain to us if you believe that we have violated your
privacy rights. You may file a complaint with us by contacting
BEST LIFE Privacy Officer at 2505 McCabe Way, Irvine, California
92614 or by telephoning him or her at (949) 253-4080. A copy
of a complaint form is available from this contact office.
You also may file a complaint with the Secretary of the U.S.
Department of Health and Human Services. Complaints filed
directly with the Secretary must: (1) be in writing; (2)
contain the name of the entity against which the complaint
is lodged; (3) describe the relevant problems; and (4) be
filed within 180 days of the time you became or should have
become aware of the problem. We will not penalize or in any
other way retaliate against you for filing a complaint with
the Secretary or with us.
Additional
Information:
You
may have additional rights under other applicable laws. For
more information about our HIPAA Privacy Policy, our general
privacy policies or to exercise any of the rights described
above, please contact BEST Life Privacy Officer, 2505 McCabe
Way, Irvine, California 92614. You may also telephone us
for privacy information at (949) 253-4080 ore-mail us.
|
