Notice

Notice of Health Information Practices

A. INTRODUCTION

To effectively administer the claims processing of our client's health benefit plans, Health Design Plus must collect and sometimes disclose Protected Health Information (PHI) of the plan participants.

Under federal law, your patient health information and personal identifiers is protected and confidential. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

We reserve the right to change the terms of this notice and make the provisions of the new notice effective for all PHI we maintain. Updates to this notice will be posted to http://www.hdplus.com when applicable.

B. OUR PRIVACY OBLIGATIONS

We are required by law to maintain the privacy of your health information (PHI) as well as your personal identifiers and to provide you with this notice of our legal duties and privacy practices with respect to your Information. When we use or disclose your Protected Health Information and/or personal identifiers, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).

C. PERMISSIBLE USES AND DISCLOSURES WITHOUT WRITTEN AUTHORIZATION

In certain situations, which we will describe in Section D below, we must obtain your written authorization in order to use and/or disclose your PHI. However, we do not need any type of authorization from you for the following uses and disclosures:

  1. Uses and Disclosures For Treatment, Payment and Healthcare Operations — We may use and disclose PHI, but not your Highly Confidential Information (defined in Section D below), in order to process payment for services provided to you and conduct our Healthcare Operations as detailed below:
    • Treatment — We disclose PHI to healthcare providers involved in your treatment. We may also disclose PHI for claims processing purposes, utilization review and care management, Disease Management, medical necessity review, coordination of benefits, subrogation and reimbursement procedures, administration of reinsurance and excess or stop loss insurance policies, and other activities.
    • Payment — We may use and disclose your PHI to process payment for services provided to you.
    • Healthcare Operations — We may use and disclose your PHI for our healthcare operations, which include internal administration and planning and various activities that may include business management, quality improvement and assurance, peer review, data and information systems management, credentialing of participating network/preferred providers, accreditation, eligibility enrollment, compliance, auditing, and other business functions that may be related to your employer's group health plan. We may use PHI in quality assessment and improvement activities, such as credentialing of participating network/preferred providers, accreditation by the National Committee for Quality Assurance, American Accreditation HealthCare Commission (URAC), and other independent oversight organizations, where applicable.
  2. We may disclose your PHI related to payment of your healthcare to a family member, other relative, a close personal friend or any other person identified by you. We would disclose only information that we believe is relevant to the person's involvement with payment related to your healthcare.
  3. We may disclose your PHI for the following public health activities: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration.
  4. We may disclose your PHI to a health oversight agency that oversees the healthcare system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicaid or Medicare.
  5. We may disclose your PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.
  6. We may disclose your PHI to a coroner or medical examiner as authorized by law.
  7. We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person's or the public's health or safety.
  8. We may disclose your PHI as authorized by and to the extent necessary to comply with state law relating to workers' compensation or other similar programs.
  9. We may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.
  10. We may disclose your PHI to the Secretary of Health and Human Services (HHS) or any employee of HHS as part of an investigation to determine our compliance with the HIPAA Privacy Rules.
  11. We may disclose your PHI to a Trading Partner associate as part of a contracted agreement to perform services for the group health plan. To a health oversight agency, such as the Department of Labor (DOL), the Internal Revenue Service (IRS) and the Insurance Commissioner's Office, to respond to inquiries or investigations of the plan, requests to audit the plan, or to obtain necessary licenses.
  12. We may disclose your PHI to the Plan Sponsor, as necessary to carry out administrative functions of the plan such as evaluating renewal quotes for reinsurance of the plan, funding check registers, reviewing claim appeals, approving subrogation settlements and evaluating the performance of the plan.

The examples of permitted uses and disclosures listed above are not provided as an all inclusive list of the ways in which PHI may be used. They are provided to describe in general the types of uses and disclosures that may be made.

D. USES AND DISCLOSURES REQUIRING WRITTEN AUTHORIZATION

  • Use or Disclosure with Your Authorization — For any purpose other than the ones described above in Section C, we may only disclose your PHI when you grant us your written authorization on our authorization form.
  • Uses and Disclosures of Your Highly Confidential Information — In addition, federal and state law requires special privacy protections for certain highly confidential information about you including the subset of your PHI that is about HIV/AIDS testing, diagnosis or treatment.

E. YOUR RIGHTS REGARDING YOUR PROTECTED INFORMATION

  • Complaints — If you desire further information about your privacy rights, are concerned that we have violated your privacy rights or disagree with a decision that we made about access to your PHI, you may contact our Compliance Officer at (330) 656-1072. You may also file written complaints with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services. We will not retaliate against you if you file a complaint with us or the Office of Civil Rights.
  • Right to Request Additional Restrictions — You may request, in writing, restrictions on our use and disclosure of your PHI (1) for treatment, payment and healthcare operations, or (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with payment related to your care. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction.
  • Right to Receive Confidential Communications — You may request, and we will accommodate, any reasonable written request for you to receive your PHI by alternative means of communication or at alternative locations.
  • Right to Revoke Your Authorization — You may revoke Your Authorization, or any written authorization obtained in connection with your Highly Confidential Information, except to the extent that we have taken action in reliance upon it, by delivering a written revocation statement.
  • Right to Inspect and Copy Your Health Information — You may request, in writing, access to medical and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records, but will allow you to choose a person to access your records on your behalf. If you request additional copies, we may charge you $0.10 (10 cents) for each page. We may also charge you for our postage costs, if you request that we mail the copies to you.
  • Right to Amend Your Records — You have the right to request that PHI in a designated record set be amended for as long as the plan maintains the PHI. The plan may deny your request for amendment if it determines that the PHI was not created by the plan, is not part of designated record set, is not information that is available for inspection, or that the PHI is accurate and complete. If your request for amendment is declined, you have the right to have a statement of disagreement included with the PHI and the plan has a right to include a rebuttal to your statement, a copy of which will be provided to you. Requests for amendment of your PHI should be directed to the Compliance Officer.
  • Right to Receive An Accounting of Disclosures — You have the right to receive an accounting of all disclosures of your PHI that we have made, if any, for reasons other than disclosures for treatment, payment and health care operations, as described above, and disclosures made to you or your personal representative. Your right to an accounting of disclosures applies only to PHI created after April 14, 2004, and cannot exceed a period of six years prior to the date of your request. Requests for an accounting of disclosures of your PHI should be directed to the Compliance Officer listed in this Notice.
  • Right to Receive Paper Copy of This Notice — Upon request, you may obtain a paper copy of this Notice.

F. OBLIGATIONS AND ACTIVITES OF BUSINESS ASSOCIATE REGARDING NOTICE OF BREACH

  • In the event of any “breach” of “unsecured PHI” in Business Associate's control, as both terms are defined in Sec. 13402 of the American Reinvestment and Recovery Act of 2009 (“ARRA”) and as clarified pursuant to any regulations adopted pursuant thereto, Business Associate shall, in accordance with such section and any applicable regulations thereunder: (a) notify Covered Entity of such breach; (b) notify each affected individual of such breach; and (c) provide any other notice, on behalf of Covered Entity, that is required under ARRA Sec. 13402. This particular notice obligation shall take effect as of the effective date of the notice provisions of ARRA Sec. 13402.
  • You have the right to receive a paper copy of this Notice upon written request.

G. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with Health Design Plus or the Secretary of Health and Human Services. Complaints should be filed, in writing, with the Compliance Officer listed in this Notice. The plan will not retaliate against you for filing a complaint.

H. CONTACT INFORMATION

If you have any questions, requests or complaints, please contact:

Health Design Plus
Compliance Officer
1755 Georgetown Road
Hudson, OH 44236
P: (330) 656-1072

Effective Date of This Notice: April 14, 2003
Amended: July 11, 2007
Amended: February 1, 2010
ARRA Effective date: 9-23-2009

* Information we collect through our Internet website is subject to our Web Privacy Statement, which is also available on our website.