We are committed to protecting the privacy of our clients’ personal and health information. All of our employees are required to sign confidentiality agreements and are required to comply with our confidentiality policies. You may obtain a copy of our Notice of Privacy Practices here.
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
This Notice of Privacy Practices describes the legal obligations of following plans serviced by HIA Financial Services (the “Plans”) and your legal rights regarding your protected health information held by the Plan under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (“HITECH”). This Notice has been drafted in accordance with the HIPAA Privacy Rule, contained the in the Code of Federal Regulations at 45 CFR Parts 160 and 164. Terms not defined in this Notice have the same meaning as they have in the HIPAA Privacy Rule.
Among other things, this Notice describes how your protected health information may be used or disclosed to carry out treatment, payment, or health care operations, or for any other purposes that are permitted or required by law.
We are required to provide this Notice of Privacy Practices (the “Notice”) to you pursuant to HIPAA.
The HIPAA Privacy Rule protects only certain medical information known as “protected health information.” Generally, protected health information is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan that relates to:
(1) Your past, present or future physical or mental health or condition;
(2) The provision of health care to you; or
(3) The past, present or future payment for the provision of health care to you.
If you have any questions about this Notice or about our privacy practices, please contact the Principal Agent of HIA Financial Services at (248) 349-8680.
This Notice is effective January 1, 2013 or otherwise the date this notice was published or printed.
We are required by law to:
Maintain the privacy of your protected health information;
Inform you promptly if a breach occurs that may have compromised the privacy or security of your information;
Provide you with certain rights with respect to your protected health information;
Provide you with a copy of this Notice of our legal duties and privacy practices with respect to your protected health information;
Follow the terms of the Notice that is currently in effect; and
Not use or share your information other than as described here unless you tell us in writing that we can. If you tell us we can share information, you may change your mind at any time and advise us in writing of such change.
We reserve the right to change the terms of this Notice and to make new provisions regarding your protected health information that we maintain, as allowed or required by law. If we make any material change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices by email or mail to your last-known address on file.
How We May Use and Disclose Medical Your Protected Health Information
Under the law, we may use or disclose your protected health information under certain circumstances without your permission. The following categories describe the different ways that we may use and disclose your protected health information. For each category of uses or disclosures we will explain what we mean and present some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
We may use or disclose your protected health information to facilitate medical treatment or services by providers. We may disclose medical information about you to providers, including doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you. For example, we might disclose information about your prior prescriptions to a pharmacist to determine if prior prescriptions contra indicate a pending prescription.
We may use or disclose your protected health information to determine your eligibility for Plan benefits, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility under the Plan, or to coordinate Plan coverage. For example, we may tell your health care provider about your medical history to determine whether a particular treatment is experimental, investigational, or medically necessary, or to determine whether the Plan will cover the treatment. We may also share your protected health information with a utilization review or pre-certification service provider. Likewise, we may share your protected health information with another entity to assist with the adjudication or subrogation of health claims or to another health plan to coordinate benefit payments.
For Health Care Operations.
We may use and disclose your protected health information for other Plan operations. These uses and disclosures are necessary to run the Plan. For example, we may use medical information in connection with conducting quality assessment and improvement activities; underwriting, premium rating, and other activities relating to Plan coverage; submitting claims for stop-loss (or excess-loss) coverage; conducting or arranging for medical review, legal services, audit services, and fraud & abuse detection programs; business planning and development such as cost management; and business management and general Plan administrative activities. If use or disclosure of protected health information is made for underwriting purposes, any such protected health information that is genetic information of an individual is prohibited from being used or disclosed.
To Business Associates.
We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, use and/or disclose your protected health information, but only after they agree in writing with us to implement appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information to a Business Associate to administer claims or to provide support services, such as utilization management, pharmacy benefit management or subrogation, but only after the Business Associate enters into a Business Associate Agreement with us.
As Required by Law.
We will disclose your protected health information when required to do so by federal, state or local law, including with the Department of Health and Human Services if it wants to see that we are complying with federal privacy law. For example, we may disclose your protected health information when required by national security laws or public health disclosure laws.
To Assist with Public Health and Safety Issues.
We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat. For example, we may disclose your protected health information in a proceeding regarding the licensure of a physician.
To Plan Sponsors.
For the purpose of administering the plan, we may disclose to certain employees of the Employer protected health information. However, those employees will only use or disclose that information only as necessary to perform plan administration functions or as otherwise required by HIPAA, unless you have authorized further disclosures. Your protected health information cannot be used for employment purposes without your specific authorization.
In addition to the above, the following categories describe other possible ways that we may use and disclose your protected health information. For each category of uses or disclosures, we will explain what we mean and present some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
Organ and Tissue Donation.
If you are an organ donor, we may release your protected health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Military and Veterans.
If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.
We may release your protected health information for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Public Health Risks.
We may disclose your protected health information for public health actions. These actions generally include the following:
• To prevent or control disease, injury or disability;
• To report births and deaths;
• To report child abuse or neglect;
• To report reactions to medications or problems with products;
• To notify people of recalls of products they may be using;
• To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
• To notify the appropriate government authority if we believe that a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree, or when required or authorized by law.
Health Oversight Activities.
We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes.
If you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
We may disclose your protected health information if asked to do so by a law enforcement official:
• In response to a court order, subpoena, warrant, summons or similar process;
• To identify or locate a suspect, fugitive, material witness, or missing person;
• About the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement;
• About a death that we believe may be the result of criminal conduct;
• About criminal conduct; and
• In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors.
We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.
National Security and Intelligence Activities.
We may release your protected health information to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
If you are an inmate of a correctional institution or are under the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law enforcement official if necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
We may disclose your protected health information to researchers when:
(1) The individual identifiers have been removed; or
(2) When an institutional review board or privacy board (a) has reviewed the research proposal; and (b) established protocols to ensure the privacy of the requested information, and approves the research.
The following is a description of disclosures of your protected health information we are required to make.
We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.
Disclosures to You.
When you request, we are required to disclose to you the portion of your protected health information that contains medical records, billing records, and any other records used to make decisions regarding your health care benefits. We are also required, when requested, to provide you with an accounting of most disclosures of your protected health information where the disclosure was for reasons other than for payment, treatment or health care operations, and where the protected health information not disclosed pursuant to your individual authorization.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
• Share information with your family, close friends, or others involved in payment for your care
• Share information in a disaster relief situation
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
We will disclose your protected health information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, etc., so long as you provide us with a written notice/authorization and any supporting documents (i.e., power of attorney). Note: Under the HIPAA privacy rule, we do not have to disclose information to a personal representative if we have a reasonable belief that:
(1) You have been, or may be, subjected to domestic violence, abuse or neglect by such person;
(2) Treating such person as your personal representative could endanger you; or
(3) In the exercise of professional judgment, it is not in your best interest to treat the person as your personal representative.
Fundraising and Marketing
Prior to disclosing your protected health information in the case of any fundraising efforts, you will be notified prior to receiving such fundraising communications. Such communication will provide you with the option of opting-out of receiving such communications. Additionally, uses and disclosures of PHI for marketing purposes and disclosures that constitute a sale of PHI will require authorization.
Spouses and Other Family Members.
With only limited exceptions, we will send all mail to the employee. This includes mail relating to the employee’s spouse and other family members who are covered under the Plans, and includes mail with information on the use of Plan benefits by the employee’s spouse and other family members and information on the denial of any Plan benefits to the employee’s spouse and other family members. If a person covered under the Plan has requested Restrictions or Confidential Communications (see below under “Your Rights”), and if we have agreed to the request, we will send mail as provided by the request for Restrictions or Confidential Communications.
Other uses or disclosures of your protected health information not described above will only be made with your written authorization. Most uses and disclosures of psychotherapy notes (when appropriate) will require your authorization.
You may revoke written authorization at any time, so long as the revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.
You have the following rights with respect to your protected health information:
Right to Access.
You have the right to inspect and copy certain protected health information that may be used to make decisions about your health care benefits. To inspect and copy your protected health information, you must submit your request in writing to HIA Financial Services. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing or other supplies associated with your request.
Additionally, you have the right to request electronic copies of certain protected health information in a designated record set. We will provide such information in the electronic form and format requested by you, provided it is readily producible. If the requested form and format are not readily producible, we will provide the information in a readable electronic form and format that is mutually agreed upon with you. If you request a copy of the electronic information, we may charge a reasonable fee for the labor costs and supplies involved in creating the information.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to HIA Financial Services.
Right to Amend.
If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Plan.
To request an amendment, your request must be made in writing and submitted to HIA Financial Services. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
• Is not part of the medical information kept by or for the Plan;
• Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
• Is not part of the information that you would be permitted to inspect and copy; or
• Is already accurate and complete.
If we deny your request, we will notify you in writing within 60 days with an explanation as to why the request was denied. You then have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.
Right to an Accounting of Disclosures.
You have the right to request an “accounting” of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.
To request this list or accounting of disclosures, you must submit your request in writing to HIA Financial Services. Your request must state a time period of not longer than six years prior to the date you ask for the accounting.
Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions.
You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment or health care operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.
If you request a restriction, it is your responsibility to notify any other entity that may be impacted by the requested restriction.
Except as provided in the next paragraph, we are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.
Effective February 17, 2010 (or such other date specified as the effective date under applicable law), we will comply with any restriction request if: (1) except as otherwise required by law, the disclosure is to the health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full.
To request restrictions, you must make your request in writing to HIA Financial Services at 111 North Wing Street, Northville, Michigan 48167. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply—for example, disclosures to your spouse.
Right to Request Confidential Communications.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing to HIA Financial Services at 111 North Wing Street, Northville, Michigan 48167. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.
Right to be Notified of a Breach.
You have the right to receive to be notified in the event that we (or a Business Associate) discover a breach of unsecured protected health information. Notice of a breach will be provided to you within 60 days of the breach being identified.
Right to a Paper Copy of This Notice.
You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our website, www.hiafinancial.com.
To obtain a paper copy of this notice, submit your request in writing to HIA Financial Services at 111 North Wing Street, Northville, Michigan 48167.
Right to Choose Someone to Act for You.
You have the right to appoint a personal representative to act on your behalf with respect to your protected health information, such as if you have given someone medical power of attorney or if someone is your legal guardian.
To appoint a personal representative to act on your behalf, you must make your request in writing to HIA Financial Services at 111 North Wing Street, Northville, Michigan 48167. Your request must specify who the individual is that you are appointing, that individual’s contact information, and in which matters the appointed individual may act on your behalf.
Right to File Complaints.
If you believe that your privacy rights have been violated, you may file a complaint with the Plan or with the Office for Civil Rights. To file a complaint with the Plan, contact the Principal Agent of HIA Financial Services at 111 North Wing Street, Northville, Michigan 48167 (248) 349-8680. All complaints must be submitted in writing. A complaint to the Office of Civil Rights should be sent to the Office for Civil Rights, U.S. Department of Health and Human Services, 233 N. Michigan Ave., Suite 240, Chicago, IL 60601 or by visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office of Civil Rights or with us.