NOTICE OF PRIVACY PRACTICESEffective Date: April 14 2003 Revised: June 23, 2010
NOTICE OF PRIVACY PRACTICES
Effective Date: April 14 2003
Revised: June 23, 2010
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
This Notice sets out our legal obligations concerning your PHI (PHI). This Notice also describes your rights to access and control your PHI.
PHI is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer or a healthcare clearinghouse and that relates to: (1) your past, present or future physical or mental health or condition; (2) the provision of healthcare to you; or (3) the past, present or future payment for the provision of healthcare to you.
This Notice of Privacy Practices has been drafted to be consistent with the federal regulation known as the “HIPAA Privacy Rules,” and any of the terms not defined in this Notice have the same meaning as they have in the HIPAA Privacy Rules.
We are required by applicable federal and state law to maintain the privacy of your PHI. We are also required to give you this Notice about our privacy practices related to the uses and disclosures of PHI, our legal duties and your rights concerning your PHI. We must follow the privacy practices that are described in the Notice while it is in effect. This notice took effect May 9, 2003, and will remain in effect until we replace it.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all PHI that we maintain, including PHI we created or received before we make the changes. If we make a significant change in our privacy practices we will revise this Notice and send the new Notice to any individual who previously received a written copy of this notice.
You may ask for a copy of our Notice at any time. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice. In addition, for the convenience of its members, but not as a substitute for direct delivery, Palladian Health will post the revised notice on its Web site, at www.palladianhealth.com.
What Information Palladian Health Collects
We collect PHI about members from the following sources:
Information we receive from you or your health care provider, including such items as: name, address, date of birth, and Social Security number.
Information about your transactions with our affiliated health care providers or others, including, but not limited to, claims for benefits, medical records, and coordination of benefits information
Information you submit or maintain on our website www.palladianhealth.com concerning your symptoms, treatment history, customer service requirements or health care transactions.
Permitted Uses and Disclosures of PHI
The law permits Palladian Health to disclose personal information about you without your written consent or authorization when such disclosure is necessary to assist us with providing your health care benefits. We may disclose PHI about you to our affiliates as well as non-affiliated third parties for assistance in the administration of claims and other services necessary for the provision of your health care benefits. When we hire other organizations to provide support services, we require them to conform to our privacy standards and to allow us to audit them for compliance. In all instances, Palladian Health will disclose the minimum necessary PHI that the circumstances require.
Here are some examples of when we may disclose information:
Treatment. Palladian Health may disclose your protected health for treatment purposes. For example, we may disclose your PHI to health care providers in the coordination of your health care or related services.
Payment: Palladian Health may use and disclose PHI about you, including copies or excerpts from your medical records, to determine your eligibility for benefits, to determine medical necessity, to pay claims, and to issue explanation of benefits (EOBs) to the subscriber of the health plan. For instance, we may use and disclose your PHI to pay claims from health care providers for services delivered to you that are covered by your health plan or your policy.
Health Care Operations: We may use or disclose PHI about you in the process of the routine operations of our healthcare operations, such as quality assurance, utilization review, clinical decision support, health education and support, care management, internal audit, accreditation, certification, reviewing the qualifications of healthcare professionals, evaluating practitioner and provider performance, conducting training programs, licensing or credentialing activities or business management and general administrative activities, including management activities related to privacy, customer service, resolution of grievances and appeals, and creating de-identified PHI.
We may disclose your PHI to another entity that is subject to the HIPAA Privacy Rules for their healthcare operations relating to quality assurance, reviewing the qualifications of healthcare professionals or detecting or preventing healthcare fraud and abuse.
Business Associates: Palladian Health works with business associates who perform activities on our behalf that requires the use or disclosure of PHI. Business associates will receive, create, maintain, use or disclose PHI, but only after the business associate enters into a written agreement with us in which the business associate agrees to appropriately safeguard your PHI in accordance with the HIPAA Privacy Rules. For example, we may disclose your PHI to a business associate to administer claims, manage pharmacy benefits, or provide member service support.
To Your Family and Friends: We may disclose your PHI to a family member or other person if it helps with your healthcare or with payment for your healthcare. We may use or disclose your PHI so that your family can be notified about your location or general condition.
Before we disclose your PHI to anyone involved in your healthcare or payment for your healthcare we will provide you with an opportunity to object. If we can’t locate you or if you are unable to respond because of an emergency, we will disclose your PHI if based on our professional judgment we determine that the disclosure would be in your best interest.
Disclosures to Plan Sponsors: A Plan Sponsor is generally an employer but can be another group that subsidizes all or a portion of the cost for your health benefit plan. In most cases employer or other plan sponsor requests will be made directly to the health plan. Palladian Health takes measures to remove all identifiers when reporting PHI to employers or other Plan Sponsors. Please see your group health plan documents for a full explanation of the limited disclosures of PHI to the plan sponsor and uses that the plan sponsor may make of your PHI in providing plan administration.
Regulatory and Law Enforcement Authorities: Palladian Health may disclose certain PHI to a variety of regulatory or law enforcement authorities.
Required By Law:We may use of disclose your PHI to the extent that we are required to do so by law. For example, we may disclose your PHI when required by national security laws or public health laws.
Health Oversight Activities:We may disclose your PHI to a health oversight agency for oversight activities authorized by law, such as: audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative or criminal proceedings or actions. Oversight agencies include government agencies that oversee: (1) the healthcare system; (2) government benefit programs: (3) other government regulatory programs; and (4) compliance with civil rights laws.
Public Health Activities:We may disclose your PHI for public health activities that are permitted or required by law. For example, we may disclose such information to help prevent or control disease, injury or disability, or we may disclose such information to a public health authority authorized to receive reports of child abuse or neglect.
Disaster Relief:We may use or disclose your PHI to a public or private entity authorized by law or by its charter to assist is disaster relief.
Abuse or Neglect:We may disclose your PHI to the appropriate authorities if we reasonably believe that you have been a victim of abuse, neglect or domestic violence.
Legal Proceeding:We may disclose your PHI in the course of any judicial or administrative proceeding: (1) in response to an order of the court or administrative tribunal (to the extent that such disclosure is expressly authorized); or (2) in response to a subpoena, a discovery request or other lawful process, if we have received satisfactory assurances from the party seeking the PHI in accordance with the HIPAA Privacy Rules.
Law Enforcement:Under certain conditions, we also may disclose your PHI to law enforcement officials. Some of the reasons for such a disclosure include, but are not limited to (1) the disclosure is required by law or some other legal process; (2) the disclosure is necessary to find or identify a suspect, fugitive, material witness or missing person; or (3) the disclosure is necessary to provide evidence of a crime that occurred on our premises.
Coroners, Medical Examiners, Funeral Directors and Organ Donation:We may disclose your PHI to a coroner or medical examiner to help identify a deceased person, determine a cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose, as authorized by law, information to funeral directors so that they may carry out their duties. Further, we may disclose PHI to organizations that handle organ, eye or tissue donation and transplantation.
Research: We may disclose your PHI to researchers when an institutional review board or privacy board has (1) demonstrated inability to use de-identified data; (2) represents that the use or disclosure is solely to prepare a protocol preparatory to research, that no information will be removed from Palladian Health and is necessary for research purposes; (3) represented that the disclosure is solely on information of decedents and the information is necessary for the research.
To Prevent a Serious Threat to Health or Safety:Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We also may disclose PHI if it is necessary for law enforcement authorities to identify or apprehend someone.
Military Activity and National Security, Protective Services:Under certain conditions, we may disclose your PHI if you are, or were, an Armed Forces personnel if the disclosure is for activities deemed necessary by appropriate military command authorities to assure the proper execution of the military mission. If you are a member of a foreign military service, we may disclose, in certain circumstances, your PHI to the foreign military authority. We also may disclose your PHI to authorized federal officials for conducting national security and intelligence activities.
Inmates:If you are an inmate of a correctional institution, we may disclose your PHI to the correctional institution or to a law enforcement official for: (1) the institution to provide healthcare to you; (2) your health and safety and the health and safety of others; (3) law enforcement at the correctional institution; or (4) the safety and security of the correctional institution.
Workers’ Compensation:We may disclose your PHI to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illnesses.
Health-Related Services:We may use your PHI to contact you with information about health-related benefits and services or about treatment alternatives that may be of interest to you. We may disclose your PHI to a business associate to help us with these activities.
Other Uses and Disclosures of Your PHI. Other uses and disclosures of your PHI not discussed above will be made only with your written authorization. You may revoke your authorization at any time, in writing, except to the extent that Palladian Health has taken action in reliance on the use or disclosure indicted in the authorization.
Special Treatment of Confidential HIV-Related Information:Certain laws may restrict how we disclose confidential HIV-related information we may have received about you. “Confidential HIV-related information” includes information concerning whether an individual has been the subject of an HIV-related test, or has HIV infection, HIV-related illness or AIDS, or information which could reasonably identify a person as having one or more of such conditions. In general, unless we obtain a written authorization from you, we will only disclose such information as provided for in applicable laws. Some of the purposes for which applicable state laws permit us to disclose such information are as follows: to providers engaged in your care or the care of a person that may have been exposed to HIV; certain healthcare facilities or providers involved in organ, tissue and similar transplants; federal, state, county or local health offices; authorized agencies involved in the payment of healthcare; and pursuant to a court order.
Special Treatment of Certain Mental Health Information:Certain laws may restrict how we disclose certain clinical records containing mental health information we may receive from healthcare providers. Unless we obtain a written authorization from you, we will limit our disclosures of this information as provided for in applicable laws.
Special Treatment of Certain Substance Abuse Records and Information:Certain laws may restrict how we disclose PHI about you that pertains to treatment you may have received for alcohol or drug dependency. Unless we obtain a written authorization from you, we will limit our disclosures of this information as provided for in applicable laws.
Confidentiality and Security of PHI
We restrict access to your PHI to those Palladian Health employees who need to know that information in order to provide services to you. We maintain physical, electronic and procedural safeguards that are designed to ensure the privacy of our members’ PHI. Employees who violate our data security policies are subject to disciplinary action, up to and including termination.
Access: You have the right to look at or get copies of your PHI that is contained in a “designated record set”. Generally, a designated record set contains medical and billing records as well as other records that are used to make decisions about your healthcare benefits. The HIPAA Privacy Rules do not permit the inspection or copying of psychotherapy notes or certain other information that may be contained in a designated record set. You may ask for copies in a format other than photocopies. We will use the format you request unless it is not practical to do so. You may obtain a form to request access to your PHI by using the contact information at the end of this Notice. You may also request access by sending us a letter to the address at the end of this Notice. If you request copies, we may charge you a reasonable fee for copies, a reasonable rate for staff time to copy your PHI and postage if you want the copies mailed to you. If you request an alternative format, we may charge a reasonable fee for providing your PHI in that format. If you prefer, we will prepare a summary or an explanation of your PHI. If you request a summary you may be charged a reasonable rate for staff time to prepare the summary. If your request for access is denied, we will provide a written statement explaining the denial, a statement of any applicable review rights and a description of our complaint procedures. In certain circumstances, our denial will not be reviewable. If this occurs, we will inform you in the denial statement that our decision is not reviewable.
Disclosure Accounting: You have the right to receive a list of instances in which we or our business associates disclosed your PHI for the purposes other than treatment, payment or healthcare operations, and for certain other activities. You must obtain a form to request an accounting by using the contact information at the end of this Notice. Your request can be for disclosures made up to six years before the date of your request. We will provide you with the date on which we made the disclosure, the name of the person or entity to which we disclosed your PHI, a description of the PHI we disclosed, the reason for the disclosure and certain other information.
Restriction:You have the right to request additional restrictions on certain uses and disclosures of your health information. You must obtain a form to request a restriction by using the contact information at the end of this Notice. We are not required to agree to a requested restriction in most instances, but if we do, we will abide by our agreement (except when necessary in the event of an emergency). Any agreement to additional restrictions must be in writing and signed by a person authorized to make such an agreement on our behalf. We will not be bound unless we have a signed, written agreement.
Confidential Communications: You have the right to request that we communicate with you about your PHI by alternative means or that we send your PHI to an alternative location. You must make your request in writing, and you must state that the disclosure of information could endanger you if it is not communicated in confidence as you request. We must accommodate your request if it is reasonable, specifies the alternative means or location and continues to permit us to determine medical necessity and pay claims under your health plan or policy, including issuance of explanations of benefits to the subscriber of the health plan under which you are covered. Please note that it may take a short period of time for us to accommodate your request.
Once a request for confidential communications goes into effect, all your PHI will be processed as you requested. We will not process requests on a diagnostic-specific basis. This means that all documents that might contain PHI about services you receive (such as letters or EOBs) will be addressed to you and not the subscriber. The subscriber will be entitled to access billing information and other PHI in connection with the health plan or insurance contract unless you request confidential communications in accordance with this section.
Importantly, even if you request confidential communications: (1) the check for services you receive from a nonparticipating provider could be sent to you but be made payable to the subscriber, unless you have made other payment arrangements with us; and (2) accumulated payment information such as deductibles (in which your PHI may appear), will continue to appear on all future EOBs sent to the contract holder. We urge you to discuss with us how we can arrange to pay your claims for services that you receive from a nonparticipating provider.
If you terminate your request for confidential communications, the restriction will be removed for all the PHI that we hold relating to you, including PHI that we previously protected. Therefore, you should not terminate a request for confidential communications if you remain concerned that disclosure of your PHI will endanger you.
Amendment: You have the right to request that we change your PHI. You must make your request in writing and explain why the information should be changed. We may deny your request if we did not create the information you want changed and the originator remains available or for certain other reasons (for example, Palladian Health maintains that the record in question is accurate and complete). If we deny your request, we will provide you with a written explanation. You may respond with a statement of disagreement to be added to the information you wanted changed. If we accept your request to change the information, we will make reasonable efforts to inform others, including people you name, of the change and to include the changes in any future disclosures of that information.
Electronic Notice:If you receive this Notice on our web site or by electronic mail (e-mail), you are entitled to receive this Notice in written form. Please contact us to obtain this Notice in written form.
Complaints and Inquiries
If you are concerned that we may have violated your privacy rights, you may complain to Palladian Health by calling or writing the contact listed at the end of this Notice. You also may submit a written complaint to the Secretary of the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.
We support your right to the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Members who wish further information on the Palladian Health Notice of Privacy Practices should contact us at the address or telephone number listed.
Palladian Health, LLC
2732 Transit Road
West Seneca, New York 14224
(716) 712-2700 or toll-free (888) 266-9041
Your privacy is important to us. Palladian Health maintains high standards for the protection of your privacy on our Web site. Here is what you can expect when you visit www.palladianhealth.com:
• We will not share, sell or rent any personally identifiable information you provide without your prior consent.
• We will not send you any unsolicited e-mail ("spam").
• No personally identifiable information collected at this site will ever be used to affect your health insurance coverage provided or premiums paid to us.
The Information We Collect
A file stored in your computer's browser, called a "cookie," allows our Web server to read your customized preferences. When you visit our site, we may place a cookie on your computer that will allow us to enhance your experience at www. palladianhealth.com, and to make improvements to our site. Our cookies will never be used to track your activity on any third party Web sites that you link to from www.palladianhealth.com or to send "spam." The cookie does not provide us with any personally identifiable information about you, and is deleted when your Internet session is terminated.
Use of the Information This Site Gathers and Tracks
We will not use any personally identifiable information you give us except to provide the product, service or information that you request or for which you register. We will not sell, rent, license or otherwise share your personally identifiable information, including your e-mail address, with third parties unless you specifically consent to let us do so. We may use the non-personally identifiable information we gather in aggregate form to improve our site, and we may share that information with our affiliated companies or our health and wellness sponsors. Personal information you voluntarily provide and the non-personally identifiable information we collect in aggregate form will not affect your insurance coverage, eligibility, premiums or claims payment.
The Entity That Maintains Personally Identifiable Information
Unless specifically noted, all personally identifiable information presented on this site is retained by us.
Changes to This Policy
Any changes to this policy will be posted on www.palladianhealth.com. You may wish to review this policy from time to time in order to review any such changes.