Employee Health Insurance Management, Inc.
NOTICE OF PRIVACY PRACTICES UNDER THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (“HIPAA”)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY. THE PRIVACY OF YOUR HEALTH INFORMATION IS IMPORTANT TO US.
FOR PURPOSES OF THIS AGREEMENT, THE TERM “EHIM” IS DEFINED TO MEAN EMPLOYEE HEALTH INSURANCE MANAGEMENT, INC. ALL RELATED COMPANIES, AFFILIATES, SUBSIDIARIES OF EHIM, INCLUDING BUT NOT LIMITED TO REX CLUB, INC.
Our Commitment Regarding Your Protected Health Information
EHIM is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to maintain the privacy of your Protected Health Information (hereafter referred to as "PHI") by the terms of the most current Notice of Privacy Practices, and to provide you with this notice of its legal duties and privacy practices with respect to your PHI. We understand the importance to maintain the privacy and security of your PHI and to follow strict policies in accordance with state and federal privacy and security laws to keep your PHI private. PHI is individually identifiable health information in written, electronic or oral form that relates to your past, present or future physical or mental health condition and related health care services or payment for your health care.
We will mainly use and disclose PHI in relation to health care administrative services. We will use and disclose your PHI as needed to provide treatment, obtain or process payment for services provided, and other health care operations as described later in this notice. We collect information both orally and in written format such as in enrollment forms or Explanation of Benefit (“EOB”) forms and billing statements. We may collect information from third parties such as your agent or broker, your current or former health care providers, from enrollment forms submitted by your current employer, and from other data collection agencies. The type of personal information we collect includes (but is not necessarily limited to) your name, address, birth date, social security number, telephone number, health care history, and history of insurance coverage for both you and your covered dependents.
We have established safeguards, electronic and otherwise, to ensure the security and confidentially of your PHI. We store and protect some of your PHI in electronic computer files. We also employ non-electronic safeguards to protect the unauthorized access to or use of your PHI. We restrict access to your information to those of our employees who need to know that information in order to accomplish their duties to provide services to you or on behalf of you and your covered dependents. We do make reasonable efforts to limit the use and disclosure of PHI to the “minimum necessary” to accomplish the intended purpose. We will let you know if a breach occurs that may have compromised the privacy or security of your PHI as provided for under HIPAA.
In this notice, we explain how we protect the privacy of your PHI, and how we will allow it to be used and disclosed. We must follow the privacy practices described in this notice while it is in effect.
This notice takes effect April 14, 2003 and will remain in effect until we replace or modify it. We reserve the right to update and change our privacy and security practices and/or the terms of this notice at any time, provided that applicable law permits such changes. These revised practices will apply to your PHI regardless of when it was created or received. Before we make a material change to our privacy practices, we will provide a revised notice to those individuals to whom we are required to notify. You may request a copy of our most current privacy notice at any time, or access it on our website at www.ehimrx.com.
Where multiple state or federal laws protect the privacy and security of your PHI, we will follow the requirements that provide the greatest privacy protection. For example, when you authorize disclosure to a third party, state law requires us to condition the disclosure on the recipient’s promise to obtain your written permission before the recipient discloses the PHI to someone else.
Permitted Uses and Disclosures of Protected Health Information
We will not use or disclose your PHI, nor your personal identifying information (such as your name, social security number, address, etc.) to other companies who may want to market or sell their products to you. For example, we will not market or sell to catalog or telemarketing firms. We must have your written authorization to use and disclose your PHI which would apply to both you and/or your covered dependents, except for the following uses and disclosures:
- To You and Your Personal Representative: We may disclose your PHI to you or to your personal representative (someone who has the legal right to act for you).
- For Treatment: We may use and disclose your PHI to health care providers (doctors, dentists, pharmacies, hospitals and other caregivers) who request it in connection with your treatment. For example, we may disclose your PHI to health care providers in connection with disease and case management programs.
- For Payment: We may use and disclose your PHI for our payment-related activities and those of health care providers and other health plans, including for example:
- Obtaining premiums and determining eligibility for benefits
- Paying claims for health care services that are covered by your health plan
- Responding to inquiries, appeals and grievances
- Coordinating benefits with other insurance or coverage you may have
- For Health Care Operations: We may use and disclose your PHI for our health care operations, including for example:
- Conducting quality assessment and improvement activities, including credentialing of providers and accreditation
- Performing outcome assessments and health claims analyses
- Preventing, detecting and investigating fraud and abuse
- Underwriting, rating and reinsurance activities
- Coordinating case and disease management activities
- Communicating with you about treatment alternatives or other health-related benefits and services
- Performing business management and other general administrative activities, including systems management and customer service
- To Others Involved in Your Care: We may under certain circumstances disclose to a member of your family, a relative, a close friend or any other person you identify, the PHI directly relevant to that person's involvement in your health care or payment for health care. For example, we may discuss a claim determination with you in the presence of a friend or relative, unless you object.
- When Required by Law: We will use and disclose your PHI if we are required to do so by law. For example, we will use and disclose your PHI in responding to court and administrative orders and subpoenas, and to comply with workers compensation laws. We will disclose your PHI when required by the Secretary of Health and Human Services and state regulatory authorities.
- To Correctional Institutions: If you become an inmate of a federal or state correctional institution, we may be required to disclose your PHI to the institution or its agency necessary for your health and the health and safety of other individuals.
- To Coroners, Medical Examiners, to respond to Organ and Tissue Donation requests, and Funeral Directors: We may release your PHI to a coroner or medical examiner. For example, this may be necessary to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties. We can also share PHI with an organ procurement organization.
- For Workers’ Compensation Programs: We may disclose your PHI to the extent authorized by law and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs established by law.
- For Military and Veterans: If you are a member of any of the armed services, whether on active or reserve status, we may release PHI as required by the military command authorities. If you are a veteran, we may release your PHI, particularly if you are receiving health care products and services from the Veterans Services. Any disclosure for these purposes would be made only to authorized government officials.
- For National Security and Intelligence: We are legally required to disclose PHI to federal officials for intelligence, counterintelligence activities, and as required in relation to the protection of the President of the United States. Any disclosure for these purposes would be made only to authorized government officials.
- For Matters in the Public Interest: We may also use or disclose your PHI without your written permission for matters in the public interest, including for example:
- Public health and safety activities, including disease and vital statistic reporting, child abuse reporting, and Food and Drug Administration oversight
- Reporting adult abuse, neglect, or domestic violence
- Reporting to organ procurement and tissue donation organizations
- Averting a serious threat to the health or safety of others
- For Research: We may use your PHI to perform select research activities, provided that certain established measures to protect your privacy are in place.
- To Our Business Associates: From time to time we engage third parties to provide various services for us. Whenever an arrangement with such a third party involves the use or disclosure of your PHI, we will have a written contract with that third party designed to protect the privacy and security of your PHI. For example, we may share your information with business associates who process claims or conduct disease management programs on our behalf.
- To Group Health Plans and Plan Sponsors: We may disclose PHI to the Plan sponsor for the purposes of treatment, payment or health care operations. However, we will disclose PHI only upon receipt of a signed agreement or certification by the Plan sponsor that it has appropriately amended its group health plan, that it will appropriately use and safeguard the privacy of such information and that it will honor your rights to access, review and amend the information and to receive an accounting. For example, the Plan sponsor will not be able to use PHI for purposes of employment-related actions or decisions in connection with other employee benefit plans that it maintains.
We may also disclose your PHI to other providers and health plans who have a relationship with you for certain requirements of their health care operations. For example, we may disclose your PHI for their quality assessment and improvement activities or for health care fraud and abuse detection.
If use or disclosure of your PHI is for any purpose other than described above, we will use and/or disclose your PHI only with your written authorization.
You have the following individual rights with respect to your health information:
- Access: With certain exceptions, you have the right to look at or receive a copy of your PHI contained in the records that are used by or for us to make decisions about you, including our enrollment, payment, claims adjudication, and case or medical management notes. We reserve the right to charge a reasonable cost-based fee for copying and postage. If you request an alternative format, such as a summary, we may charge a cost-based fee for preparing the summary. If we deny your request for access, we will tell you the basis for our decision and whether you have a right to further review.
- Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
- Granting Permission to share your PHI: You have the right to share information with your family, close friends, or others involved in the payment of your care or in a disaster relief situation. You may change your mind at any time by letting us know in writing. If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
- Disclosure Accounting: You have the right to an accounting of certain disclosures of your PHI,suchas disclosures required by law that we have made during the six years prior to the date of your request. This accounting requirement applies to disclosures we make beginning on and after April 14, 2003. If you request this accounting more than once in a 12-month period, we may charge you a fee covering the cost of responding to these additional requests. However, this accounting will not include disclosures that were made:
- For treatment payment and health care operations, including plan payment and administrative functions;
- To you;
- Pursuant to an authorization;
- To correctional institutions or law enforcement officials such as described earlier in this notice; or
- For national security or intelligence purposes for matters in public interest, such as described earlier in this notice.
- Restriction Requests: You have the right to request that we place restrictions on the way we use or disclose your PHI for treatment, payment or health care operations. We are not required to agree to these additional restrictions; but if we do agree, we will abide by them (except as needed for emergency treatment or as required by law) unless we notify you that we are terminating our agreement.
- Communication Requests: You may request that we contact you by alternative means or at alternative locations. For example, you may request that we contact you at a different residence or post office box. To request alternative communication of your PHI, you must submit a request in writing to the Privacy Officer. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests.
- Amendment: You have the right to request that we amend your PHI in the set of records we described above under “Access”. Your written request must provide a reason to support the requested amendment. Generally, we will have 60 days in which to act on your request. We may be permitted to have a 30-day one-time extension under certain circumstances. If we deny your request, we will provide you a written explanation. If you disagree, you may have a statement of your disagreement placed in our records. If we accept your request to amend the information, we will make reasonable efforts to inform others, including individuals you name, of the amendment.
- Confidential Communication: We communicate decisions related to payment and benefits, which may contain PHI, to the health plan participant. Individual members who believe that this practice may endanger them may request that we communicate with them using a reasonable alternative means or location. For example, an individual member may request that we send an Explanation of Benefits to a post office box instead of to the member's address. To request confidential communications, please call our customer service department at (248) 948-9900.
You have the right to receive a paper copy of this notice and may call us at (248) 948-9900 to make the request.
Questions and Complaints
If you are concerned that we may have violated your privacy rights, or you believe that we have inappropriately used or disclosed your PHI, call us at (248) 948-9900.
You also may submit a written complaint to the U.S. Department of Health and Human Services in its Office of Civil Rights (“OCR”). Complaints must be in writing, either paper or electronically, must name the entity (Plan), must describe the acts or omissions you believe to be in violation of the HIPAA privacy rules and must be filed within 180 days of the date you knew or should have known that the act or omission occurred, unless the OCR waived the time limit for good cause shown. You may file a written complaint to the Secretary by mail, fax or e-mail as provided below. You may, but are not required to, use the OCR’s Health Information Privacy Complaint Form. To obtain a copy of this form or for additional information about the HIPAA privacy rules or how to file a complaint with the OCR, you should contact any OCR office or go to www.hhs.gov/ocr/hipaa.
You have the right to file a complaint if you believe that we have violated your rights. There can be no retaliation against you for making a complaint. You can file the complaint with us directly. Complaints also may be filed by e-mail to OCRComplaint@hhs.gov. Written complaints may be filed at the appropriate OCR office.
If you want more information about our privacy practices, or a written copy of this notice, please contact our Privacy Officer at the address or telephone number listed below:
Attn: Privacy Officer
Employee Health Insurance Management, Inc.
26711 Northwestern Hwy,
Suite 400 Southfield, MI
Telephone Number – (248) 948-9900