Member Notice of Privacy Practices
This Notice of Privacy Practices (this “Notice”) describes how your health information may be used and disclosed by Children’s Medical Center Health Plan, and any websites, software applications, or other online properties from which you are accessing this Notice ( the “Plan", "we", "us" or "our"), and how you can get access to this information. Please review it carefully.
If you have any questions about this Notice, please contact our Privacy Officer. This Notice is given to you as required by the Health Insurance Portability and Accountability Act (HIPAA). It says how we can use or share your protected health information (PHI), who we can share it with and how we keep it secure. It also describes your rights with respect to PHI, including how to obtain a copy of or edit your information. You can allow (or not allow) us to share specific details unless required by law.
Protected health information” is information that identifies a person or patient. This data can be your age, address, e-mail address, and medical facts. It can be about your past, present, or future physical or mental health conditions. It also can be about sensitive healthcare services and other personal facts.
By law, the Plan must:
- Protect the privacy of your PHI.
- Give you this Notice of our legal duties and privacy practices. It describes our use and disclosure of your PHI.
- Follow the terms of the Notice in effect now.
- Tell you about any material changes in the Notice.
- Notify you that your PHI received by the Plan may be subject to electronic disclosure.
- Give you an electronic copy of your record within 15 days after you ask in writing. We can also give this to you another way if you ask for it. There are some exceptions to this rule.
- Unless permitted by law, not sell any PHI.
- Disclose any breach of unencrypted PHI.
- Periodically train employees about our privacy practices.
We reserve the right to change our privacy practices and the terms of this Notice at any time. We also reserve the right to make new Notice provisions effective for all PHI we currently maintain, as well as any PHI we receive in the future. If we make material or important changes to our privacy practices, we will promptly revise our Notice. The revised Notice will be posted, and copies will be available upon request.
You can also call our Privacy Officer and ask for a copy to be mailed to you.
HOW THE PLAN CAN USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION
Here are some examples of allowed uses and disclosures of your PHI. These are not the only ones.
The Plan may use and share your PHI to provide, coordinate, or manage your healthcare and other services. We might share it with doctors or other healthcare providers who help with your care.
We can use and share your PHI to obtain payment for the healthcare services that you received, and to coordinate benefits with other coverage you may have.
We can use or share your PHI to support some of our daily activities, known as our healthcare operations. For example, we may use your PHI:
- To call you to remind you of your visit.
- To conduct or arrange other healthcare activities.
- To monitor the performance of the licensed healthcare professional(s) providing your treatment.
- To send you a newsletter.
- To send news about products or services that might benefit you.
- To give you information about treatment choices or other benefits.
There are some services that Children’s Health provides through contracts with third party business associates. Examples include transcription agencies and copying services. Your PHI may be disclosed to our business associates to perform the services they have been contracted to perform. To protect your PHI, Children’s Health requires these business associates to appropriately protect your PHI in compliance with all laws.
Required by Law
By law, sometimes we must use or share your PHI. Here are some examples:
- Public Health Authorities.
- To prevent or control disease, injury or disability.
- To report births and deaths.
- To report child abuse or neglect.
- To report problems with medicines or other products.
- To notify authorities if we believe a patient has been the victim of abuse, neglect or domestic violence.
We can share your PHI to tell a person they might have been exposed to a disease. We can tell a person they might be at risk for getting or spreading a disease or condition.
Health Oversight Agencies & U.S. Food and Drug Administration
We may share your PHI with health oversight agencies for activities authorized by law. These oversight activities are necessary for the government to monitor the healthcare system, government benefit programs, compliance with government regulatory programs, and compliance with civil rights laws.
For performing underwriting activities as permitted by law. However, we will not use any results of genetic testing or ask questions regarding family history.
We may share your PHI for legal matters. We must receive a legal order or other lawful process.
Law Enforcement & Criminal Activity
We may share your PHI with law enforcement officials as permitted by law.
Coroners, Funeral Directors, and Organ Donations
We may share PHI with coroners, medical examiners, and funeral directors for the purpose of identifying a deceased person, determining a cause of death, or other duties authorized by law. Consistent with applicable law, we can also share it with organ procurement organizations and other entities engaged in the procurement, banking, or transplantation of organ, eye, or tissue donations and transplantation.
We may use and disclose your PHI to researchers when their research has been approved by an institutional review board (IRB) or Privacy Board that has reviewed the research proposal and approved protocols to ensure the privacy of your information, as allowed by law, and for certain other research activities.
Military Activity, National Security, and Government Functions
If you are a member of the armed forces, we may disclose your PHI for activities deemed necessary by military command authorities, in each case, as permitted by law. Additionally, we may disclose your PHI to authorized federal officials as permitted by law.
We will share your PHI to follow workers’ compensation laws and similar programs.
We can use or share your PHI if you are a correctional facility inmate and we created or received your PHI while providing your care; to protect your health and safety or the health and safety of others; or for the safety of the correctional institution..
Disclosures by the Health Plan
We may share your PHI to get proof that you are eligible to obtain healthcare. We will work with other health insurance plans and other government programs.
We follow Texas laws about treating minors. We follow the law about giving their PHI to parents, guardians, or other people with legal responsibility for them.
For People Involved in Your Care or Payment for Your Care
We may share your PHI with your family or other people whom you identify as being involved in your medical care or who help pay for your care. You can tell us who is allowed or not allowed to know about your care. You must fill out a form that will be part of your medical record.
Victims of Abuse, Neglect, or Domestic Violence
We may disclose your PHI to a government authority, such as a social service or protective services agency, if we reasonably believe you are a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree, or when required or authorized by law.
To Avert a Serious Threat to Health or Safety
If there is a serious threat to your health and safety or the health and safety of the public or another person, we may use and disclose your PHI to someone able to help prevent the threat or as necessary for law enforcement authorities to identify or apprehend an individual.
Restrictions on Marketing
Federal law does not allow the Plan to receive any money for marketing communications involving PHI.
Other Laws that Protect Health Information
Other laws protect PHI about mental health, alcohol and drug abuse treatment, genetic testing and HIV/AIDS testing or treatment. You must agree in writing to share this kind of PHI.
YOUR PRIVACY RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION
Right to Inspect and Copy Your Health Information
In most cases, you have the right to review your PHI. You can obtain a printed copy of the record we have about you by contacting us as provided below. It can also be given to you in electronic form.
Right to Amend Your Health Information
You can ask the Plan to amend your PHI if you think that the PHI we maintain about you is wrong or not complete. You must do this in writing. We do not have to make the changes. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision and we may give a rebuttal to your statement.
Right to an Accounting of Disclosures
You can ask for a list of certain disclosures we have made of your PHI. Your request must specify the time period to be accounted for, but you cannot ask for more than six years prior to the date on which the accounting is requested. The list can only go back three years for electronic PHI. Please note that certain disclosures need not be included in the accounting we provide to you, such as disclosures made directly to you, disclosures authorized by you, disclosures to friends or family members involved in your care, and disclosures for notification purposes as outlined in federal and state regulations. The right to receive an accounting is subject to certain other exceptions, restrictions, and limitations.
Right to Ask For Restrictions
You can ask us to not use or share part of your PHI for treatment, payment, or healthcare operations. You must ask in writing. You must tell us (1) the PHI you want restricted; (2) if you want to change our use and/or disclosure; (3) who it applies to (e.g., to your spouse); and (4) expiration date. Each request will be evaluated on a case by case basis.
- If we think it is not best for those involved, or cannot limit the records, we do not have to agree. If we agree, we will only share that PHI in an emergency. You can remove this restriction by providing a written request at any time.
- If you pay in full for an item or service you can ask a provider to not share PHI with the Plan for payment or operations purposes. These are the main reasons we would need it. This does not apply if we need the PHI for treatment purposes.
Right to Receive Confidential Communications
You can tell us where and how to give you your PHI. You can ask us to only call at a certain number. You can also give us another address if you think sending mail to your usual address will put you in danger. You must be specific and provide your requests in writing. We will accommodate all reasonable requests when feasible.
Right to Withdraw an Authorization for Disclosure
If you have allowed us to use or share your PHI, you can change your mind at any time. You must provide your request in writing. In some cases we may have already used or shared it.
Right to be Notified of Breach
You will be notified if we find a breach of unsecured PHI. The breach could be from either the Plan or a Business Associate of the Plan.
You can file a complaint if you believe your privacy rights have been violated. You can call the Plan’s Privacy Officer at 1-800-947-4969. You can also file a complaint with the Department of Health and Human Services. We urge you to contact us about any privacy concerns. You will not be retaliated against in any way for filing a complaint.
AUTHORIZATION TO USE OR DISCLOSE HEALTH INFORMATION
Other than as stated above or as permitted by law, we will not use or share your PHI without your written authorization. You can change your mind about letting us use or share your PHI at any time. You must tell us in writing.
If you have any questions or complaints:
Children’s Medical Center Health Plan
Attn: Privacy Officer
P.O. Box 167688
Irving, TX 75016
Effective Date of this Notice: November 1, 2016.