510 Century Boulevard,
These protections have been adopted to ensure that the information that we obtain and maintain for our clients and customers, which may also include information about the employees, dependents, former employees and dependents, and other eligible participants on a health plan for which we are providing services (&"Protected Parties"). The Notice outlines our practices, policies, and legal duties to maintain and protect against prohibited disclosure of personally- identifiable financial information (as required by the federal Gramm-Leach-Bliley Financial Modernization Act (&"GLB Act"), and the various state laws implementing those requirements) and protected health information of those Protected Parties (under the privacy regulations mandated by the Health Insurance Portability and Accountability Act (&"HIPAA Privacy") and further expanded by the Health Information Technology for Economic and Clinical Health Act (&"HITECH") provisions in Title XIII of the American Recovery and Reinvestment Act (ARRA).
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT A PROTECTED PARTY MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.PLEASE REVIEW IT CAREFULLY. THE PROTECTION OF THE PRIVACY OF THE INFORMATION WE MAINTAIN IS IMPORTANT TO US.
1. Statement of Our Duties. We are required by law to maintain the privacy of non-public personal information (&"NPPI") and protected health information (&"PHI") (collectively referred herein as &"Protected Information") of the Protected Parties and to provide our clients with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice. We reserve the right to change the terms of this notice and to adopt any new provisions regarding the Protected Information that we maintain about the Protected Parties. If we revise this notice, we will provide each client or customer with whom there is a current and direct business relationship with a revised notice by mail, electronic mail, telefacsimile, or hand delivery.
2. Statement of the Client's Rights under HIPAA Privacy and HITECH. As our client or customer, you have a right to know how we may use or disclose the Protected Information we maintain on those Protected Parties with whom there is a direct relationship. In the event that our customer or client is an employer sponsoring a group health plan, we do not have a direct duty to their employees, dependents, former employees or dependents or other eligible participants on the group health plan. Our obligations to not disclose the Protected Health Information we maintain about those individuals may arise due to our contractual obligations as a Business Associate of both the client or customer, as well as to any other third party who is a Covered Entity under the HIPAA Privacy Regulations and as revised by HITECH, but does not create a special legal duty to provide notice to those individuals of their rights through a Notice of Privacy Practices. Primary Uses and Disclosures of Protected Health Information. We use and disclose protected health information about Protected Parties for payment and health care operations. HIPAA Privacy does not generally &"preempt" (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the HIPAA Privacy, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of the protected health information concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing, reproductive rights.
In addition to these state law requirements, we also may use or disclose Protected Information in the following situations:
For all other uses and disclosures, we first must obtain your permission.
In addition, you have the following rights:
3. Information We Collect About You. We collect the following categories of information for group and/or individual policies from the following sources:
a) Information that we obtain directly from you, in conversations or on applications or other forms that you or a Protected Party completes.b) Information regarding current or prospective plan participants we obtain about them on applications or other forms.c) Information about the plan's transactions with our affiliates, others or us.d) Information that we obtain as a result of our transactions with you.
4. Permissible Uses and Disclosures of Protected Information. We disclose the information we receive regarding current or prospective plan participants only in accordance with the terms and conditions of the various Business Associate contracts we have entered to with Covered Entities under HIPAA Privacy Regulations and as permitted under state and federal laws concerning the privacy of your insurance and financial information. Those include:
a) As authorized by and to the extent necessary to comply with workers' compensation or other no-fault laws;b) To an oversight or insurance regulatory agency for activities including audits or civil, criminal or administrative actions;c) To a public health authority for purposes of public health activities (such as to the Federal Food and Drug Administration to report consumer product defects);d) To a law enforcement official for law enforcement purposes or in response to a court order or in the course of any judicial or administrative proceeding;e) To organ procurement organizations or other entities for approved research; orf) To a governmental authority, including a social service or protective services agency, authorized to receive reports of abuse, neglect or domestic violence
5. Complaints About Misuse of Health Information. You may complain either directly to us or to the Secretary of Health and Human Services if you believe that your rights with respect to our protection of your health information have been violated. To file a complaint with us, you may send a written statement outlining your complaint, the facts and circumstances surrounding your complaint, including the names, dates and as many details as possible. You will not be retaliated against in any way for filing a complaint.
6. Our Practices Regarding Confidentiality and Security. We restrict access to nonpublic personal and personally identifiable health information about you to those employees and agents who need to know that information in order to provide products and services to you. We maintain physical, electronic and procedural safeguards that comply with state and federal regulations to guard your nonpublic personal information.
7. Notice of Breach of Protected Health Information. In the event of any unauthorized acquisition, access, use or disclosure of Protected Health Information, we shall fully comply with the breach notification requirements, including any and all regulations which have been or may be promulgated, which will include notification to you of any impact that breach may have had on you, your employees, dependents or other participants in any plan in which we are providing services.
Contact Person for Filing Complaint or Obtaining Other Information.
Our contact is:
510 Century Boulevard
Wilmington DE 19808
302-325-9999 (phone)302-449-6137 (fax)