HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
The Directors Guild of America – Producer Health Plan is required by law (including Health Insurance Portability and Accountability Act of 1996, 45 CFR Parts 160 and 164 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information therein (the “Privacy Rule”) to maintain the privacy of protected health information (“PHI”) maintained by the health care components of the Plan. Such health care components are: the medical Plan benefits, dental Plan benefits, vision Plan benefits, and prescription drug Plan benefits. All references to the “Plan” in this notice regarding privacy apply only to such health care components. The Plan must provide participants with notice of its legal duties and privacy practices with respect to PHI.
This Notice of Privacy Practices (“Notice”) describes the Plan’s privacy practices regarding PHI. Any insurers or HMOs that provide or fund benefits under the Plan will provide you with a separate description of their own privacy practices. Similarly, your personal doctor or any other health care provider may have different policies or notices regarding the use and disclosure of the PHI they create or receive.
This Notice describes how the Plan may use and disclose PHI about you in administering your benefits, and it explains your legal rights regarding the PHI.
The term “PHI” means information created or received by the Plan that identifies you and relates to your past, present or future health, treatment or payment for health care services.
This Notice is effective as revised as of September 23, 2013.
HOW THE PLAN USES AND DISCLOSES PHI
In order to provide you with health coverage, the Plan needs PHI about you. The Plan obtains that information from many different sources. In administering your health benefits, the Plan may use and disclose PHI in various ways, including those described below. The Plan may use or disclose PHI for health care operations, payment functions, and treatment, without your authorization.
Health Care Operations
The Plan may use and disclose PHI during the course of plan administration — that is, during operational activities such as quality assessment and improvement; performance measurement and outcomes assessment; and preventive health, disease management, case management and care coordination. For example, the Plan may use the PHI in the administration of detection and investigation of fraud; in evaluating provider performance and reviewing provider qualifications; premium rating and similar activities; in conducting data analyses for health improvement, cost-control, protocol development or planning-related purposes; in connection with the merger or consolidation of the Plan and/or its plans with another plan, and for other general administrative activities, including data and information systems management and participant services. The Plan may use summary or de-identified health information for Plan design activities. The Plan may use and disclose PHI about you for enrollment, underwriting and premium rating purposes and other activities related to the creation, renewal or replacement of a contract of health insurance or health benefits. However, the Plan will not use or disclose “genetic information” for “underwriting purposes” (as such terms are defined by HIPAA). In addition, the Plan’s employees and administrators may use information about your enrollment or disenrollment in the Plan in order to collect contributions that pay for your participation in such Plan. The Plan may also use your PHI to provide you with customer service; to submit claims for stop-loss (or excess loss) coverage; to conduct or arrange for medical review, legal services, audit services (including the disclosure of certain information to an employer regarding claims that should not have been paid because a person was not eligible or otherwise not entitled to coverage); to create limited data sets or de-identified health information in accordance with the requirements of HIPAA. The Plan may also use and disclose your PHI for such other healthcare operations of the Plan as permitted by HIPAA.
Payment
To help pay for your covered services, the Plan may use and disclose PHI in a number of ways — including conducting utilization and medical necessity reviews; coordinating care; determining eligibility and amount of Plan benefits; collecting premiums; calculating cost sharing amounts; and responding to complaints, claims, and appeals and otherwise managing and processing claims. For example, the Plan may use your medical history and other PHI about you to decide whether a particular treatment is medically necessary and what the payment should be — and during the process, the Plan may disclose PHI to your provider. The Plan also mails Explanation of Benefits forms and other information to the address we have on record for the subscriber (i.e., the primary insured). The Plan may also disclose your PHI to another health plan or a health care provider for its payment activities and for the coordination of benefits. The Plan may also use and disclose your PHI for other payment purposes as permitted by HIPAA.
Treatment
The Plan may disclose PHI to doctors, dentists, pharmacies, hospitals and other health care providers who take care of you. For example, doctors may request PHI from the Plan to supplement their own records. The Plan may send certain information to doctors for patient safety or other treatment-related reasons. If your plan requires precertification for hospitalization or certain procedures or diagnostic services, the Plan may use or disclose PHI to health care providers to assist in determining an appropriate course of treatment. The Plan may also use PHI to contact you or your health care provider regarding treatment alternatives or other health-related benefits and services that may be of interest to you, including health-related products or services (or payment for such product or service) that is provided by, or included in your Plan benefits, or other health-related products or services, only available to you, that add value to, but are not part of, your Plan benefits. For example, the Plan may use your PHI to alert you to an available case or disease management program or care coordination if you are diagnosed with certain diseases or illnesses, such as diabetes. The Plan may also use and disclose your PHI for other treatment purposes as permitted by HIPAA.
DISCLOSURES TO THE PLAN SPONSOR
Without your authorization, the Plan may disclose PHI to the Plan’s Board of Trustees as Plan Sponsor, but only for the purposes of activities performed by the Plan Sponsor on behalf of the Plan. The Plan Sponsor may not use such PHI for any other purpose and is required to safeguard the privacy of your PHI.
DISCLOSURE TO OTHERS INVOLVED IN YOUR HEALTH CARE
The Plan may notify a family member, a personal representative, or another person responsible for your care, of your location (e.g., what hospital you are in); general condition (e.g., critical condition; stable; etc.); or death. The Plan may also disclose your PHI to disaster relief agencies or entities for the same purposes. The Plan may disclose PHI about you to a relative, a friend, the subscriber to the Plan or any person involved in your health identified by you, provided the PHI is directly relevant to that person’s involvement with your health care, or the payment related to such care (including if you are deceased, subject to certain limitations with respect to your prior expressed preferences which are known to the Plans). The Plan may disclose PHI to the persons and entities and for the purposes set forth above if you are present and agree to or do not object to such disclosure. The Plan may also disclose PHI to the persons and entities and for the purposes set forth above in emergency circumstances or if you are incapacitated, and the Plan reasonably believes to be in your best interests and relevant to that person’s involvement in your care. For example, if a family member or a caregiver calls the Plan with prior knowledge of a claim, the Plan may confirm whether or not the claim has been received and paid. You have the right to stop or limit this kind of disclosure by contacting the Plan’s Privacy Officer.
ADDITIONAL REASONS FOR DISCLOSURE
Without your authorization, the Plan may use or disclose PHI about you in providing you with treatment alternatives, treatment reminders, or other health-related benefits and services. The Plan also may disclose PHI in support of:
- Research: to researchers, subject to certain legal restrictions.
- Business Associates: to persons and businesses which provide services to the Plan and which need the PHI to perform those services.
- Health Oversight Activities: to government agencies responsible for oversight of the health care system or for ensuring compliance with the rules of government benefit programs, such as Medicare or Medicaid, or other regulatory programs that need PHI to determine compliance, state insurance departments, U.S. Department of Labor and other government agencies including for certain audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative, or criminal proceedings or actions; or other activities necessary for appropriate oversight.
- Law Enforcement: to federal, state and local law enforcement officials (including in response to court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, a grand jury subpoena; or an administrative request (including an administrative subpoena or summons, a civil or an authorized investigative demand, or similar process authorized under law), in response to a law enforcement official’s request for such information about an individual who is or is suspected to be a victim of a crime; and to alert law enforcement of the death of an individual, to report criminal conduct that occurred on the premises of the Plan).
- Legal Proceedings: in response to a court or administrative tribunal order or other lawful process (including a subpoena, discovery request, or other lawful process).
- Public Health and Welfare: to address matters of public interest as required or permitted by law (e.g. child abuse and neglect, domestic violence, and other abuse and neglect, threats to public health and safety (such as drug recall notifications, reporting drug reactions, and for tracking and other purposes related to the quality, safety or effectiveness of FDA related products, to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or to identify or apprehend an individual and notifying persons who may have been exposed to a disease or may be at risk for contracting or spreading a disease), reporting births and deaths, conducting public health surveillance investigations and interventions, and national security).
- About Decedents: to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law, and to funeral directors, consistent with applicable law, as necessary to carry out their duties with respect to the decedent.
- Cadaveric Organ, Eye or Tissue Donation: to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating organ, eye or tissue donation and transplantation.
- Government Functions: with respect to PHI of Armed Forces personnel, as deemed necessary by appropriate military command authorities to assure the proper execution of the military mission; to authorized federal officials for the conduct of lawful intelligence, counterintelligence, and other national security activities authorized by federal law; and to authorized federal officials for the provision of protective services to the President, foreign heads of state or other persons authorized by federal law; and to a correctional institution or a law enforcement official having lawful custody of the subject of the PHI if such PHI is necessary for the provision of health care to such person, the health and safety of such person or others (including other inmates or officers or employees of the institution), law enforcement on the premises of the institution, or the administration and maintenance of the safety, security, and good order of the correctional institution.
- Workers’ Compensation: to the extent required or permitted by law, the Plan may release PHI about you for workers’ compensation or similar programs.
- Other: as necessary to comply with or as otherwise permitted by applicable law in certain limited circumstances.
USE OR DISCLOSURE OF PSYCHOTHERAPY NOTES
In the event the Plan needs to access any psychotherapy notes kept by behavioral health providers, such notes cannot be used or disclosed without your written authorization (except in certain limited situations permitted by HIPAA addressed below). If you elect not to provide written authorization, the notes will not be used or disclosed; provided the Plan may use or disclose psychotherapy notes as required by applicable law or as permitted by applicable law. For example, the Plan may use or disclose psychotherapy notes as necessary to defend itself in a legal action or other proceeding brought by you or on your behalf or as necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public, and the Plan may disclose psychotherapy notices to public health oversight agencies and coroners and medical examiners as permitted by HIPAA.
DISCLOSURE OF PHI FOR MARKETING PURPOSES; SALE OF PHI
Except in the limited circumstances permitted by HIPAA or other applicable law, the Plan may not (1) use or disclose your PHI to market services or products to you, (2) provide your PHI to anyone else for marketing purposes, or (3) sell your PHI, without your written authorization. Your authorization is not required for marketing communications in the form of a face-to-face communication made by the Plan to you; or a promotional gift of nominal value provided by the Plan.
OTHER USES AND DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION
In situations other than those described above or otherwise provided for herein, the Plan will ask for your written authorization before using or disclosing your PHI. If you have given the Plan an authorization, you may revoke it at any time, if the Plan has not already acted on it. The Plan is unable to take back any disclosures already made with your authorization. If you have questions regarding authorizations, please contact the Plan’s Privacy Officer.
In addition, in no event will the Plan use or disclose your PHI that is “genetic information” for “underwriting” purposes, as such terms are defined by HIPAA.
YOUR LEGAL RIGHTS
The Privacy Rule gives you the right to make certain requests regarding PHI about you. You may ask the Plan to:
- Communicate with you in a certain way or at a certain location. The Plan will honor reasonable requests if the communication could endanger you.
- Restrict the way the Plan uses or discloses PHI about you in connection with health care operations, payment and treatment. You also have the right to ask the Plan to restrict disclosures to persons involved in your health care. While the Plan will consider reasonable requests, the Plan is not required (except as set forth below) to agree to your request. Except as otherwise required by law (and excluding disclosures for treatment purposes), the Plan is obligated, upon your request, to refrain from sharing your PHI with another health plan for purposes of payment or carrying out health care operations if the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full by you or by another person (other than the Plan) on your behalf.
- Provide you with access to or a copy of PHI that is contained in a “designated record set” – records used in making enrollment, payment, claims adjudication, medical management and other decisions. If the Plan uses or maintains such PHI electronically, you may request such PHI in an electronic format, and direct that such PHI be sent to another person or entity. The Plan may ask you to make your request in writing, may charge a reasonable fee for producing and mailing the copies and, in certain cases, may deny the request.
- Amend PHI that is in a “designated record set.” Your request must be in writing and must include the reason for the request. If the Plan denies the request, you may file a written statement of disagreement. If your doctor or another person created the PHI that you want to change, you should ask that person to amend the information.
- Provide a list of certain disclosures the Plan has made about you, such as disclosures of PHI to government agencies. The accounting will not include disclosures made before April 14, 2003; disclosures made for treatment, payment or health care operations; disclosures made earlier than 6 years before the date of the request; and certain other disclosures excepted by law. Your request must be in writing. If you request such an accounting more than once in a 12-month period, the Plan may charge a reasonable fee. Your written request must be for a stated time period, which may not be longer than six years and may not include dates before April 14, 2003.
- Notify you following the acquisition, access, use or disclosure of your unsecured PHI in a manner that is impermissible under the Privacy Rule, unless there is a low probability that such PHI was compromised (or notification is not otherwise required under HIPAA).
You may make any of the requests described above, or may request a paper copy of this Notice, by contacting the Plan’s Privacy Officer.
You also have the right to file a complaint if you think your privacy rights have been violated. To do so, please contact the Plan’s Privacy Officer. You also may file a complaint with the U.S. Department of Health and Human Services:
Region IX, Office for Civil Rights
U.S. Department of Health and Human Services
90 7th Street, Suite 4-100, San Francisco, CA 94103
Phone: (800) 368-1019 • Fax: (415) 437-8329 • TDD: (800) 537-7697
http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
The Plan will not retaliate against you for making a complaint.
THE PLAN’S LEGAL OBLIGATIONS
The Privacy Rule requires the Plan to keep PHI about you private (to the extent provided by the Privacy Rule), to give you notice of its legal duties and privacy practices, and to follow the terms of the Notice currently in effect. This Notice is provided to you based solely on the Privacy Rule requirements and serves no purpose under the Employee Retirement Income Security Act of 1974 (“ERISA”). Thus, this Notice is not a document governing the Plan under ERISA and you may not bring a private cause of action based on this Notice or the Plan’s obligations under the Privacy Rule.
THIS NOTICE IS SUBJECT TO CHANGE
The Plan may change the terms of this Notice and its privacy policies at any time. If the Plan does, the new terms and policies may then be applied to all PHI previously received and then maintained by the Plan, as well as PHI created or received in the future. If the Plan makes any material changes to this Notice, the Plan will inform you of such change as provided by HIPAA and provide you with information about how to get a copy of the revised Notice. To the extent the Plan maintains a website, the Plan will post a copy of the current Notice on the Plan’s website.
CONTACT INFORMATION
If you have questions, requests or complaints regarding this Notice, please write to the Plan’s Privacy Officer:
Directors Guild of America-Producer Health Plan
Attn: Privacy Officer 5055 Wilshire Boulevard, Suite 600
Los Angeles, CA 90036-6100
(323) 866-2200 or (877) 866-2200
privacyofficer@dgaplans.org