The Notice Of Privacy Practices from the Health & Welfare Fund has been posted below for participants to review.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
This Notice is effective December 1, 2019
This Notice applies to the health benefits provided under the following health plan (the “Plan”):
Plumbers and Steamfitters Local No. 42 Health and Welfare Plan
The references to “we” and “us” throughout this Notice mean the Plan. The references to “you” mean any person who is eligible to participate in the Plan.
This Notice has been drafted to comply with the “HIPAA Privacy Rules”, under federal law, as amended. HIPAA’s security rules were modified by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) and the Genetic Information Nondiscrimination Act of 2008 (“GINA”), collectively referred to as the HIPAA Omnibus Final Rule(s). These modifications were effective on or after March 26, 2013 and this Notice of Privacy Practices replaces all previous versions.
Any terms that are not defined in this Notice have the meaning specified in the HIPAA Privacy and HIPAA Omnibus Rules.
Please read this Notice carefully and share it with your spouse and dependents.
How We Protect Your Privacy
We are required by law to protect the privacy of your protected health information (PHI) and to provide you with this Notice of our Privacy Practices. Your PHI includes any past, present and future healthcare information. PHI can be any information that is created or received through oral, written or electronic communications by the Plan, certain health care entities, health care providers, such as physicians and hospitals, as well as health insurance companies or other plans. The law specifies that PHI may contain data described in the HIPAA Omnibus Final Rule, including but not limited to your name, address, Social Security number, date of birth and other items that could be used to identify you as the individual who is associated with that PHI.
We will not disclose confidential information without your authorization unless it is necessary to provide your health benefits and administer the Plan, or as otherwise required or permitted by law. When we need to disclose individually identifiable information, we will follow the policies described in this Notice to de-identify your PHI and protect your confidentiality.
We maintain confidential information and have procedures for accessing and storing confidential records. We restrict internal access to your PHI to employees who need only certain information to provide your benefits. We train those individuals on policies and procedures designed to protect your privacy. Our Privacy Officer monitors how we follow those policies and procedures and educates our organization on this important topic.
How We May Use and Disclose Your Protected Health Information
We will not use your PHI or disclose it to others without your written authorization, except for the purposes listed below. When required by law, we will restrict uses and disclosures of PHI or PHI that has been de-identified, as necessary, to transmit the minimum necessary information to accomplish the intended purpose.
Treatment. We may disclose your PHI to your health care provider for its provision, coordination or management of your health care and related services. For example, we may disclose your PHI to a health care provider when the provider needs that information to provide treatment. We may also disclose protected health information to another Covered Entity (as defined by HIPAA Omnibus Rules) to conduct health care operations in the areas of quality assurance and improvement activities or accreditation, certification, licensing or credentialing. However, your written authorization is necessary for the use and disclosure of psychotherapy notes.
Payment. We may use or disclose your PHI to provide payment for the treatment you receive under the Plan. For example, we may use and disclose your PHI to pay and manage your claims, coordinate your benefits and review health care services provided to you. We may use and disclose your PHI to determine your eligibility or coverage for health benefits and evaluate medical necessity or appropriateness of care or charges. In addition, we may use and disclose your PHI as necessary to preauthorize services to you and review the services provided to you. We may also use and disclose your PHI to obtain payment under a contract for reinsurance, including stop-loss insurance. We may use and disclose your PHI to adjudicate your claims. Also, we may disclose your PHI to other health care providers or entitles who need your PHI to obtain or provide payment for your treatment. Notwithstanding the foregoing, we may not use your PHI in exchange for payments for marketing purposes unless: (a) the communication occurs face-to-face (b) the marketing payments consists of gifts of nominal value, or (c) the contact involves communications regarding a refill for a current prescription or its generic equivalent. Furthermore, we may not sell your PHI for any reason.
Health Care Operations. We may use or disclose your PHI for our health care operations. We may use or disclose your PHI to conduct audits, for purposes of underwriting and rate-making, as well as for purposes of risk management. We may use or disclose your PHI to provide you with customer service activities or develop programs. We may also provide your PHI to our attorneys, accountants and other consultants who assist us in performing our functions. We may disclose your PHI to other health care providers or entities for certain health care operations activities, such as quality assessment and improvement activities, case management and care coordination, or as needed to obtain or maintain accreditation or licenses to provide services. We will only disclose your PHI to these entities if they have or have had a relationship with you and health care pertains to that relationship, such as with other health plans or insurance carriers in order to coordinate benefits, if you or your family members have coverage through another health plan. In accordance with regulations promulgated under GINA and finalized in the HIPAA Omnibus Final Rules, the Plan is prohibited from using your “genetic information” for any underwriting purposes. Genetic information includes manifestations of diseases or disorders that have appeared in a participant’s family history but have not appeared in that participant’s health record.
Disclosures to the Plan Sponsor. The Board of Trustees of the Plumbers & Steamfitters Local No. 42 Health and Welfare Plan is the Plan sponsor. We may disclose your PHI to the Plan sponsor. The Plan sponsor is not permitted to use PHI for any purpose other than the administration of the Plan. The Plan sponsor must certify, among other things, that it will only use and disclose your PHI as permitted by the Plan, it will restrict access to your PHI to those individuals whose job it is to administer the Plan and it will not use PHI for any employment-related actions or decisions. The Plan may also disclose enrollment information to the Plan sponsor. The Plan may also disclose summary health information to the Plan sponsor for purposes of obtaining bids for health insurance or lending or modifying the Plan, as long as such disclosures do not violate use and disclosure restrictions of PHI as required by the HIPAA Omnibus Final Rules. Therefore, summary health information must not disclose any PHI that includes genetic information, even though the use of such PHI may be related to health care treatment, payment or operations.
Disclosures to Business Associates. We contract with individuals and entities (known as Business Associates under HIPAA regulations) to perform various functions on our behalf or provide certain types of services. To perform these functions or provide these services, our Business Associates will receive, create, maintain, use or disclose PHI. When these Business Associates are contracted to perform services for us, we may disclose your PHI to them. For example, we may disclose your PHI to a Business Associate to administer claims or provide service support, utilization management, subrogation or pharmacy benefit management. However, we require all Business Associates to sign acknowledgements that they are aware of their responsibilities as Business Associates under the HIPAA Omnibus Rules and will appropriately protect your PHI by using specific safeguards.
Disclosures to Family Members or Others. Unless you object, we may provide relevant portions of your PHI to a family member, friend or other person you indicate is involved in your health care or in helping you receive payment for your health care. If you are not capable of agreeing or objecting to these disclosures because of, for instance, an emergency situation, we will disclose PHI (as we determine) in your best interest. After the emergency, we will give you the opportunity to object to future disclosures to family and friends.
Other Uses and Disclosures. The law allows us to disclose PHI without your prior authorization in the following circumstances:
Required by law. We may use and disclose your PHI to comply with the law.
Public health activities. We will disclose PHI when we report to a public health authority for purposes such as public health surveillance, public health investigations or suspected child abuse.
Reports about victims of abuse, neglect or domestic violence. We will disclose your PHI in these reports only if we are required or authorized by law to do so, or if you otherwise agree.
To health oversight agencies. We will provide PHI as requested to government agencies that have the authority to audit or investigate our operations.
Lawsuits and disputes. If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a subpoena or other lawful request, but only if efforts have been made to tell you about the request or obtain a court order that protects the PHI requested.
Law enforcement. We may release PHI if asked to do so by a law enforcement official in the following circumstances: (a) to respond to a court order, subpoena, warrant, summons or similar process; (b) to identify or locate a suspect, fugitive, material witness or missing person; (c) to assist the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (d) to investigate a death we believe may be due to criminal conduct; (e) to investigate criminal conduct; and (f) to report a crime, its location or victims or the identity, description or location of the person who committed the crime (in emergency circumstances).
Coroners, medical examiners and funeral directors. We may disclose PHI to facilitate the duties of these individuals.
Organ procurement. We may disclose PHI to facilitate organ donation and transplantation.
Medical research. We may disclose PHI for medical research projects, subject to strict legal restrictions.
Serious threat to health or safety. We may disclose your PHI to someone who can help prevent a serious threat to your health and safety or the health and safety of another person or the general public.
Special government functions. We may disclose PHI to various departments of the government such as the U.S. military or U.S. Department of State.
Workers’ compensation or similar programs. We may disclose your PHI when necessary to comply with worker’s compensation laws.
Participants who are deceased more than 50 years. We may disclose your health information after you have been deceased for more than 50 years, because it is no longer considered to be PHI under the HIPAA Omnibus Final Rule.
Inmates. If you are an inmate of a correctional institution or under the custody of law enforcement officials, The Plan may release your PHI to the correctional institution or law enforcement official. The release of PHI is required: (1) for the institution to provide you with health care; (2) to protect your health and safety of others; and (3) for the safety and security of the correctional institution.
Uses and Disclosures With Your Written Authorization
We will not use or disclose your confidential information for any purpose other than the purposes described in this Notice, without your written authorization. For example, we will not (1) supply confidential information to another company for its marketing purposes (unless it is for certain limited Health Care Operations), (2) sell your confidential information (unless under strict legal restrictions), or (3) provide your confidential information to a potential employer with whom you are seeking employment without your signed authorization. You may revoke an authorization that you previously have given by sending a written request to our Privacy Officer, but not with respect to any actions we already have taken.
Your Individual Rights
You have the following rights:
Right to inspect and copy your protected health information. You may review and copy your PHI except in the following circumstances: (1) information containing psychotherapy notes, (2) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, and (3) health information maintained by us to the extent to which the provision of access to you would be prohibited by law.
Your request must be addressed to the Privacy Officer. In certain situations, we may deny your request, but if we do, we will tell you in writing of the reasons for the denial and explain your rights with regard to having the denial reviewed. If the information you request is in an electronic health record, you may request that these records be transmitted electronically to yourself or a designated individual.
If you request copies of your PHI, we may charge you a reasonable fee to cover the cost. Alternatively, we may provide you with a summary or explanation of your PHI information, upon your request if you agree to the rules and cost (if any) in advance.
Right to correct or update your protected health information. If you believe that the PHI we have is incomplete or incorrect, you may ask us to amend it. Your request must be made in writing and must be addressed to the Privacy Officer. To process your request, you must use the form we provide and explain why you think the amendment is appropriate. We will inform you in writing as to whether the amendment will be made or denied. If we agree to make the Amendment, we will make reasonable efforts to notify other parties of your amendment. If we agree to make the amendment, we will also ask you to identify others you would like us to notify.
We may deny your request if you ask us to amend information that:
Was not created by us, unless the person who created the information is not longer available to make the amendment;
Is not part of the PHI we keep about you.
Is not part of the PHI that you would be allowed to see or copy; or
Is determined by us to be accurate and complete.
If we deny the requested amendment, we will notify you in writing on how to submit a statement of disagreement or complaint or request inclusion of your original amendment request in your protected health information.
Right to obtain a list of the disclosures. You have the right to get a list of PHI disclosures, which is also referred to as an accounting. You must make a written request to the Privacy Officer to obtain this information.
The list will not include disclosures we have made as authorized by law. For example, the accounting will not include disclosures made for treatment, payment and health care operations purposes (except as noted in the following paragraph). Also, no accounting will be made for disclosures made directly to you or under an authorization that you provided or those made to your family or friends. The list will not include other disclosures, including incidental disclosures, disclosures we have made for national security purposes, disclosures to law enforcement personnel or disclosures made before April 14, 2004. The list we provide will include disclosures made within the last six years (subject to the April 14, 2004) beginning date) unless you specify a shorter period.
You may also request and receive an accounting of disclosures of electronic health records made for payment, treatment, or health care operations during the prior three years for disclosures made on or after (1) January 1, 2014 for electronic health records acquired before January 1, 2009, or (2) January 1, 2011 for electronic health records acquired on or after January 1, 2009.
The first list you request within a 12-month period will be free. You may be charged for providing any additional lists within a 12-month period.
Right to choose how we communicate with you. You have the right to ask that we send information to you at a specific address (for example, at work rather than at home) or in a specific manner (for example, by e-mail rather than by regular mail). We must agree to your request if you state that disclosure of the information may put you in danger.
Right to request additional restrictions on health information. You may request restrictions on our use and disclosure of your confidential information for the treatment, payment and health care operations purposes explained in this Notice. While we will consider all requests for restrictions carefully, we are not required to agree to a requested restriction.
However, we must comply with your request to restrict a disclosure of your PHI to the Plan for treatment, payment or health care operations if you paid for these services in full, out of your pocket, without plan reimbursement.
Right to Disclosures of Breaches of Private Health Information. We will report any breach of PHI of which we become aware to you. You will receive a detailed written explanation whenever an event occurs that results in a breach of unsecured PHI. “Breach” means the acquisition, access, use, or disclosure of PHI in a manner prohibited by HIPAA regulations, which compromises the security or privacy of PHI. Under the HIPAA Omnibus Final Rules, the impermissible use or disclosure of PHI is presumed to be a breach unless a Business Associate, as defined in the HIPAA Omnibus Rules, specifically demonstrates that there is a low probability that PHI has been compromised.
Right to Opt Out of Fundraising Activities that Use PHI. We may use certain information that may include PHI, to contact you for the purpose of raising money for charitable organizations that the Plan Sponsor supports. You have the right to opt out of receiving such communications with each solicitation. Your decision will have no impact on your treatment or payment for services under the Plan. The fundraising materials will always be accompanied by reminders that tell you how to opt out of these activities and communications.
Questions and Complaints
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the U.S. Department of Health and Human Services. To file a complaint with us, put your complaint in writing and address it to the Privacy Officer listed below. The Plan will not retaliate against you for filing a complaint. You may also contact the Privacy Officer if you have questions or comments about our privacy practices.
Future Changes to Our Practices and This Notice
We are required to follow the terms of the privacy notice currently in effect. However, we reserve the right to change our privacy practices and make any such change applicable to the protected health information we obtained about you before the change. If a change in our practices is material, we will revise the Notice to reflect the change. We will send or provide a copy of the revised Notice. You may also obtain a copy of any revised Notice by contacting the Privacy Officer.
Plumbersand Steamfitters Local 42 Health & Welfare Fund