notice of privacy policies
NOTICE OF PRIVACY POLICIES
Effective Date: 1-1-2014
Last Review Date: 11-1-2013
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Telligen is required by law to maintain the privacy of your health information. Telligen is also required to provide you with a notice that describes Telligen’s legal duties and privacy practices and your privacy rights with respect to your health information. We will follow the privacy practices described in this notice. If you have any questions about any part of this Notice, or if you want more information about the privacy practices of Telligen, please contact:
Telligen Privacy Officer, Contracts & Compliance Department, 1776 West Lakes Parkway, West Des Moines, IA 50266.
Telligen reserves the right to change the privacy practices described in this notice in the event that the practices need to be changed to be in compliance with the law. We will make the new notice provisions effective for all the protected health information that we maintain. If we change our privacy practices, we will have them available upon request. It will also be posted at the location of service.
Safeguards Telligen Implements
There are several safeguards that Telligen implements to protect the individual’s protected health information.
Examples include, but are not limited to:
i) Restricting access to the individual’s protected health information.
ii) Limiting the use and disclosure of the individual’s protected health information.
iii) Notifying the individual of their rights on protected health information.
iv) Training employees and associates about Telligen’s privacy policies and procedures.
How Telligen May Use or Disclose Your Health Information for Health Care Operations
Where as required by law, Telligen must use and disclose protected health information to the individual or someone who has the legal right to act on the individual’s behalf and to the Secretary of the Department of Health and Human Services. Telligen has the right to use and disclose protected health information as follows:
i) Treatment – Coordination or management of a individual’s health care with a third party; consultation between health care providers related to a individual; referral of an individual to a health care provider.
ii) Payment – Activities related to the review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care or justification of charges; activities related to utilization review, including pre?certification and pre?authorization of services, concurrent and retrospective review of services; activities undertaken to determine eligibility, coverage (including coordination of benefits or the determination of cost sharing amounts) and adjudication or subrogation of health benefit claims; activities related to billing and claims management, including reinsurance activities.
iii) Health Care Operations – Conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, population based activities relating to improving health or reducing health care cost, protocol development, case management and care coordination; contacting of providers and individuals with information about treatment alternatives and related functions that do not include treatment; conducting or arranging for medical review, legal services and auditing functions including fraud and abuse detection and compliance programs; business management and general administrative activities of the organization including data analyses for which Telligen is contracted to provide to its covered entity clients.
iv) Information Provided to the Individual – Telligen may use and disclose health information to the individual. An individual’s written request for a copy of his/her medical records will include health information originating from Telligen. Individuals will be directed to seek medical records, disclosed to Telligen by other health care providers, from the originating party.
How Telligen May Use or Disclose Your Health Information without Your Written Authorization
The following categories describe the ways that Telligen may use and disclose your health information without your authorization. For each type of use and disclosure, we will explain what we mean and present some examples
i) Notification and Communication with family – Telligen may disclose health information to notify or assist in notifying a family member, a personal representative or another person responsible for the individual’s health care and general condition. The individual has the right to agree or object, by verbally notifying Telligen staff. Our health professionals will use his/her best judgment in any communication with family and others if not otherwise directed by the individual.
ii) Public Health – As required by law, Telligen may disclose health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting abuse or neglect; reporting domestic violence; reporting problems with products and reactions to medications, and reporting disease or infection exposure to the Food and Drug Administration.
iii) Health oversight activities – Telligen may disclose health information to health agencies during the course of audits, investigations, inspections, licensure and other proceedings.
iv) Judicial and administrative proceedings – Telligen may disclose health information in the course of any administrative or judicial proceeding.
v) Required by law – Telligen may use and disclose individual health information as required by law.
vi) Research – Telligen may disclose de?identified health information to researchers conducting research that has been approved by Telligen’ Quality Management Committee.
vii) Public safety –Telligen may disclose health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
viii) Specialized government functions – Telligen may disclose health information for military, national security and prisoner benefit purposes.
ix) Worker’s compensation –Telligen may disclose health information as necessary to comply with worker’s compensation laws.
When Telligen may not use or disclose health information
Except as described in this Notice of Privacy Practices, Telligen will not use or disclose an individual’s health information without the individual’s written authorization. If an individual does authorize Telligen to use or
disclose health information for other purposes, he/she may revoke that authorization in writing at any time.
i) Marketing purposes – Telligen will not use or sell any protected health information without prior authorization.
ii) Genetic Information – Telligen is prohibited from using or disclosing genetic information for insurance underwriting purposes.
Individual health information rights
i) An individual has the right to request restrictions on certain uses and disclosures of his/her health information. Telligen is not required to agree to these restrictions; however, if agreed to, Telligen will comply with these restrictions. The individual can terminate these restrictions at any time.
ii) An individual has the right to receive a copy of his/her health information or a summary of this information. Telligen may charge a reasonable fee for the cost of copying and postage.
iii) An individual has the right to inspect and copy his/her health information.
iv) An individual has the right to request that Telligen amend his/her health information that is incorrect or incomplete. Telligen may deny such request if the information was not created or maintained by Telligen or if it is believed to be correct and complete. The individual has the right to response with a written
explanation that will be included with the protected health information.
v) An individual has the right to receive an accounting of disclosures of his/her health information made by Telligen. Telligen does not have to account for the disclosures described in parts labeled: Treatment, Payment, Health Care Operations, Information provided to the Individual, and certain government
functions. Telligen may charge a reasonable fee for the cost of copying and postage.
vi) The individual has the right to receive confidential communications of protected health information in a different manner or at a different place to avoid life?threatening conditions. Telligen will make every reasonable effort to accommodate this request.
vii) An individual who pays out-of-pocket has the right to restrict protected health information disclosures from their health plan.
viii) An individual has the right to opt out of receiving any fundraising communications.
ix) An individual has a right to receive notifications whenever a breach of his or her unsecured protected health information occurs.
x) An individual has the right to a paper copy of this Notice of Privacy Practices.
xi) If a more detailed explanation of these rights is desired or to exercise one or more of these rights, a written request should be sent to:
Telligen Privacy Officer
Contracts & Compliance Department
1776 West Lakes Parkway
West Des Moines, IA 50266
i) Retaliation against anyone filing a complaint is unlawful.
ii) Complaints about this Notice of Privacy Practices or how Telligen handles health information should be directed in writing to:
Telligen Privacy Officer
Contracts & Compliance Department
1776 Lakes Parkway
West Des Moines, IA 50266
iii) Complaints may also be filed directly with the Health and Human Service Department. These requests may be filed in writing, either on paper or electronically. Electronic fillings may be done over the Internet at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html or by writing:
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Business Associate – A person or organization that received protected health information from a covered entity to provide services to or on behalf of the covered entity, or one that performs a professional service for the covered entity that involves the use of protected health information.
Covered Entity – A health care provider (provider of health care services), health plan (individual or group or combination, HMO, etc), or health care clearinghouse (billing services, etc) that transfers health information electronically in connection with HIPAA transaction.
De-identified Information – Information that has been stripped of personal and individually identifying characteristics. It is not protected health information if the risk of identification is very small and the other criteria specified in the rule are met.
Disclosure – The act of releasing, transferring, divulging, or providing access to information to an organization other than the covered entity.
Health Information – broadly defined as any information, in any form or medium, that relates to the past, present or future physical or mental health, condition, provision of healthcare, or future payment for the provision of healthcare of or to an individual.
HIPAA – The Health Insurance Portability and Accountability Act of 1996. HIPAA is the federal government’s version of health care reform. It is a comprehensive law that addresses not only privacy, security and uniform standards for electronic transactions, but also portability, fraud and abuse in health care, and many other issues.
Individual – The person who is the direct subject of health information.
Individually Identifiable Health Information – Any information that may identify an individual and relates to the past, present, or future mental or physical condition of the individual—for example, a name, address, telephone number, birth date, or Social Security number. Individually Identifiable Health Information is a subset of health information.
Notice of Privacy Practices – The document required by HIPAA in which a covered entity must disclose its privacy practices as related to protected health information. The notice must also provide information on use and disclosure activities, give examples of certain uses and disclosures, and describe the individual’s rights in relation to the covered entity’s privacy practices. (This document is also known as the “privacy notice” or simply “the notice.”)
Operations (Health Care Operations) – The activities of a covered entity or performed by a business associate that relate to : quality assessment and improvement, review of health care professional qualifications, underwriting and health insurance or health benefit functions, medical review or auditing functions, and legal services. Health care operations also include business planning, development, management, and administrative functions: HIPAA compliance; customer service; grievance processes; mergers and acquisitions; and the created of de?identified information.
Payment – The functions of a health plan of health care provider to obtain reimbursement for services rendered or for premiums, which include the following activities: eligibility or coverage, risk adjustment, billing and claims management, debt collection activities, medical necessity determinations and utilization review.
Personal Representative – A person designated by the individual to have access to protected health information.
Protected Health Information – Individually identifiable health information transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium, whether electronic, paper or oral.
Treatment – A health care provider’s provision, coordination and management of an individual’s health care and related services, which includes referrals and consultations with other health care providers.
Use – The sharing, use, examining, or analysis of protected health information.