Common use of Confidentiality Policy Clause in Contracts

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) and Facility financial data and information. BCBSM's Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. BCBSM's Board of Directors is required to establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHI. In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policy. The term “Facility financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policy. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable law. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI for these purposes. These forms will also advise the Members of their rights under BCBSM’s policy. Upon request, a Member will be notified regarding the actual release of PHI. BCBSM will make reasonable efforts to use and disclose only the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHI. XXX released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI will not be released without appropriate authorization. Experience-rated and self-funded customers may obtain PHI and Facility financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policy. For these requests, the recipients of the PHI will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers will be required to sign third party agreements with BCBSM and the recipient of the PHI prohibiting the use, retention or release of PHI for other purposes or to other parties than those stated in the agreement. XXX released under this Policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI only as authorized by this policy. BCBSM will release required PHI pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable law. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTES

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility Provider financial data and information. BCBSM's Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. which requires BCBSM's Board board of Directors is required directors to "establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHIpersonal data". In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “Facility personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, coordination of benefits data, which is maintained or stored by a health care corporation. The term “provider financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility provider financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts not release Member specific personal data except on a legitimate need to use and disclose only know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, further unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member specific data will not be released without appropriate authorization. Experience-rated and self-funded customers may obtain PHI personal data and Facility provider financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policyspecific statutory authority. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers will be required to sign third party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTESE

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for the protection of the privacy of Members Members, and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility Provider financial data and information. BCBSM's Confidentiality Policy sets forth the guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. seq which requires BCBSM's Board of Directors is required "to establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHI. personal data." In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and with reasonable care to ensure confidentiality; to know that it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “Facility personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, coordination of benefits data, which is maintained or stored by a health care corporation. The term “Provider financial data and information” refers to a document or other record, including limited to automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility Provider financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts to use and disclose only not release Member-specific personal data except on a legitimate need-to-know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, further unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member-specific data will not be released without appropriate authorization. Experience-Experience rated and self-funded ASC customers and hospitals may obtain PHI and Facility financial personal data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law specific statutory authority. Also, experience rated and BCBSM policyASC customers may obtain Provider financial data for auditing and other purposes. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers accounts and facilities will be required to sign third third-party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTESIPT par 10-06.doc

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility financial data and information. BCBSM's Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. which requires BCBSM's Board board of Directors is required directors to "establish and make public the policy of the Corporation corporation regarding the protection of the privacy of Members and the confidentiality of PHIpersonal data". In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, coordination of benefits data, which is maintained or stored by a health care corporation. The term “Facility financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts not release Member specific personal data except on a legitimate need to use and disclose only know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, further unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member specific data will not be released without appropriate authorization. Experience-rated and self-funded customers may obtain PHI personal data and Facility financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policyspecific statutory authority. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers will be required to sign third party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTES

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility Provider financial data and information. BCBSM's Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. which requires BCBSM's Board board of Directors is required directors to "establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHIpersonal data". In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “Facility personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, coordination of benefits data, which is maintained or stored by a health care corporation. The term “provider financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility provider financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts not release Member specific personal data except on a legitimate need to use and disclose only know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, further unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member specific data will not be released without appropriate authorization. Experience-rated and self-funded customers may obtain PHI personal data and Facility provider financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policyspecific statutory authority. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers will be required to sign third party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTESDISPUTES AND UTILIZATION REVIEW AUDIT DETERMINATIONS

Confidentiality Policy. The purpose of BCBSM's ’s Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility CRNA financial data and information. BCBSM's ’s Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. which requires BCBSM's ’s Board of Directors is required to “establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHI. personal data.” In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's ’s specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “Facility personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, Coordination of Benefits data, which is maintained or stored by a health care corporation. The term “CRNA financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility CRNA financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's ’s consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts not release Member specific personal data except on a legitimate need to use and disclose only know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's ’s specific authorization will be subject to the condition that the person receiving the data will not release it further, further unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member specific data will not be released without appropriate authorization. Experience-Experience rated and self-funded Administrative Service Contract (ASC) customers and hospitals and other entities may obtain PHI personal data and Facility CRNA financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policyspecific statutory authority. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers accounts and facilities will be required to sign third party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTESDISPUTES AND UTILIZATION REVIEW AUDIT DETERMINATIONS ROUTINE INQUIRY PROCEDURES AND/OR AUDIT DETERMINATION CRNA must complete BCBSM’s routine status inquiry, telephone (optional) and written inquiry procedures (for individual claims disputes), or receive an audit determination before beginning the appeals process. WRITTEN COMPLAINT / RECONSIDERATION REVIEW Within 30 days of completing BCBSM’s routine written inquiry procedures, or within 30 days of receiving BCBSM’s written audit determination, CRNA shall begin the appeals process by submitting a Written Complaint and/or a request for a Reconsideration of the Audit Determination. The Written Complaint/ Reconsideration Review request should be mailed to: For individual claims disputes: Blue Cross Blue Shield of Michigan Provider Appeals Unit Mail Code 2005 000 Xxxxxxxxx Xxxx Xxxxxxx, XX 00000-0000 For disputes regarding professional provider utilization review audit results: Blue Cross Blue Shield of Michigan Manager, Professional Utilization Review Mail Code J103 000 Xxxxxxxxx Xxxx Xxxxxxx, XX 00000-0000 A request for a Reconsideration Review must include the following: — Area of dispute — Reason for disagreement — Any additional supportive documentation — Copies of medical records (if not previously submitted) Within 30 days of receipt of the request for Written Complaint/Reconsideration Review, BCBSM shall provide in writing a specific explanation of all of the reasons for its action that form the basis of CRNA’s complaint and/or the results of the Reconsideration Review.

Confidentiality Policy. The purpose of BCBSM's Confidentiality Policy is to provide for protection of the privacy of Members and the confidentiality of Protected Heath Information (PHI) personal data, personal information, and Facility financial data and information. BCBSM's Confidentiality Policy sets forth guidelines conforming to MCLA 550.1101 et seq. and the Health Insurance Portability and Accountability Act of 1996 and the accompanying regulations as from time to time may be amended. which requires BCBSM's Board of Directors is required to "establish and make public the policy of the Corporation regarding the protection of the privacy of Members and the confidentiality of PHIpersonal data". In adopting this policy, BCBSM acknowledges the rights of its Members to know that PHI personal data and personal information acquired by BCBSM will be treated with respect and reasonable care to ensure confidentiality; to know it will not be shared with others except for legitimate business purposes or in accordance with a Member's specific consent or in accordance with applicable laws and BCBSM policyspecific statutory authority. The term “personal data” refers to a document incorporating medical or surgical history, care, treatment or service; or any similar record, including an automated or computer accessible record relative to a Member, which is maintained or stored by a health care corporation. The term “personal information” refers to a document or any similar record relative to a Member, including an automated or computer accessible record, containing information such as an address, age/birth date, coordination of benefits data, which is maintained or stored by a health care corporation. The term “Facility financial data and information” refers to a document or other record, including automated or computer record, containing paid claims data, including utilization and payment information. BCBSM will maintain Facility financial data and information as confidential. BCBSM will collect and maintain necessary Member PHI personal data and take reasonable care to secure these records from unauthorized access and disclosure, and will collect only the personal data necessary to review and pay claims and for health care operations, treatment and research. BCBSM will identify routine uses of Member personal data and notify Member regarding these uses. Records containing PHI personal data will be used to verify eligibility and properly adjudicate claims and other permitted uses allowed by applicable law and BCBSM policyclaims. For coordinated benefits, BCBSM will release applicable data to other insurance carriers to determine appropriate liability as permitted by applicable lawliability. Enrollment applications, claim forms and other communications to Members will notify Members of these routine uses and contain the Member's consent to release PHI data for these purposes. These forms will also advise the Members of their rights under BCBSM’s this policy. Upon request, a Member will be notified regarding the actual release of PHIpersonal data. BCBSM will make reasonable efforts disclose personal data as permitted by the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and the regulations promulgated under that Act and in accordance with Michigan law. Members may authorize the release of their personal information to use and disclose only a specific person. BCBSM will not release Member specific personal data except on a legitimate need to know basis or where the minimum necessary amount of PHI to accomplish the intended purpose of any request, use or disclosure of PHIMember has given specific authorization. XXX Data released with the Member's specific authorization will be subject to the condition that the person receiving the data will not release it further, unless the Member executes in writing another prior and specific informed consent authorizing the additional release. Where protected by specific statutory authority, PHI Member- specific data will not be released without appropriate authorization. Experience-rated and self-funded customers may obtain PHI personal data and Facility financial data for auditing and other purposes provided that claims of identifiable Members are protected in accordance with any applicable law and BCBSM policyspecific statutory authority. For these requests, the recipients of the PHI data will enter into a confidentiality and indemnification agreement with BCBSM to ensure confidentiality and to hold BCBSM harmless from any resultant claims or litigation. Parties acting as agents to customers will be required to sign third party agreements with BCBSM and the recipient of the PHI data prohibiting the use, retention or release of PHI data for other purposes or to other parties than those stated in the agreement. XXX Data released under this Policy will be subject to the condition that the person to whom the disclosure is made will protect and use the PHI data only as authorized by this policy. BCBSM will release required PHI data pursuant to any federal, state or local statute or regulation. For civil and criminal investigation, prosecution or litigation, BCBSM will release requested PHI data to the appropriate law enforcement authorities or in response to appropriate legal process as required by applicable lawprocess. ADDENDUM E APPEALS PROCESS FOR INDIVIDUAL CLAIMS DISPUTESE