Our Responsibilities This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This notice took effect on September 23, 2013. We are required to maintain the privacy of your protected health information and we will follow the terms of this notice while it is in effect. Your Protected Health Information (PHI) and Other Nonpublic Personal Information PHI — health information that identifies you or could be used to identify you that was created or received by a provider, health plan, or employer, and that relates to one of the following: • Your past, present, or future physical or mental health or condition • Providing you health care • The past, present, or future payment for providing you health care Other Nonpublic Personal Information — identifies you, such as account balance information, payment history, information obtained in connection with a loan, or information from a consumer report. Your Information We collect your information as necessary to provide you with health insurance products and services and to administer our business. We may also disclose this information to nonaffiliated third parties as described in this notice. The types of information we may collect and disclose include: • Information you or your employer provide on applications and other forms, such as names, addresses, social security numbers, and dates of birth • Information about your interactions with us or others (such as providers) regarding your medical information or claims • Information you provide in person, by phone, in email, or through visits to our website Your Rights When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities. Get a copy of health and claims records • You can ask to see or get a copy of your health and claims records and other health information we have about you. • We will provide a copy or a summary of your health and claims records, usually within 30 days of your request. We may charge a reasonable, cost-based fee. • We may ask that you submit your request in writing. Please note, if you want to obtain copies of your medical records, you should contact the practitioner or facility. We do not generate, modify, or maintain complete medical records. • You may also request that we send a copy of your information to a third party. We may ask that you submit a written, signed authorization form permitting us to do so and we may charge a reasonable fee for copying and mailing your personal information. Ask us to correct health and claims records • You can ask us to correct your health and claims records if you think they are incorrect or incomplete. • We may say no to your request, but we’ll tell you why in writing within 60 days. Request confidential communications • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. • We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not. • All requests should be made in writing. • It may take a short period of time for us to implement your request. • We will comply with your request if it is reasonable and continues to permit us to collect premiums and pay claims under your policy, including issuing certain explanations of benefits and policy information to the BlueShield of Northeastern New York is a division of HealthNow New York Inc., an independent licensee of the BlueCross BlueShield Association. 15049R_NENY_12_19 f11011 subscriber of the policy. For example, even if you request confidential communications: ο We will mail the check for services you receive from a nonparticipating provider to you but made payable to the subscriber ο Accumulated payment information such as deductibles (in which your information might appear), will continue to appear on explanations of benefits sent to the subscriber ο We may disclose to the subscriber, as the contract holder, policy details such as eligibility status or certificates of coverage Ask us to limit what we use or share • You can ask us not to use or share certain health information for treatment, payment, or our operations. • We are not required to agree to your request, but if we do, we will abide by our agreement (except when necessary for treatment in an emergency). You have the right to request a list of certain disclosures of your information we or our business associates made for purposes other than treatment, payment, or health care operations. You have the right to receive a paper copy of this notice Choose someone to act for you • You have the right to authorize individuals to act on your behalf with respect to your information. You must identify your authorized representatives on a HIPAA-compliant authorization form (available on our website) and explain what type of information they may receive. • You have the right to revoke an authorization except for actions already taken based on your authorization. File a complaint if you feel your rights are violated • You can complain if you feel we have violated your rights by contacting us using the information listed on page 4. • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. • We will not retaliate against you for filing a complaint. Your Choices For certain health information, you can tell us your choices about what we share. We may use and disclose your information in the situations described below but you have the right to limit or object to these uses or disclosures. If you have a clear preference for how we share your information in these situations, contact us using the information on page 4. • With your family, close friends, or others involved with your health care or payment for your care when you are present and have given us permission to do so. If you are not present, if it is an emergency, or you are not able to give us permission, we may give your information to a family member, friend, or other person if sharing your information is in your best interest. In these cases, the person requesting your information must accurately verify details about you (e.g., name, identification number, date of birth, etc.) and prove involvement with your health care or payment for your health care by providing details relevant to the information requested. For example, if a family member calls us with prior knowledge of a claim (e.g., provider’s name, date of service, etc.), we may confirm the claim’s status, patient responsibility, etc. We will only disclose information directly relevant to that person’s involvement with your health care or payment for your health care. • In a disaster relief situation. Uses and disclosures for which we will obtain your authorization In these cases we never share your information unless you give us written permission: • Marketing purposes • Sale of your information • Disclose your psychotherapy notes • Make certain disclosures of information considered sensitive in nature, such as HIV/AIDS, mental health, alcohol or drug dependency, and sexually transmitted diseases. Certain federal and state laws require that we limit how we disclose this information. In general, unless we obtain your written authorization, we will only disclose such information as provided for in applicable laws. Our Uses and Disclosures How do we typically use or share your health information? We typically use or share your health information in the following ways: Help manage the health care treatment you receive • We can use your health information and share it with professionals who are treating you.
