Notice of Privacy Practices

What is the purpose of this Notice of Privacy Practices?

PHP is required by federal law to provide you with this Notice of Privacy Practices (Notice), describing how we use and disclose your protected health information (PHI), and your rights regarding your PHI. This law, referred to as the Privacy Rule, is a provision of the Health Insurance Portability and Accountability Act of 1996.

What is protected health information (PHI)?

PHI is information about a member’s or an applicant’s health or healthcare services that we create or receive, and maintain, which can be identified as pertaining to that person. PHI includes electronic PHI.

Is my PHI kept private?

Yes. We understand the seriousness and sensitivity of privacy issues and recognize the importance of confidentiality. We are also required by the Privacy Rule to keep your PHI private. We strongly believe in protecting the confidentiality and security of your information, and follow strict policies to protect your information. We have a Privacy Officer who is responsible for seeing that your PHI is used and disclosed appropriately.

How does Physicians Health Plan use and disclose my PHI?

We use PHI to operate our day-to-day business. This business includes processes related to payment for healthcare treatment and other healthcare services, and the routine operation of our business. We may use and disclose PHI, without individual authorization, for these purposes.

We may use or disclose PHI for payment activities, including: adjudication of claims, coordination of benefits, utilization review, pre-certification review, medical necessity review, coordination of care, collection of payments, collection of reinsurance payments, determination of eligibility, subrogation of claims, risk adjusting, reimbursement, claims management, and determination of cost sharing. There are many different reasons why we use PHI for payment. For example, our claims department uses PHI when we pay a provider or facility for the services or treatment you received. We may also ask for additional PHI from your provider about your treatment before we consider the claim for payment. We may disclose PHI to your provider as necessary to help coordinate your services.

We may use and disclose PHI for healthcare business operations and legal processes, including: customer service, resolution of grievances and appeals, fraud and abuse detection and prevention, general administrative activities, business management, auditing, medical review, disease management, case management, treatment alternatives, protocol development, underwriting and premium rating, enrollment, provider credentialing, quality assessment and improvement activities, review of healthcare performance, outcome evaluations, accreditation purposes, certification, training, regulatory compliance, legal services, licensing, and law enforcement. We use PHI as part of these processes to manage the health plan that you currently use. For example, we may use PHI for monitoring quality and improving healthcare services, providing disease management programs, and reducing health care costs. We may contact you at times to provide health education materials or health-related benefit information. We may also use PHI for underwriting purposes to determine the premium to charge for your benefit coverage. We will not use genetic PHI for purposes of underwriting.

We may share your PHI with other businesses who help us operate our business. We will not share your PHI with these outside businesses unless they agree to protect it. If you are covered under an Employer Group Health Plan, we may also disclose PHI to a plan administrator at your place of employment, for plan administration purposes and to administer the terms of our contract with your Employer. Most employers that choose to request and receive PHI must comply with the Privacy Rule and tell you that they receive PHI from us.

We may also use and disclose PHI without your authorization when you are unable to make a health care decision for yourself, or are unable to provide a written authorization. For example, if you are unconscious, or very ill, or otherwise unable to provide authorization, we may make a professional judgment and disclose PHI in this situation to an apparent caretaker, such as a family member or friend who is involved in your care.

In situations other than payment and operational functions as listed above, we will ask for your authorization before we use or disclose your PHI. If you give us your written authorization and decide later you do not want us to use or disclose this information any longer, you may revoke your authorization in writing to us at any time. Your revocation will not apply to uses and disclosures of your PHI already made before you revoked an authorization.

We will not sell any PHI, or use PHI for marketing or fundraising purposes.

Does Physicians Health Plan have any legal duties that could involve using or disclosing my PHI?

We are required to share your information in other ways- usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these proposes. For more information see: https://www.hhs.gov/hipaa/index.html. We must disclose PHI:

• when required to do so by federal or state law (for example, abuse, neglect or domestic violence);
• when required to do so by rules and laws applicable to civil or criminal lawsuits;
• to prevent a serious threat to your health or the health and safety of the public or another person;
• if a government agency is investigating or inspecting a health care provider or Physicians Health Plan; and/or
• to the Department of Health and Human Services, if asked, so it can make sure we are complying with this Privacy Rule.

What are my rights under the Privacy Rule?

The following items explain your rights.

• Privacy Notice. You have a right to receive a copy of this Notice by mail or electronically, at your request. This Notice is also on our website at www.phpni.com.
• Personal Representatives. You have the right to choose someone to represent you. Your personal representative would have the same rights as you do. Your personal representative could make requests and authorizations on your behalf.
• Restrictions. You have the right to request restrictions on how we use or disclose your PHI. For example, you may choose to request that we not share your PHI with family members who may be involved in your care, or that we limit the information we provide to such family member. PHP is not required to agree to the restriction.
• Confidential Communication. You have the right to confidential communication. If you are in a situation where your own PHI being directed to your listed home address could place you in danger, you may receive communications at an alternate address. Your request must be in writing, specifying that you could be in danger if your health information is directed to your listed home address. Your written request should clearly state where or how you prefer to receive communication.
• Access. You have the right to access your own PHI. You may view or receive copies of your PHI that PHP maintains in a designated record set for the uses listed in this Notice. Copies of psychotherapy notes and certain PHI that we may prepare for use in a civil, criminal or administrative action or proceeding will not be released. We will charge you a fee that is allowable by applicable law, based on the cost of copying and postage. If we maintain electronic records containing your health information, when and if we are required by law, you will have the right to request that we send a copy of your protected health information in an electronic format to you or a third party that you identify. We may charge a reasonable fee for sending the electronic copy of your health information.
• Accounting of Disclosures. You have the right to an accounting of disclosures of your PHI. We will keep a log of any non-routine disclosures of your PHI. This information will be maintained for 6 years after any applicable disclosure. We will give you one list of disclosures in a 12-month period for free. If you ask for another list in the same 12-month period, we will tell you in writing that there will be a reasonable charge to prepare your list. You can let us know in writing whether you still want us to give you the information requested or whether you want to change your request. Our list will not include disclosures that we made:

1. for the payment and business operations purposes defined in this Notice
2. directly to you, to your personal representative, or under your written authorization
3.  for national security purposes 4. to correctional or law enforcement personnel

• Amendment. You have the right to correct your PHI or add missing information if you think there is a mistake regarding your PHI. You must provide us with the reason the information we have is incorrect. This information must be provided to us in writing. If we did not create the record, or if we believe the record to be accurate, we may decline to change the record, but we will add your request and the information you provide to your record so that it becomes a part of your record.
• Notice. We are required to notify you of a breach involving your unsecured PHI.

All requests to us must be in writing, except a request for a copy of this Notice. You can send your written request to the address listed at the bottom of this Notice, Attention: Privacy Officer, or send an email to custsvc@phpni.com. We will respond to you within 30 days after we receive your written request. The Privacy Rule allows us 60 days to consider and respond to you when you ask us to correct your PHI or request a list of PHI disclosures. We will tell you if we need up to an additional 30 days to consider your request when we reply to you in writing.

We will always give serious consideration to your requests. In certain situations, we may deny your request if we cannot reasonably comply. If we deny your request, we will tell you the reason in writing. Our denial will also explain that in certain situations you may have the right to have the denial reviewed.

Will Physicians Health Plan follow the terms of this Notice?

Yes. We are required by the Privacy Rule to follow the terms of this Notice. This Notice will remain in effect until it is replaced or modified. PHP will revise and distribute within 60 days this notice whenever there is a material change.

Will Physicians Health Plan change its privacy practices or the information in this Notice?

We reserve the right to change the information in this Notice and to make the changes effective for all PHI that we maintain. The revised Notice will be on our website at www.phpni.com. We will send you a copy of the new Notice upon request.

How do I file a complaint about Physicians Health Plan’s privacy practices?

If you believe that your privacy rights have been violated, you can contact our Privacy Officer or the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint about our privacy practices. We want to know if you have a concern about your privacy at PHP. Please contact us with any concerns or questions.

You may contact our Privacy Officer by:

1. Sending your written complaint to PHP Customer Service Department, Attn: Privacy Officer, 1700 Magnavox Way, Suite 201, Fort Wayne, IN 46804
2. Calling a Customer Service representative at 260-432-6690,ext. 11 or toll-free at 1-800-982-6257
3. Sending an email to custsvc@phpni.com.

You may also contact the Secretary of the Department of Health and Human Services. We will give you their address upon request.

Who do I call if I have any questions about the information in this Notice?

If you need additional information or have questions about anything mentioned in this Notice, please contact our Customer Service Department at 260-432-6690,ext. 11, toll-free at 1-800-982-6257, or sending an email to custsvc@phpni.com.