New Privacy Notice

IBEW Local 90 benefit fund

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

Our legal duty

The I.B.E.W. Local No. 90 Benefit Fund is committed to protecting health information about you and your family.  The Fund is required by law to keep your Protected Health Information (“PHI”) private.  “PHI” is information that is created or received by us that reasonably identifies you, and relates to your past, present, or future physical or mental health condition, or your past, present, or future health care, or payment for such health care.  We are also required to give you this Notice of our legal duties and the Fund’s privacy practices with respect to your protected PHI as well as your rights.  We are also required to abide by the terms of this Notice, which may be amended at any time.

We reserve the right to change the terms of this Notice at any time and to make the new provisions effective for all PHI that we maintain.  We will promptly revise our Notice and distribute it to all Plan Participants whenever we make material changes to our privacy policies and procedures.

How the fund May Use or Disclose Protected Health Information

We may use and disclose your PHI without your knowledge or consent related to treatment, payment for treatment and health care operations.  Since we provide your health benefits, we will focus first on “payment” and “health care operations,” examples of these kinds of uses and disclosures are listed below. 

Payment

We may use or disclose your PHI for the following “payment” purposes, including, but not limited to:

  • Determining your eligibility for benefits.  For example, we may use information obtained from your providers to determine if a benefit is covered and at what level.
  • Pre-certifying or pre-authorizing health care services.  For example, we may consider a request from you or your Physician to verify coverage for a specific Hospital admission or surgical procedure.
  • Providing reimbursement for the treatment and services you received from health care providers.  For example, we may send your Physician a payment with an explanation of how the amount of the payment was determined.
  • Seeking reimbursement for health claims for which a third party is liable.  For example, we may exchange information about an accidental Injury with your attorney who is pursuing reimbursement from another party.
  • Coordinating benefits with other plans under which you have health coverage.  For example, we may disclose information about your Plan benefits to another group health plan in which you participate.
  • Obtaining payment under a contract of reinsurance.  For example, if the total amount of your claims exceeds a certain amount, we may disclose information about your claims to our stop-loss insurance carrier.

Health Care Operations:

We may use and disclose your PHI for the following “health care operation” purposes, including, but not limited to:

  • Conducting quality assessment and improvement activities.  For example, a supervisor or quality specialist may review health care claims to determine the accuracy of a claim processor’s work.
  • Case management and care coordination.  For example, a case manager may contact home health agencies to determine their ability to provide the specific services you need.
  • Contacting you regarding treatment alternatives or other benefits and services that may be of interest to you.  For example, a case manager may contact you to give you information about alternative treatments.
  • Contacting health care providers with information about treatment alternatives.  For example, a case manager may contact your Physician to discuss moving you from an acute care facility to a more appropriate care setting.
  • Employee training.  For example, training new claims processors may include processing claims for health benefits under close supervision.
  • Accreditation, certification, licensing, or credentialing activities.  For example, the Fund may disclose your PHI to an auditor that is determining or verifying its compliance with standards for professional accreditation.
  • Conducting or arranging for legal and auditing services.  For example, your PHI may be disclosed to an auditor who is auditing the accuracy of claim adjudications.
  • Management activities relating to compliance with privacy regulations.  For example, the Privacy Officer may use your PHI while investigating a complaint regarding a reported or suspected violation of your privacy.

Disclosures to Providers and to Other Benefit Funds for Their Own Activities Related to Your Health Care:

We may disclose information without your knowledge or consent to providers and to other health plans if it is intended to be used for their own purposes, as described below:

  • Treatment: A health care provider may obtain your PHI from us for the purpose of providing health care treatment.  For example, we may disclose the identity of your primary care Physician to emergency medical staff if requested for treatment purposes.
  • Payment: A health care provider or another health plan may obtain your PHI from us for purposes related to payment for health care.  For example, if you have secondary coverage with another health plan we may disclose information to that other plan regarding our benefit payments on your behalf.
  • Health Care Operations: A health care provider or another health plan may obtain your PHI from us for some purposes related to health care operations, but only if the provider or plan has a relationship with you and the information pertains to that relationship.  The purposes for which such disclosures are permitted include, but are not limited to, quality improvement, case management, performance evaluation, training, and credentialing.

Other Uses and Disclosures

Other ways that the Fund may use and disclose your protected health information without your consent are described below.  Not every potential use or disclosure in each category will be listed:

  • Disclosures to You: We are permitted, and in some circumstances required, to disclose your PHI to you. Your rights are described below under “Your Protected Health Information Privacy Rights,” below.
  • Your Personal Representative: Anyone with legal standing to act as your personal representative may, depending on the terms of the legal authority, have any or all of the same rights that you have with regard to obtaining or controlling your PHI.  For example, state law determines the extent to which a parent may act on behalf of a minor with regard to the Child’s PHI.  Someone who is legally responsibility for your affairs after your death may also act as your personal representative.
  • Involvement in Payment: With your prior authorization, we may disclose your PHI to a relative, friend, or other person designated by you as being involved in payment for your health care.  For example, if we are discussing your health benefits with you, and you wish to include your Spouse or Child in the conversation, we may disclose information to that person during the course of the conversation.
  • Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.  For example, we may disclose your PHI to a representative of the U.S. Department of Health and Human Services who is conducting a privacy regulation compliance review. 
  • Public Health: As permitted by law, we may disclose your protected health information as described below:
    • To an authorized public health authority, for purposes of preventing or controlling disease, Injury or disability;
    • To a government entity authorized to receive reports of child abuse or neglect;
    • To a person under the jurisdiction of the Food and Drug Administration, for activities related to the quality, safety, or effectiveness of FDA-regulated products.
  • Health Oversight Activities: We may disclose your PHI to health agencies during the course of audits, investigations, inspections, licensure and other proceedings related to oversight of the health care system or of compliance with civil rights laws.
  • Judicial and Administrative Proceedings: We may disclose your PHI in the course of any administrative or judicial proceeding:
    • In response to an order of a court or administrative tribunal, or
    • In response to a subpoena, discovery request, or other lawful process.
  • Law Enforcement: We may disclose your PHI to a law enforcement official for various purposes, such as identifying or locating a suspect, fugitive, material witness or missing person.
  • Coroners, Medical Examiners and Funeral Directors: We may disclose your protected health information to coroners, medical examiners, and funeral directors.  For example, this may be necessary to identify a deceased person or determine the cause of death.
  • Organ and Tissue Donation: We may disclose your PHI to organizations involved in procuring, banking, or transplanting organs and tissues.

Disclosures to the Board of Trustees

There are three circumstances in which we may disclose your PHI to the Board of Trustees, which is the Plan Sponsor, without your knowledge or consent:

  • We may disclose PHI to the Board of Trustees if you have enrolled in, are participating in, or have un-enrolled from this health Plan.
  • We may provide the Board of Trustees with “summary protected health information,” which includes claims totals without any personal identification except your ZIP code, for these two purposes: 
    • To obtain health insurance premium bids from other health plans, or
    • To consider modifying, amending, or terminating the health Plan.
  • We may disclose your PHI to the Board of Trustees for purposes of administering benefits under the Fund.  These purposes may include, but are not limited to:
    • Reviewing and making determinations regarding an appeal of a denial or reduction of benefits.
    • Evaluating situations involving suspected or actual fraudulent claims.
    • Monitoring benefit claims that may or do involve stop-loss insurance.

Disclosure to Business Associates

Business Associates are individuals and companies who need access to PHI in order to act on our behalf or to provide us with services. Examples of business associates include third party administrators, pharmacy benefits managers, attorneys, consultants, and auditors. We may disclose your PHI to our business associates, and we may authorize them to use or disclose it for any or all of the same purposes for which we are permitted to use or disclose it ourselves, as well as for their own administrative purposes.  Our business associates are contractually required not to use or disclose your PHI for any other purposes. 

When the Fund May Not Use or Disclose Your PHI Without Your Consent

Except as described above, we will not use or disclose your PHI without written authorization from you.  If you have authorized us to use or disclose your PHI for another purpose, you may revoke your authorization in writing at any time.  If you revoke your authorization, we will no longer be able to use or disclose your PHI for that reason.  However, the Fund cannot withdraw any disclosures that it previously made with your permission.  Requests to revoke a prior authorization must be submitted in writing to the Fund Office, at the address listed at the end of this Notice.

Depending on what state you live in, state law may impose more stringent limitations on the Fund’s use and disclosure of health information.  Where state laws govern, the Fund will comply with the applicable state law.

Substance Use Disorder Treatment Information

 

The confidentiality of your PHI maintained by the Fund related to Substance Use Disorder (SUD) treatment is protected by Federal law and regulations. This information may be used and disclosed by the Fund amongst our vendors and staff as needed to provide care to you or to bill you for services. Generally, however, we may not say to a person outside the addiction medicine program that you are receiving SUD treatment or disclose any information identifying you as a person with substance use disorder except in the circumstances described below.

 

Instances where we may share SUD treatment information without your consent:

  • The disclosure is made to medical personnel in a medical emergency;
  • The disclosure is made to qualified service organizations providing services to you who agree in writing to protect the information in the same way that we are required to protect the information;
  • The disclosure is made to law enforcement to report a crime you commit, or threaten to commit, in a treatment facility or against personnel;
  • The disclosure is made to the Connecticut Department of Children and Families to report suspected child abuse and neglect as required by Connecticut state law or similar agency in another state as required by a similar state law;
  • The disclosure is made to qualified personnel for research subject to ethics board approval and oversight.
  • The disclosure is made to qualified personnel for audit or program evaluation who a) agree in writing to protect the information as required under our policies, b) represent federal, state, or local government agencies that are authorized by law to oversee treatment programs, or c) provide financial assistance to treatment programs or provide payment for health care such as the CT State Department of Mental Health and Addiction Services;
  • The disclosure is allowed by a court order and that order includes a subpoena or other legal mandate requiring that we share your information. In particular, note that records, or testimony about your records, cannot be shared in any civil, administrative, criminal, or legislative proceedings against you unless there is specific written consent or a court order. If there is a court order, we must let you know and provide you will an opportunity to object.

In all other circumstances, we will ask for your consent to release your information outside of our program. Instances where we may share information with your consent:

  • When you ask us in writing to share your information;
  • When you consent to allow us to share information about you outside of our program for all future treatment, payment, and healthcare operations purposes. Organizations that receive your information for these purposes are required by law or contract to protect your information as required by Federal law protecting SUD information or by HIPAA. Recipients that are required to protect your information as required by HIPAA may share your information only as allowed by HIPAA except that they may not re-disclosure information for civil, criminal, administrative, and legislative proceedings against you.

If you consent to our sharing your information, you can change your mind and ask us not to at any time by letting us know in writing. If you change your mind, we will stop any future sharing of your information but will be unable to stop any information that has already been released.

 

With respect to your SUD treatment information, you have a right to request restrictions of disclosures made with your prior consent for purposes of treatment, payment, and health care operations. The Fund will review your request but is not required to agree unless the request relates to sharing information with another insurance provider and your care has already been paid for by another source. If we agree to your request, we may still share your information where needed for emergency care or where required by law. You also have a right to an accounting of disclosures of electronic records of your care by the Fund’s SUD treatment program to people outside our program going back 3 years from the date of the request for disclosures. In addition, if you provided consent to share your information for treatment through a health information exchange, care management organization, or other intermediary, you have a right to a list of disclosures by an intermediary going back 3 years from the date of the request for disclosures. Finally, you have a right to obtain a paper or electronic copy of the full HIPAA Privacy Notice upon request. You may find this Notice at https://www.ibewlocal90.org/.

 

Please review the information on the Privacy Notice regarding how to file a complaint concerning a violation of the privacy or security of your SUD treatment information, or of your rights concerning your SUD treatment information. You have a right to a copy of this Notice, in paper or electronic form, and to discuss it with our Privacy Officer whose contact information is listed below if you have any questions.

 

This Notice regarding SUD treatment information supplements the information in this Notice of Privacy Practices and describes additional protections for records related to SUD treatment information. The Fund is required to provide participants with this Notice of our legal duties and privacy practices with respect to SUD records and to notify affected participants following a breach of unsecured SUD records.

 

PLEASE NOTE: This Notice is applicable to SUD treatment information protected under 45 CFR Part 2 which is limited to these SUD treatment programs and does not apply to information related to care provided outside these programs such as substance abuse screening that is performed in emergency rooms or by your primary care provider.

Your Protected Health Information Privacy Rights

  • Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your PHI.  We are not required to agree to restrictions that you request.  If you would like to make a request for restrictions, you must submit your request in writing to the Privacy Officer.
  • Right to Request Confidential Communications: You have the right to ask us to communicate with you using an alternative means or at an alternative location.  Requests for confidential communications must be submitted in writing to the Privacy Officer.  We are not required to agree to your request unless disclosure of your protected health information could endanger you.
  • Right to Inspect and Copy: You have the right to inspect and copy your PHI that may be used to make decisions about your Plan benefits.  To inspect or copy such information, you must submit your request in writing to the Privacy Officer.  If you request a copy of the information, we may charge you a reasonable fee to cover expenses associated with your request.
  • Right to Request Amendment: If you believe that we possess your PHI that is incorrect or incomplete, you have a right to ask us to amend it.  To request an amendment of health records, you must make your request in writing to the Privacy Officer. Your request must include a reason for the request.  We are not required to make requested changes.  If your request is denied, we will provide you with information about our denial and how you can disagree with the denial.
  • Right to Accounting of Disclosures:  You have the right to receive a list or “accounting” of disclosures of your PHI made by us.  However, we do not have to account for disclosures that were made to you or were authorized by you, or for purposes of treatment, payment or health care operations.  Requests for an accounting of disclosures must be submitted in writing to the Privacy Officer.  Your request should specify a period within the last six years and may not include dates before April 14, 2004.  We will provide one free list per twelve-month period, but we may charge you for additional lists.
  • Right to Paper Copy: You have a right to receive a paper copy of this Notice of Privacy Practices at any time.  To obtain a paper copy of this Notice, contact the Fund’s Privacy Officer.

HIPAA Security Rule

This provision is intended to bring the Plan into compliance with the requirements of 45 C.F.R § 164.314(b)(1) and (2) of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, 45 C.F.R. parts 160, 162, and 164 (the regulations are referred to herein as the "HIPAA Security Standards") by establishing the Plan Sponsor's obligations with respect to the security of Electronic Protected Health Information. The obligations set forth below are effective on April 21, 2006.

Definitions

For purposes of this provision, the following terms have these meanings:

Electronic Protected Health Information – "Electronic Protected Health Information" has the meaning set forth in 45 C.F.R. §160.103, as amended from time to time, and generally means protected health information that is transmitted or maintained in any electronic media.

Security Incidents – "Security Incidents" has the meaning set forth in 45 C.F.R. § 164.304, as amended from time to time, and generally means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system.

OBligations of the Board of Trustees

Where Electronic Protected Health Information will be created, received, maintained, or transmitted to or by the Plan on behalf of the Plan, the Trustees will reasonably safeguard the Electronic Protected Health Information as follows:

  1. The Plan will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Electronic PHI that Plan creates, receives, maintains, or transmits on behalf of the Plan;
  2. The Plan will ensure that the adequate separation that is required by 45 C.F.R. § 164.504(f)(2)(iii) of the HIPAA Privacy Rule is supported by reasonable and appropriate security measures;
  3. The Plan will ensure that any agent, including a subcontractor, to whom it provides Electronic PHI agrees to implement reasonable and appropriate security measures to protect such Information; and
  4. The Plan will report any Security Incidents of which it becomes aware as described below:
    1. The Plan will report within a reasonable time after the Trustees become aware, any Security Incident that results in unauthorized access, use, disclosure, modification, or destruction of the Plan's Electronic PHI; and
    2. The Plan will report any other Security Incident on an aggregate basis every quarter, or more frequently upon request.

Questions and Complaints

If you want more information about our privacy practices or have questions or concerns, please contact the Fund Counsel, Gregory Campora, at 860-803-7992, gcampora@cheverielaw.com, who is also the Fund’s Privacy Officer.

If you believe that your privacy rights have been violated by the Fund or by anyone acting on our behalf, you may complain to the Fund’s Privacy Officer.  You may also file a written complaint with the U.S. Department of Health and Human Services by writing to the Secretary at 200 Independence Avenue, SW, Washington, DC 20201.  Complaints about us must refer to the Fund by name and must describe what the Fund did or failed to do that violated federal regulations regarding protected health information privacy.  Complaints to the Secretary or to us must be filed within 180 days after you first knew or should have known about the privacy violation that is the subject of your complaint.

The Fund supports your right to the privacy of your protected health information.  The Fund will not retaliate against you in any way for filing a complaint with it or the U.S. Department of Health and Human Services.

Microsoft Office document icon HIPAA Privacy Notice SUD Update_gsc_jss_gsc.doc