This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
Effective August 2013
This Notice describes how your group health plan, the City of Fort Worth Employee Health Benefits Plan (the “Plan”), may use and disclose your health information to carry out payment, health care operations and other purposes that are permitted or required by law. This health information may be recorded in your medical record, invoices, payment forms, videotapes, or other ways. This notice also describes your rights to limit access to your health information and the Plan’s responsibilities under federal and state laws.
Health Information is any information (whether oral or recorded in any form or manner) that is created or received by a health care provider, the Plan, a public health authority, a health care clearing house, or The City (“Employer”) and relates to the past, present or future physical or mental health condition of an individual, the provision of health care to an individual or the past, present, or future payment for the provision of health care to an individual.
The Plan’s Responsibilities
The Plan is required by law to maintain the privacy of your health information and to provide you with this Notice of its legal duties and privacy practices. In addition, the Plan is required to abide by the terms of the Notice currently in effect. The Plan reserves the right to change the terms of this Notice and to make those changes applicable to all health information that the Plan maintains. Any changes to this Notice will be posted in the Benefits department of the Plan Sponsor, and will be available upon request.
Primary Uses and Disclosures of Protected Health Information
In certain circumstances, the Plan is allowed or may be required to use or disclose your health information without obtaining your prior authorization and without offering you the opportunity to object. The most common uses or disclosures of your protected health information include:
- Treatment. The Plan may use or disclose your health information for the purpose of providing, or allowing others to provide, treatment to you. An example would be if your primary care physician discloses your health information to another doctor for the purposes of a consultation. Also, the Plan may contact you with appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
- Payment. The Plan may use or disclose your health information to allow the Plan or other companies to pay claims or receive payment for the health care services provided to you. For example, the Plan may disclose your protected health information when a provider requests information regarding your eligibility for coverage under the Plan.
- Health Care Operations. The Plan may use or disclose your information for the purposes of the Plan’s day-to-day operations and functions including, but not limited to, quality assessment, reviewing provider performance, licensing, and stop-loss underwriting. For example, the Plan may (1) compile your health information, along with that of other patients, in order to allow a team of the Plan’s health care professionals to review that information and make suggestions concerning how to improve the quality of care provided by the Plan; (2) the Plan may disclose or use your health information to answer a question from you, or (3) the Plan may use your information to determine if a treatment that you received was medically necessary.
- Plan Sponsor. The Plan may disclose your protected health information to the Plan Sponsor of the Plan, the City, to administer the Plan or if you sign an authorization to do so.
Other Possible Uses and Disclosures of Protected Health Information
- Required by law. The Plan may use or disclose your health information when required to do so by federal, state or local law. Examples include:
- Public Health Activities. The Plan may use or disclose your protected health information for public health purposes that are allowed or required by law. For example, we may use or disclose information to a public health authority to report diseases, injuries, or vital statistics, or reactions to medications or problems with products, or to notify people of recalls of products they may be using, or who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- Abuse or Neglect. The Plan may use or disclose protected health information to a government authority about victims of abuse, neglect or domestic violence;
- Health Care Oversight Agency. The Plan may disclose protected health information to a health oversight agency for activities authorized by law. These oversight activities include, but are not limited to, audits, investigations, inspections, licensing procedures, or civil, administrative, or criminal proceedings or actions. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws;
- Legal Proceedings. The Plan may disclose your protected health information for judicial or administrative proceedings, such as any lawsuit in which your health information is relevant to the proceedings. This includes responding to a subpoena or discovery request;
- Law Enforcement. Under certain conditions, the Plan may disclose your protected health information to law enforcement officials as part of law enforcement activities, in investigations of criminal conduct or victims of crime, in response to court orders, in emergency circumstances, or when required to do so by law;
- Coroners, Medical Examiners. Funeral Directors, and Organ Donation. The Plan may disclose protected health information to a coroner or medical examiner for purposes of identifying a deceased person, determining a cause of death, or for the coroner or medical examiner to perform other duties authorized by law. The Plan also may disclose, as authorized by law, information to funeral directors so that they may carry out their duties; Further, the Plan may disclose protected health information to organizations that handle organ, eye, or tissue donation and transplantation;
- To Prevent a Serious Threat to Health or Safety. When instances of imminent and serious threat exist as to your health or safety or that of the public or another person, the Plan may disclose your protected health information;
- Military Activity and National Security, Protective Services. Under certain conditions, the Plan may disclose your protected health information for specialized governmental functions, such as military, national security, criminal corrections or public benefit purposes; and
- Worker’s Compensation. As allowed by Texas law, the Plan may disclose your protected health information to comply with worker’s compensation laws and similar programs that provide benefits for work-related injuries or illnesses.
Disclosure to Family or Others Involved in Your care
To the extent authorized by law, the Plan may disclose your health information to your family or other individuals identified by you and when they are involved in your care or the payment for your care. It will only disclose the health information directly relevant to their involvement in your care or payment. The Plan may also use or disclose your health information to notify a family member or another person responsible for your care of your location, general condition or status. The Plan will determine whether a disclosure to your family or friends is in your best interest, and then, to the extent allowed by law, it will disclose only the health information that is directly relevant to their involvement in your care.
Except as described above, disclosures of your health information will be made only with your written authorization. You may revoke your authorization at any time, in writing, unless the Plan has taken action in reliance upon your prior authorization, or if you signed the authorization as a condition of obtaining insurance coverage.
Breach of Unsecured Protected Health Information
You must be notified in the event of a breach of unsecured protected health information. A “breach” is the acquisition, access, use or disclosure of protected health information in a manner that compromises the security or privacy of the protected health information. Protected health information is considered compromised when the breach poses a significant risk of financial harm, damage to your reputation, or other harm to you. This does not include good faith or inadvertent disclosures or when there is no reasonable way to retain the information. You must receive an notice of the breach as soon as possible and no later than 60 days after the discovery of the breach.
The following is a description of your rights with respect to your protected health information.
- To Request Restrictions. You have the right to request restrictions on the use and disclosure of your health information for treatment, payment or health care operations purposes or notification purposes. The Plan is not required to agree with your request (except as described below). If the Plan does agree to a restriction, it will abide by that restriction unless you are in need of emergency treatment and the restricted information is needed to provide that emergency treatment. To request a restriction, obtain the Plan form and submit that form to the Contact Person listed on the final page of this Notice. In addition, you have the right to restrict disclosure of your health information to the Plan for payment or health care operations (but not for carrying out treatment) in situations where you have paid the health care provider out-of-pocket in full. In this case, the Plan is required to implement the restrictions that you request.
- To Confidential Communications. You have the right to receive confidential communications about your own health information. This means that you may, for example, designate that the Plan contact you only via email, or at work rather than home. To request communications via alternative means, or at alternative locations, obtain a Plan form and submit that form to the Contact Person listed on the final page of this Notice.
- To Access and Copy Health Information. You have the right to inspect and copy most health information about you, including your health information maintained in an electronic format. To arrange for access to your records, or to receive a copy of your records, obtain a Plan form and submit that form to the Contact Person listed on the final page of this Notice. If your health information is available in an electronic format, you may request access electronically or you may request that this information be transmitted directly to someone you designate. If you request copies, you will be charged the Plan’s regular fee for copying and mailing the requested information. But, this fee must be limited to the cost of labor involved in responding to your request if you requested access to an electronic health record.
- To Request Amendment. You may request that your health information be amended. Your request may be denied under certain circumstances. If your request to amend your health information is denied, you may submit a written statement disagreeing with the denial, which the Plan will keep on file and distribute with all future disclosures of the information to which it relates. To amend any information, obtain a Plan form and submit that form to the Contact Person listed on the final page of this Notice.
- To an Accounting of Disclosures. You have the right to an accounting of any disclosures of your health information made during the six-year period preceding the date of your request (three years in the case of a disclosure involving an electronic health record). However, the following disclosures will not be accounted for:
- Disclosures made for the purpose of carrying out treatment, payment or health care operations (Note: Does not apply to electronic health records.),
- Disclosures made to you,
- Disclosures of information maintained in the Plan’s patient directory, or disclosures made to persons involved in your care, or for the purpose of notifying your family or friends about your whereabouts,
- Disclosures for national security or intelligence purposes,
- Disclosures to correctional institutions or law enforcement officials who had you in custody at the time of disclosure,
- Disclosures that occurred prior to April 14, 2003,
- Disclosures made pursuant to an authorization signed by you,
- Disclosures that are incidental to another permissible use or disclosure, or
- Disclosures made to a health oversight agency or law enforcement official, but only if the agency or official asks the Plan not to account to you for such disclosures and only for the limited period of time covered by that request.
The accounting will include the date of each disclosure, the name of the entity or person who received the information and that person’s address (if known), and a brief description of the information disclosed and the purpose of the disclosure. To request an accounting of disclosures, obtain a Plan form and submit that form to the Contact Person listed on the final page of this Notice.
- Right to a Paper Copy of this Notice. You have the right to obtain a paper copy of this Notice upon request.
- Law Pertaining to Notice. The Plan is required by law to maintain the privacy of protected health information and provide the individual with notice of legal duties and privacy practice with respect to the information. The plan is required to abide by the terms of this Notice as it is currently in effect.
- Amendment to Notice. The Plan reserves the right to revise, amend and change this Notice and the Plan can make the changes, revisions, and amendments effective for all protected health information that the Plan maintains. A revised notice will be distributed to all Plan participants within sixty (60) days after the revision, amendment or change.
Effective April 20, 2005, the City Employee Health Benefits Plan (the “Plan”) conforms with the requirements of the Security and Privacy requirements of the Health Insurance Portability and Accountability Act (“HIPAA Security Rule”), by establishing the extent to which the City (the “Employer”) will receive, use, and/or disclose Electronic Protected Health Information (“EPHI”).
Employer’s Requirements for Safeguarding EPHI. EPHI will be safeguarded as follows:
- The implementation of administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the EPHI created, received, maintained, or transmitted by the Employer on behalf of the Plan. These administrative, physical, and technical safeguards are implemented through the adoption of HIPAA Policies and Procedures.
- The Plan is allowed to disclose to the Employer information on whether the individual is participating in the Plan, or is enrolled in or has disenrolled from a health insurance issuer or HMO offered by the Plan. Except for such authorized disclosures, the Employer is required to ensure that adequate separation exists between the Employer and the Plan through the implementation of reasonable and appropriate security measures.
- The Employer must ensure that any agent, including a subcontractor, to whom it provides EPHI agrees to implement reasonable and appropriate security measures to protect EPHI.
- The Employer is required to report to the Plan any security incidents of which it becomes aware.
Exceptions to Employer’s Safeguarding of EPHI. The Employer will reasonably and appropriately safeguard EPHI created, received, maintained, or transmitted to or by the Employer on behalf of the Plan, except as disclosed pursuant to:
- A request for summary health information to obtain premium bids from health plans for providing health insurance coverage under the Plan or modifying, amending, or terminating the Plan.
- A request for information on whether the individual is participating in the Plan, or is enrolled in or has disenrolled from a health insurance issuer or HMO offered by the Plan.
- The following HIPAA Policies and Procedures:
- Uses and Disclosures of PHI Based on Patient Authorization;
- Uses and Disclosure of Psychotherapy Notes;
- Uses and Disclosure of PHI for Marketing
- Revocation of Authorization to Release PHI; and
- Authorization Form
You may complain to the Plan if you believe that we have violated your privacy rights by completing a complaint form obtained from the Privacy Officer, Holly H. Moyer. You may also complain to the Secretary of the Department of Health and Human Services. No action will be taken against you for filing a complaint.
Designated Contact Person
Holly H. Moyer, the Privacy Officer, is the designated contact person for the Plan. You can contact her at 817-392-7847.