This Notice describes the privacy practices of TruAssure Insurance Company (collectively, “we” or “us” or the Company). These entities have designated themselves as a single affiliated covered entity for purposes of the privacy rules under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) and each has agreed to abide by the terms of this Notice and may share protected health information with each other as necessary for treatment, payment or to carry out health care operations, or as otherwise permitted by law.
We understand that health information about you is personal. We are committed to protecting the confidentiality of your health information that we maintain and using your information appropriately.
We are required by law to maintain the privacy of your health information and to provide you with this notice of our legal duties and privacy practices with respect to your health information and to notify affected individuals following a breach of unsecured PHI. This Notice explains how we may use your health information and when we can share that information with others. This Notice also informs you of your rights with respect to your health information and how you may exercise those rights.
We comply with all applicable provisions of HIPAA and the Health Information Technology for Economic and Clinical Health (“HITECH”) Act and their implementing regulations. We maintain a breach reporting policy and have in place appropriate safeguards to track required disclosures and meet appropriate reporting obligations. In addition we comply with the “Minimum Necessary” requirements when using or disclosing your health information or when requesting your health information.
The HIPAA Privacy Rule protects only certain health information known as “Protected Health Information” (“PHI”). Generally, PHI is individually identifiable health information, including demographic information, transmitted or maintained by us, regardless of form (oral, written or electronic). Generally, PHI may be used without authorization for only treatment, payment or health care operation purposes. While we do not provide treatment, we may use or disclose your PHI by providing it to healthcare providers in connection with your treatment. We also may use your PHI for payment purposes on a claim or to determine if insurance will be provided.
This Notice does not apply to information that has been de-identified. De-identified information is information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.
We are allowed to use or share health information about you for certain purposes without your authorization, as permitted by federal and state law. The following categories describe different ways we may use and disclose health information. Not every use or disclosure in a category will be listed, but all of the ways we are permitted to use and disclose information will fall within one of the categories.
Payment: We may use or disclose PHI about you to obtain payment for your treatment and to conduct other payment related activities, for example, determining eligibility for benefits, billing, adjudicating your health claims, making coverage decisions, administering benefits and coordinating benefit payments.
Treatment: We may use or disclose your PHI to facilitate medical treatment or services by providers. For example, we may disclose information about prior treatment to a provider if the prior treatment affects coverage for the current treatment.
Health Care Operations: We may use or disclose your health information in connection with our health care operations, including conducting quality assessment and improvement activities, training, licensing, or credentialing activities, setting rates, conducting or arranging for treatment review, legal services and audit functions including fraud and abuse detection and compliance programs; resolving grievances and other activities related to coverage determinations, carrying out a wellness program and conducting business planning and general administrative activities.
Use by Business Associates: We may contract with individuals or entities known as Business Associates to perform various functions or to provide certain types of services on the Company’s behalf. In order to perform those functions or provide these services, Business Associates may receive, create, maintain, use and/or disclose your PHI, but only if they agree in writing with the Company to implement appropriate safeguards regarding your PHI.
Disclosure to Health Plan Sponsor, Which May Be Your Employer: If you are covered under a group benefit program, your health information may be disclosed to the sponsor of the health plan under which your benefits are provided solely for the purposes of administering benefits under the health plan. The plan sponsor may be your employer or affiliated with your employer. Health information may also be disclosed to another health plan maintained by that plan sponsor for purposes of facilitating claims payments under that other health plan. We will make disclosures to the plan sponsor only if the plan sponsor has certified that it has put into place plan provisions requiring the sponsor to keep the health information protected.
We may, however, disclose certain health information to the plan sponsor without a certification in some circumstances. We may disclose summary health information to the plan sponsor to obtain premium bids or modifying, amending, or terminating the group health plan. Summary health information is summary claims information that has been stripped of most information that can link it to particular individuals. We also may disclose information on whether you have enrolled in or disenrolled from your benefit program.
Health Related Benefits and Services: We may use or disclose health information about you to communicate to you about health-related benefits and services. For example, we may communicate to you about health related benefits and services that add value to, but are not part of, your health plan.
We may also be required to release your health information, without your authorization, to others for the following reasons:
Required By Law: We may report your PHI, for example, in the event of suspected fraud, to state and federal agencies that regulate us or providers, such as the U.S. Department of Health and Human Services, the Illinois Department of Insurance or the Illinois Department of Financial and Professional Regulation.
Public Health Activities: We may share your PHI with a public health authority that collects or receives information to prevent or control disease, injury or disability.
Military and Veterans : If you are a member of the armed forces, we may release PHI about you if required by military command authorities.
Victims of Abuse, Neglect or Domestic Violence: We may report your PHI to a government authority regarding child abuse, neglect or domestic violence.
Health Oversight Activities: We may share your PHI with a health oversight agency for certain activities including audits, inspections, licensure or disciplinary actions.
Lawsuits and Disputes: We may provide your PHI to a court or an administrative agency, for example, pursuant to a court order or subpoena.
Law Enforcement: We may report your PHI to a law enforcement official for purposes, for example, of identifying or locating a suspect, fugitive, material witness or missing person or in response to a grand jury subpoena, an administrative subpoena or a civil or criminal investigation.
What Are Your Rights
You have the following rights regarding health information
the Company maintains about you:
You have the right to inspect and copy your health records: You have the right to inspect and obtain a copy of the information that we maintain about you in your designated record set (“health records”). Your health records typically include claim and payment information. A request to inspect and copy these records should be made in writing to the Compliance Department at the address listed below. If you request a copy of this information, we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. In certain situations, we may deny your request to inspect a copy or obtain a copy of your information. If we deny part or all of your request, we will provide you with a written denial that explains our reasons for doing so. If you are denied access to PHI, you may request that the denial be reviewed by submitting a written request to the Compliance Department at the address listed below.
You have the right to ask us to make changes to your health records: If you believe that any health information we have about you is incorrect or incomplete, you may ask us to make changes to this information. These changes are known as “amendments.” You have the right to request an amendment for as long as the information is kept by or for us. To request an amendment, your request must be made in writing and include a reason supporting the requested change. Please submit the request to the Compliance Department at the address listed below. We may deny your request for an amendment if it is not in writing or does not include a reason. We may also deny your request for amending your health information if it covers health records that:
were not created by us, unless the person who actually created the information is no longer available to make the amendment;
are not part of the information which you would be permitted to inspect and copy;
are not part of the health records kept by or for us; or
are accurate and complete.
We are not required to amend your PHI, but if we deny your request, we will provide you with information about our denial and how you can contest the denial. If you submit a written statement explaining your disagreement, we will include it in your records.
You have the right to receive an accounting of certain disclosures: You may request an accounting of disclosures of your PHI that we have made, except for disclosures we made to you or pursuant to your written authorization, or that were made for treatment, payment or health care operations, national security or incident to other permissible disclosures. You must submit your request in writing to the Compliance Department at the address listed below. Your request should specify a time period of up to six years. We will provide one list of disclosures to you per 12-month period free of charge; we may charge you for additional lists. Ordinarily, we will respond to your request within 60 days. If we need more time, we will notify you in writing.
You have the right to ask us to restrict the use or disclosure of your information: You have the right to ask us to restrict information about you that we use or disclose for payment or health care operations. You also have the right to request us to restrict information that we may release to someone who is involved in your care or the payment for your care. Please note that, with limited exceptions, we are not required to agree to these restrictions. To request restrictions, you must make your request in writing to the Compliance Department at the address listed below. In your written request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse).
You have the right to ask to receive confidential communications of information: If you believe that you would be harmed if we send your health information to your current mailing address (for example, in situations involving domestic disputes), you can ask us to send the health information by alternate means (for example, by facsimile or e-mail) or to an alternate address.
We will accommodate your reasonable requests to receive communications from us by alternative means or at alternative locations to the extent our claims management system has that capability. Further, we will not ask you the reason for your request. To request confidential communications, you must send a written request to the Compliance Department at the address listed below. Your request must specify how or where you wish to be contacted.
You have the right to receive a paper copy of this Notice upon request: You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to obtain a paper copy of this Notice from us upon request.
You may also obtain a copy of the current version of the Notice of Privacy Practice and Rights of the Company at its website: www.truassure.com
CHANGES TO THIS NOTICE
We may amend this Notice of Privacy Practices at any time in the future and make the new Notice provisions effective for all PHI that we maintain. We will advise you of any significant changes to the Notice. We are required by law to comply with the current version of this Notice.
If you believe your privacy rights or rights of notification in the event of a breach of your PHI have been violated, you may file a complaint with us or with the Office of Civil Rights (“OCR”). Complaints about this Notice or about how we handle your PHI should be submitted in writing to the Compliance Department at the address listed below.
A complaint to the Office of Civil Rights should be sent to the Office of Civil Rights, U.S. Department of Health & Human Services, 233 North Michigan Avenue, Suite 240, Chicago, Illinois 60601, 312-886-2359; 312-353-5693 (TDD); 312-886-1807 (facsimile). You may also visit OCR’s website at http://www.hhs.gov/ocr/privacy. You will not be penalized, or in any other way retaliated against for filing a complaint with us or the Office of Civil Rights.
SEND ALL WRITTEN REQUESTS REGARDING THIS NOTICE OF PRIVACY PRACTICES TO:
TruAssure Insurance Company
111 Shuman Boulevard
Naperville, Illinois 60563
You have the right to ask us questions about matters covered by this Notice. To do so, please contact the Compliance Department at the address listed above, by e-mail at Compliance@TruAssure.com, or by telephone at 630-718-4995.