Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

To Our Members and Potential Members:

Horizon Blue Cross Blue Shield of New Jersey and its affiliated companies * want you to know that we recognize our obligation to keep information about you secure and confidential. Unlike many other financial and health institutions, we do not sell information about you, and we do not share your information except to conduct our business — Making Healthcare Work®' for you.

As required by law, we publish this Notice to explain the information that we collect and how we maintain use and disclose it in administering your benefits. We will abide by the statements made in this Notice. Except as permitted by law and as explained in this Notice, we do not disclose any information about our past, present, or future members to anyone. When we use the terms "Member Information," we are referring to financial or health information that is "nonpublic," including any information from which a judgment could possibly be made about you. When we use the terms "Protected Health Information" or "PHI," we are referring to individually identifiable information concerning the provision of, or payment for, health care to you. We refer to Member Information and PHI collectively as "Private Information."

Website Personal Information

For each visitor to our website, our web server automatically recognizes only the consumer's domain name, but not the e-mail address. We only collect the e-mail addresses of those who communicate with us via e-mail.

We collect and group together user-specific information on what pages consumers access or visit.

We collect information volunteered by the consumer such as survey information and/or site registrations, name and address, telephone number; and member- or provider-specific identifiers such as member or provider ID, TIN, etc.

The information we collect is used to customize the content and/or layout of our page for each individual visitor. Information is used to analyze consumer viewing patterns. It is also shared with agents or contractors to assist in providing support for our internal operations. The information is disclosed when we are legally required to do so at the request of governmental authorities conducting an investigation to verify or enforce compliance with the policies governing our website and applicable laws, or to protect against misuse or unauthorized use of our website.

Members of Self-Funded Plans

If you are a participant or beneficiary of a self-funded group health plan, we may use and disclose your Private Information as described in this Notice. However, our use or disclosure is dictated by an arrangement with your employer or other sponsor of your benefits plan. That plan sponsor may have additional uses and disclosures of your Private Information that are not accounted for here. With respect to your individual rights, you should ask your plan administrator how to exercise those rights, along with any other question or problem you may have regarding your plan's privacy policies and practices.

What information do we collect?

In providing your health coverage, we collect Member Information and PHI from the following sources:

  • Information we receive from you or your policyholder on applications or other forms;
  • Information we obtain from your transactions with us, our affiliates, or others, such as health care providers; and
  • Information we receive from consumer reporting agencies or others, such as state regulators and law enforcement agencies.

How do we protect Private Information?

Our employees understand the need to maintain your Private Information in the strictest confidence. They agree to be bound by that promise of confidentiality and are subject to disciplinary action if they violate that promise. We also maintain physical, electronic, and procedural safeguards to guard your Private Information. Finally, in those situations when we rely on a third party to perform business, professional, or insurance services or functions for us, that third party must agree to protect and safeguard your Private Information. That business associate must also agree to use it only as required to perform those functions it performs for us and as otherwise permitted by law. In these ways, we carry out our confidentiality commitments to you.

When must we seek your authorization before disclosing Private Information?

There may be circumstances when we will seek your authorization before making a disclosure of your Private Information. This is to ensure that we have your permission to make that disclosure. For example, you may have asked someone who is not your personal representative (and is not the policyholder or certificate holder) to contact us on your behalf to discuss the way we have paid your claim. Before we begin discussing your Private Information with that person, we would seek your authorization to do so, unless otherwise permitted or described in this Notice.

If you give us your authorization, you are permitted to take back that authorization at any time in writing. We will honor your revocation once it is processed, except to the extent that we have taken action in reliance upon your original authorization.

Uses and Disclosures of Private Information That Do Not Require Authorization

Most of our use and disclosure of your Private Information occurs in administering your coverage. In those instances, we are not required to seek your authorization. For instance, we are generally permitted to make disclosures of your Private Information without authorization for purposes of treatment, payment, and health care operations. In this Notice, we provide examples of those purposes, although not every use or disclosure that falls into those categories is listed.

Please note that we will limit the disclosure of certain information in accordance with laws governing the special nature of the information (e.g., HIV/AIDS, substance abuse, or genetic information). Also, where a state permits minors of a certain age to seek treatment without parental consent, information that would normally be provided to our members may be limited. That is because we must protect the privacy of that minor's information in accordance with those state laws.

Treatment, Payment, and HealthCare Operations of Other Covered Entities

We may disclose your PHI for another covered entity's treatment, payment, and health care operations purposes. For example, we may disclose your PHI when it would facilitate payment for services under another health plan. In addition, we are permitted to disclose PHI to other covered entities, so that they can conduct certain aspects of their health care operations. We may also disclose it to them for purposes of fraud, waste and abuse detection or compliance. But we will only disclose PHI to another covered entity for these purposes if that covered entity has or had a relationship with you.

Additional Reasons for Disclosure

We may also use or disclose Private Information to:

  • The certificate holder or policyholder of your coverage, if it is information regarding the status of an insurance transaction, as permitted by law;
  • Military authorities, if you are or were previously a member of the armed forces;
  • Further public safety or, when requested by federal officials, for national security or intelligence activities or for the protection of public officials;
  • Appropriate bodies for public health activities, including the reporting of child abuse or neglect, reporting unfavorable events or product defects, or for Food and Drug Administration reporting;
  • A health oversight agency for activities such as audits, investigations, licensure, or for disciplinary actions or civil, administrative, or criminal proceedings. These disclosures are necessary for the government to oversee the healthcare system, government benefits programs for compliance with standards, and compliance with civil rights laws;
  • Contact you for fundraising purposes;
  • Appropriate bodies in response to a subpoena or court order, or in response to litigation that directly involves us or your group health plan;
  • A correctional institution or a law enforcement agency, if you are an inmate or are in the custody of law enforcement;
  • The plan sponsor employees who are designated by the plan administrator as those who are assisting in plan administration. The federal privacy regulation requires your plan administrator to secure certain representations from the plan sponsor to protect your information. The plan administrator must see that the plan sponsor complies with certain privacy requirements and agrees not to use that information for employment-related decisions; and
  • Conduct permissible marketing-type activities, either ourselves or through other companies on our behalf, such as health-related products or services, or to other financial and health institutions with which we have joint marketing agreements.

 

You should understand that, except in the circumstances described in this document, we will not disclose your Private Information without a written authorization from you. And except for disclosures of PHI made directly to you, for your treatment, or pursuant to your authorization, federal rules require us to use and disclose only the minimum PHI necessary to accomplish our purpose. For example, if we need to disclose your PHI to our utilization review care manager to help determine the medical necessity of one particular claim, we would likely not disclose your entire claim history and medical record. That is because your entire record is probably not necessary in order to make the determination for that one claim.

Legal Rights Related to Private Information

  • The federal privacy rules create a right to request amendment of your PHI included in the designated record set. We may deny your request pursuant to those rules if we determine that our records are accurate and complete or were not created by us, the information is not contained in our designated record set, or if access is otherwise restricted by law.
  • The federal privacy rules entitle you to request restrictions on our use and disclosure of PHI for treatment, payment, or health care operations purposes (described in this Notice). We will consider each request, but we are not required to agree to any restrictions.
  • The federal privacy rules entitle you to request to receive an accounting of certain disclosures of your PHI made by us, such as disclosures to health oversight agencies. These do not include disclosures made for purposes of treatment, payment, or health care operations. A similar right may exist under state law.

If you wish to exercise any of the legal rights described in this Notice, you must do so in writing. To obtain further information about these rights, or if you would like to make such a request, please contact:

Member Services
PO Box 820
Newark, NJ 07101-0820

Or

Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200


Keeping Up to Date With Our Privacy Practices

Horizon BCBSNJ and its affiliated companies will provide you with a Notice of Information Privacy Practices annually, as long as you maintain an ongoing member relationship with us. Our policies may change as we periodically review and revise them, and as we complete our implementation of the federal rules on privacy of PHI. We will provide you with a new Notice if the changes are significant.

It may be necessary to use or disclose your Private Information for the purposes described in this Notice even after coverage has terminated. Thus, we do not necessarily destroy your Private Information upon the termination of your coverage. However, any information we keep must be kept secure and private, and used only for permissible purposes.

 

Complaints

You may file a complaint with Horizon BCBSNJ and its affiliated companies if you feel that your privacy rights have been violated. All complaints must be submitted in writing. A verbal complaint will be processed, but we will request that it be documented in writing. To file a complaint, contact:

Member Services
PO Box 820
Newark, NJ 07101-0820

or

Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200


You may also complain to the U.S. Secretary of Health and Human Services, who is responsible for overseeing compliance with the federal privacy law. We will not hold it against you for filing a complaint. If you have any questions or comments about this Notice, or want to request another copy of it, you can call Member Services at 1-877-765-4325 (TTY: 711) , or contact:

Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200.

*The Horizon Blue Cross Blue Shield of New Jersey affiliated companies, independent licensees of the Blue Cross and Blue Shield Association, are:

Horizon Healthcare Services, Inc. d/b/a/ Horizon Blue Cross Blue Shield of New Jersey

Horizon Healthcare of New Jersey, Inc., including its Horizon NJ Health Medicaid line of business

Horizon Healthcare Dental, Inc.

Horizon Casualty Services, Inc.**

** This affiliate is not a covered entity subject to the federal privacy rules.