 |
| Privacy Policy
|
 |
NOTICE OF INFORMATION PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
To Our Customers and Potential Customers:
Horizon Blue Cross Blue Shield of
New Jersey and its affiliated companies * want you to know that we recognize
our obligation to keep information
about you secure and confidential.
Unlike many other financial
and health institutions, we do not sell
information about you, and we do not
share your information except to conduct
our business — Making
Healthcare Work®' for you.
As required by law, we publish this
Notice to explain the information that
we collect and how we maintain use
and disclose it in administering your
benefits. We will abide by the statements made in this Notice. Except as
permitted by law and as explained in
this Notice, we do not disclose any information
about our past, present, or
future customers to anyone. When
we use the terms "Customer
Information," we are referring to financial
or health information that is "nonpublic,"
including any information from
which a judgment could possibly be
made about you. When we use the
terms "Protected Health Information" or
"PHI," we are referring to individually
identifiable information concerning
the provision of, or payment for,
health care to you. We refer to
Customer Information and PHI collectively
as "Private Information."
Members of Self-Funded Plans
If you are a participant or beneficiary
of a self-funded group health plan, we
may use and disclose your Private
Information as described in this Notice.
However, our use or disclosure is dictated
by an arrangement with your employer or other sponsor of your benefits plan. That
plan sponsor may have additional uses
and disclosures of your Private Information
that are not accounted for here. With
respect to your individual rights, you should
ask your plan administrator how to exercise
those rights, along with any other question
or problem you may have regarding your
plan's privacy policies and practices.
What information do we collect?
In providing your health coverage, we
collect Customer Information and PHI from
the following sources:
- Information we receive from you or
your policyholder on applications or
other forms;
- Information we obtain from your
transactions with us, our affiliates, or
others, such as health care providers; and
- Information we receive from consumer
reporting agencies or others, such as
state regulators and law enforcement
agencies.
How do we protect Private Information?
Our employees understand the need to
maintain your Private Information in the
strictest confidence. They agree to be
bound by that promise of confidentiality
and are subject to disciplinary action if
they violate that promise. We also maintain
physical, electronic, and procedural
safeguards to guard your Private
Information. Finally, in those situations
when we rely on a third party to perform
business, professional, or insurance services or functions for us, that third party
must agree to protect and safeguard your
Private Information. That business
associate must also agree to use it
only as required to perform those
functions it performs for us and as
otherwise permitted by law. In these
ways, we carry out our confidentiality
commitments to you.
When must we seek your
authorization before disclosing
Private Information?
There may be circumstances when
we will seek your authorization before
making a disclosure of your Private
Information. This is to ensure that we
have your permission to make that
disclosure. For example, you may
have asked someone who is not your
personal representative (and is not
the policyholder or certificate holder)
to contact us on your behalf to discuss
the way we have paid your claim.
Before we begin discussing your
Private Information with that person,
we would seek your authorization to
do so, unless otherwise permitted or
described in this Notice.
If you give us your authorization, you
are permitted to revoke that authorization
at any time in writing. We will honor
your revocation once it is processed,
except to the extent that we have
taken action in reliance upon your
original authorization.
Uses and Disclosures of Private
Information That Do Not Require
Authorization
Most of our use and disclosure of your Private Information occurs in
administering your coverage. In
those instances, we are not required
to seek your authorization. For
instance, we are generally permitted
to make disclosures of your Private
Information without authorization for
purposes of treatment, payment, and
health care operations. In this Notice,
we provide examples of those purposes,
although not every use or disclosure
that falls into those categories is listed.
Please note that we will limit the
disclosure of certain information in
accordance with laws governing the
special nature of the information (e.g.,
HIV/AIDS, substance abuse, or genetic
information). Also, where a state
permits minors of a certain age to
seek treatment without parental consent,
information that would normally be
provided to our customers may be
limited. That is because we must protect the privacy of that minor's information in accordance with those state
laws.
| • |
Payment Activities
We use and disclose Private
Information in connection with your
health care coverage to determine
your eligibility for coverage and
benefits, and to see that the treatment
and services you receive are
properly billed and paid. To do this,
we may share Private Information
with health care providers, their
billing agents, insurance companies,
and others. Our payment activities
can also include the use of Private
Information for: risk adjustment, billing, claims management, collection
activities, utilization review, medical
necessity determinations, underwriting,
and other rate-setting activities.
For example, a claim for medical
services rendered to you may be
submitted from a billing service on
behalf of your provider. Our claims
processors will then use your Private
Information to process your claim.
If we need additional information to
process it, we may contact your
provider to obtain that information.
When we do that, we disclose
Private Information to your provider
in order to identify and discuss
your claim with him or her. Your
provider then discloses the needed,
additional Private Information
that will enable us to
properly process your claim.
In this example, each of these entities
involved — your provider,
his or her billing service, and
Horizon BCBSNJ and/or its affiliated
companies — is covered by and
must protect the privacy
of your Private
Information, either because they are
"covered entities" or "business
associates" of covered entities
under the federal privacy
regulations.
|
| • |
Health Care Operations Activities
We use and disclose Private
Information to conduct our health
care business, including all the
activities that are defined by federal
regulation as "health care operations."
They include, but are not limited to,
case management and care coordination,
utilization review, quality assessment and improvement, network
provider credentialing, population-based research to
improve health or
reduce health care costs, and contacting
providers and members with information about treatment alternatives.
For example, we may use Private
Information to remind you about
the value of preventive care or the
availability of a disease management
program. Other health care
operations activities include the use of
Private Information for compliance
and auditing activities, evaluating
provider performance, underwriting,
formulary development, information
systems management, fraud and
abuse detection (by ourselves or
for other plans or providers), facilitation
of a sale, transfer, merger, or
consolidation of all or part of
Horizon BCBSNJ and/or its affiliated
companies with another entity
(including due diligence related
to the transaction), customer service,
and general business management.
|
| • |
Health-Related Activities
We may use or disclose your
Private Information for a number
of treatment-related activities. We
are permitted to tell you about
possible treatment options or
alternatives, inform you of
health-related benefits or services,
inform you of a relevant disease
management program that may be
of interest to you, and seek your
voluntary participation in such
programs to help improve your
health and assist in the coordination
of your overall health care. For
example, our diabetes disease
management business associate
may, after reviewing PHI that we
had provided, determine that you
may suffer from diabetes. You may
then receive a notice that we have
enrolled you in our disease management
program. If you do not want further contact about, or to participate
in, the program, you only need
to notify us. Our business associate
may not use or disclose
your information further, as it
may only use that information
as permitted by its contract
with us.
|
| • |
Treatment, Payment, and Health
Care Operations of Other
Covered Entities
We may disclose your PHI for
another covered entity's treatment,
payment, and health care operations
purposes. For example, we may
disclose your PHI when it would
facilitate payment for services
under another health plan. In addition,
we are permitted to disclose PHI to
other covered entities, so that they
can conduct certain aspects of their
health care operations. We may
also disclose it to them for purposes
of fraud and abuse detection or
compliance. But we will only
disclose PHI to another covered
entity for these purposes if
that covered entity has or had a
relationship with you.
|
| • |
Disclosures to Family Members
Unless you notify us in writing
otherwise, we may disclose your
Private Information to a family
member, close personal friend, the
subscriber of your health benefits
plan, or any other person you identify who
is involved in your care or
payment for that care. We can only
disclose your Private Information
that is relevant to that person's
involvement with your care or pay
for that care. In the context of
spouse-to-spouse and parent-to-child
relationships, including both minor and
adult children, we will deem the spouse
or parent to be the personal representative
of the other spouse or the child, as
applicable. We will do this unless you
notify us in writing that you do not wish
that individual to serve as your personal
representative for purposes of receiving
your Private Information. Contact
Member Services as described in this
Notice to designate or undesignate a
personal representative involved in your
care or coverage.
|
| • |
Additional Reasons for Disclosure
We may also use or disclose Private
Information to:
- The certificate holder or
policyholder of your coverage,
if it is information regarding the
status of an insurance transaction,
as permitted by law;
- Military authorities, if you are or
were previously a member of the
armed forces;
- Further public safety or, when
requested by federal officials, for
national security or intelligence
activities or for the protection of
public officials;
- Appropriate bodies for public
health activities, including the reporting of child abuse or neglect,
reporting adverse events or
product defects, or for Food and
Drug Administration reporting;
- A health oversight agency for
activities such as audits,
investigations, licensure, or for
disciplinary actions or civil, administrative,
or criminal proceedings. These
disclosures are necessary for the
government to oversee the health
care system, government benefits
programs for compliance with standards,
and compliance with civil rights laws;
- Contact you for fundraising purposes;
- Appropriate bodies in response
to a subpoena or court order, or
in response to litigation that directly
involves us or your group health plan;
- A correctional institution or a law
enforcement agency, if you are an
inmate or are in the custody of
law enforcement;
- The plan sponsor employees who are designated by the plan
administrator as those who are
assisting in plan administration.
The federal privacy regulation
requires your plan administrator to
secure certain representations
from the plan sponsor to protect
your information. The plan
administrator must see that the
plan sponsor complies with certain
privacy requirements and agrees
not to use that information for
employment-related decisions; and
- Conduct permissible marketing-type
activities, either ourselves or through
other companies on our behalf,
such as health-related
products or services, or to
other financial and health institutions
with which we have joint
marketing agreements.
|
You should understand that, except
in the circumstances described in this
document, we will not disclose your
Private Information without a written
authorization from you. And except
for disclosures of PHI made directly to
you, for your treatment, or pursuant
to your authorization, federal rules
require us to use and disclose only
the minimum PHI necessary to
accomplish our purpose. For example,
if we need to disclose your PHI to our
utilization review care manager to
help determine the medical necessity
of one particular claim, we would likely
not disclose your entire claim history
and medical record. That is because
your entire record is probably not
necessary in order to make the
determination for that one claim.
Legal Rights Related to
Private Information
| • |
The federal privacy rules entitle you
to request access, inspection, and
copying of your PHI that we may
maintain about you that is included
in what is called a "designated
record set." But we are not
required to maintain it, except for
certain documentation
related to privacy
rule compliance or as may otherwise
be required by law.
|
| |
You may have a state law right to
request, in writing, to inspect and
obtain a copy of Customer
Information about you. This does
not include information that relates
to, and is collected in connection
with or in anticipation of, a claim or
civil or criminal proceeding involving you. It also does not include information which we are prohibited
by law from releasing.
You must reasonably
describe the information you seek in
your written request, and the information
must be reasonably locatable and
retrievable by us. We may charge
you a fee to cover the cost of providing
this Customer Information.
|
| • |
The federal privacy rules create a
right to request amendment of your
PHI included in the designated
record set. We may deny your
request pursuant to those rules if
we determine that our records are
accurate and complete or were not
created by us, the information is not
contained in our designated record
set, or if access is otherwise
restricted by law.
|
| |
State law may entitle you to request
that we amend or delete Customer
Information about you that we have
in our records if you believe that the
information is incorrect or incomplete.
We may deny this request. However,
if we do so, we must advise you of
the reasons for the denial and
advise you of your right to file a
statement of rebuttal.
|
| • |
The federal privacy rules entitle
you to request restrictions
on our use and disclosure
of PHI for treatment,
payment, or health care operations
purposes (described in this
Notice). We will consider
each request, but we are
not required to agree to any
restrictions.
|
| • |
The federal privacy rules entitle
you to request to receive
confidential communications
of PHI if disclosing this
information by the usual
means could endanger you. We
will accommodate all reasonable
requests, subject to the restrictions
and capabilities of our information
processing systems. A verbal
request may be considered, but
must be followed up in writing.
|
| • |
The federal privacy rules entitle
you to request to receive an
accounting of certain disclosures
of your PHI made by us, such as
disclosures to health oversight
agencies. These do not include
disclosures made for purposes of
treatment, payment, or health care
operations. A similar right may
exist under state law.
|
If you wish to exercise any of the
legal rights described in this Notice,
you must do so in writing. To
obtain further information about these
rights, or if you would like to make
such a request, please contact:
Member Services
PO Box 820
Newark, NJ 07101-0820
or
Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200
Keeping Up to Date With Our
Privacy Practices
Horizon BCBSNJ and its affiliated
companies will provide you with a
Notice of Information Privacy
Practices annually, as long as you
maintain an ongoing customer
relationship with us. Our policies
may change as we periodically review
and revise them, and as we complete
our implementation of the federal
rules on privacy of PHI. We will
provide you with a new Notice if the
changes are significant.
It may be necessary to use or disclose
your Private Information for the
purposes described in this Notice
even after coverage has terminated.
Thus, we do not necessarily destroy
your Private Information upon the
termination of your coverage.
However, any information we keep
must be kept secure and private, and
used only for permissible purposes.
Complaints
You may file a complaint with Horizon
BCBSNJ and its affiliated companies
if you feel that your privacy rights
have been violated. All complaints
must be submitted in writing. A
verbal complaint will be processed, but we will request that it be
documented in writing. To file a complaint, contact:
Member Services
PO Box 820
Newark, NJ 07101-0820
or
Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200
You may also complain to the
U.S. Secretary of Health and
Human Services, who is
responsible for
overseeing compliance with the
federal privacy law. You will
not be retaliated against for
filing a complaint. If you have
any questions or comments
about this Notice, or want to
request another copy of it, you
can call Member Services at
1-800-355-BLUE, or contact:
Privacy Office
Three Penn Plaza East, PP-16F
Newark, NJ 07105-2200.
|
