Privacy Policy
NOTICE OF PRIVACY POLICY AND PRACTICES
FOR HOLIDAY HOME HEALTHCARE CORPORATION OF EVANSVILLE (“THE PLAN”)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU MAY OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
PURPOSE OF THIS NOTICE
The plan collects a variety of the personal information supplied by its plan participants and understands the importance of keeping information confidential and secure. This notice describes how The Plan protects this confidentiality of the personal information it receives. These practices apply to current and former participants in the Plan.
TYPES OF PERSONAL INFORMATION THE PLAN COLLECTS
The plan collects a variety of personal information to assist the Plan Sponsor in administering a participants health coverage. Some of this information is provided by participants on enrollment forms, surveys and correspondence (such as address, social security number, and dependent information. The Plan retains this information after a participant’s coverage under the fully insured group health plan ends. The Plan limits the collection of personal information to that which is necessary to administer the Plan and meet regulatory requirements.
HOW THE PLAN PROTECTS PERSONAL INFORMATION
The Plan treats personal information securely and confidentially. The Plan limits access to personal information to only those persons who need to know that information to provide products or services to the Plan Sponsor and/or participants. These persons are trained on the importance of safeguarding this information and must be named on the Confidentiality Agreement established by the Plan in accordance with procedures and applicable law. The Plan applies strict physical, electronic, and procedural security standards to protect personal information and to maintain internal procedures to promote the integrity and accuracy of that information.
DISCLOSURE OF PERSONAL INFORMATION
The Plan may share any of the personal information it collects (as described above) as permitted by law. The Plan may also disclose this information to non-affiliated entities or individuals as permitted or required by law. Non-affiliates with whom we may disclose information as permitted by law include our third party administrator, attorneys, accountants and auditors, the Plan Sponsor’s authorized representatives, a participant’s authorized representative, healthcare providers, Preferred Provider Organizations, and law enforcement or regulatory authorities. The Plan does not disclose personal information about any participant to any other third party without a participant’s request, consent or authorization. The Plan participant may, at any time, revoke his/her consent or authorization to release personal information.
INDIVIDUAL RIGHTS TO ACCESS AND CORRECT INFORMATION
The Plan has procedures for a participant to access proper, reasonable and specific information, and will make this information available to the participant upon proper, reasonable and specific written request and consent. If you would like a copy of your personal information or believe your information is not accurate, please send your request in writing to:
Human Resources Director
Holiday Home Health Care of Evansville
1202 W. Buena Vista Rd, Evansville, IN 47710
FURTHER INFORMATION
The Plan may amend its privacy policy from time to time in accordance with applicable law. The Plan will advise participants of its privacy and practices at least once every three years. Additionally, the notice of privacy and practices will be available to participants upon written request at no cost to the participant.
HITECH ACT
Effective September 23, 2009, the Health Information Technology for Economic and Clinical Act (HITECH Act) went into effect. The HITECH Act is the HIPAA Privacy and Security provision of the American Recovery and Reinvestment Act of 2009 (ARRA).
Under the HITECH Act, employer-sponsored health plans and other HIPAA covered entities (e.g. health care providers) must notify affected individuals HHS and sometimes the media when unsecured PHI is breached.
As an employee of Holiday Home Health Care Corporation of Evansville, we have addressed HIPAA confidentiality requirements in this HIPAA policy. Holiday Home Health Care Corporation of Evansville will comply with the HITECH Act as an employer, committing to the following additional duties.
- In the unlikely event that Holiday Home Health Care Corporation of Evansville discovers a breach of unsecured PHI, Holiday Home Health Care Corporation of Evansville will notify the PHI contact of each affected client without unreasonable delay after discovery of the breach. In no case will this delay exceed sixty (60) days. Breaches are treated as discovered on the first day on which such breach is known to the company or by exercising reasonable diligence should have been known to the company.
- The HITECH Act requires covered entities (e.g. employers sponsoring health plans) to make additional disclosures. These include notifications to individuals, HHS, and/or prominent media outlets. A breach is defined as ‘the acquisition, access Use, or disclosure of (PHI) in a manner not permitted under (HIPAA) which compromises the security or privacy of the (PHI).
- Unsecured PHI is defined as any PHI “that is not rendered unusabkl, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specific by the Secretary (i.e. encryption or destruction).
- In addition, Holiday Home Health Care Corporation of Evansville agrees to comply with the Security safeguards and documentation requirements in the HIPAA regulations.
- Holiday Home Health Care Corporation of Evansville agrees to refrain from directly or indirectly receiving remuneration in exchange for any PHI of an individual unless such exchange is specifically allowed by HIPAA.
- Holiday Home Health Care Corporation of Evansville agrees to comply with the marketing limitations identified in the HITECH Act.
Any required of PHI disclosures by Holiday Home Health Care Corporation of Evansville shall comply with the HITECH Act.