Notice of Privacy Practices
Last updated: July 3, 2020
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. please review it carefully.
Information Covered By This Notice
“Medical information,” also known as Protected Health information, is information that identifies you and was created or received by a healthcare provider or a health plan. This information relates to your physical or mental health or condition, and can concern healthcare services that you receive or your payments for these services. Medical information includes individually identifiable information like your name, address, telephone number, Medicare Beneficiary number, and financial information.
Medical information is distinguished from information that we collect online but do not link to your medical information. We protect that information in accordance with our Privacy Policy, and federal and state privacy laws that apply to non-medical personal information.
Reasons for Using or Disclosing Your Medical Information
We use and disclose your medical information to conduct activities related to your medical diagnosis and treatment, including preventive health, disease management, case management and care coordination, payment for services provided to you by healthcare providers and for our healthcare operation activities. For example, with regard to:
Diagnosis and Treatment
We may disclose your medical information to a dentist, dental clinic or other healthcare provider who cares for you; or who is appointed by you, or by us at your request to:
- supplement your records,
- provide treatment,
- send information for patient safety,
- other treatment-related reasons, or
- provide remote diagnosis,
- review the quality and fit of your records,
- provide treatment advice and plan, or
- review the quality and fit of your treatments.
Payment Activities
We may use or disclose your medical information to:
- collect and process your payments,
- conduct utilization and medical necessity reviews,
- coordinate care,
- determine eligibility, and
- respond to complaints, appeals and requests for external review.
Healthcare Operation Activities
We may use or disclose your medical information during the course of running our health business. Operational activities include:
- quality assessment and improvement;
- performance measurement and outcomes assessment;
- utilization management;
- health services research;
- reviewing the competency of healthcare professionals;
- accreditation by independent organizations;
- administration of insurance;
- detection and investigation of fraud;
- administration of payments;
- data and information systems management;
- data collection from CMS programs such as Blue Button; and customer services.
In some cases, we may use your medical information in algorithms for machine learning and data analytics to support these activities.
Other Reasons for Disclosure
We also may disclose your medical information in support of:
Your Medical Care – To your family or friends, if you are unable to communicate, such as in an emergency; or to any person you identify, such as on an “Appointment of Representative” form, if the information is directly relevant to their involvement with your healthcare or payment for that care.
Research – To researchers, provided measures are taken to protect your privacy.
Business Associates – To entities that provide services to us and assure us that they will protect your medical information.
Regulatory Oversight – To government agencies for legal compliance and health oversight activities.
Workers’ Compensation – To fulfill our obligations under a workers’ compensation law or contract.
Law Enforcement – To government law enforcement officials, and as otherwise required by law.
Legal Proceedings – In response to a court or administrative order, subpoena, discovery request, or other lawful process.
Public Welfare – To appropriate authorities when there are issues of abuse, neglect, or domestic violence, or otherwise to avert serious and imminent threat to your health or safety, or the health or safety of others.
Decedents – To a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or as authorized by law; and to funeral directors as necessary to carry out their duties.
Reasons Not Described in This Notice
We will not use or disclose your medical information for reasons that are not described in this notice, unless we receive your written authorization. (See “Authorization Form to Share Member Information”) For example, we will get your authorization before we use or disclose your medical information for marketing purposes; before disclosing any psychotherapy notes; or before selling your medical information (other than in connection with the sale or transfer of our business). If you have given us an authorization, you may revoke it in writing at any time, though such revocation will not apply to actions already taken pursuant to your authorization. If you have questions regarding authorizations, please contact our customer support at hipaa@denther.com.
Your Legal Rights
You have the right to ask:
Access – for a copy of medical records and other records used in making enrollment, payment, case management, medical management and other decisions (“designated record set”). We may ask you to make your request in writing, and will provide these records to you in a readily producible electronic form and format.
Amendment – for information in your designated record set to be corrected or amended. We may ask you to make your request in writing, and provide the reason for your request. We may deny the request if we did not create the information, we do not maintain the information or the information is correct and complete. If we deny your request, we will provide you with a written explanation of denial.
Restrictions – for restrictions in the way we use or disclose your medical information in our diagnosis and treatment, payment and healthcare operations activities. We will consider, but may not agree to, these requests. You can also request removal of a previously submitted restriction.
Opt Out Communications – for us not to send you reminders, information about treatment alternatives, or other health-related benefits or services.
Accounting of Disclosures – for a list of certain disclosures we have made about you for purposes other than treatment, payment, or healthcare operations, and certain other activities. We may ask you to make your request in writing, and we may charge you a reasonable, cost-based fee if you make more than one of these requests in a 12-month period.
Alternate Communications – for confidential communications with you to be made in a different manner or at a different place to avoid a life-threatening situation. We will accommodate your request if it is reasonable.
Notice – to receive a written copy of this Notice of Privacy Practices.
To exercise any of these rights, please contact our customer support at hipaa@denther.com.
With regard to exercising any of these rights, you may have the option of requesting that Medical Information / HIPAA Protected Health Information be exchanged with third-party applications and services that you designate (such as a third-party service that uses an application programming interface). Before exchanging any of your information this way, we will first request your authenticated consent. The consent will:
- Identify the entity with which you authorize us to exchange Personal Information;
- Identify the third-party application and/ or service with which we would exchange your Personal Information;
- Identify the types of information that would be exchanged with the other entity and/or third-party application or service
- Include a link to the entity’s applicable privacy policies
The consent will also ask that you accept sole responsibility for the use of your Medical Information by such third-party services, as we do not endorse or have control over how these organizations will handle your Medical Information after we disclose it to them.
Breaches. You also have the right to receive notice that a breach has resulted in your unsecured private information being inappropriately used or disclosed. We will notify you in a timely manner, consistent with applicable law, if such a breach occurs.
Retention of Your Medical Information
We maintain your medical information and make it available to you for a period of up to 10 years (or longer if required by law). Your information may continue to be used for purposes described in this notice when your account is terminated. After the required legal retention period, we destroy the information following strict procedures to maintain its confidentiality. You may submit a request to delete your specified information consistent with the applicable law or policy.
Complaints
We support your right to protect the privacy of your medical information. If you think your privacy rights have been violated, please send your inquiry to our Privacy Team at hipaa@denther.com.
You can also submit a complaint to the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights, by sending a letter to:
Centralized Case Management Operations
U.S. Department of Health and Human
Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201
You can also call the Office for Civil Rights hotline at 1-800-368-1019 or visit their website. We will not retaliate in any way if you submit a complaint to us or HHS.
Changes to This Notice of Privacy Practices
This notice became effective on July 3, 2020. We can change our privacy practices and the terms of this notice at any time, as allowed by law, and apply these changes to personal information created or received before or after the change. We will change this notice and send the revised notice to our subscribers when we make a significant change in our privacy practices.