THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
Our Pledge to You
This notice is intended to inform you of the privacy practices followed by The Lewer Companies (Lewer) and Lewer’s legal obligations regarding your Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The notice also explains the privacy rights for you and your family members.
Lewer often needs access to your Protected Health Information in order to enroll you into your selected insurance programs, to collect and administer payments for your selected insurance programs, and to perform certain related administrative functions. We want to assure you that we comply with federal privacy laws and respect your right to privacy.
The Lewer Companies requires all members of our workforce and third parties that are provided access to Protected Health Information to comply with the privacy practices outlined below.
What is Protected Health Information?
Protected Health Information (also known as PHI) is generally information that identifies an individual and is created or received by a health care provider, health plan, or an employer on behalf of a group health plan that relates to physical or mental health conditions, provision of health care, or payment for health care, whether past, present, or future. PHI is specifically protected by the HIPAA Privacy Rule.
How We May Use Your Protected Health Information
The HIPAA Privacy Rule provides for a number of ways that a company may use or disclose your PHI without your permission. Typically, these are for routine business purposes. This section provides a brief description of the ways we can use and disclose your PHI without your written authorization.
Payment. HIPAA permits us to use or disclose your PHI without your written authorization in order to determine eligibility for benefits, seek reimbursement from a third party, or coordinate benefits with another program under which you are covered. For example, a health care provider that provided treatment to you may provide us with health information about you. We use that information in order to determine whether those services are eligible for payment under program under which you are insured.
Health Care Operations. HIPAA permits us to use and disclose your PHI in order to perform certain administrative functions such as routine claims administration, quality assurance activities, resolution of internal grievances, and evaluating plan performance. For example, we review claims experience in order to understand participant utilization and to make plan design changes that are intended to control health care costs.
Treatment. Although HIPAA permits us to use and disclose your PHI for purposes of treatment, we generally do not need to do so. Your physician or health care provider is required to provide you with an explanation of how they use and share your health information for purposes of treatment, payment, and health care operations.
As Permitted or Required by Law. HIPAA also permits the use or disclosure of your PHI without your written authorization for other reasons as permitted by law. For instance, we are permitted by law to share information, subject to certain requirements, in order to communicate information on health-related benefits or services that may be of interest to you, respond to a court order, or provide information to further public health activities (e.g., preventing the spread of disease) without your written authorization. We are also permitted to share PHI during a corporate restructuring such as a merger, sale, or acquisition. We will also disclose health information about you when required by law, for example, in order to prevent serious harm to you or others.
Pursuant to your Authorization. Then required by law, we will ask for your written authorization before using or disclosing your PHI. We will not use or disclose your PHI for marketing or sell your PHI without your authorization. If you choose to sign an authorization to disclose information, you can, with few exceptions, later revoke that authorization to prevent any future uses or disclosures.
To Business Associates or Subcontractors. We may enter into contracts with entities known as Business Associates and/or Subcontractors that provide services to or perform functions for your benefit under your selected insurance programs. We may receive disclosed information from a Subcontractor or disclose PHI to Business Associates once they have agreed in writing to safeguard the PHI. For example, we may disclose your PHI to a Business Associate to assist in the administration of any claims. Business Associates and Subcontractors are also required by law to protect your PHI.
To the Plan Sponsor. We may disclose PHI to certain employees of the Plan Sponsor for the purpose of administering the Plan. These employees will use or disclose the PHI only as necessary to perform plan administration functions or as otherwise required by HIPAA, unless you have authorized additional disclosures. Your PHI cannot be used for employment purposes without your specific authorization.
Data Breach Notification. We may use your contact information to provide legally required notices of any unauthorized acquisition, access or disclosure of your PHI.
Fundraising. It is unlikely that we will use or disclose your PHI for fundraising, but if you receive a fundraising communication from us or a foundation on our behalf, the communication will contain a clear and conspicuous opportunity for you to elect not to receive any further fundraising communications.
Health Related Products of Programs. We may use or disclose your PHI to provide you with information on health related products or programs subject to certain limitations imposed by law, including strict limitations on third party funding for these communications. You have the right to elect to not receive such communications from us.
Right to Inspect and Copy. In most cases, you have the right to inspect and copy the PHI we maintain about you. If you request copies, we may charge you a reasonable fee to cover the costs of copying, mailing, portable media, or other expenses associated with your request. Your request to inspect or review your Personal Health Information must be submitted in writing to the person listed below. In some circumstances, we may deny your request to inspect and copy your health information. You may be able to receive the information in an electronic format, and you may request that we transmit a copy of your health information to a third party that you identify.
Right to Amend. If you believe that Personal Health Information about you within our records is incorrect or if important information is missing, you have the right to request that we correct the existing information or add the missing information. Your request to amend your health information must be submitted in writing to the person listed below. In some circumstances, we may deny your request to amend your health information. If we deny your request, you may file a statement of disagreement with us for inclusion in any future disclosures of the disputed information.
Right to an Accounting of Disclosures. You have the right to receive an accounting of certain disclosures of your PHI. The accounting will not include disclosures that were made (1) for purposes of treatment, payment or health care operations (unless your PHI is held in an Electronic Health Record (EHR)); (2) to you; (3) pursuant to your authorization; (4) to your friends or family in your presence or because of an emergency; (5) for national security purposes; or (6) incidental to otherwise permissible disclosures. The expanded right to an accounting of disclosures from an EHR will apply to disclosures made after January 1, 2014, provided that we maintained an EHR as of January 1, 2009. If we acquire an EHR after January 1, 2009, the expanded accounting right will apply after January 1, 2011 or the date that we acquire an EHR – whichever is later. Your request to for an accounting must be submitted in writing to the person listed below. You may request an accounting of disclosures made within the last six years, except for disclosures made through an EHR which will include only the last three years of disclosures. You may request one accounting free of charge within a 12- month period.
Right to Request Restrictions. You have the right to request that we not use or disclose information for treatment, payment, or other administrative purposes except when specifically authorized by you, when required by law, or in emergency circumstances. You also have the right to request that we limit the PHI that we disclose to someone involved in your care or the payment for your care, such as a family member or friend. Your request for restrictions must be submitted in writing to the person listed below. We will consider your request, but in most cases HIPAA does not legally obligate usto agree to those restrictions. However, we will comply with any restriction request if the disclosure is to a health plan for purposes of payment or health care operations (not for treatment) and the PHI pertains solely to a health care item or service that has been paid for out-of-pocket and in full.
Right to Request Confidential Communications. You have the right to receive confidential communications containing your health information. Your request for restrictions must be submitted in writing to the person listed below. We are required to accommodate reasonable requests. For example, you may ask that we contact you at your place of employment or send communications regarding treatment to an alternate address.
Right to be Notified of a Breach. You have the right to be notified in the event that we (or one of our Business Associates or Subcontractors) discover a breach of your unsecured PHI. Notice of any such breach will be made in accordance with federal requirements.
Right to Receive a Paper Copy of this Notice.
If you have agreed to accept this notice electronically, you also have a right to obtain a paper copy of this notice from us upon request. To obtain a paper copy of this notice, please contact the person listed below.
More Stringent State Law
If more than one law applies to this Notice, we will comply with the requirements of the law that affords you greater privacy protections, including more stringent state laws.
We are prohibited from using your genetic information for underwriting purposes. TLC-Notice of Privacy Practices
Our Legal Responsibilities
We are required by law to protect the privacy of your PHI, provide you with certain rights with respect to your PHI, provide you with this notice about our privacy practices, and follow the information practices that are described in this notice. We may change our policies at any time. In the event that we make a significant change in our policies, we will provide you with a revised copy of the notice. You can also request a copy of our notice at any time. For more information about our privacy practices, contact the person listed below.
If you have any questions or complaints, please contact:
Attn: Privacy Officer
The Lewer Companies
4534 Wornall Road
Kansas City, MO
If you are concerned that we have violated your privacy rights, or you disagree with a decision we made about access to your records, you may contact the person listed above. You also may send a written complaint to the U.S. Department of Health and Human Services — Office of Civil Rights. The person listed above can provide you with the appropriate address upon request or you may visit www.hhs.gov/ocr for further information. You will not be penalized or retaliated against for filing a complaint with the Office of Civil Rights or with us.