NOTICE OF PRIVACY PRACTICES
Federal law requires Momentum Insurance Plans, Inc. (“Momentum”) to maintain the privacy of our insured members’ protected health information (“PHI”) and to provide notice of our legal duties and privacy practices with respect to PHI. This Notice fulfills the notice requirements of the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). If you have any questions about any part of this Notice, please contact Momentum’s Privacy Officer at (608) 729-6500 or e-mail us at email@example.com.
We are required to abide by the terms of this Notice as long as it remains in effect. We reserve the right to change the terms of this Notice as necessary and to make the new Notice effective for all PHI that we maintain. Copies of any revised Notices will be provided to you directly or to your group’s Plan Sponsor (usually your employer) by regular mail or e-mail with instructions to deliver a paper copy to each certificate holder. Our Privacy Notice also appears on our website.
THIS NOTICE DESCRIBES OUR PRACTICES REGARDING YOUR PROTECTED HEALTH INFORMATION MAINTAINED BY MOMENTUM INSURANCE PLANS, INC.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
THIS NOTICE IS PUBLISHED AND BECOMES EFFECTIVE ON 1-1-2011.
We understand that medical information about you and your family is personal, and we are committed to protecting your privacy and the security of your PHI. This Notice explains the ways in which we use and disclose PHI about you and your covered dependents and details certain obligations we have in connection with such use and disclosure. This Notice also describes your rights with regard to your PHI. Momentum has adopted the PHI Privacy Practices described in this Notice. All of our employees who need access to your PHI in order to service your dental plan and administer your claims have received proper training on how to protect your privacy, secure your protected health information and adhere to our privacy policies, practices and procedures.
In order to keep costs of your coverage down and provide you with the best customer service, we may contract with third parties and/or vendors known as “business associates” to assist us with the administration of your benefits. For example, we may contract with agents who collect premiums or submit coverage applications, or paper-shredding companies who destroy records when they are no longer needed. Because these business associates need access to your PHI in order to fulfill their obligations to us, we require them to agree in writing to keep your PHI confidential in the same way that we do.
TYPES OF PROTECTED HEALTH INFORMATION WE MAY HAVE AND HOW WE OBTAIN IT
PHI is any information that identifies you that we obtain from you or others that relates to your past, present or future health care, including the payment for such health care.
In the regular course of business we receive PHI about you in order to provide you with our products and services. Some of this PHI comes directly from you. For example, when you or your employer purchases one of our dental insurance products, you provide us with information such as name, address, phone number and social security number. Some of the PHI we obtain about you comes from your dental provider. For example, as you and your covered dependents utilize your coverage, your provider sends us information about services and treatments performed so that we can process and pay your claims. All of this information we receive about you and your covered dependents is necessary in order for us to provide you with quality dental insurance products and to comply with legal requirements.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
The following categories describe different ways we may use and disclose PHI without your authorization.
For Payment: We may use and disclose PHI to verify your coverage to your provider, process payment for claims filed under your dental plan or coordinate benefits with another insurance carrier.
For Health Care Operations: We may use and disclose PHI as necessary to operate your dental benefit plan and promote quality service.
As Required by Law: We may disclose PHI when required to do so by federal, state or local law. For example, we may be required by law to disclose certain PHI pursuant to a court order or subpoena served upon us.
To Avert a Serious Threat to Health or Safety: We may use and disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of another person or the general public. Any such disclosure would only be to someone able to help prevent the threat. For example, we may disclose PHI in a proceeding regarding the licensure of a physician or dentist.
Business Associates: We may disclose PHI to other persons or organizations, known as business associates, who provide services on our behalf under contract. However, in order to assure the protection of your private information, we require our business associates to adhere to our Privacy Policies concerning the use and disclosure of your PHI and appropriately safeguard the information we disclose to them. We prohibit our business associates from using and disclosing any of your PHI in any manner except for the purpose intended by the contract. Business associates are expressly prohibited from using your PHI to create any marketing target lists.
Plan Sponsors: We may disclose your PHI to your plan sponsor (usually your employer). It is our policy not to disclose your PHI to the plan sponsor, but there may be exceptional occasions when your plan sponsor requests that information. We will disclose your PHI only if we have your authorization to do so or if the plan sponsor certifies that the information will be maintained in a confidential manner and will not be utilized for employment-related actions and decisions or in connection with any other employee benefit of the plan sponsor.
Public policy uses and disclosures: We may use and disclose your PHI for public policy purposes. For example:
Victims of Abuse, Neglect or Domestic Violence
If we believe that you have been a victim of abuse, neglect or domestic violence, we may disclose your PHI to the governmental entity or agency authorized to receive such information.
We may release your PHI for workers’ compensation or similar programs that provide benefits to you for work-related injuries or illness, but only in a manner consistent with applicable laws.
Public Health Risks
We may disclose your PHI to prevent or control disease, injury or disability; to report child abuse or neglect; to report reactions to medications or problems with products; to notify people of recalls of products they may be using; and to notify people who may have been exposed to a disease or may be at risk for contracting or spreading a disease.
Public Health Oversight Activities
We may disclose your PHI for public health activities to a public health authority that is permitted by law to collect or receive the information.
Military and Veterans
If you are a member of the armed forces, we may release your PHI as required by military command authorities.
We may use or disclose your PHI to researchers when an institution’s internal review board has (1) reviewed the proposed study; (2) established protocols to ensure the privacy of the health information used in their research; and (3) determined that the researcher does not need to obtain your authorization prior to using your medical information for research purposes.
Lawsuits and Disputes
If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court order or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the requested information.
We may disclose your PHI if asked to do so by a law enforcement official for various purposes, such as in response to a court order, subpoena, warrant, summons or similar process; in emergency situations to report a crime, to identify or locate a suspect, fugitive, material witness or missing person; and to provide information about the victim of a crime.
Coroners, Medical Examiners and Funeral Directors
We may release your PHI to coroners, medical examiners and funeral directors as necessary to help them carry out their duties. For example, we may release information in order to identify a deceased person or to determine the cause of death.
National Security and Intelligence Activities
We may release your PHI to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
AUTHORIZED USES AND DISCLOSURES
From time to time you may request that we disclose your PHI to other individuals or entities. For example, you may request that we disclose your claims history to an attorney that you have hired to assist you in a civil matter. We may ask your permission to use or disclose your PHI to another person or entity. Any disclosures, such as these that do not fit into one of the categories in the previous section require us to obtain your written authorization prior to making such disclosure. In the event that you do provide us with written authorization to use or disclose your PHI, you may revoke such authorization at any time by writing to the Privacy Officer at the address indicated in the “Contacts” section of this Notice. (See below.)
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
You have the following rights regarding PHI that we maintain about you. All requests must be made in writing.
Your Right to a Paper Copy of This Notice: Even if you have agreed to receive this Notice electronically, you may ask us to give you a paper copy at any time and we will comply.
Your Right to an Accounting of Disclosures: You have the right to request a listing of any disclosures of your PHI that we have made that are required or permitted by law. This listing would exclude disclosures we made to you, or pursuant to your authorization or request. Your request must state a time period that may not be longer than six years. Your request should indicate in what form you want the list (for example, on paper, electronically, or by fax). The first accounting of disclosures you request within a 12-month period is free. We may charge for the costs of providing additional lists during that same 12-month period. In the event that you may incur a charge, we will notify you of the cost involved, and you may choose to withdraw or modify your request before any costs are incurred.
Your Right to Request an Amendment: You have the right to request an amendment to the PHI that we maintain about you if you believe that our information is incorrect or incomplete. You must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. We may also deny your request if you ask us to amend information that: (1) was not created by us; (2) is not part of the medical information kept by us; (3) is not part of the information which you would be permitted to inspect and copy under the law; or (4) is accurate and complete.
Your Right to Request a Restriction: You have the right to request a restriction or limitation on the PHI we use or disclose about you for payment or dental plan operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for care, like a family member or friend. We are not required to agree to your request. If we do agree to a restriction, we will comply with your request unless the information is needed to facilitate emergency treatment. To request restrictions, you must make your request in writing. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use or disclosure or both; and (3) to whom you want the limits to apply.
Your Right to Request Confidential Communications: You have the right to request that we communicate with you about confidential matters by an alternative means (such as by fax) or at an alternative location (such as your office). To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Your Rights to Inspect and Copy: You have the right to inspect and copy PHI that we maintain about you that may be used to make decisions about payment for your care. To inspect this PHI, you may contact the Privacy Officer. To obtain copies of such PHI, you must submit your request in writing. If you request a copy of the PHI, we may charge a fee for the costs of copying, mailing or other supplies associated with your request, but we will not charge for the cost of retrieving the PHI. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your PHI, in most situations you may request that the denial be reviewed by a licensed health care professional who did not take part in the decision to deny access. We will comply with the outcome of the review.
Contacts: If you believe that your privacy rights have been violated you may make a complaint to Momentum’s Privacy Officer or to the Secretary of Health and Human Resources as follows:
Momentum Privacy Officer
2971 Chapel Valley Road
Madison, WI 53711
Secretary, Health and Human Services,
Office of Civil Rights
United States Department of Health and Human Services
200 Independence Avenue, SW Room 509F
Washington D.C. 20201
We will not retaliate against you if you file a complaint. We will promptly investigate your complaint as soon as we receive it. When we have completed our investigation, we will notify you of our findings. If the investigation reveals that your privacy rights have been violated, we will immediately take the appropriate measures to correct the violation pursuant to our Privacy Practices and Procedures.