PERMITTED USES AND DISCLOSURES OF PHI
HIPPA Privacy and Security
Our HIPPA Privacy and Security practices reflect applicable federal law as well as state law. The privacy laws of a particular state or other federal laws might impose a stricter privacy standard. If these stricter laws apply and are not superseded by federal preemption rules under the Employee Retirement Income Security Act of 1974, the Plans will comply with the stricter law.
We are required by law to maintain the privacy and security of your Protected Health Information (PHI). Protected Health Information (PHI) is information that is maintained or transmitted by Delta Dental, which may identify an individual's past, present, or future physical or mental health condition(s) and related health care services.
Some examples of PHI include name, address, telephone and/or fax number, electronic mail address, social security number or other identification number, date of birth, date of treatment, treatment records, x-rays, enrollment and claims records. We receive, use and disclose PHI to administer a member's benefit plan as permitted or required by law.
We must follow the federal and state privacy requirements described that apply to the administration of a member's benefits and provide them with a copy of this notice. We reserve the right to change our privacy practices when needed and we promptly post the updated notice within 60 days on our website.
Explicit authorization is not required to disclose information for purposes of health care treatment, payment of claims, billing of premiums, and other health care operations. Examples of this include processing claims, collecting enrollment information and premiums, reviewing the quality of health care received, providing customer service, resolving grievances, sharing payment information with other insurers, determining eligibility for services, and billing.
If a benefit plan is sponsored by an employer or another party, we may provide PHI to that employer or plan sponsor to administer a member's benefits. As permitted by law, we may disclose PHI to third-party affiliates that perform services on our behalf to administer your benefits. Any third-party affiliates performing services on our behalf has signed a contract agreeing to protect the confidentiality of any transmitted PHI and has implemented privacy policies and procedures that comply with applicable federal and state law.
Permitted uses and disclosures without an authorization
We are permitted to disclose a member's PHI upon their request, or to an authorized personal representative (with certain exceptions), when required by the U. S. Secretary of Health and Human Services to investigate or determine our compliance with the law, and when otherwise required by law. We may disclose PHI without prior authorization in response to the following:
- Court order;
- Order of a board, commission, or administrative agency for purposes of adjudication pursuant to its lawful authority;
- Subpoena in a civil action;
- Investigative subpoena of a government board, commission, or agency;
- Subpoena in an arbitration;
- Law enforcement search warrant; or
- Coroner's request during investigations.
Some other examples include: to notify or assist in notifying a family member, another person, or a personal representative of a condition; to assist in disaster relief efforts; to report victims of abuse, neglect or domestic violence to appropriate authorities; for organ donation purposes; to avert a serious threat to health or safety; for specialized government functions such as military and veterans activities; for workers' compensation purposes; and, with certain restrictions, we are permitted to use and/or disclose PHI for underwriting, provided it does not contain genetic information. Information can also be de-identified or summarized so it cannot be traced to an individual and, in selected instances, for research purposes with the proper oversight.
Disclosures made with a member's authorization
We will not use or disclose a member's PHI without their prior written authorization unless permitted by law. If a member grants an authorization, they can later revoke that authorization, in writing, to stop the future use and disclosure of their PHI.
MEMBERS RIGHTS REGARDING PHI
Members have the right to request an inspection of and obtain a copy of their PHI.
Members may access their PHI by providing a written request. The request must include (1) your name, address, telephone number and identification number, and (2) the PHI they are requesting. We will provide a copy or a summary of their health and claims records, usually within 30 days of your request. We may charge a fee for the costs of copying, mailing, or other supplies associated with the request. We will only maintain PHI that we obtain or utilize in providing the member's health care benefits. We may not maintain some PHI, such as treatment records or x-rays after we have completed our review of that information. Members may need to contact their health care provider to obtain PHI that we do not possess.
Members may not inspect or copy PHI compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, or PHI that is otherwise not subject to disclosure under federal or state law. In some circumstances, members may have a right to have this decision reviewed.
Members have the right to request a restriction of their PHI.
You have the right to ask that we limit how we use and disclose your PHI; however, you may not restrict our legal or permitted uses and disclosures of PHI. While we will consider your request, we are not legally required to accept those requests that we cannot reasonably implement or comply with during an emergency.
Members have the right to correct or update their PHI.
You may request to make an amendment of PHI we maintain about you. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal within 60 days. If your PHI was sent to us by another, we may refer you to that person to amend your PHI. For example, we may refer you to your provider to amend your treatment chart or to your employer, if applicable, to amend your enrollment information.
Members have rights related to the use and disclosure of their PHI for marketing.
We will obtain the member's authorization for the use or disclosure of PHI for marketing when required by law. Members have the right to withdraw their authorization at any time. We do not use PHI for fundraising purposes.
Members have the right to request or receive confidential communications from us by alternative means or at a different address.
Members have the right to request that we communicate with you in a certain way or at a certain location. For example, they can ask that we only contact them at work or by mail. We will not ask the reason for their request. We will accommodate all reasonable requests. The member's request must specify how or where they wish to be contacted.
Members have the right to receive an accounting of certain disclosures we have made, if any, of their PHI.
Members have a right to an accounting of disclosures with some restrictions. This right does not apply to disclosures for purposes of treatment, payment, or health care operations or for information we disclosed after we received a valid authorization from them. Additionally, we do not need to account for disclosures made to individuals, to family members or friends involved with their care, or for notification purposes. We do not need to account for disclosures made for national security reasons, certain law enforcement purposes or disclosures made as part of a limited data set. We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if a member asks for another accounting within 12 months.
Members have the right to a paper copy of this notice.
A copy of this notice is posted on our website. Members may also request that a copy be sent to them.
Members have the right to be notified following a breach of unsecured protected health information.
We will notify members in writing, at the address on file, if we discover we compromised the privacy of their PHI.
Members have the right to choose someone to act for them.
If a member has given someone medical power of attorney or if someone is their legal guardian, that person can exercise the member's rights and make choices about their health information. We will make sure the person has this authority and can act for the member before we take any action.