PRIVACY POLICY ARCHIVE
NOTICE OF PRIVACY PRACTICES
DIBUDUO & DEFENDIS INSURANCE (“DiBuduo & DeFendis”)
Effective Date: November 3, 2016
THIS NOTICE DESCRIBES HOW MEDICAL AND HEALTHCARE INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
At DiBuduo & DeFendis, we understand your concerns about privacy. We hope this notice, which describes our use and protection of nonpublic personal information (“customer information”), will help you understand how we treat the customer information we obtain from you or other sources in the course of providing you with our insurance products and additional services.
YOUR HEALTH PLAN AND HEALTHCARE PROVIDER HAVE THEIR OWN NOTICE OF PRIVACY PRACTICES THAT YOU SHOULD SEPARATELY CONSULT.
If you have any questions about this notice, please contact our Privacy Officer (his/her contact information is set forth at the very end of this notice).
Terms used, but not defined, in this notice have the meanings set forth in the Federal HIPAA Law.
WHO WILL FOLLOW THIS NOTICE
In accordance with the HIPAA law, this notice describes DIBUDUO & DEFENDIS INSURANCE’s privacy practices and those of its employees, staff, and other DiBuduo & DeFendis personnel.
All of these follow the terms of this notice. In addition, they may share medical information with each other for treatment, payment, or health care operations, and any other purposes described in this notice and/or allowed by applicable law.
OUR PRIVACY OBLIGATIONS REGARDING MEDICAL INFORMATION
DiBuduo & DeFendis understands that medical information about you and your health is personal, and DiBuduo & DeFendis is committed to protecting medical information about you and keeping it private. DiBuduo & DeFendis creates a record of your information. DiBuduo & DeFendis needs this record to provide you with certain insurance products and associated services, and to comply with certain legal requirements.
This notice applies to all of the medical information/“protected health information” or “PHI” which DiBuduo & DeFendis receives, whether inputted by DiBuduo & DeFendis personnel or received from a health plan or health care provider. Medical information includes information that can be used to identify you, that is created or received about your past, present, or future health or condition, the provision of healthcare to you, or the payment for the healthcare. We are required by law to protect the privacy of this information. Be aware, however, that your health care providers may have different policies or notices regarding their use and sharing of your medical information that they create or maintain.
This notice will tell you about the ways in which DiBuduo & DeFendis may use and share your medical information. This notice also describes your rights and certain obligations DiBuduo & DeFendis has regarding the use and sharing of medical information.
DiBuduo & DeFendis is required by law to:
- Make sure that information that identifies you is kept private (with certain exceptions) and secure;
- Follow the duties and privacy practices described in this notice and give you a copy of it; and
- If medical information is used or disclosed in violation of the law, notify you promptly if the use/disclosure is a “Breach of Unsecured Protected Health Information”(as such terms are defined by the Federal HIPAA Law), and also notify you pursuant to any State law that may be applicable.
HOW WE MAY USE AND SHARE YOUR MEDICAL INFORMATION
The following categories describe different ways that we are permitted to use and disclose/share your medical information. For the most typical uses and disclosures we make, we will explain what we mean. Not every specific use or disclosure or type of use/disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will likely fall within one of the categories. In many of the instances briefly described below, we will additionally have to meet conditions before we can use or share your information for the purposes described. Any other uses and disclosures not described in this notice or otherwise not permitted by law without authorization will not be made without your prior written authorization to us or the health plan.
HIGHLY SENSITIVE INFORMATION: SPECIAL AUTHORIZATION MAY BE REQUIRED
In some circumstances, your health information may be subject to restrictions that may limit or preclude some uses or disclosures described in this notice.
Our records received from third parties or prepared by us may contain information regarding your genetic information, mental health, substance abuse, sexually transmitted diseases, psychotherapy, HIV/AIDS, or other types of highly sensitive/protected information. Information of this type is typically protected by additional restrictions under state law, which we will comply with as applicable.
DISCLOSURES THAT GENERALLY REQUIRE HIPAA AUTHORIZATION (MARKETING AND SALE)
Under the HIPAA law, there are some circumstances where we can only use and share medical information if you have signed a HIPAA authorization/given us or your health plan written permission.
For example, your authorization is required for most uses and sharing of your medical information for “Marketing” purposes or for disclosures that constitute the “Sale” of medical information. Please be aware, however, that HIPAA’s definitions of “Marketing” and “Sales”, and the restrictions related thereto, are technical, include exceptions, and do not apply to all situations that you may personally consider to be marketing or sales. We are permitted to use and/or share medical information for marketing or sales purposes related to our functions in accordance with HIPAA and State law, which in some, but not all, situations requires your authorization or consent to do so. If your authorization is not required, and HIPAA/State law allows for a use that you may personally consider to be a use or sharing for marketing/sales purposes, we may utilize your information for such purposes without your consent (examples include: (a) A face-to-face communication between personnel and the beneficiary; (b) To describe a health-related product or service (or payment for such product or service), that is provided by, or included in a plan of benefits of, the covered entity (or us as their Business Associate) making the communication; (c) Communications about the entities participating in a health care provider network or health plan network; (d) Communications about health-related products or services available only to a health plan enrollee that add value to, but are not part of, a plan of benefits; and (e) Communications about replacements of, or enhancements to, a health plan.).
SHARING AT YOUR REQUEST
We may disclose/share information when requested by you. This disclosure at your request may require a written authorization from you. Any authorizations that you give can be revoked at any time.
FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
We may potentially use and share medical information about you to facilitate medical treatment, healthcare, or other related services (including for care coordination purposes). We may use and share medical information to facilitate payment by your health plan. We may share information for the following purposes:
- Underwriting, enrollment, premium rating and other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits (and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care, including stop-loss insurance and excess of loss insurance)
- Conducting or arranging for medical review, legal services and auditing functions
- Customer service, including the provision of data analyses for policy holders, plan sponsors or other customers when PHI is not disclosed to such policy holder, plan sponsor or customer
- Creating de-identified health information
- Disclosure of beneficiary information to health plans or other third party payors for coverage determinations (including coordination of benefits or the determination of cost sharing amounts), eligibility determinations, medical necessity/appropriateness review, justification of charges, utilization review, pre-certification, or preauthorization, and concurrent and retrospective review of services
- Adjudication or subrogation of health benefit claims
- Risk adjusting amounts due based on enrollee health status and demographic characteristics
- Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing
- Development or improvement of methods of payment or coverage policies
- Disclosure to consumer reporting agencies
If you do not want to share medical information about yourself with your health plan, you have the right to pay for all services and care out of pocket in full, and to inform your medical provider that you wish to restrict the information shared with your health plan. For more information on this limited restriction, see your rights in your healthcare provider’s own Notice of Privacy Practices.
INCIDENTAL USES AND DISCLOSURES
We may occasionally inadvertently use or share your medical information when such use or disclosure is incident to another use or disclosure that is permitted or required by law. Please be assured, however, that as much as possible, DiBuduo & DeFendis has appropriate safeguards in place in an effort to avoid such situations or to otherwise limit the extent of the disclosure.
LIMITED DATA SETS
We are permitted to use or share certain parts of your medical information, called a “limited data set,” for purposes of research, public health reasons or for our operations, subject to certain conditions.
DE-IDENTIFIED INFORMATION
DiBuduo & DeFendis may use or share your medical information to create information that does not identify you in accordance with HIPAA. Once DiBuduo & DeFendis has de-identified your information, it can be used or shared in any way according to the law.
CERTAIN DISCLOSURES BY MEMBERS OF THE WORKFORCE
In certain circumstances, members of DiBuduo & DeFendis’s workforce are permitted or even required to share your medical information with a health oversight agency, public health authority, law enforcement official, or attorney.
TO INDIVIDUALS INVOLVED IN YOUR CARE OR PAYMENT FOR YOUR CARE (AND YOUR OPPORTUNITY TO OBJECT)
We may release medical information about you to a friend or family member under certain circumstances who is involved in your medical care, unless you object in whole or in part. We may also give information to someone who helps pay for your care.
TO COMPLY WITH THE LAW
We will share medical information about you when required to do so by federal, state, or local law, including with the U.S. Department of Health if it wants to see that we’re complying with federal privacy and security law.
TO AVERT A SERIOUS THREAT TO HEALTH OR SAFETY
We may, in certain circumstances, and only if allowed by State law, use and share medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
THIRD PARTIES/BUSINESS ASSOCIATES
We may share your medical information with third parties (sometimes called Business Associates) with whom DiBuduo & DeFendis has contact to perform services on DiBuduo & DeFendis‘s behalf. If we share your information with these entities, we will have a written agreement with them to safeguard your information.
WORKERS’ COMPENSATION; LAW ENFORCEMENT; OTHER GOVERNMENT REQUESTS
We may use or share medical information about you in certain circumstances for: (i) workers’ compensation or similar programs; (ii) law enforcement purposes or with law enforcement officials in certain circumstances; and (iii) special government functions such as military, national security, intelligence, and protective services.
PUBLIC HEALTH AND SAFETY ISSUES
We may share medical information about you for certain public health and safety purposes, including, without limitation, the following: (i) preventing/controlling disease; (ii) reporting deaths; (iii) to report regarding the abuse or neglect of children, elders, and dependent adults; and (iv) to the extent necessary to comply with State and federal laws.
HEALTH OVERSIGHT ACTIVITIES
We may share medical information with a health oversight agency for activities authorized by law.
LAWSUITS AND ADMINISTRATIVE PROCEEDINGS
In certain circumstances, we may share medical information about you in the course of judicial or administrative proceedings in response to a court or administrative order, or a subpoena, discovery request, or other lawful process.
CORONERS, MEDICAL EXAMINERS, AND FUNERAL DIRECTORS
We may potentially release medical information to a coroner, medical examiner, or funeral director when an individual dies.
INMATES
In certain circumstances, we may share medical information about inmates and those in the custody of a law enforcement official with the correctional institution or law enforcement official.
YOUR RIGHTS REGARDING MEDICAL INFORMATION
In addition to any rights that you may have under State law, you have the following HIPAA rights regarding medical information that DiBuduo & DeFendis maintains about you.
GET AN ELECTRONIC OR PAPER COPY OF YOUR MEDICAL RECORDS AND INFORMATION
You have the right to inspect and copy medical information that may be used to make decisions about your coverage and care.
To receive a copy of medical information, you must submit your request in writing to our Privacy Officer or his/her designee (contact information is set forth at the very end of this notice). When information is not readily producible in the electronic form and format you have requested, we will provide you with the information in an alternative readable electronic format, as we may be able to provide, only as readily possible. Furthermore, you have the right to direct DiBuduo & DeFendis to transmit such electronic copy directly to another entity or person that you designate. If you request a copy of the information, DiBuduo & DeFendis may charge a fee for the costs of copying and/or transmission. DiBuduo & DeFendis will follow State law with regard to approved copying and other associated costs.
DiBuduo & DeFendis may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. We will comply with legal requirements for such denial and review.
We are advising you in this notice that if you request that information available in an electronic format be provided via email, that email is an insecure medium for transmitting information and that there is some risk if medical information is emailed. Information transmitted via email is more likely to be intercepted by unauthorized third parties than more secure transmission channels. If we agree to email you information, you are accepting the risks we have notified you of, and you agree that we are not responsible for unauthorized access of such medical information while it is in transmission to you based on your request, or when the information is delivered to you.
AMEND YOUR MEDICAL INFORMATION
If you feel that your medical information is incorrect or incomplete, you have the right to request an amendment of the information for as long as the information is kept by or for DiBuduo & DeFendis. To request an amendment, your request must be made in writing and submitted to our Privacy Officer (contact information is set forth at the very end of this notice). We may deny your request for an amendment for a number of legally permissible reasons, but we will tell you why in writing within 60 days, and also give you the right to submit a written statement of disagreement with our decision. If you clearly indicate in writing that you want the statement of disagreement to be made part of your record, DiBuduo & DeFendis will attach it to your records and include it whenever DiBuduo & DeFendis makes a disclosure of the item or statement you believe to be incomplete or incorrect.
RECEIVE AN ACCOUNTING OF DISCLOSURES
You have the right to request an “accounting of disclosures.” This is a list of the disclosures DiBuduo & DeFendis made of medical information about you other than our own uses for diagnosis, treatment, payment, and health care operations (as those functions are described above), and certain other disclosures.
To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). Your request must state a time period (subject to the time period we are legally required to maintain such logs). Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. For additional lists within a 12-month period, DiBuduo & DeFendis may charge you a reasonable, cost-based fee for providing the list.
REQUEST RESTRICTIONS ON WHAT WE USE OR SHARE
You have the right to request a restriction or limitation on the use and/or disclosure of your medical information in connection with treatment, payment or heath care operations. You also have the right to request a limit on the medical information DiBuduo & DeFendis shares about you under certain circumstances. DiBuduo & DeFendis is generally NOT, however, required to agree to your restriction request.
If DiBuduo & DeFendis does agree to comply with non-required requests, DiBuduo & DeFendis will comply with your request unless (a) the information is needed to provide you emergency treatment, or (b) other legal exceptions apply.
To request restrictions, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). DiBuduo & DeFendis will not ask you the reason for your request. DiBuduo & DeFendis will attempt to accommodate reasonable requests.
REQUEST CONFIDENTIAL COMMUNICATIONS
You have the right to request that DiBuduo & DeFendis communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that DiBuduo & DeFendis only contact you at work or by mail. DiBuduo & DeFendis will not ask you the reason for your request. We will say “yes” to reasonable requests. To request confidential communications, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). A health plan must accommodate an individual’s reasonable request for confidential communications if the individual clearly states that not doing so could endanger him or her.
PAPER COPY OF THIS NOTICE
You have the right to a paper copy of this notice at any time, even if you have agreed to receive this notice electronically.
To obtain a paper copy of this notice, contact our Privacy Officer (contact information is set forth at the very end of this notice).
BE NOTIFIED IN THE EVENT OF A “BREACH OF UNSECURED PHI”
If, in any case, medical information is used or disclosed in violation of the law, we are required to notify you if the use/disclosure is a “Breach of Unsecured Protected Health Information” (as such terms are defined by the Federal HIPAA Law). We may also be required to notify you pursuant to any State law that may be applicable.
FILE A COMPLAINT IF YOU FEEL YOUR RIGHTS ARE VIOLATED
If you believe your privacy rights have been violated, you may file a complaint with DiBuduo & DeFendis or with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with DiBuduo & DeFendis, contact our Privacy Officer in writing (contact information is set forth at the very end of this notice). We respectfully request that complaints be submitted in writing. You will not be penalized or retaliated against for filing a complaint.
CHANGES TO THE TERMS OF THIS NOTICE
DiBuduo & DeFendis reserves the right to change this notice and our privacy or security policies at any time, and the changes will apply to all information we already have about you. DiBuduo & DeFendis will post a copy of the current/changed notice on our website. The notice will contain the effective date and will be available upon request.
OTHER USES OF MEDICAL INFORMATION/PERMISSIONS/AUTHORIZATIONS
Other uses and disclosures of medical information not covered by this notice or the laws that apply to DiBuduo & DeFendis will be made only with your written permission/authorization. If you provide us permission to use or share medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, this will stop any further use or disclosure of your medical information for the purposes covered by your written authorization, except if (i) DiBuduo & DeFendis has already acted in reliance on your permission, or (ii) if the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself. You understand that DiBuduo & DeFendis is unable to take back any disclosures DiBuduo & DeFendis has already made with your permission, and that DiBuduo & DeFendis is required to retain certain records pursuant to law or the requirements of your health plan.
PRIVACY OFFICER CONTACT INFORMATION
If you have any questions about this notice, please contact our Privacy Officer utilizing the contact information set forth below.
Certain provisions of this notice and our related policies and procedures require that notice or other requests be in writing. Please follow our instructions for any such issue.
PRIVACY OFFICER
Albert Mennucci Jr.
Chief Financial Officer
559.432.0222
Email: albert.mennucci@dibu.com
6873 N. West Ave., Ste. 101 | Fresno, CA 93711