NOTICE OF PRIVACY PRACTICES
DIBUDUO & DEFENDIS INSURANCE (“D&D”)
Effective Date: November 3, 2016
THIS NOTICE DESCRIBES HOW MEDICAL AND HEALTHCARE INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
At DiBuduo & DeFendis, we understand your concerns about privacy. We hope this notice, which describes our use and protection of nonpublic personal information (“customer information”), will help you understand how we treat the customer information we obtain from you or other sources in the course of providing you with our insurance products and additional services.
YOUR HEALTH PLAN AND HEALTHCARE PROVIDER HAVE THEIR OWN NOTICE OF PRIVACY PRACTICES THAT YOU SHOULD SEPARATELY CONSULT.
If you have any questions about this notice, please contact our Privacy Officer (his/her contact information is set forth at the very end of this notice).
Terms used, but not defined, in this notice have the meanings set forth in the Federal HIPAA Law.
WHO WILL FOLLOW THIS NOTICE
In accordance with the HIPAA law, this notice describes DIBUDUO & DEFENDIS INSURANCE’s privacy practices and that of its employees, staff and other D&D personnel.
All of these follow the terms of this notice. In addition, they may share medical information with each other for treatment, payment or health care operations, and any other purposes described in this notice and/or allowed by applicable law.
OUR PRIVACY OBLIGATIONS REGARDING MEDICAL INFORMATION
D&D understands that medical information about you and your health is personal, and D&D is committed to protecting medical information about you and keeping it private. D&D creates a record regarding your information. D&D needs this record to provide you with certain insurance products and associated services, and to comply with certain legal requirements. This notice applies to all of the medical information/“protected health information” or “PHI” which D&D receives, whether inputted by D&D personnel or received from a health plan or health care provider. Medical information includes information that can be used to identify you that is created or received about your past, present, or future health or condition, the provision of healthcare to you, or the payment for the health care. We are required by law to protect the privacy of this information. Be aware, however, that your health care providers may have different policies or notices regarding their use and sharing of your medical information that they create or maintain.
This notice will tell you about the ways in which D&D may use and share your medical information. This notice also describes your rights and certain obligations D&D has regarding the use and sharing of medical information.
D&D is required by law to:
- Make sure that information that identifies you is kept private (with certain exceptions) and secure;
- Follow the duties and privacy practices described in this notice and give you a copy of it; and
- If medical information is used or disclosed in violation of the law, notify you promptly if the use/disclosure is a “Breach of Unsecured Protected Health Information” (as such terms are defined by the Federal HIPAA Law), and also notify you pursuant to any State law that may be applicable.
HOW WE MAY USE AND SHARE YOUR MEDICAL INFORMATION
The following categories describe different ways that we are permitted to use and disclose/share your medical information. For the most typical uses and disclosures we make, we will explain what we mean. Not every specific use or disclosure or type of use/disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will likely fall within one of the categories. In many of the instances briefly described below, we will additionally have to meet conditions before we can use or share your information for the purposes described. Any other uses and disclosures not described in this notice or otherwise not permitted by law without an authorization will not be made without your prior written authorization to us or the health plan.
HIGHLY SENSITIVE INFORMATION: SPECIAL AUTHORIZATION MAY BE REQUIRED
In some circumstances, your health information may be subject to restrictions that may limit or preclude some uses or disclosures described in this notice.
Our records received from third parties or prepared by us may contain information regarding your genetic information, mental health, substance abuse, sexually transmitted diseases, psychotherapy, HIV/AIDS or other types of highly sensitive/protected information. Information of these types are typically protected by additional restrictions under state law, which we will comply with as applicable.
DISCLOSURES THAT GENERALLY REQUIRE HIPAA AUTHORIZATION (MARKETING AND SALE)
Under the HIPAA law, there are some circumstances where we can only use and share medical information if you have signed a HIPAA authorization/given us or your health plan written permission.
For example, your authorization is required for most uses and sharing of your medical information for “Marketing” purposes or for disclosures that constitute the “Sale” of medical information. Please be aware, however, that HIPAA’s definitions of “Marketing” and “Sales”, and the restrictions related thereto, are technical, include exceptions, and do not apply to all situations that you may personally consider to be marketing or sales. We are permitted to use and/or share medical information for marketing or sales purposes related to our functions in accordance with HIPAA and State law, which in some, but not all, situations requires your authorization or consent to do so. If your authorization is not required, and HIPAA/State law allows for a use that you may personally consider to be a use or sharing for marketing/sales purposes, we may utilize your information for such purposes without your consent (examples include: (a) A face-to-face communication between personnel and the beneficiary; (b) To describe a health-related product or service (or payment for such product or service), that is provided by, or included in a plan of benefits of, the covered entity (or us as their Business Associate) making the communication; (c) Communications about the entities participating in a health care provider network or health plan network; (d) Communications about health-related products or services available only to a health plan enrollee that add value to, but are not part of, a plan of benefits; and (e) Communications about replacements of, or enhancements to, a health plan.).
SHARING AT YOUR REQUEST
We may disclose/share information when requested by you. This disclosure at your request may require a written authorization by you. Any authorizations that you give can be revoked at any time.
FOR TREATMENT, PAYMENT AND HEALTH CARE OPERATIONS
We may potentially use and share medical information about you to facilitate medical treatment, healthcare, or other related services (including for care coordination purposes). We may use and share medical information to facilitate payment by your health plan. We may share information for the following purposes:
- Underwriting, enrollment, premium rating and other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits (and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care, including stop-loss insurance and excess of loss insurance)
- Conducting or arranging for medical review, legal services and auditing functions
- Customer service, including the provision of data analyses for policy holders, plan sponsors or other customers when PHI is not disclosed to such policy holder, plan sponsor or customer
- Creating de-identified health information
- Disclosure of beneficiary information to health plans or other third party payors for coverage determinations (including coordination of benefits or the determination of cost sharing amounts), eligibility determinations, medical necessity/appropriateness review, justification of charges, utilization review, pre-certification, or preauthorization, and concurrent and retrospective review of services
- Adjudication or subrogation of health benefit claims
- Risk adjusting amounts due based on enrollee health status and demographic characteristics
- Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing
- Development or improvement of methods of payment or coverage policies
- Disclosure to consumer reporting agencies
If you do not want to share medical information about you with your health plan, you have the right to pay for all services and care out of pocket in full, and to inform your medical provider that you wish to restrict the information shared with your health plan. For more information on this limited restriction, see your rights in your healthcare provider’s own Notice of Privacy Practices.
INCIDENTAL USES AND DISCLOSURES
We may occasionally inadvertently use or share your medical information when such use or disclosure is incident to another use or disclosure that is permitted or required by law. Please be assured, however, that as much as possible, D&D has appropriate safeguards in place in an effort to avoid such situations or to otherwise limit the extent of the disclosure.
LIMITED DATA SETS
We are permitted to use or share certain parts of your medical information, called a “limited data set,” for purposes of research, public health reasons or for our operations, subject to certain conditions.
DE-IDENTIFIED INFORMATION
D&D may use or share your medical information to create information that does not identify you in accordance with HIPAA. Once D&D has de-identified your information, it can be used or shared in any way according to law.
CERTAIN DISCLOSURES BY MEMBERS OF WORKFORCE
In certain circumstances, members of D&D’s workforce are permitted or even required to share your medical information with a health oversight agency, public health authority, law enforcement official, or attorney.
TO INDIVIDUALS INVOLVED IN YOUR CARE OR PAYMENT FOR YOUR CARE (AND YOUR OPPORTUNITY TO OBJECT)
We may release medical information about you to a friend or family member under certain circumstances who is involved in your medical care, unless you object in whole or in part. We may also give information to someone who helps pay for your care.
TO COMPLY WITH THE LAW
We will share medical information about you when required to do so by federal, state or local law, including with the U.S. Department of Health if it wants to see that we’re complying with federal privacy and security law.
TO AVERT A SERIOUS THREAT TO HEALTH OR SAFETY
We may in certain circumstances, and only if allowed by State law, use and share medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
THIRD PARTIES/BUSINESS ASSOCIATES
We may share your medical information to third parties (sometimes called Business Associates) with whom D&D has contact to perform services on D&D‘s behalf. If we share your information with these entities, we will have a written agreement with them to safeguard your information.
WORKERS’ COMPENSATION; LAW ENFORCEMENT; OTHER GOVERNMENT REQUESTS
We may use or share medical information about you in certain circumstances for: (i) workers’ compensation or similar programs; (ii) law enforcement purposes or with law enforcement officials in certain circumstances; and (iii) special government functions such as military, national security, intelligence and protective services.
PUBLIC HEALTH AND SAFETY ISSUES
We may share medical information about you for certain public health and safety purposes, including, without limitation, the following: (i) preventing/controlling disease; (ii) reporting deaths; (iii) to report regarding the abuse or neglect of children, elders, and dependent adults; and (iv) to the extent necessary to comply with State and federal laws.
HEALTH OVERSIGHT ACTIVITIES
We may share medical information with a health oversight agency for activities authorized by law.
LAWSUITS AND ADMINISTRATIVE PROCEEDINGS
In certain circumstances, we may share medical information about you in the course of judicial or administrative proceedings in response to a court or administrative order, or a subpoena, discovery request, or other lawful process.
CORONERS, MEDICAL EXAMINERS AND FUNERAL DIRECTORS
We may potentially release medical information to a coroner, medical examiner, or funeral director when an individual dies.
INMATES
In certain circumstances, we may share medical information about inmates and those in the custody of a law enforcement official with the correctional institution or law enforcement official.
YOUR RIGHTS REGARDING MEDICAL INFORMATION
In addition to any rights that you may have under State law, you have the following HIPAA rights regarding medical information that D&D maintains about you.
GET AN ELECTRONIC OR PAPER COPY OF YOUR MEDICAL RECORDS AND INFORMATION
You have the right to inspect and copy medical information that may be used to make decisions about your coverage and care.
To receive a copy of medical information, you must submit your request in writing to our Privacy Officer or his/her designee (contact information is set forth at the very end of this notice). When information is not readily producible in the electronic form and format you have requested, we will provide you the information in an alternative readable electronic format as we may be able to provide, only as readily possible. Furthermore, you have the right to direct D&D to transmit such electronic copy directly to another entity or person that you designate. If you request a copy of the information, D&D may charge a fee for the costs of copying and/or transmission. D&D will follow State law with regard to approved copying and other associated costs.
D&D may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. We will comply with legal requirements for such denial and review.
We are advising you in this notice that if you request that information available in an electronic format be provided via email, that email is an unsecure medium for transmitting information and that there is some risk if medical information is emailed. Information transmitted via email is more likely to be intercepted by unauthorized third parties than more secure transmission channels. If we agree to email you information, you are accepting the risks we have notified you of, and you agree that we are not responsible for unauthorized access of such medical information while it is in transmission to you based on your request, or when the information is delivered to you.
AMEND YOUR MEDICAL INFORMATION
If you feel that your medical information is incorrect or incomplete, you have the right to request an amendment of the information for as long as the information is kept by or for D&D. To request an amendment, your request must be made in writing and submitted to our Privacy Officer (contact information is set forth at the very end of this notice). We may deny your request for an amendment for a number of legally permissible reasons, but we will tell you why in writing within 60 days, and also give you the right to submit a written statement of disagreement with our decision. If you clearly indicate in writing that you want the statement of disagreement to be made part of your record, D&D will attach it to your records and include it whenever D&D makes a disclosure of the item or statement you believe to be incomplete or incorrect.
RECEIVE AN ACCOUNTING OF DISCLOSURES
You have the right to request an “accounting of disclosures.” This is a list of the disclosures D&D made of medical information about you other than our own uses for diagnosis, treatment, payment and health care operations (as those functions are described above), and certain other disclosures.
To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). Your request must state a time period (subject to the time period we are legally required to maintain such logs). Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. For additional lists within a 12-month period, D&D may charge you a reasonable, cost-based fee for providing the list.
REQUEST RESTRICTIONS ON WHAT WE USE OR SHARE
You have the right to request a restriction or limitation on the use and/or disclosure of your medical information in connection with treatment, payment or heath care operations. You also have the right to request a limit on the medical information D&D shares about you under certain circumstances. D&D is generally NOT, however, required to agree to your restriction request.
If D&D does agree to comply with non-required requests, D&D will comply with your request unless (a) the information is needed to provide you emergency treatment, or (b) other legal exceptions apply.
To request restrictions, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). D&D will not ask you the reason for your request. D&D will attempt to accommodate reasonable requests.
REQUEST CONFIDENTIAL COMMUNICATIONS
You have the right to request that D&D communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that D&D only contact you at work or by mail. D&D will not ask you the reason for your request. We will say “yes” to reasonable requests. To request confidential communications, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). A health plan must accommodate an individual’s reasonable request for confidential communications, if the individual clearly states that not doing so could endanger him or her.
PAPER COPY OF THIS NOTICE
You have the right to a paper copy of this notice at any time, even if you have agreed to receive this notice electronically.
You may also obtain a copy of this notice at our website:
To obtain a paper copy of this notice, contact our Privacy Officer (contact information is set forth at the very end of this notice).
BE NOTIFIED IN THE EVENT OF A “BREACH OF UNSECURED PHI”
If, in any case, medical information is used or disclosed in violation of the law, we are required to notify you if the use/disclosure is a “Breach of Unsecured Protected Health Information” (as such terms are defined by the Federal HIPAA Law). We may also be required to notify you pursuant to any State law that may be applicable.
FILE A COMPLAINT IF YOU FEEL YOUR RIGHTS ARE VIOLATED
If you believe your privacy rights have been violated, you may file a complaint with D&D or with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with D&D, contact our Privacy Officer in writing (contact information is set forth at the very end of this notice). We respectfully request that complaints be submitted in writing. You will not be penalized or retaliated against for filing a complaint.
CHANGES TO THE TERMS OF THIS NOTICE
D&D reserves the right to change this notice and our privacy or security policies at any time, and the changes will apply to all information we already have about you. D&D will post a copy of the current/changed notice on our website. The notice will contain the effective date and will be available upon request.
OTHER USES OF MEDICAL INFORMATION/PERMISSIONS/AUTHORIZATIONS
Other uses and disclosures of medical information not covered by this notice or the laws that apply to D&D will be made only with your written permission/authorization. If you provide us permission to use or share medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, this will stop any further use or disclosure of your medical information for the purposes covered by your written authorization, except if (i) D&D has already acted in reliance on your permission, or (ii) if the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself. You understand that D&D is unable to take back any disclosures D&D has already made with your permission, and that D&D is required to retain certain records pursuant to law or the requirements of your health plan.
PRIVACY OFFICER CONTACT INFORMATION
If you have any questions about this notice, please contact our Privacy Officer utilizing the contact information set forth below.
Certain provisions of this notice and our related policies and procedures require that notice or other requests be in writing. Please follow our instructions for any such issue.
PRIVACY OFFICER
Albert Mennucci Jr.
Chief Financial Officer
559.432.0222
Email: albert.mennucci@dibu.com
6873 N. West Ave., Ste. 101 | Fresno, CA 93711