HIPAA Policy
Iron Road Healthcare Mail P.O. Box 165090 / Salt Lake City, Utah 84116-5090 — (800) 331-6353
NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Protecting your personal and health information
We are committed to protecting the privacy of your personal information. We are required by applicable federal and state laws to maintain the privacy of your personal and health information. This notice explains our privacy practices, our legal duties, and your rights concerning your personal and health information. Personal and health information (referred to in this notice as “personal information”) means any information that is identifiable to you as your personal information, including information regarding your health care and treatment, identifiable factors including your name, age, address, income or other financial information. We will follow the privacy practices that are described in this notice while it is in effect.
Why do we collect your personal information?
We collect personal information from you for a number of reasons, including to help us determine the appropriate products to offer our members, to pay claims, to provide case management services, and to provide quality improvement services.
How do we collect your personal information?
We collect personal information through you and your health care providers. For example, we receive personal information from you on your insurance application and from your health care providers through insurance transactions, such as the submission of claims for reimbursement of covered benefits.
How do we protect your personal information?
We protect your personal information by:
• Treating all your personal information that we collect as confidential.
- Stating confidentiality policies and practices in our employee handbooks as well as disciplinary measures for privacy violations.
- Restricting access to your personal information only to those employees who need to know your personal information in order to provide our services to you, such as paying a claim for a covered benefit.
- Only disclosing your personal information that is necessary for a service company to perform its function on our behalf, and the company agrees to protect and maintain the confidentiality of your personal information.
- Maintaining physical, electronic, and procedural safeguards that comply with federal and state regulations to guard your personal information.
How do we use and disclose your personal information?
We won’t disclose your personal information unless we are allowed or required by law to make the disclosure, or if you (or your authorized representative) give us permission. Uses and disclosures, other than those listed below require your authorization. If there are other legal requirements under applicable state laws that further restrict our use or disclosure of your personal information, we’ll comply with those legal requirements as well. Following are the types of disclosure we may make as allowed or required by law:
Treatment – We may use and disclose your personal information for our treatment activities or for the treatment activities of a health care provider. Treatment activities include disclosing your personal information to a provider in order for that provider to treat you.
Payment – We may use and disclose your personal information for our payment activities, including the payment of claims from physicians, hospitals, and other providers for services delivered to you.
Health care operation – We may use and disclose your personal information for our internal operations including our customer service activities.
Business associates – We may also share your personal information with third-party “business associates” who perform certain activities for us. We require these business associates to afford your personal information the same protections afforded to us.
Plan sponsors – If you are enrolled in a group health plan, we may disclose your personal information to the plan sponsor to permit it to perform administrative activities.
Underwriting – We may receive, use, and disclose your personal information for underwriting, premium rating, or other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits.
To you or your authorized representative – Upon your request, we’ll disclose your personal information to you or your authorized representative. If you authorize us to do so, we may use your personal information or disclose it to the person or entity you name on your signed authorization. Once you provide us with an authorization, you may revoke it in writing at any time. Your revocation won’t affect any use or disclosures permitted by your authorization while it was in effect. In certain situations, when disclosure of your information could be harmful to you or another person, we may limit the information available to you or use an alternative means of meeting your request.
To your parents, if you are a minor – Some state laws concerning minors permit or require disclosure of protected health information to parents, guardians, and persons acting in a similar legal status. We will act consistently with the laws of the state where the treatment is provided and will make disclosures consistent with such laws.
Your family and friends – If you are unable to consent to the disclosure of your personal information, such as in a medical emergency, we may disclose your personal information to a family member or friend to the extent necessary to help with your health care or with payment for your health care. We’ll only do so if we determine that the disclosure is in your best interest.
Marketing – We may use your personal information to contact you with information about health-related products and services or about treatment alternatives that may be of interest to you.
Research, death, organ donation – We may use or disclose your personal information for research purposes in limited circumstances. We may disclose the personal information of a deceased person to a coroner, medical examiner, funeral director, or organ procurement organization for certain purposes.
Public health and safety – We may disclose your personal information if we believe disclosure is necessary to avert a serious and imminent threat to your health or safety or the health or safety of others. We may disclose your personal information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, domestic violence, or other crimes.
Required by law – We may disclose limited information to law enforcement officials.
Military and national security – We may disclose to military authorities the personal information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials personal information required for lawful intelligence, counterintelligence, and other national security activities.
What rights do you have as an individual regarding our use and disclosure of your personal information?
You have the right to request all the following:
Access to your personal information – You have the right to review and receive a copy of your personal information. We may charge you a nominal fee for providing you with copies of your personal information that is in our possession. This right doesn’t include the right to obtain copies of the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; protected health information that is subject to other state or federal laws that prohibit us to release such information. We may also limit your access to your personal information if we determine that providing the information could possibly harm you or another person. If we limit access based upon the belief that it could harm you or another person, you have the right to request a review of that decision.
Amendment – You have the right to request that we amend your personal information. Your request must be in writing, and it must identify the information that you think is incorrect and explain why the information should be amended. We may decline your request for certain reasons, including if you ask us to change information that we didn’t create. If we decline your request to amend your records, we’ll provide you a written explanation. You may respond with a statement of disagreement to be appended to the information you wanted amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people you have authorized, of the amendment and to include the changes in any future disclosures of that information.
Accounting of Disclosures – You have the right to receive a report of instances in which we or our business associates disclosed your personal information for purposes other than for treatment, payment, health care operations, and certain other activities. You are entitled to such an accounting for the 6 years prior to your request, though not for disclosure made prior to April 14, 2003. We’ll provide you with the date on which we made a disclosure, the name of the person or entity to whom we disclosed your personal information, a description of the personal information we disclosed, the reason for the disclosure, and other applicable information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee for creating and sending these additional reports.
Restriction requests – You have the right to request that we place additional restrictions on our use or disclosure of your personal information for treatment, payment, health care operations, or to persons you identify. We may be unable to agree to your requested restrictions. If we do, we’ll abide by our agreement (except in an emergency).
Confidential Communication – You have the right to request that we communicate with you in confidence about your personal information by alternative means or to an alternative location (for example, by sending materials to a P.O. Box instead of your home address). If you advise us that disclosure of all or any part of your personal information could endanger you, we will comply with any reasonable request provided you specify an alternative means of communication.
Electronic notice – If you receive this notice on our website or by electronic mail (e-mail), you’re also entitled to receive this notice in written form. Please contact us using the information listed at the end of this notice to obtain this notice in written form.
Can you ”opt-out” of certain disclosures?
You may have received notices from other organizations that allow you to “opt-out” of certain disclosures. The most common type of disclosure that applies to “opt-outs” is the disclosure of personal information to a non-affiliated company so that the company can market its products or services to you. As a health plan, we must follow many federal and state laws that prohibit us from making these types of disclosures. Because we don’t make a disclosure that applies to “opt-outs”, it isn’t necessary for you to complete an “opt-out” form or take any action to restrict such disclosures.
When is this notice effective?
This notice takes effect April 14, 2003 and will remain in effect until we revise it.
What if this notice of privacy practices changes?
We reserve the right to change our privacy practices and the terms of this notice at any time, provided such changes are permitted by applicable law. For your convenience, a copy of our current notice of privacy practices is always available on our website at www.ironroadhealthcare.com, and you may request a copy at any time by contacting us at the number below.
How can you reach us?
If you want additional information regarding our Privacy Practices, or if you believe we have violated any of your rights listed in this notice, please contact our Customer Service Department at 1 (800) 547- 0421.
If you have a complaint, you also may submit a written complaint to the U.S. Department of Health and Human Services, 1961 Stout Street – Room 1185 FOB, Denver, CO 80294-3538. Voice phone (303) 844-3372, Fax (303) 844-2025, TDD (303) 844-3439.
Your privacy is one of our greatest concerns and there’s never any penalty to you if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.