Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT A PARTICIPANT MAY BE USED AND
DISCLOSED AND HOW A PARTICIPANT CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
This Notice describes the legal obligations of Prairie States Enterprises, Inc.
(the “Business Associate”) and its legal responsibilities regarding protected health
information held by the Business Associate of participants of health plans (“Covered Entities)
under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended
by the Health information Technology for Economic and Clinical Health Act (“HITECH”). This
Notice has been drafted in accordance with the HIPAA Privacy Rule, contained the in the
Code of Federal Regulations at 45 CFR Parts 160 and 164. Terms not defined in this Notice
have the same meaning as they have in the HIPAA Privacy Rule.
When we refer to participants in this Notice, we are referring to the participants of these
Covered Entities.
Among other things, this Notice describes how this protected health information may be used
or disclosed to carry out treatment, payment, or health care operations, or for any other
purposes that are permitted or required by law on behalf of participants of these Covered Entities.
We are required to provide this Notice of Privacy Practices (the “Notice”) to you pursuant to HIPAA.
The HIPAA Privacy Rule protects only certain medical information known as “protected health information.”
Generally, protected health information is individually identifiable health information, including
demographic information, collected from participants or created or received by a health care provider,
a health care clearinghouse, a health plan, or the employer on behalf of its group health plan that
relates to the participant’s:
- Past, present or future physical or mental health or condition;
- Provision of health care; or
Past, present or future payment for the provision of health care.
If you have any questions about this Notice or about our privacy practices, please contact Michou
Reichelsdorfer, President, (920)-451-7020.
Effective Date
This Notice is effective August 23, 2013
Our Responsibilities
We are required by law to:
- Maintain the privacy of participant protected health information;
- Provide participants with certain rights with respect to their protected health information;
-
Provide you with a copy of this Notice of our legal duties and privacy practices with respect to a
participant’s protected health information; and
- Follow the terms of the Notice that is currently in effect.
We reserve the right to change the terms of this Notice and to make new provisions regarding a participant’s
protected health information that we maintain, as allowed or required by law. If we make any material change
to this Notice, we will provide a participant with a copy of our revised Notice of Privacy Practices by email
to their last known email address, or mail to their last known mailing address.
How We May Use and Disclose Participants’ Protected Health Information
Under the law, we may use or disclose participant protected health information under certain circumstances without
the participant’s permission. The following categories describe the different ways that we may use and disclose a
participant’s protected health information. For each category of uses or disclosures we will explain what we mean
and present some examples. Not every use or disclosure in a category will be listed. However, all of the ways we
are permitted to use and disclose information will fall within one of the categories.
For Treatment
We may use or disclose a participant’s protected health information to facilitate medical treatment or services by
providers. We may disclose medical information about a participant to providers, including doctors, nurses, technicians,
medical students, or other hospital personnel who are involved in taking care of a participant. For example, we might
disclose information about a participant’s prior prescriptions to a pharmacist to determine if prior prescriptions
contra indicate a pending prescription.
For Payment
We may use or disclose a participant’s protected health information to determine a participant’s eligibility for benefits,
to facilitate payment for the treatment and services a participant receives from health care providers, to determine
benefit responsibility under the covered entity, or to coordinate covered entity’s coverage. For example, we may tell a
participant’s health care provider about a participant’s medical history to determine whether a particular treatment is
experimental, investigational, or medically necessary, or to determine whether the Plan will cover the treatment. We
may also share a participant’s protected health information with a utilization review or pre-certification service provider.
Likewise, we may share a participant’s protected health information with another entity to assist with the adjudication or
subrogation of health claims or to another health plan to coordinate benefit payments.
For Health Care Operations
We may use and disclose a participant’s protected health information for other covered entity operations. These uses and
disclosures are necessary to run the covered entity. For example, we may use medical information in connection with conducting
quality assessment and improvement activities; underwriting, premium rating, and other activities relating to Plan coverage;
submitting claims for stop-loss (or excess-loss) coverage; conducting or arranging for medical review, legal services, audit
services, and fraud & abuse detection programs; business planning and development such as cost management; and business
management and general administrative activities. If use or disclosure of protected health information is made for underwriting
purposes, any such protected health information that is genetic information of an individual is prohibited from being used or
disclosed.
To Other Parties
We may contract with other individuals or entities to perform various functions on our behalf or to provide certain types of
services. In order to perform these functions or to provide these services, these individuals will receive, create, maintain,
use and/or disclose a participant’s protected health information, but only after they agree in writing with us to implement
appropriate safeguards regarding a participant’s protected health information. For example, we may disclose a participant’s
protected health information to a third party to administer claims or to provide support services, such as utilization management,
pharmacy benefit management or subrogation, but only after the third party enters into an agreement with us.
As Required by Law
We will disclose a participant’s protected health information when required to do so by federal, state or local law. For example,
we may disclose a participant’s protected health information when required by national security laws or public health disclosure laws.
To Avert a Serious Threat to Health or Safety
We may use and disclose a participant’s protected health information when necessary to prevent a serious threat to a
participant’s health and safety, or the health and safety of the public or another person. Any disclosure, however,
would only be to someone able to help prevent the threat. For example, we may disclose a participant’s protected health
information in a proceeding regarding the licensure of a physician.
To Plan Sponsors
For the purpose of administering a Covered Entity, we may disclose protected health information to certain employees
of an employer. However, those employees will use or disclose that information only as necessary to perform plan
administration functions or as otherwise required by HIPAA, unless the participant whose PHI is in question has
authorized further disclosures. A participant’s protected health information cannot be used for employment purposes
without a participant’s specific authorization.
Special Situations
In addition to the above, the following categories describe other possible
ways that we may use and disclose a participant’s protected health information.
For each category of uses or disclosures, we will explain what we mean
and present some examples. Not every use or disclosure in a category will
be listed. However, all of the ways we are permitted to use and disclose
information will fall within one of the categories.
Organ and Tissue Donation
If a participant is an organ donor, we may release a participant’s protected
health information to organizations that handle organ procurement or organ,
eye or tissue transplantation or to an organ donation bank, as necessary
to facilitate organ or tissue donation and transplantation.
Military and Veterans
If a participant is a member of the armed forces, we may release a participant’s
protected health information as required by military command authorities. We may
also release protected health information about foreign military personnel to
the appropriate foreign military authority.
Workers’ Compensation
We may release a participant’s protected health information for workers’
compensation or similar programs. These programs provide benefits for
work-related injuries or illness.
Public Health Risks
We may disclose a participant’s protected health information for public
health actions. These actions generally include the following:
- To prevent or control disease, injury or disability;
- To report births and deaths;
- To report child abuse or neglect;
- To report reactions to medications or problems with products;
- To notify people of recalls of products they may be using;
-
To notify a person who may have been exposed to a disease or may be
at risk for contracting or spreading a disease or condition; and
To notify the appropriate government authority if we believe that a patient
has been the victim of abuse, neglect or domestic violence. We will only
make this disclosure if a participant agrees, or when required or authorized by law.
Health Oversight Activities
We may disclose a participant’s protected health information to a health
oversight agency for activities authorized by law. These oversight activities
include, for example, audits, investigations, inspections, and licensure.
These activities are necessary for the government to monitor the health
care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes
If a participant is involved in a lawsuit or a dispute, we may disclose a
participant’s protected health information in response to a court or administrative
order. We may also disclose a participant’s protected health information in
response to a subpoena, discovery request, or other lawful process by someone
else involved in the dispute, but only if efforts have been made to tell a
participant about the request or to obtain an order protecting the information
requested.
Law Enforcement
We may disclose a participant’s protected health information if asked
to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
-
About the victim of a crime if, under certain limited circumstances,
we are unable to obtain the victim’s agreement;
- About a death that we believe may be the result of criminal conduct;
- About criminal conduct; and
In emergency circumstances to report a crime; the location of the crime or
victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors
We may release protected health information to a coroner or medical examiner.
This may be necessary, for example, to identify a deceased person or determine
the cause of death. We may also release medical information about patients
to funeral directors as necessary to carry out their duties.
National Security and Intelligence Activities
We may release a participant’s protected health information to authorized
federal officials for intelligence, counterintelligence, and other national
security activities authorized by law.
Inmates
If a participant is an inmate of a correctional institution or is under the
custody of a law enforcement official, we may disclose a participant’s protected
health information to the correctional institution or law enforcement official
if necessary (1) for the institution to provide a participant with health
care; (2) to protect a participant’s health and safety or the health and
safety of others; or (3) for the safety and security of the correctional
institution.
Research
We may disclose a participant’s protected health information to researchers when:
- The individual identifiers have been removed; or
When an institutional review board or privacy board (1) has reviewed the
research proposal; and (2) established protocols to ensure the privacy of
the requested information, and approves the research.
Required Disclosures
The following is a description of disclosures of a participant’s protected
health information we are required to make.
Government Audits
We are required to disclose a participant’s protected health information
to the Secretary of the United States Department of Health and Human Services
when the Secretary is investigating or determining our compliance with the
HIPAA privacy rule.
Disclosures to a Participant
When a participant requests, we are required to disclose to a participant
the portion of that participant’s protected health information that contains
medical records, billing records, and any other records used to make decisions
regarding a participant’s health care benefits. We are also required, when
requested, to provide a participant with an accounting of most disclosures
of a participant’s protected health information where the disclosure was
for reasons other than for payment, treatment or health care operations,
and where the protected health information not disclosed pursuant to a participant’s
individual authorization. Such requests must be made through the Covered Entity.
Other Disclosures
Personal Representatives
We will disclose a participant’s protected health information to individuals
authorized by a participant, or to an individual designated as a participant’s
personal representative, attorney-in- fact, etc., so long as a participant
provides us with a written notice/authorization and any supporting documents
(i.e., power of attorney). Note: Under the HIPAA privacy rule, we do not have
to disclose information to a personal representative if we have a reasonable
belief that:
-
A participant has been, or may be, subjected to domestic violence, abuse or
neglect by such person;
-
Treating such person as a participant’s personal representative could
endanger a participant; or
In the exercise of professional judgment, it is not in a participant’s best
interest to treat the person as a participant’s personal representative.
Fundraising
Prior to disclosing a participant’s protected health information in the case
of fundraising efforts, the participant will be notified prior to receiving
such fundraising communications. Such communication will provide the participant
with the option of opting-out of receiving such communications. Additionally,
uses and disclosures of PHI for marketing purposes and disclosures that
constitute a sale of PHI will require authorization.
Authorizations
Other uses or disclosures of a participant’s protected health information
not described above will only be made with a participant’s written authorization.
Where appropriate, most uses and disclosures of psychotherapy notes will require a
participant’s authorization.
A participant may revoke written authorization at any time, so long as the
revocation is in writing. Once we receive a participant’s written revocation,
it will only be effective for future uses and disclosures. It will not be
effective for any information that may have been used or disclosed in reliance
upon the written authorization and prior to receiving a participant’s written
revocation.
A Participant’s Rights
A Participant has the following rights with respect to his or her protected health information:
Right to Access
A participant has the right to inspect and copy certain protected health
information that may be used to make decisions about a participant’s health
care benefits. To inspect and copy a participant’s protected health information,
a participant must submit a participant’s request in writing to the Covered Entity.
If a participant requests a copy of the information, we may charge a reasonable fee
for the costs of copying, mailing or other supplies associated with a participant’s
request.
Additionally, a participant has the right to request electronic copies of certain
protected health information in a designated record set. We will provide such
information in the electronic form and format requested by the participant, provided
it is readily producible. If the requested form and format are not readily producible,
we will provide the information in a readable electronic form and format that is mutually
agreed upon with the requesting participant. If a participant requests a copy of the
electronic information, we may charge a reasonable fee for the labor costs and supplies
involved in creating the information.
We may deny a participant’s request to inspect and copy in certain very limited
circumstances. If a participant is denied access to his or her medical information,
a participant may request that the denial be reviewed by submitting a written request
to the Covered Entity.
Right to Amend
If a participant feels that the protected health information we have about that
participant is incorrect or incomplete, a participant may ask the Covered Entity
to amend the information. A participant has the right to request an amendment for
as long as the information is kept by or for the Covered Entity.
To request an amendment, a participant’s request must be made in writing
and submitted to the Covered Entity. In addition, a participant must provide
a reason that supports a participant’s request.
We may deny a participant’s request for an amendment if it is not in writing
or does not include a reason to support the request. In addition, we may deny a
participant’s request if a participant asks us to amend information that:
- Is not part of the medical information kept by or for the Plan;
-
Was not created by us, unless the person or entity that created the
information is no longer available to make the amendment;
-
Is not part of the information that a participant would be permitted to inspect and copy; or
- Is already accurate and complete.
If we deny a participant’s request, a participant has the right to file a
statement of disagreement with us and any future disclosures of the disputed
information will include the participant’s statement.
Right to an Accounting of Disclosures
A participant has the right to request an “accounting” of certain disclosures
of his or her protected health information. The accounting will not include (1)
disclosures for purposes of treatment, payment, or health care operations; (2)
disclosures made to a participant; (3) disclosures made pursuant to a participant’s
authorization; (4) disclosures made to friends or family in a participant’s presence or
because of an emergency; (5) disclosures for national security purposes; and (6)
disclosures incidental to otherwise permissible disclosures.
To request this list or accounting of disclosures, a participant must
submit the participant’s request in writing to the Covered Entity. A participant’s
request must state a time period of not longer than six years
A participant’s request should indicate in what form the participant wants
the list (for example, paper or electronic). The first list a participant
requests within a 12-month period will be provided free of charge. For additional
lists, we may charge a participant for the costs of providing the list. We
will notify a participant of the cost involved and a participant may choose
to withdraw or modify a participant’s request at that time before any costs
are incurred.
Right to Request Restrictions
A participant has the right to request a restriction or limitation on a
participant’s protected health information that we use or disclose for
treatment, payment or health care operations. A participant also has the
right to request a limit on a participant’s protected health information
that we disclose to someone who is involved in a participant’s care or the
payment for a participant’s care, like a family member or friend. For example,
a participant could ask that we not use or disclose information about a
surgery that a participant had.
If a participant requests a restriction, it is the participant’s responsibility
to notify any other entity that may be impacted by the requested restriction.
We are not required to agree to a participant’s request. However, if we do
agree to the request, we will honor the restriction until a participant
revokes it or we notify the participant.
To request restrictions, a participant must make a participant’s request in
writing to the Covered Entity. In a participant’s request, the participant
must tell us (1) what information a participant wants to limit; (2) whether
a participant wants to limit our use, disclosure, or both; and (3) to whom a
participant wants the limits to apply—for example, disclosures to a participant’s spouse.
Right to Request Confidential Communications
A participant has the right to request that we communicate with a participant
about medical matters in a certain way or at a certain location. For example,
a participant can ask that we only contact the participant at work or by mail.
To request confidential communications, a participant must make the participant’s
request in writing to the Covered Entity. We will not ask a participant the
reason for the participant’s request. A participant’s request must specify
how or where the participant’s wishes to be contacted. We will accommodate
all reasonable requests if the participant clearly provides information that
the disclosure of all or part of a participant’s protected information could
endanger a participant.
Right to Receive Notification of a Breach
A participant has the right to receive notification of any breach of your
protected health information. Such notice will be provided to participants
within sixty (60) days of the breach being identified.
Right to a Paper Copy of This Notice
You have the right to a paper copy of this notice. You may ask us to give you a
copy of this notice at any time. Even if the participant has agreed to receive
this notice electronically, you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our website,
www.prairieontheweb.com
To obtain a paper copy of this notice, contact Michou Reichelsdorfer, Prairie
States Enterprises, Inc. PO Box 23, Sheboygan, WI 53082-0023
Complaints
If you believe that your privacy rights have been violated, you may file a
complaint with us or with the Office for Civil Rights. To file a complaint
with us, contact Michou Reichelsdorfer, President, 920-451-7020 All complaints
must be submitted in writing. You will not be penalized, or in any other way
retaliated against, for filing a complaint with the Office of Civil Rights or with us.