HIPAA Notice Of Privacy Practices For Protected Health Information ("PHI")
For CELTIC Insurance Company ("Celtic")
Effective November 1, 2003
This Notice Describes How Medical Information About You May Be Used and Disclosed and How You Can Get Access to This Information Please Review It Carefully.
Celtic is committed to protecting the confidentiality and security of information it collects about you and does not share information about you with any other companies for their use in marketing products to you. If the practices described in this Notice are acceptable to you, there is nothing you need to do. If after reading this notice you still have questions, feel free to send them to Attn: HIPAA Privacy Officer, 233 South Wacker Drive, Suite 700, Chicago, IL 60606.
You have received this notice because of your proposed or actual health insurance coverage with Celtic Insurance Company. Celtic is required by federal law to maintain the privacy of your Protected Health Information ("PHI"), and to provide you with this notice of its legal duties and privacy practices regarding your PHI. Celtic is required to abide by the terms of this notice as currently in effect, and reserves the right to change the terms of this notice and to make new notice provisions effective for all PHI that it maintains. Notice of any such changes will be provided to you.
1. Protected Health Information ("PHI"):
This notice describes how Celtic may use and disclose your PHI if needed, to carry out treatment, payment or health care operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI, which is individually identifiable information that relates to your past, present or future health or condition and related health care services. Examples of PHI used by Celtic include, but are not limited to, your application for coverage and claims submitted by you or health care providers on your behalf.
2. Uses and Disclosures of PHI for Treatment, Payment and Health Care Operations:
Your PHI may be used and disclosed by Celtic for purposes of payment or health care operations. Celtic may use or share your PHI with providers for payment purposes. Celtic may share your PHI with third party "business associates" that perform various functions for the Company. Celtic maintains written agreements with its business associates contractually binding them to protect the privacy of your PHI. Celtic may use or disclose, as needed, your PHI to support the Company's business activities related to providing health insurance benefits. These activities may include, but are not limited to, quality assessment, underwriting, premium rating, actuarial analysis, reinsurance, medical review, legal services, auditing, fraud and abuse detection, regulatory compliance, business planning and development, and general management and administration.
3. Other Permitted and Required Uses and Disclosures That May Be Made Without Your Consent, Authorization or Opportunity to Object:
Celtic may use or disclose your PHI in certain circumstances without your consent or authorization. These situations may include, but are not limited to, the following:
Required by Law: Celtic may use or disclose your PHI to the extent state or federal law requires use or disclosure. Any use or disclosure will be compliant with applicable law, and will be limited to the requirements of such law. Celtic will notify you of the uses or disclosures if the law requires such notification.
Public Health: Celtic may disclose our PHI to a public health authority for public health activities and purposes if applicable law permits the authority to collect or receive the information. Celtic also may disclose your PHI, when directed by a public health authority, to a foreign government agency that is collaborating with such authority.
Health Oversight: Celtic may disclose PHI to a health oversight agency for activities authorized by state or federal law, such as audits and investigations.
Abuse or Neglect: Celtic may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. Furthermore, Celtic may disclose your PHI to the governmental entity authorized to receive such information, in accordance with state or federal law, if the Company reasonably believes that you have been a victim of abuse, neglect or domestic violence.
Legal Proceedings: Celtic may disclose PHI in the course of judicial or administrative proceedings, in response to a court order or administrative tribunal, to the extent such disclosure is expressly authorized, and in response to a subpoena, discovery request, or other lawful purpose.
Military Activity and National Security: Celtic may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits; or (3) to a foreign military authority if you are a member of that foreign military. Celtic also may disclose your PHI to authorized federal officials for conducting national security and intelligence activities.
4. Other Permitted or Required Uses and Disclosures That May Be Made With Your Consent, Authorization, or Opportunity to Object:
Celtic may use or disclose your PHI in certain circumstances with your consent, authorization or if you have no objection. You have the opportunity to agree or object to the use or disclosure of all or part of your PHI. If you are not present or able to agree or object to the use or disclosure of your PHI, then Celtic may determine, using professional judgment, whether such use or disclosure is in your best interest. If such circumstances arise, only the PHI that is necessary and relevant to the provision of your health insurance benefits will be disclosed.
EOBs Sent to Primary Insured: Unless you object and instruct otherwise, all explanations of benefits ("EOBs"), including for all covered family members and eligible dependents, will be sent to the primary insured person.
5. Uses and Disclosures of PHI Based Upon Your Written Authorization:
Celtic may engage in other uses and disclosures of your PHI upon receiving your written authorization. You may revoke an authorization, in writing, at any time, except to the extent that an action has been taken in reasonable reliance on the use or disclosure indicated in the authorization.
6. Your Rights: The following is a description of your rights with respect to your PHI and a brief description of how you may exercise those rights.
Inspect and Copy Your PHI:
You may obtain and inspect a copy of your PHI that is in a designated record set for as long as Celtic maintains it. However, federal law prohibits Celtic from allowing an inspection or copy of psychotherapy notes; privileged information compiled in reasonable anticipation of or use in a legal proceeding; or PHI that is subject to a law which prohibits its access. If you wish to receive a copy of your PHI, your request must be made using Celtic's "Medical Records Request" form. You may request this form by submitting a written request to Attn: HIPAA Records Request Department, Celtic Insurance Company, 233 S. Wacker Dr., Suite 700, Chicago, IL 60606. Note that there is a fee of $25 per provider that must be received by Celtic from you before records will be released. Since your health care providers are the original source of this information, and they may or may not charge a fee for copies, you may wish to request this information from your provider(s) before requesting it from Celtic.
Place a Restriction on Your PHI: You may request that Celtic not use or disclose your PHI. Your request should be in writing, it must state the specific restriction requested, and it must state to whom the restriction applies. Your request should be sent to: Attn: Policyowner Service Department, Celtic Insurance Company, 200 S. Wacker Dr., Suite 900, Chicago, IL 60606. Celtic is not required to agree to a request for such a restriction, but will deny such a request only for a reasonable reason and will provide a written explanation of the reason for the denial. If Celtic agrees to the restriction, it may still disclose your PHI as permitted by law, or if your restricted PHI is needed for emergency medical treatment.
Alternative Means of Receiving Confidential Communications: You have the right to request that Celtic send and/or receive confidential communications by alternative means or to an alternative location. Celtic will accommodate your reasonable requests. Your request should be sent to: Attn: Policyowner Service Department, Celtic Insurance Company, 200 S. Wacker Dr., Suite 900, Chicago, IL 60606.
Amend Your PHI: You may request an amendment to your PHI in a designated record set for as long as Celtic maintains this information. Your request must be in writing, provide a reason to support the requested amendment, and sent to Attn: HIPAA Records Request Department, Celtic Insurance Company, 233 S. Wacker Dr., Suite 700, Chicago, IL 60606. In certain circumstances, Celtic may deny your request for an amendment. If Celtic denies your request for an amendment, you have the right to submit a statement of disagreement and Celtic may prepare a rebuttal to your statement. Celtic will provide you with a copy of any rebuttal. Since your health care providers are the original source of this information, you may consider making a request to amend your PHI directly to the individual providers.
Receive an Accounting of Certain Disclosures: You have the right to request an accounting of disclosures Celtic has made of your PHI. However, this right does not include any disclosures Celtic has made for purposes of treatment, payment or healthcare operations as described in this notice, nor does it include disclosures made for notification purposes. Please note that at the current time Celtic does not disclose PHI for any reason other than treatment, payment or healthcare operations.
Complaints: You have the right to voice a complaint to the U.S. Secretary of Health and Human Services if you believe your privacy rights have been violated. You also may file a complaint with Celtic by sending it to Attn: HIPAA Privacy Officer, 233 South Wacker Drive, Suite 700, Chicago, IL 60606. Celtic will not retaliate against you for filing a complaint.