Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice applies to Sanford Health Plan. If you have questions about this Notice, please contact our Member Services Department at (800) 752-5863. You may also email your questions to firstname.lastname@example.org.
This Notice describes how we will use and disclose your health information. The terms of this Notice apply to all health information generated or received by Sanford Health Plan, whether recorded in our business records, your medical record, billing invoices, paper forms, or in other ways.
HOW WE USE AND DISCLOSE YOUR HEALTH INFORMATION
We use or disclose your health information as follows: (In Minnesota we will obtain your prior consent):
- Help manage the health care treatment you receive: We can use your health information and share it with professionals who are treating you. For example, a doctor may send us information about your diagnosis and treatment plan so we can arrange additional services.
- Pay for your health services: We can use and disclose your health information as we pay for your health services. For example, we share information about you with your primary care physician to coordinate payment for those services.
- For our healthcare operations: We may use and share your health information for our day-to-day operations, to improve our services, and contact you when necessary. For example, we use health information about you to develop better services for you. We are not allowed to use genetic information to decide whether we will give you coverage and the price of that coverage. This does not apply to long term care plans.
- Administer your plan: We may disclose your health information to your health plan sponsor for plan administration. For example, your company contracts with us to provide a health plan, and we provide your company with certain statistics to explain the premiums we charge.
We may share your health information in the following situations unless you tell us otherwise. If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest or needed to lessen a serious and imminent threat to health or safety:
- Friends and Family: We may disclose to your family and close personal friends any health information directly related to that person’s involvement in payment for your care.
- Disaster Relief: We may disclose your health information to disaster relief organizations in an emergency.
We may also use and share your health information for other reasons without your prior consent:
- When required by law: We will share information about you if state or federal law require it, including with the Department of Health and Human services if it wants to see that we’re complying with federal privacy law.
- For public health and safety: We can share information in certain situations to help prevent disease, assist with product recalls, report adverse reactions to medications, and to prevent or reduce a serious threat to anyone’s health or safety.
- Organ and tissue donation: We can share information about you with organ procurement organizations.
- Medical examiner or funeral director: We can share information with a coroner, medical examiner, or funeral director when an individual dies.
- Workers’ compensation and other government requests: We can share information to employers for workers’ compensation claims. Information may also be shared with health oversight agencies when authorized by law, and other special government functions such as military, national security and presidential protective services.
- Law enforcement: We may share information for law enforcement purposes. This includes sharing information to help locate a suspect, fugitive, missing person or witness.
- Lawsuits and legal actions: We may share information about you in response to a court or administrative order, or in response to a subpoena.
- Research: We can use or share your information for certain research projects that have been evaluated and approved through a process that considers a patient’s need for privacy.
We may contact you in the following situations:
- Treatment options: To provide information about treatment alternatives or other health related benefits or Sanford Health Plan services that may be of interest to you.
- Fundraising: We may contact you about fundraising activities, but you can tell us not to contact you again.
YOUR RIGHTS THAT APPLY TO YOUR HEALTH INFORMATION
When it comes to your health information, you have certain rights.
- Get a copy of your health and claims records: You can ask to see or get a paper or electronic copy of your health and claims records and other health information we have about you. We will provide a copy or summary to you usually within 30 days of your request. We may charge a reasonable, cost-based fee.
- Ask us to correct your health and claims records: You can ask us to correct health information that you think is incorrect or incomplete. We may deny your request, but we’ll tell you why in writing. These requests should be submitted in writing to the contact listed below.
- Request confidential communications: You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. Reasonable requests will be approved. We must say “yes” if you tell us you would be in danger if we do not.
- Ask us to limit what we use or share: You can ask us to restrict how we share your health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
- Get a list of those with whom we’ve shared information: You can ask for a list (accounting) of the times we’ve shared your health information for six years prior, who we’ve shared it with, and why. We will include all disclosures except for those about your treatment, payment, and our health care operations, and certain other disclosures (such as those you asked us to make). We will provide one accounting a year for free, but we will charge a reasonable cost-based fee if you ask for another within 12 months.
- Get a copy of this privacy notice: You can ask for a paper copy of this Notice at any time, even if you have agreed to receive it electronically. We will provide you with a paper copy promptly.
- Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- File a complaint if you feel your rights are violated: You can complain to the U.S. Department of Health and Human Services Office for Civil Rights if you feel we have violated your rights. We can provide you with their address. You can also file a complaint with us by using the contact information below. We will not retaliate against you for filing a complaint.
Sanford Health Plan
Customer Service Department
PO Box 91110
Sioux Falls, SD 57109-1110
OUR RESPONSIBILITIES REGARDING YOUR HEALTH INFORMATION
- We are required by law to maintain the privacy and security of your health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your health information.
- We must follow the duties and privacy practices described in this Notice and offer to give you a copy.
- We will not use, share, or sell your information for marketing or any purpose other than as described in this Notice unless you tell us to in writing. You may change your mind at any time by letting us know in writing.
CHANGES TO THIS NOTICE
We may change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available upon request and on our website www.sanfordhealthplan.com.
This Notice of Privacy Practices is effective September 23, 2013.
NOTICE OF ORGANIZED HEALTH CARE ARRANGEMENT FOR SANFORD HEALTH PLAN
Sanford Health Plan and Sanford Health Plan of Minnesota have agreed, as permitted by law, to share your health information among themselves for the purposes of treatment, payment, or healthcare operations. This notice is being provided to you as a supplement to this Notice of Privacy Practices.
Confidentiality and Disclosure of Personal Health Information
Sanford Health Plan receives and maintains a great deal of personal health information about our Members and we protect the privacy of all patient information in accordance with state privacy and federal HIPAA regulations. We will share personal health information of Members as necessary to carry out treatment, payment, and health care operations as permitted by law.
We are required by law to maintain the privacy of our Members' personal health information and to provide Members with notice of our legal duties and privacy practices with respect to your personal health information.
No use or disclosure of personal health information may be made by any applicable person to a plan sponsor (i.e. employer) unless at least one of the following conditions is met:
- Sanford Health Plan receives a signed certification from the employer that the plan documents restrict the use and disclosure of personal health information as required by the HIPAA regulations on privacy and confidentiality, and that the employer agrees to comply with the restrictions, and the information has been requested by the employer for use in carrying out plan administrative functions only (i.e. employers must certify they do not use or disclose the information for employment-related actions and decisions);
- The information provided to the employer is summary health information, and the employer has requested it for the purpose of obtaining premium quotes, or determining whether to amend, modify or terminate the sponsored health plan (summary health information means personal health information that summarizes the claims history, claims expenses, or type of claims experienced by individuals for whom an employer has provided health benefits under a group health plan, and from which all individual identifiers are eliminated);
- The information provided to the employer is enrollment or disenrollment information or information on whether individuals are participating in the sponsored plan, and the employer has requested it for the purpose of administering the sponsored plan; or
- There is a signed authorization by the Member or the Member's representative which specifically authorizes the use or disclosure. A signed authorization form is required for uses by or disclosures to an employer if the use or disclosure does not meet the conditions described in paragraph 1, 2 or 3 above. Prior to any use by or disclosure to an employer under this paragraph 4, the procedures for obtaining and verifying authorization described in the policy for Obtaining and Complying With Member Authorizations must be followed.
Protection of Oral, Written and Electronic Information Across the Organization
All Members of our workforce are required to comply with the provisions of the Plan’s workforce policy on General Obligations Regarding Uses and Disclosures of Personal Health Information. We consider workforce to include employees (Part time, Full time, and PRN), volunteers, trainees, and other persons whose work performance is under the direct control of Sanford Health Plan, whether or not they are paid by Sanford Health Plan.
- Personal health information of a Member may not be used within Sanford Health Plan for non-health plan functions, unless such use or disclosure is specifically authorized by a signed authorization by the Member.
- When using, requesting or disclosing a Member's personal health information, all reasonable efforts are made to limit the information used, requested or disclosed to that which is minimally necessary to accomplish the purpose of the use or disclosure in accordance with our Minimum Necessary Policy.
- All workforce members must attend required educational and training sessions relating to privacy and confidentiality of personal health information.
- All workforce members must take reasonable steps to safeguard personal health information from any intentional or unintentional use or disclosure that is in violation of this or any other policy of Sanford Health Plan. Such safeguarding includes, but is not limited to, storing personal health information in a cabinet or closed file at the end of the workday; maintaining privacy during oral discussions of personal health information; restricting electronic transmission of personal health information to job related duties; and disposing of documents strictly in accordance with policies of Sanford Health Plan.
- Sanford Health Plan will take appropriate disciplinary measures against workforce members who violate any policy or procedure of Sanford Health Plan concerning the privacy of member information. Discipline for such infractions of our privacy policies and procedures may include reprimand, suspension, or discharge of the responsible workforce member, depending on the severity of the misconduct.