Call us: 1-800-852-8300 | [email protected]

Medical Privacy

Home / Medical Plans / Medical Privacy Policy

Printable Version (pdf)

MMEHT takes very seriously the protection of your protected health Information, in accordance with all applicable state and federal laws.  Please review our Notice of Privacy Practices below.

Medical privacy laws require that we have a HIPAA Authorization form on file in order to speak with providers or family members on your behalf.

MAINE MUNICIPAL EMPLOYEES HEALTH TRUST

HIPAA NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

The Maine Municipal Employees Health Trust (“MMEHT”) group health plan (the “Plan”) provides self-funded health benefits. The Plan is subject to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). This Notice of Privacy Practices (the “Notice”), which was originally effective on April 14, 2003, has been updated to comply with HIPAA.  All provisions in this revised Notice are effective as of January 1, 2026.

If you have any questions about this Notice, please contact the MMEHT Member Services Manager by phone at 1-800-852-8300, or by e-mail at [email protected].

In general, HIPAA protects only certain medical information known as protected health information (“PHI”). PHI is individually identifiable health information – oral, written or electronic – collected from you or created or received by a health care provider, a health plan, or your employer on behalf of a group health plan, which relates to:

  • your past, present or future physical or mental health or condition;
  • the provision of health care to you; or the past, present; or
  • future payment for the provision of health care to you.

The MMEHT will not disclose your PHI without your authorization, unless it is necessary to provide your health benefits, administer your benefit plan, or as otherwise required or permitted by law. The MMEHT makes sure that access to your PHI is restricted to those employees who need to know that information to conduct our business. The MMEHT employees have been trained on HIPAA compliant policies and procedures to protect your privacy.

This Notice will let you know the following:

  1. how the Plan uses and discloses your PHI;
  2. what your rights are with respect to your PHI;
  3. what the Plan’s duties are with respect to your PHI;
  4. when and how to file a complaint with the Plan, and with the Secretary of the U.S. Department of Health and Human Services; and
  5. who to contact for further information about the Plan’s privacy policies and practices.

 

1.  How the Plan Uses and Discloses your PHI

The Plan may use or disclose your PHI, without your authorization, in the following circumstances:

  1. Treatment. “Treatment” means provision, coordination or management of health care and related services. It also includes, but is not limited to, consultations and referrals between one or more of your providers. The Plan may disclose your PHI to your health care provider (for example, your doctor, or a hospital in which you are staying), so that the provider can coordinate, provide, or manage your health care and related services.
     
  2. Payment. “Payment” means actions to make coverage determinations and payment (including billing, claims management, subrogation, plan reimbursement, reviews for medical necessity and appropriateness of care, and utilization review and pre-authorizations). The Plan may use and disclose your PHI to determine and fulfill our responsibility to provide your health plan benefits. For example, the Plan may tell your physician whether or not you are eligible for coverage, at what percentage your benefits will be paid under the Plan, or to coordinate payment with another plan under which you are covered.
     
  3. Health Care Operations. Health care operations include, but are not limited to, customer service activities, quality assessment and improvement, reviewing competence or qualifications of health care professionals, underwriting, premium rating and other insurance activities relating to creating or renewing insurance contracts. Health care operations also include disease management, case management, conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse compliance programs, business planning and development, business management and general administrative activities. For example, the Plan may use information about your claims to project future benefit costs and premiums for Health Trust participating groups, to audit the accuracy of claims processing functions, or to perform or negotiate discounts for case management functions.  However, the Plan is prohibited by law from using or disclosing any of your genetic information for such underwriting purposes.
     
  4. As Required By Law. The Plan will disclose medical information about you when required to do so by federal, state, or local law. Generally, the Plan may disclose PHI when required by a court order in a litigation proceeding such as a malpractice action.
     
  5. Workers’ Compensation. We may disclose your PHI when necessary to comply with Workers’ Compensation laws.

 

2) Uses and Disclosures that Require Your Written Authorization

Except as described above, no disclosure of PHI or use of PHI will be made without your prior written authorization and consent. In particular, uses or disclosures of your PHI for sales or marketing purposes will require your authorization.  In addition, the Plan may not use or disclose psychotherapy notes without your written authorization except for limited purposes. The Plan does not maintain or have access to psychotherapy notes.   

If you give the Plan written authorization to use or disclose your medical information for a purpose that is not described in this Notice, then, in most cases, you may revoke your authorization and consent at any time. Your revocation will be effective for all your PHI that the Plan maintains, to the extent that the Plan has not already used or disclosed PHI in reliance on your authorization.
 

Substance Use Disorder Records

Certain health information the Plan may receive and maintain may be protected under the federal Confidentiality of Substance Use Disorder (“SUD”) set forth under 42 CFR Part 2, which provides extra protections for SUD treatment records maintained by Part 2 programs, as defined under 42 CFR Section 2.11. These records may be related to the diagnosis, treatment, or referral for treatment for a substance use disorder. In the event the Plan was to obtain SUD treatment records from a Part 2 program, the Plan may use or disclose your SUD records only as allowed under 42 CFR Part 2, and in most cases only with your written authorization obtained by the Part 2 program. Once you sign the written authorization, your SUD information may be used or disclosed for the following purposes:

  1. for treatment, payment, or health care operations
  2. to your health plan or other providers that help coordinate your care
  3. to contractors or business associates working on the Plan’s behalf

SUD treatment records received from Part 2 programs shall not be used or disclosed in civil, criminal, administrative, or legislative proceedings against the individual unless based on written consent, or a court order after notice and an opportunity to be heard is provided to the individual or the holder of the record, as provided under 42 CFR Part 2.

Your written authorization is valid until you revoke it in writing. If you revoke your authorization, the Plan will no longer share your information, except where already used or disclosed.

 

3) Your Rights with Respect to your PHI

You have several rights with regard to PHI that the Plan maintains about you. These rights include:

  1. The Right to Request Additional Restrictions. You may ask the Plan to restrict uses and disclosures of your PHI for the purposes of treatment, payment and health care operations described above. The Plan will consider all requests for restrictions carefully; however, the Plan is not required to agree to a requested restriction.
     
  2. Right to Receive Confidential Communications. You may ask to receive communications of your PHI from the Plan, by alternate means of communication or at an alternate address. The Plan will consider all requests for alternate communications carefully; however, the Plan is not required to agree to all requests.
     
  3. Right to Inspect and Copy Your Confidential Information. You may ask to inspect or obtain a copy of your PHI, if it is included in certain records maintained by the Plan. There may, however, be times when the Plan will have to deny you access to certain portions of your records. The Plan also may charge you a fee to cover the costs of copying and mailing your records.
     
  4. Right to Amend Your Records. You have the right to ask the Plan to amend your PHI that is maintained in our records. If the Plan determines that our record is incorrect, and if the law allows us to change it, the Plan will change it. However, if your doctor or another person created PHI that you want to change, you should ask that person to amend the PHI.
     
  5. Right to Receive Paper Copy of Privacy Notice. You have the right to receive a paper copy of this Notice, even if you had previously agreed to receive the Notice electronically. To receive a paper copy of this Notice, please contact the MMEHT Member Services Manager, at 1-800-852-8300.
     
  6. Right to Receive an Accounting of Disclosures. You have the right to receive an accounting of any disclosures the Plan has made of your PHI. This accounting will not include:
  1. any disclosures made before April 14, 2003;
  2. any disclosures made for treatment, payment, or health care operations;
  3. any disclosures made earlier than six (6) years before the date of your request; and
  4. certain other disclosures that are excepted by law.

If you request an accounting of disclosures more than once during any 12-month period, we may charge you a reasonable fee for each accounting statement after the first one.

  1. Right to Receive a Notification of Breach. You have the right to receive a notification in the event that any breach of your unsecured PHI occurs.  Such notification will be provided as soon as possible after a breach occurs.
     
  2. Right to Opt Out of Fundraising Communications. You have the right to opt out of receiving any fundraising communications from the Plan.
     

4) The Plan’s Duties with Respect to your PHI

The Plan is required by law to maintain the privacy of your PHI, to provide you with notice of our legal duties and privacy practices, and to comply with the terms of this Notice. However, the Plan reserves the right to change its privacy practices and to apply the changes to any PHI received or maintained by the Plan, even if received by the Plan prior to the change. If a privacy practice is changed, we will notify all participants for whom the Plan still maintains PHI, via a notice in the MMEHT quarterly “Wellness Works” newsletter and a notice posted on the MMEHT’s website, at mmeht.org. Such notice will be given within 60 days of the effective date of any material change to the Plan’s privacy procedures. When using or disclosing PHI or when requesting PHI from another covered entity, the Plan will not use, disclose or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations. However, this “minimum necessary” standard will not apply in the following situations:

    1. uses or disclosures made to the individual patient;

    2. disclosures made to the Secretary of the U.S. Department of Health and Human Services;

    3. uses or disclosures that are required by law; and

    4. uses or disclosures that are required for the Plan’s compliance with legal regulations.

 

5) When and How to file a Complaint with the Plan or the HHS Secretary

If you believe that your privacy rights have been violated, you may file a complaint with the Plan, or with the Secretary of the United States Department of Health and Human Services. To file a complaint with the Plan, please contact the MMEHT Member Services Manager by phone 1-800-852-8300; by email at [email protected]; or mail to 60 Community Drive, Augusta, ME 04330.

To file a complaint with the OCR, write to: Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Room 509F HHH Building, Washington, D.C. 20201. You can also get more information about online filing of complaints at https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html. You will not be penalized, discriminated or retaliated against for filing a complaint.
 

6) Who to Contact for Further Information about the Plan’s Privacy Policies and Practices

If you have any questions about this Notice or about any of the subjects addressed in it, please contact the MMEHT Member Services Manager by phone at 1-800-852-8300; or by email at [email protected] ; or mail to 60 Community Drive, Augusta, ME 04330.
 

Maine Notice of Additional Privacy Rights

The Maine Insurance Information and Privacy Protection Act provides consumers with the following additional rights:

1) The right to:

  1. obtain access to the consumer’s recorded personal information in the possession or control of a regulated insurance entity;
  2. request correction if the consumer believes the information to be inaccurate; and
  3. add a rebuttal statement to the file if there is a dispute;

2) The right to know the reasons for an adverse underwriting decision (previous adverse underwriting decisions may not be used as the basis for subsequent underwriting decisions unless the carrier makes an independent evaluation of the underlying facts); and

3) The right, with very narrow exceptions, not to be subjected to pretext interviews.