MMEHT takes very seriously the protection of your protected health Information, in accordance with all applicable state and federal laws. Please review our Notice of Privacy Practices, below.
Medical privacy laws require that we have a HIPAA Authorization form on file in order to speak with providers of family members on your behalf.
MAINE MUNICIPAL EMPLOYEES HEALTH TRUST
HIPAA NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The use and disclosure of Protected Health Information is regulated by a federal law known as HIPAA (the Health Insurance Portability and Accountability Act). You may find the HIPAA regulations at 45 Code of Federal Regulations Parts 160 and 164. This notice is a brief summary of the federal regulations. Should there be any inadvertent discrepancy between the information contained in this Notice, and the regulations, the regulations will govern.
This Notice describes the medical information practices of the Maine Municipal Employees Health Trust (MMEHT) group health plan (the “Plan”), as well as the practices of its Business Associates (such as contract administrators and insurance carriers for medical, dental, and vision that administer Plan claim payments.) This Notice, which was originally effective on April 14, 2003, has been updated to comply with federal law. All provisions in this revised Notice are effective as of September 23, 2013.
Please review this notice carefully. If you have any questions about this notice, please contact the MMEHT Member Services Manager by phone at 1-800-852-8300, or by e-mail at email@example.com.
The MMEHT understands that medical information about you and your dependents, and about your health, is personal. We are committed to protecting your medical information, and that of your dependents. We will not disclose confidential information without your authorization, unless it is necessary to provide your health benefits, administer your benefit plan, or as otherwise required or permitted by law. The Health Trust makes sure that access to your confidential information is restricted to those employees who need to know that information to conduct our business. Health Trust employees have been trained on policies and procedures to protect your privacy.
Under Federal law, the Plan is required to take reasonable steps to ensure the privacy of your Protected Health Information, or PHI. PHI includes all individually identifiable health information which is transmitted or maintained by the Plan, whether the information is transmitted or maintained orally, electronically, or in written form.
This Notice will let you know the following:
1. How we use and disclose your Protected Health Information (PHI):
2. What your privacy rights are with respect to your PHI;
3. What the Plan’s duties are with respect to your PHI;
4. When and how to file a complaint with the Plan, and with the Secretary of the U.S. Department of Health and Human Services; and
5. Who to contact for further information about the Plan’s privacy policies and practices.
1. How the Plan Uses and Discloses your Protected Health Information (PHI)
The Health Trust and/or its Business Associates may use or disclose your confidential information (also known as your Protected Health Information, or PHI), without your authorization, in the following circumstances:
a. Treatment. Treatment is defined as the provision, coordination or management of health care and related services. It also includes, but is not limited to, consultations and referrals between one or more of your providers. We may disclose your PHI to your health care provider (for example, your doctor, or a hospital in which you are staying), so that the provider can coordinate, provide, or manage your health care and related services. For example, we may provide the hospital where you are staying with the name of a doctor who has treated you in the past, so that the hospital can contact your doctor with questions about that treatment.
b. Payment. The term payment includes, but is not limited to, actions to make coverage determinations and payment (including billing, claims management, subrogation, plan reimbursement, reviews for medical necessity and appropriateness of care, and utilization review and preauthorizations). We may use and disclose your PHI to determine and fulfill our responsibility to provide your health plan benefits. For example, we may tell your physician whether or not you are eligible for coverage, at what percentage your benefits will be paid under the Plan, or to coordinate payment with another plan under which you are covered.
c. Health Care Operations. Health care operations include, but are not limited to, customer service activities, quality assessment and improvement, reviewing competence or qualifications of health care professionals, underwriting, premium rating and other insurance activities relating to creating or renewing insurance contracts. Health care operations also include disease management, case management, conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse compliance programs, business planning and development, business management and general administrative activities. For example, we may use information about your claims to project future benefit costs and premiums for Health Trust participating groups, to audit the accuracy of claims processing functions, or to perform or negotiate discounts for case management functions. However, if your PHI is used or disclosed for underwriting purposes, we are prohibited by law from using or disclosing any of your genetic information for such underwriting purposes.
d. As Required By Law. We will disclose medical information about you when we are required to do so by federal, state, or local law. For example, we may disclose medical information when required by a court order in a litigation proceeding such as a malpractice action. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
e. Workers’ Compensation. We may disclose your PHI when necessary to comply with Workers’ Compensation laws.
Except as described above, no disclosure of PHI or use of PHI will be made without your prior written authorization and consent. In particular, uses or disclosures of your PHI for marketing purposes will require your authorization. In addition, any disclosure that constitutes the sale of your PHI will require your authorization. Furthermore, once you have given your consent, you may revoke your authorization and consent at any time.
- Your Privacy Rights with Respect to your Protected Health Information (PHI)
You have several rights with regard to the Protected Health Information (PHI) that the Plan maintains about you. These rights include:a. The Right to Request Additional Restrictions. You may ask the Health Trust to restrict uses and disclosures of your PHI for the purposes of treatment, payment and health care operations described above. We will consider all requests for restrictions carefully; however, we are not required to agree to a requested restriction.b. Right to Receive Confidential Communications. You may ask to receive communications of your PHI from the Health Trust, by alternate means of communication or at an alternate address. We will consider all requests for alternate communications carefully; however, we are not required to agree to all requests.c. Right to Inspect and Copy Your Confidential Information. You may ask to inspect or obtain a copy of your PHI, if it is included in certain records maintained by the Plan. There may, however, be times when we will have to deny you access to certain portions of your records. We also may charge you a fee to cover the costs of copying and mailing your records.
d. Right to Amend Your Records. You have the right to ask the Health Trust to amend your PHI that is maintained in our records. If we determine that our record is incorrect, and if the law allows us to change it, we will change it. However, if your doctor or another person created the information that you want to change, you should ask that person to amend the information.
e. Right to Receive Paper Copy of Privacy Notice. You have the right to receive a paper copy of the MMEHT Privacy Notice, even if you had previously agreed to receive the Notice electronically. To receive a paper copy of the Health Trust’s Privacy Notice, please contact the MMEHT Member Services Manager, at 1-800-852-8300.
f. Right to Receive an Accounting of Disclosures. You have the right to receive an accounting of any disclosures we have made of your PHI.
This accounting will not include:
i. any disclosures made before April 14, 2003;
ii. any disclosures made for treatment, payment, or health care operations;
iii. any disclosures made earlier than six (6) years before the date of your request; and
iv. certain other disclosures that are excepted by law.
If you request an accounting more than once during any 12-month period, we may charge you a reasonable fee for each accounting statement after the first one.
g. Right to Receive a Notification of Breach. You have the right to receive a notification in the event that any breach of your unsecured PHI occurs. Such notification will be provided as soon as possible after a breach occurs.
f. Right to Opt Out of Fundraising Communications. You have the right to opt out of receiving any fundraising communications from us.
- The Plan’s Duties with Respect to your Protected Health Information (PHI)
The Health Trust is required by law to maintain the privacy of your Protected Health Information (PHI), and to provide you with notice of our legal duties and privacy practices.This Notice, which was originally effective on April 14, 2003, has been updated to comply with federal law. All provisions in this revised Notice are effective as of September 23, 2013, and we are required to comply with the terms of this Notice. However, the Health Trust reserves the right to change its privacy practices and to apply the changes to any PHI received or maintained by the Plan, even if received by the Plan prior to the change. If a privacy practice is changed, we will notify all participants for whom the Plan still maintains PHI, via a notice in the MMEHT quarterly “Wellness Works” newsletter and a notice posted on the MMEHT’s website, at www.mmeht.org . Such notice will be given within 60 days of the effective date of any material change to the Plan’s privacy procedures.When using or disclosing PHI or when requesting PHI from another covered entity, the Health Trust will endeavor not to use, disclose or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations.However, this “minimum necessary” standard will not apply in the following situations:
a. uses or disclosures made to the individual patient;
b. disclosures made to the Secretary of the U.S. Department of Health and Human Services;
c. uses or disclosures that are required by law; and
d. uses or disclosures that are required for the Plan’s compliance with legal regulations.
- When and How to file a Complaint with the Plan or the HHS Secretary
If you believe that your privacy rights have been violated, you may file a complaint with the Plan, or with the Secretary of the United States Department of Health and Human Services.To file a complaint with the Plan, please contact the MMEHT Member Services Manager by phone 1-800-852-8300; by email at firstname.lastname@example.org ; or mail to 60 Community Drive, Augusta, ME 04330.
To file a complaint with the OCR, write to: Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Room 509F HHH Building, Washington, D.C. 20201. You can also get more information about online filing of complaints at www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html. You will not be penalized for filing a complaint.
- Who to Contact for Further Information about the Plan’s Privacy Policies and Practices
If you have any questions about this Notice or about any of the subjects addressed in it, please contact the MMEHT Member Services Manager by phone at 1-800-852-8300; or by email at email@example.com ; or mail to 60 Community Drive, Augusta, ME 04330.
Maine Notice of Additional Privacy Rights
The Maine Insurance Information and Privacy Protection Act provides consumers with the following additional rights:
- The right to:
- To obtain access to the consumer’s recorded personal information in the possession or control of a regulated insurance entity;
- To request correction if the consumer believes the information to be inaccurate; and
- To add a rebuttal statement to the file if there is a dispute;
- The right to know the reasons for an adverse underwriting decision (previous adverse underwriting decisions may not be used as the basis for subsequent underwriting decisions unless the carrier makes an independent evaluation of the underlying facts); and
- The right, with very narrow exceptions, not to be subjected to pretext interviews.