|
HIPAA
(Health Insurance Portability and Accountability Act)
Certificates of Coverage and the Health Insurance Portability and
Accountability Act of 1996 (HIPAA)
A Federal law, HIPAA, requires employers to provide
certificates of coverage to all former employees, who then
can give the certificates to their new employers. If you or
your dependents obtain new employment, you may request
a certificate of coverage from the State, which describes the
length and types of benefits coverage (e.g., medical, dental,
etc.) you and your dependents had under the State
Program. You may request a HIPAA Certificate of Coverage
by writing to the Department of Budget and Management
(DBM), Employee Benefits Division, at the address on the
inside front cover of this book. The medical plans offered
through the State will mail one to you automatically when
your coverage with them ends.
Notice of Privacy Practices and HIPAA Authorization Form
The State conforms to the Federal HIPAA regulations and
State regulations on the privacy of your health information.
Please read the Notice of Privacy Practices below, which
describes the privacy practices of the State Employees
Health Benefits Program.
HIPAA and State regulations require your written
authorization to disclose certain health information to other
people. If your written authorization is needed, you may use
the HIPAA authorization form to provide the needed
authorization that is located on our website,
www.dbm.maryland.gov. Assigned HIPAA authorization
remains in effect, unless you change or revoke the
authorization.
Notice of Privacy Practices – State Employee and
Retiree Health Benefits Program
This notice describes how medical information about you
may be used and disclosed and how you can get access to
this information. Please review it carefully.
Under Federal and State law, DBM administers the State
Employee and Retiree Health Benefits Program (the
Program) and protects the privacy of your protected health
information. DBM takes steps to ensure that your protected
health information is kept secure and confidential and is
used only when necessary to administer the Program. DBM
is required to give you this notice to tell you how DBM
may use and give out (“disclose”) your protected health
information held by DBM. This information generally comes
to DBM from you when you enroll in a health plan and
from your health plan in the administration of the Program.
Your health plan in the Program (for example, the CareFirst
BlueCross BlueShield PPO or the Optimum Choice HMO)
will also protect, use, and disclose your personal health
information. For questions about your health information
held by your health plan, please contact your health plan
directly. The plans in the Program all follow the same
general rules that DBM follows to protect, use, and disclose
your protected health information. Each plan will use and
disclose your protected health information for payment
purposes, for treatment purposes, and for administration
purposes.
DBM has the right to use and disclose your protected
health information to administer the Program. For example,
DBM will use and disclose your protected health
information:
- To communicate with your Program health plan when
you or someone you have authorized to act on your
behalf asks for our assistance regarding a benefit or
customer service issue. DBM may need a written
authorization from you for your health plan to discuss
your case.
- To determine your eligibility for benefits and to
administer your enrollment in your chosen health plan.
- For payment related purposes, such as to pay claims for
services provided to you by doctors, hospitals,
pharmacies, and others for services delivered to you that
are covered by your health plan, to coordinate your
benefits with other benefit plans (including Workers’
Compensation plans or Medicare), or to make premium
payments.
- To collect payment from you when necessary, such as
co-payments or premiums.
- For treatment related purposes, such as to review, make a
decision about, or litigate any disputed or denied claims.
- For health care operations, such as to conduct audits of
your health plan’s quality and claims payments and to
procure health benefits offered through this Program.
DBM will also use and disclose your protected health
information:
- To you or someone who has the legal right to act for you
(your personal representative). To authorize someone
other than you to discuss your protected health
information with DBM, please contact DBM to complete
an authorization form.
- To law enforcement officials when investigating and/or
processing alleged or ongoing civil or criminal actions.
- Where required by law, such as to the Secretary of the
U.S Department of Health and Human Services, to the
Office of Legislative Audits, or in response to a subpoena.
- For health care oversight activities (such as mandatory
reporting, and fraud and abuse investigations).
- To avoid a serious and imminent threat to health or
safety.
DBM must have written permission (an “authorization”)
from you, or your dependents over the age of 18 years, to
use or give out your protected health information to other
persons or organizations as already described in the notice.
By law, you have the right to:
- Make a written request and see or get a copy of your
protected health information held by DBM or a plan in
the Program.
- Amend any of your protected health information created
by DBM if you believe that it is wrong or if information
is missing, and DBM agrees. If DBM disagrees, you may
have a statement of your disagreement added to your
protected health information.
- Ask DBM in writing for a listing of those getting your
protected health information from DBM for up to six
years prior to your request. The listing will not cover
your protected health information that was used or
disclosed for treatment, health care operations or
payment purposes, given to you or your personal
representative, disclosed pursuant to an authorization, or
disclosed prior to April 14, 2003.
- Ask DBM in writing to communicate with you in a
different manner or at a different place (for example, by
sending materials to a P.O. Box instead of your home
address) if using your address on file creates a danger to
you.
- Ask DBM in writing to limit how your protected health
information is used or given out. However, DBM may not
be able to agree to your request if the information is used
for treatment, payment, or to conduct operations in the
manner described above, or if a disclosure is required by
law.
- Get a separate paper copy of this notice.
If you wish to exercise any of these rights in connection
with the Program or a health plan in the Program, you may
contact DBM at the address below. You may also contact
your dental plan, medical PPO, medical POS, or medical
HMO plan directly.
For more information on exercising your rights set out in
this notice, visit the DBM website:
www.dbm.maryland.gov.
You may also call 410-767-4775 or 1-800-30-STATE
(1-800-307-8283) and ask for DBM’s Program privacy
official for this purpose. If you believe DBM has violated
your privacy rights set out in this notice, you may file a
written complaint with DBM at the following address:
Department of Budget and Management
Employee Benefits Division
301 West Preston Street
Room 510
Baltimore, MD 21201
ATTN: HIPAA Privacy Officer
Filing a complaint will not affect your benefits under the
Program. You also may file a complaint with the Secretary
of the U.S. Department of Health and Human Services at:
Department of Health and Human Services
Office of Civil Rights
150 South Independence Mall West, Suite 372
Public Ledger Building
Philadelphia, PA 19106-9111
|
