THIS NOTICE DESCRIBES HOW YOUR PERSONAL OR HEALTH INFORMATION MAY BE COLLECTED, CONTROLLED, USED AND DISCLOSED. THIS NOTICE APPLIES TO ALL ELECTRONIC OR PAPER RECORDS WE CREATE, OBTAIN, AND/OR MAINTAIN.
Health Depot Association (“HD”) understands the importance of protecting your personal health information (“PHI”) and we are committed to following all federal and state laws by protecting the privacy of our clients and our clients’ members. In order to conduct business, we may collect PHI as necessary for payment processing and other operations to provide quality customer service; however, HD will maintain all information in records that are kept in a confidential manner, as required by law.
If necessary, we may use or disclose your PHI without your written authorization while providing your membership health benefits. We have administrative, physical, and technical safeguards in place, as required by federal and state law, to protect the privacy of your PHI. When dealing with your PHI, HD will only require and provide the minimum amount of information necessary to conduct operations or to service members and customers. This notice supersedes any existing privacy practices and is retroactively effective as of April 14, 2003. It applies to all PHI as defined by federal regulation.
We will not sell, license, transmit or disclose your PHI outside of HD unless:
- You give us express authorization to do so;
- It is necessary or required to provide you with the services you have paid for;
- It is necessary or required to provide our products or services to you;or
- As we are required or permitted by law.
Note: We are prohibited from using or disclosing your genetic information for such purposes which are not subject to the HIPAA underwriting prohibition.
Collection of Member PHI
HD may collect electronic data about how you use and access the Member Portal website. In addition, we may combine this information with other information we may have about you for data analytics and reporting required for HD to conduct its business, but only as permitted by law.
HD may use cookies to collect information about how you use and navigate the Member Portal website and other HD affiliated websites. We will not be able to view any data on your personal computer or mobile device. The cookies we use will allow the server to maintain an active “session” with an individual user and it will track what tools a user is accessing on the website.
In general, we do not disclose or share personal information to third parties in exchange for their monetary payment to us. However, certain laws including the California Consumer Privacy Act (“CCPA”) define “sale” broadly to include disclosing or making available personal information to third parties in exchange for monetary payment or some other thing of value. For purposes of the CCPA, we may disclose or make available personal information in order to receive some benefit or value (i.e., a “sale” under the CCPA).
We process personal information which our clients provide to us in order to perform our administration services. The precise purposes for which your personal information is processed will be determined by the scope and specification of our client engagement, and by applicable laws, regulatory guidance and professional standards. It is the obligation of our client to ensure that you understand that your personal information will be disclosed to Business partner.
HD may also collect and use your PHI for any of the below reasons.
Use and Control of Member PHI
USES AND DISCLOSURES WHICH REQUIRE YOUR AUTHORIZATION
Payments
- To obtain payment of membership dues, which may include insured benefit premiums for your coverage;
- To make coverage determinations. For example, to speak to a health care professional about benefits for services provided to you; or
- To coordinate benefits with other coverage you may have. For example, to speak to another health plan or insurer with which you have coverage, to determine your eligibility or coverage.
Treatment
- To provide information for treatment activities of a health care provider, pharmacist or nurse.
Health Care Operations
- To provide customer service to another health care provider or health insurance plan for purposes of their operations related to your care.
- To support and/or improve the programs or services we currently offer to you.
- Underwriting and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits.
Communications and Marketing
- To market additional products or services to you that are not part of the health care services and benefits you currently have.
- We will not use your information for marketing purposes without your prior authorization.
USES AND DISCLOSURES WHICH DO NOT REQUIRE YOUR AUTHORIZATION
Health Oversight Activities
- A government agency that is legally responsible for oversight of the health care system or for ensuring compliance with the rules of government benefit programs, such as Medicare or Medicaid.
- Other regulatory programs that need PHI to determine compliance.
Compliance with Laws
- We may use and disclose your PHI to comply with federal and state laws.
Judicial and Administrative Proceedings
- We may disclose your PHI in a judicial or administrative proceeding or in response to a valid legal order.
Law Enforcement Officials
- We may disclose your PHI to law enforcement officials, as required by law or in compliance with a court order or other process authorized by law.
Government Authority
- We may disclose your PHI to various departments of the government such as the Department of Health and Human Services (HHS) as required by law. Coroners, Medical Examiners, and Funeral Directors
- We may disclose PHI to facilitate the duties of coroners, medical examiners, and funeral directors.
Serious Threat
- We may disclose your PHI to someone who can help prevent a serious threat to your health and safety or the health and safety of another person or the public.
Workers’ Compensation
- We may disclose your PHI when necessary to comply with workers’ compensation laws in order for you to obtain benefits for work-related injuries or illness.
Members’ Individual Rights
You have the following rights regarding the PHI HD creates, obtains, or maintains about you:
- Right to request restrictions. You may ask us to restrict the way we use and disclose your PHI with respect to payment and other operations. We are not obligated to agree to the restrictions, but we will consider them carefully. If we do agree with the restrictions, we will abide by them.
- Right to inspect and copy your PHI. You may ask in advance to review or receive a copy of your PHI that is included in certain paper or electronic records we maintain. Under limited circumstances, we may refuse you access to a portion of your records or require a member to provide a written request for some information, depending on the situation.
- Right to amend your records. If you believe it is incorrect, you have the right to ask us to correct your PHI contained in our electronic or paper records. If we determine that the information is inaccurate, we will correct it, if permitted by law.
- Right to obtain an account of disclosures. You may request a list of certain disclosures of your PHI that were not for the purpose of treatment, payment, health care operations or that were not authorized by you.
- Right to name a personal representative. You may request, in writing, that another person act as your personal representative and make decisions on your behalf. Your representative will be allowed access to your PHI as if they were you, communicate with HD, and will be treated as if they were you, for all purposes related to your rights under the HIPAA rule.
- Right to choose how we communicate with you. You have the right to ask that we send information to you at a specific address or in a specific manner (for example, by email rather than regular mail, or never by telephone). We must agree to your request as long as it would not be disruptive to our operations to do so.
- Right to receive a paper copy of privacy practices. Upon your request, we will provide a paper copy of the Policy Statement and HIPAA privacy practices even if you have already received one or previously agreed to receive the notice electronically.
- Right to cancel any previous authorization. Such cancellation will apply to future uses and disclosures of your PHI but it will not impact the previous disclosures while your authorization was in effect.
Other uses and disclosures not described in this notice will be made only with your written authorization.
Requests to Not Contact
We will respect any requests received via email or made directly to our Customer Service team to not contact you by email, telephone or other means. You may also share PHI more securely by calling our Customer Service team at 214-436-8882.
Use of Email
We will only share your email communications with employees that are most capable of addressing the questions or concerns; however, you should use your best judgment when sending PHI via the Internet to our company email address. Emails sent via the Internet may pass through networks with different levels of security and some may not be as secure as others. We will respect any request made to not be contacted by email and you may share PHI more securely by calling our Customer Service Team at 214-436-8882.
Data Security and Storage
HD adheres to industry security standards that intend to protect any non-public PHI on our website(s) against accidental or unauthorized use and access. The technology we use is specifically designed for web servers. All of your PHI resides in a secure database, behind a firewall, where it cannot be accessed without proper authorization. Secure Sockets Layer (“SSL”) technology encrypts all of your PHI that is transmitted over the Internet. HD, or its duly designated and authorized vendors, have developed a disaster recovery plan and will periodically test the data security of the website.
As a member, you have a responsibility to keep your PHI that is available on the Member Portal website secure by keeping your account name and password confidential. This will help prevent any potential unauthorized access to your PHI.
HD complies with the laws and regulations related to record retention of your electronic PHI and its proper destruction.
HD is required by law to notify all affected individuals following a breach of unsecured PHI.
Links to Other Websites
For your convenience we provide links to other websites that offer useful information about their products. Since we do not control these websites, we cannot and do not make any guarantee regarding their content. In providing these links, we cannot take responsibility for the privacy practices of any websites or pages not under our control. We suggest you review the privacy policies and statements of each website you visit before providing any PHI.
Right to Change Terms of This Notice
HD may change the terms of our privacy practices at any time, and we may, at our discretion, make the new terms effective for all of your PHI in our possession, including any information we created or received before we implement the new practices.
If changes are made to any privacy information, we will update the documents on our website and send you the new information, as required by law.
Contact
You have the right to complain directly to us, or to the Secretary of Health and Human Services, if you believe your privacy rights have been violated. You may file a complaint by contacting our Compliance Team who will be happy to assist you. You will not receive any retaliation for filing a complaint.
If you have any questions about this Notice or require additional information, please call our Customer Service team at 214-436-8882 or send a letter to the Compliance Team at 2601 Network Blvd, Suite 500, Frisco, TX 75034. The Compliance Team is available during regular business hours to discuss your privacy questions, concerns, or complaints.
.