HIPAA COMPREHENSIVE NOTICE OF PRIVACY POLICY AND PROCEDURES HEALTHCARE INFORMATION AND MANAGEMENT SYSTEMS SOCIETY IMPORTANT NOTICE COMPREHENSIVE NOTICE OF PRIVACY POLICY AND PROCEDURES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. This notice is provided to you on behalf of: Health Information and Management Systems Society Medical Plan* * This notice pertains only to healthcare coverage provided under the plan. The Plan’s Duty to Safeguard Your Protected Health Information Individually identifiable information about your past, present, or future health or condition, the provision of health care to you, or payment for the health care is considered “Protected Health Information” (“PHI”). The Plan is required to extend certain protections to your PHI, and to give you this notice about its privacy practices that explains how, when, and why the Plan may use or disclose your PHI. Except in specified circumstances, the Plan may use or disclose only the minimum necessary PHI to accomplish the purpose of the use or disclosure. The Plan is required to follow the privacy practices described in this notice, though it reserves the right to change those practices and the terms of this notice at any time. If it does so, and the change is material, you will receive a revised version of this Notice either by hand delivery, mail delivery to your last known address, or some other fashion. This notice, and any material revisions of it, will also be provided to you in writing upon your request (ask your Human Resources representative, or contact the Plan’s Privacy Official, described below), and will be posted on any website maintained by Healthcare Information and Management Systems Society that describes benefits available to employees and dependents. You may also receive one or more other privacy notices from insurance companies that provide benefits under the Plan. Those notices will describe how the insurance companies use and disclose PHI and your rights with respect to the PHI they maintain. How the Plan May Use and Disclose Your Protected Health Information The Plan uses and discloses PHI for a variety of reasons. For its routine uses and disclosures it does not require your authorization, but for other uses and disclosures, your authorization (or the authorization of your personal representative (e.g., a person who is your custodian, guardian, or has your power-of-attorney) may be required. The following offers more description and examples of the Plan’s uses and disclosures of your PHI. • Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations. • Treatment: Generally, and as you would expect, the Plan is permitted to disclose your PHI for purposes of your medical treatment. Thus, it may disclose your PHI to doctors, nurses, hospitals, emergency medical technicians, pharmacists, and other health care professionals where the disclosure is for your medical treatment. For example, if you are injured in an accident, and it’s important for your treatment team to know your blood type, the Plan could disclose that PHI to the team in order to allow it to more effectively provide treatment to you. • Payment: Of course, the Plan’s most important function, as far as you are concerned, is that it pays for all or some of the medical care you receive (provided the care is covered by the Plan). In the course of its payment operations, the Plan receives a substantial amount of PHI about you. For example, doctors, hospitals, and pharmacies that provide you care send the Plan detailed information about the care they provided, so that they can be paid for their services. The Plan may also share your PHI with other plans in certain cases. For example, if you are covered by more than one health care plan (e.g., covered by this 28
