general > hipaa privacy practices
HIPAA Privacy Practices
Introduction
Most group health plans – including the Northwest Carpenters Health and Security Plan – must comply with new privacy rules issued as part of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). These new privacy rules are effective April 14, 2003. One of the requirements of the new privacy rules is for the Trust to provide you with a Notice of Privacy Practices. This Notice describes the uniform safeguards placed on certain health information (known as “Protected Health Information” or “PHI”) used as part of the normal business practices of this Plan. Important: The Trust has always maintained strict privacy standards. For example, the Trust has always used health information for its intended purpose only; it has always maintained paper records in central, secured locations; and it has always required security clearance for claims processing software. The goal of the new privacy rules is to ensure that all health care plans meet these uniform privacy standards.
The following are the basic features of the new privacy rules as described in the Notice of Privacy Practices:
- The Notice describes the circumstances under which your health information may be used or disclosed. For example, as part of processing a claim, the Trust may request additional information from a health care provider such as a physician or hospital. This information will only be used to facilitate the processing of that claim. Similarly, if you have coverage under more than one plan, the Trust will exchange claim information with the other plan to properly coordinate benefits between the two plans.
- The Notice describes how the Trust can answer certain inquires from you, or that are made on your behalf. For example, the Trust will confirm eligibility, describe benefits and provide general information as it always has. The Trust will also respond to specific inquires made by you concerning your health information, after some basic questions are asked to verify your identity.
- If a dependent spouse is seeking information about a participant’s claim and is able to provide claim information (e.g., the month and year of service, the provider’s name, and the procedure) the Trust will answer claim-related questions. However, if the spouse is seeking other specific health information, the Trust must obtain a written authorization from the participant. Authorization forms are available from the Carpenters Trusts.
- If you are seeking specific information about your minor child, the information will, in most situations, be available as before. However, if state law allows a minor child to consent to or obtain a health care service without parental consent, federal law generally requires that the Trust obtain an authorization from the child prior to discussing the child’s health information with you.
- The following are examples of when the new privacy rules require the Trust to obtain a written authorization to release health information:
- A participant’s spouse contacts Carpenters Trusts regarding the participant’s mental health diagnosis on a claim that has been submitted to the Trust. The Trust can confirm the participant’s general eligibility for benefits. However, federal law requires that the Carpenters Trusts obtain a written authorization from the participant prior to discussing the participant’s mental health diagnosis with the spouse.
- A participant contacts his or her union business agent regarding a medical procedure that
was denied by the Trust as not being medically necessary. The business agent then telephones
Carpenters Trusts about the participant’s medical treatment. Federal law requires that
Carpenters Trusts request written authorization from the participant prior to discussing the
participant’s treatment with the business agent. - State law allows a child who is 13 and older to receive outpatient chemical dependency treatment without parental consent. The participant’s 15-year-old child obtains such treatment. Federal law generally requires that Carpenters Trusts obtain a written authorization from the child prior to discussing the child’s treatment with the participant.
- The Notice lists the Trust’s “Privacy Officer” and “Privacy Contact Person,” who has been designated by the Trustees to answer your questions about the privacy of your health information. The Trust understands that the changes mandated by the federal regulations may be frustrating initially. Your patience and understanding as we undertake these changes is greatly appreciated.