Geisinger Health Plan and
Geisinger Choice Privacy Notice
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
To be successful, Geisinger Health Plan and Geisinger Choice1 (“The plan”) must uphold the trust of our members and those with whom we interact. This trust, in turn, is built on honoring our commitment to respect your privacy. The plan has a policy that assures the confidentiality of your protected health information (PHI). PHI is any individually identifiable health information that is created or received by the plan that relates to your past, present or future physical or mental health or condition; the provision of health care to you; or the past, present, or future payment for the provision of health care to you.
The plan is required to provide you this notice about its legal duties and privacy practices, and must follow the privacy practices described in this notice while it is in effect.
Uses and Disclosures of Health Information
The plan uses and discloses PHI in connection with your treatment, to make payment for your health care and for the plan’s health care operations. Except as stated below, the plan will not use or disclose your PHI unless you have signed a form that allows the plan to do so.
Treatment:The plan may disclose your PHI to doctors, dentists, pharmacies, hospitals and other caregivers who request it in connection with your treatment. The plan may also disclose your protected health information to health care providers in connection with preventive health, early detection and disease and case management programs.
Payment: The plan will use and disclose your PHI to administer your health benefits policy or contract. This may involve verifying eligibility, claims payment, subrogation, utilization review and management, medical necessity review, care coordination, and responding to complaints, appeals and external requests.
Health Care Operations: The plan will use and disclose your PHI as necessary, and as permitted by law, for its health care operations. These health care operations include, but are not limited to, credentialing health care providers, peer review, business management, accreditation and licensing, utilization review and management, quality improvement and assurance, enrollment, rating and underwriting, reinsurance, compliance, auditing and other functions related to your health benefits plan.
Business Associates: Certain aspects and components of the plan’s services are performed through contracts with outside persons or organizations, such as identification card printing, subrogation, accreditation, etc. At times it may be necessary for the plan to provide PHI to one or more of these outside persons or organizations who assist the plan with health care operations. The plan will give out as little information as possible to allow our business associates to complete these tasks and the plan requires these business associates to appropriately safeguard the privacy of your information.
Family and Friends Involved In Your Care: With your approval, the plan may disclose your PHI to designated family, friends, and others involved in your care. You may designate another person to act on your behalf in signing forms or making decisions when you are unable to do so. The plan recognizes the following documentation for member representation in certain circumstances:
· Applicable Durable Power of Attorney
· Legal Guardian
· A plan “Authorized Representative Form”
If a member wishes to designate an authorized representative, he or she must complete and sign an Authorized Representative form. This form can be obtained by calling the Customer Service Team at the telephone number indicated on the back of the member identification card.
If you are unavailable, incapacitated or facing an emergency medical situation and the plan determines that a limited disclosure may be in your best interest, the plan may share limited PHI with such individuals without your authorization.
Special authorizations are required by Pennsylvania laws to permit disclosures of certain highly sensitive personal information. In certain situations, consistent with applicable regulations or laws, the plan will ask for your written authorization before using or disclosing identifiable health information about you. If you sign an authorization to disclose specific information, you can later revoke that authorization to stop future uses and disclosures.
 back to the top
Additional Uses and Disclosures of Health Information
The plan may also contact its members to provide appointment reminders, information about treatment alternatives, or other health-related benefits and services available to its members. Members may also be contacted by he plan regarding fund-raising activities of the plan or those of its parent company, Geisinger Health System Foundation. Also, the plan may use or disclose your PHI in the following situations without an authorization:
· The plan may release your PHI for any purpose required by law;
· The plan may release your PHI for public health activities, such as required reporting of disease, injury, and birth and death, and for required public health investigations;
· The plan may release your PHI as required by law if we suspect child abuse or neglect; we may also release your PHI as required by law if we believe you to be a victim of abuse, neglect, or domestic violence;
· The plan may release your PHI to the Food and Drug Administration if necessary to report adverse events, product defects, or to participate in product recalls;
· The plan may release your PHI to your plan sponsor (employer), provided, however, your plan sponsor must certify that the information provided will be maintained in a confidential manner and not used for employment related decisions or for other employee benefit determinations or in any other manner not permitted by law;
· The plan may release your PHI if required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings;
· The plan may release your PHI if required to do so by a court or administrative ordered subpoena or discovery request; in most cases you will have notice of such release;
· The plan may release your PHI to law enforcement officials as required by law to report wounds and injuries and crimes;
· The plan may release your PHI to coroners and/or funeral directors consistent with law;
· The plan may release your PHI if necessary to arrange an organ or tissue donation from you or a transplant for you;
· The plan may release your PHI for certain research purposes when such research is approved by an institutional review board with established rules to ensure privacy;
· The plan may release your PHI if you are a member of the military as required by armed forces services; we may also release your PHI if necessary for national security or intelligence activities; and
· The plan may release your PHI to workers' compensation agencies if necessary for your workers' compensation benefit determination.
back to the top
Individual Member Rights Regarding Privacy
The Health Insurance Portability and Accountability Act (HIPAA) provides specific rights to all individuals about their PHI. You may request in writing that the plan not use or disclose your PHI for payment, disease management or other health care operational purposes except when specifically authorized by you, when required by law, or in emergency circumstances. The plan will consider your request but the plan is not legally required to accept it. To find out more about any of the following rights or request the necessary form(s), call the Customer Service Team at the telephone number indicated on the back of your member identification card or contact the Designated Privacy Officer as noted in the Contacts section of this notice.
Communications that you receive from the plan containing your health information will be conveyed in a confidential manner. You have the right to request in writing and the plan will process reasonable requests by you to receive communications regarding your protected health information from us by alternative means or at alternative locations. Unless the plan is given an alternative address, the plan will mail explanation of benefit forms and other mailings containing protected health information to the address that the plan has on record for the subscriber.
In most cases, you have the right to look at or get a copy of your PHI in a designated record set. Generally a “designated record set” contains medical and billing records, as well as other records that are used to make decisions about your health care benefits. However, you may not inspect or copy psychotherapy notes or certain other information that may be contained in a designated record set. If you request copies, the plan may charge reasonable copying and postage fees.
If you believe that information in your the plan records is incorrect or incomplete, you have the right to request in writing that the plan correct or add to the existing information. The plan is not obligated to make all requested corrections but will give careful consideration to each request. Requests for amendment(s) must be in writing, signed by you or your representative, and must state the reasons for the request. If the plan makes a correction that you request, the plan may also notify others who work with us and have copies of the uncorrected record if the plan believes that the notification is necessary.
You also have the right to receive a list of instances after April 14, 2003 where the plan has disclosed PHI about you for reasons other than claims payment or related administrative purposes. If you request this accounting more than once in a 12-month period, the plan may charge you a reasonable fee.
back to the top
Web Privacy
The following describes the information gathering and dissemination practices for the plan’s Web site, www.thehealthplan.com and www.geisingergold.com:
· The plan is committed to protecting your personal privacy.
· The plan will not disclose your personal information from this Web site to anyone.
· The plan will not identify you to unaffiliated third parties.
Security: The plan’s Web site has security measures in place to protect the loss, misuse, and alteration of the information under our control. Firewalls are in place to prevent unauthorized access to our systems. A firewall controls traffic between the Internet and our internal network, and protects your information stored within our systems from outsiders. Systems are monitored for suspicious activity to prevent any breaches in security. Any data provided by you sits behind this firewall.
The plan also offers a secure socket layers (SSL) security protocol for certain data transmissions when sensitive data is being transmitted over the Internet. SSL is a standard industry tool used to provide data encryption and protects the personal information transmitted to and from a user's computer and Geisinger Health Plan. This allows for safe transmission of personal information over the Internet. The plan also uses digital certificate authentication to ensure secure transactions. To learn more about SSL including how to determine if your data is being transmitted securely, go to http://www.thehealthplan.com/ssl/securityfaq.cfm.
Also, you are not required to submit any personal information to use the unsecured areas of the www.thehealthplan.com Web site.
Our site uses Web-based forms that allow customers to communicate and conduct business with us. As an example, you can request product information to be mailed to you. Data collected will vary based on the business need. Information such as email address, mailing address, account or other billing information is collected when needed to respond to a specific user inquiry, e.g., to mail requested health materials. Your email address is used to contact you when needed in the normal course of business, such as an important update or change to the site or new product offerings. Individual data collected is used to assist us in providing service, to help us design and improve products and services, and to offer products and services that may be of interest to you.
The plan uses a registration/login process for access to secured, private areas of our Web site, such as requests for member identification cards or emailing your plan representative. Individual access to this information is password protected. You are the only one who has access to your password. You can change your password at anytime. You should always log out and close your browser when you’re done with your session to ensure that others cannot access your personal information.
The plan gathers technical information such as your personal computer’s IP (Internet Protocol) address or browser type to help diagnose problems with our server, derive site usage statistics, and to administer our Web site. You will never be personally identified.
The plan utilizes cookies in conjunction with our Web security application; for example, to allow you to easily move through secured pages once you have logged on. At times the plan may use cookies to administer certain surveys, for example, to allow a user to reply to a survey once, or to note that you have completed the survey and are now ready to see the results.
Links & Other Vendors: The plan’s Web site contains links to other sites. The plan is not responsible for the privacy practices or the content of such Web sites. You should read and understand the privacy statement of any Web site you access. The plan contracts with other vendors to provide services and information to our Web site users. The plan may disclose information to such affiliated third parties that perform services for us in the processing of this site or servicing of your transaction. These vendors are contractually obligated to keep your information secure and private.
Individuals who have received this notice electronically can obtain a paper copy from the plan upon request.
back to the top
The plan’s Duties
As stated above, the plan is required by law to maintain the privacy of your PHI, provide this notice about its information practices and follow the information practices that are described in this notice. The plan may change its policies at any time. If the plan makes a significant change in its policies, the plan will provide notice of the change to you via a letter, newsletter notice or a revised Subscription Certificate. You may request a copy of the plan’s Privacy & Confidentiality policy on uses and disclosures of health information at any time. For more information on the plan’s privacy practices, please contact the person listed below.
The plan has procedures in place to prevent unauthorized access to your PHI, which include employee training in the importance of maintaining member confidentiality and privacy.
back to the top
Complaints
If you are concerned that the plan has violated your privacy rights or you disagree with a decision the plan has made about access to your the plan records, please follow the complaint procedures described in your plan documents. You can also call the Customer Service Team or contact the person listed below. You also may send a written complaint to the U.S. Department of Health and Human Services. The person listed below can provide you with the appropriate address upon request. Individuals will not be retaliated against for filing a complaint with either The plan or the U.S. Department of Health and Human Services.
back to the top
Contacts
If you have any questions or need additional information, please contact your Customer Service Team at the telephone number indicated on the back of your member identification card or The plan’s Designated Privacy Officer as follows:
Designated Privacy Officer
Geisinger Health Plan
100 N. Academy Avenue
Danville, PA 17822-8005
Telephone: 570-271-7360
E-mail: systemprivacyoffice@geisinger.edu
Effective Date
This notice went into effect April 14, 2003, in accordance with the privacy regulations of the Health Insurance Portability and Accountability Act. The notice was most recently revised November 26, 2004 and January 4, 2006. The notice was most recently distributed to members in November 2004.
Footnote
1The below-listed separate corporate entities are among those that are participating in an Organized Health Care Arrangement:
Geisinger Health Plan
Geisinger Indemnity Insurance Company
Geisinger Quality Options Inc.
Geisinger Clinic (all sites)
Geisinger System Services
Geisinger Medical Center
Geisinger Assurance Company, Ltd.
Geisinger Wyoming Valley Medical Center
Geisinger Medical Management Corporation
Valley Surgery Center, Inc.
Geisinger Community Health Services
International Shared Services, Inc.
Geisinger South Wilkes-Barre
The legally separate corporate parent, Geisinger Health System Foundation, is also participating in such organized health care arrangement. These separate legal entities may share protected health information with each other as necessary to carry out treatment, payment or health care operations relating to the organized health care arrangement unless otherwise limited by law, rule or regulation. Unless we provide you with a different Notice, this Notice will apply to all entities that we may purchase or affiliate with in the future.
HPMS50
Ldh:GHP privacy notice.doc
revised 11/26/04
revised 1/4/06
revised 1/1/07
|
