EBA&M Privacy Policy
Our Commitment to Protecting Customer Privacy
We have a long-standing commitment to protect our customers’ privacy. Recent laws require that we provide our customers with notice as to how we protect their “nonpublic personal information.” We value the privacy of our customers and are guided by our respect for the confidentiality of their personal information. The information our customers have provided, or which we obtain when administering their insurance coverage, is treated sensitively and held securely in our possession.
Information We Collect
Nonpublic personal information is any information we obtain about our customers in the course of administering insurance, or while providing services in connection with their insurance coverage. The nonpublic personal information we obtain could include, but is not limited to, our customers’ Social Security number, medical history, employment history, credit history, income information, or bank or credit card numbers.
Nonpublic personal information may have been obtained from several sources, including customer application(s), claim form(s) or other forms completed to administer insurance or insurance services; the normal procedures involved in processing a claim; or
other sources, such as credit bureaus, medical information bureaus, employer or motor vehicle reporting agencies.
Our Privacy and Security Procedures
We put privacy and security measures in place to protect personal customer information long before federal or state laws required us to do so. We enforce strict control over nonpublic personal information and limit access to those involved in administering our customers’ insurance coverage or otherwise providing a service related to their coverage. We have developed procedural, physical, electronic and contractual safeguards to secure the confidentiality of information. We evaluate these safeguards on an ongoing basis. We will maintain our strong commitment to protecting nonpublic personal information, even if the customer no longer receives coverage through us.
Information We Disclose
We do not disclose any nonpublic personal information about customers or former customers to anyone, except as permitted or required by law, including the Fair Credit Reporting Act.
Our Privacy Commitment
We understand the importance of protecting private information. Our highest priority is to maintain the trust and confidence of our customers. We disclose information we collect as necessary to service the products customers have purchased and to make new products available. We will maintain our commitment to safeguarding this information now and in the future.
HIPAA Privacy Statement
EBA&M
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Introduction
In order to administer health insurance and/or related services, we must obtain and maintain Protected Health Information (PHI). This privacy notice describes the types of information that are collected and your rights regarding how that information can be used.
PHI is individually identifiable health information that is created or received by your third-party administrator, health plan insurer, healthcare provider, a data clearinghouse, a health authority, employer, school or university. PHI can be maintained or transmitted in any form or medium.
It relates to the past, present or future condition of your physical or mental health
- healthcare provided to you
- payment for the healthcare provided to you
- PHI does not include summary health information
- or information that has been de-identified according to the standards for de-identification provided in the HIPAA Privacy Rule.
Permitted/Required Uses and Disclosures of PHI
Your PHI will be used and disclosed for the purpose of routine treatment, payment and healthcare operations.
Use and Disclosure for Treatment
Your PHI may be used by, and disclosed to, healthcare providers including, but not limited to, doctors, nurses, laboratory technicians, medical students and other healthcare personnel involved in your treatment.
Use and Disclosure for Payment
Your PHI may be used by, and disclosed to, individuals involved in the collection of your premium and the payment of your benefits and other claims administration, including claim payment and adjudication or subrogation of health benefit claims. The use and disclosure also includes verification of participation or enrollment in the plan, eligibility for coverage and plan benefits. Your PHI may be shared with persons involved in utilization review, including pre-certification, pre-authorization, and concurrent and retrospective review, to assist in reimbursement of healthcare claims or other claims payment.
Use and Disclosure for Health Care Operations
Your PHI may be used and disclosed for plan operation purposes including, but not limited to: submitting claims; placing a contract for reinsurance of risk relating to claims for healthcare, including stop loss and excess loss insurance; quality review assessments; audits, including fraud and abuse detection and compliance programs; business management and planning; the sale, transfer, merger or consolidation of a covered entity; legal or administrative services; actuarial pricing, studies and review; compliance review, regulatory review and other legal compliance; and underwriting; premium rating, billing and premium adjustments. In addition, your PHI may be used and disclosed for case management and care coordination, contacting of healthcare providers and patients with information about treatment, drug and disease management alternatives and other related functions that do not include treatment.
We may share this information with our business associates for purposes of utilization reviews, appropriateness of care reviews, peer review for resolution of grievances, consultation with outside healthcare providers, consultants and attorneys, and other health-related benefits and services that may be of interest to you. We require our business associates to sign an agreement specifying their compliance with our privacy policies.
We have developed privacy policies and procedures in order to ensure the privacy of your PHI. These policies and procedures are based on appropriate administrative, technical and physical safeguards necessary to maintain confidentiality. Access to your PHI is limited to those individuals who have a legitimate business need for that information. This protection extends to the use of your PHI by our business associates.
Other Permitted/Required Uses and Disclosures of PHI
We, or our approved business associates, may use and disclose your protected health information for reasons permitted by the HIPAA Rule, including but not limited to the following:
- those required by law
- in response to a court order or other legal proceeding
- judicial and administrative proceedings
- law enforcement purposes
- to comply with worker’s compensation or other similar laws
- public health activities
- health oversight activities
- reporting abuse, neglect or domestic violence
- the military if you are a member of the armed services
- correctional institutions if you are an inmate
- disclosures of decedent’s information to coroners, medical examiners and funeral directors
- organ, eye or tissue donation purposes
- national security and intelligence agencies as authorized by law
We will use or disclose only the minimum amount necessary to perform these functions. We may disclose PHI to the sponsor of your health plan for any purpose described in this section.
Other Uses and Disclosures of PHI
Uses and disclosures of PHI for purposes other than those described in Permitted/Required Uses and Disclosures of PHI will be made only with your written authorization. If you provide us authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose information for the specific purpose contained in the authorization. You understand that we are unable to take back any disclosures already made with your authorization, and that we are required to retain any records we may have containing your PHI. If you revoke your authorization for payment or healthcare operations, you may jeopardize the administration of the benefits under your health plan.
Your Individual Rights with Respect to PHI
Upon written request, you have the right to:
- request restrictions on certain uses and disclosures of your PHI, although we are not required to agree to a requested restriction
- receive confidential communication of PHI
- access our records containing descriptions of your PHI
- request an amendment to your PHI, although we are not required to agree to a requested amendment
- receive an accounting of impermissible PHI disclosures or disclosures made in compliance with the Rule for which an accounting is required
Unless specifically requested otherwise, we will communicate PHI in connection with treatment, payment or health care operations. Except for uses and disclosures associated with treatment, payment, or healthcare operations, we do not use or disclose PHI when specifically protected by more stringent state law. Examples of more stringent state laws include those protecting HIV status, results of genetic testing and indications of domestic abuse. We will follow state privacy laws that are more stringent than this federal law.
If you have chosen to receive this privacy notice electronically, you may also receive a paper copy from us upon your request.
Our Duties Regarding the Use and Disclosure of PHI
We are committed to maintaining your privacy and are required by law to maintain the privacy of PHI, to provide you with notice of our legal duties and privacy practices with respect to PHI and to abide by the terms of the Notice of Privacy Practices currently in effect.
We reserve the right to change the terms of this privacy notice and have such change be effective for all PHI that is maintained. Notification of a revised privacy notice will be provided through one of the following:
- U.S. Postal Service
- Revised Plan Document
- Internet e-mail
- Up-to-date privacy notices are maintained on our website
How to File a Complaint Regarding the Use and Disclosure of PHI
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of Health and Human Services. All complaints must be in writing. Please be assured that you may not be retaliated against for filing a complaint.
How to Contact Us
You may contact our representative at the following address:
Privacy Officer
Privacy Request
EBA&M
P.O. Box 5079
Westlake Village, CA 91359