Click to visit the USFHP COVID-19 Information Page
Statement of Privacy Practices
Covered Entity’s Duties
USFHP is a Covered Entity as defined and regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Privacy Act. We are required by law to maintain the privacy of your protected health information (PHI), provide you with this Notice of our legal duties and privacy practices related to your PHI, abide by the terms of the Notice that is currently in affect and notify you in the event of a breach of your unsecured PHI.
This Notice describes how we may use and disclose your PHI. It also describes your rights to access, amend and manage your PHI and how to exercise those rights. All other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization.
Internal Protections of Oral, Written, and Electronic PHI
USFHP protects your PHI. We have privacy and security processes to help. These are some of the ways we protect your PHI:
- We train our staff to follow our privacy and security processes.
- We require our business associates to follow privacy and security processes.
- We keep our offices secure.
- We talk about your PHI only for a business reason with people who need to know.
- We keep your PHI secure when we send it or store it electronically.
- We use technology to keep the wrong people from accessing your PHI.
The following is a list of how we may use or disclose your PHI without your permission or authorization:
Permissible Uses and Disclosures of Your PHI
Treatment – We may use or disclose your PHI to a physician or other health care provider providing treatment to you, to coordinate your treatment among providers, or to assist us in making prior authorization decisions related to your benefits.
Payment – We may use and disclose your PHI to make benefit payments for the health care services provided to you. We may disclose your PHI to another health plan, to a health care provider, or other entity subject to the federal Privacy Rules for their payment purposes. Payment activities may include:
- processing claims
- determining eligibility or coverage for claims
- issuing premium billings
- reviewing services for medical necessity
- performing utilization review of claims
Healthcare Operations – We may use and disclose your PHI to perform our healthcare operations. These activities may include:
- Providing customer services
- Responding to complaints and appeals
- Providing case management and care coordination
- Conducting medical review of claims and other quality assessment
- Improvement activities
In our healthcare operations, we may disclose PHI to business associates. We will have written agreements to protect the privacy of your PHI with these associates. We may disclose your PHI to another entity that is subject to the federal Privacy Rules. The entity must also have a relationship with you for its healthcare operations. This includes the following:
- Quality assessment and improvement activities
- Reviewing the competence or qualifications of healthcare professionals
- Case management and care coordination
- Detecting or preventing healthcare fraud and abuse.
Other Permitted or Required Disclosures of Your PHI
Appointment Reminders/Treatment Alternatives – We may use and disclose your PHI to remind you of an appointment for treatment and medical care with us or to provide you with information regarding treatment alternatives or other health-related benefits and services, such as information on how to stop smoking or lose.
As Required by Law – If federal, state, and/or local law requires a use or disclosure of your PHI, we may use or disclose your PHI information to the extent that the use or disclosure complies with such law and is limited to the requirements of such law. If two or more laws or regulations governing the same use or disclosure conflict, we will comply with the more restrictive laws or regulations.
Public Health Activities – We may disclose your PHI to a public health authority for the purpose of preventing or controlling disease, injury, or disability. We may disclosure your PHI to the Food and Drug Administration (FDA) to ensure the quality, safety or effectiveness products or services under the jurisdiction of the FDA.
Victims of Abuse and Neglect – We may disclose your PHI to a local, state, or federal government authority, including social services or a protective services agency authorized by law authorized by law to receive such reports if we have a reasonable belief of abuse, neglect or domestic violence.
Judicial and Administrative Proceedings – We may disclose your PHI in judicial and administrative proceedings. We may also disclose it in response to the following:
- an order of a court
- administrative tribunal
- discovery request
- Similar legal request
Law Enforcement – We may disclose your relevant PHI to law enforcement when required to do so. For example, in response to a:
- court order
- court-ordered warrant
- summons issued by a judicial officer
- grand jury subpoena
We may also disclose your relevant PHI to identify or locate a suspect, fugitive, material witness, or missing person.
Coroners, Medical Examiners and Funeral Directors – We may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to determine a cause of death. We may also disclose your PHI to funeral directors, as necessary, to carry out their duties.
Organ, Eye and Tissue Donation – may disclose your PHI to organ procurement organizations. We may also disclose your PHI to those who work in procurement, banking or transplantation of cadaveric organs, eyes, or tissues.
Threats to Health and Safety – We may use or disclose your PHI if we believe, in good faith, that the use or disclosure is necessary to prevent or lessen a serious or imminent threat to the health or safety of a person or the public.
Specialized Government Functions – If you are a member of U.S. Armed Forces, we may disclose your PHI as required by military command authorities. We may also disclose your PHI:
- to authorized federal officials for national security
- to intelligence activities
- the Department of State for medical suitability determinations
- for protective services of the President or other authorized persons
Emergency Situations – We may disclose your PHI in an emergency situation, or if you are incapacitated or not present, to a family member, close personal friend, authorized disaster relief agency, or any other person previous identified by you. We will use professional judgment and experience to determine if the disclosure is in your best interests. If the disclosure is in your best interest, we will only disclose the PHI that is directly relevant to the person’s involvement in your care.
The following are your rights concerning your PHI. If you would like to use any of the following rights, please contact us using the information at the end of this Notice.
Right to Request Restrictions – You have the right to request restrictions on the use and disclosure of your PHI for treatment, payment or healthcare operations, as well as disclosures to persons involved in your care or payment of your care, such as family members or close friends. Your request should state the restrictions you are requesting and state to whom the restriction applies. We are not required to agree to this request. If we agree, we will comply with your restriction request unless the information is needed to provide you with emergency treatment. However, we will restrict the use or disclosure of PHI for payment or health care operations to a health plan when you have paid for the service or item out of pocket in full.
Right to Request Confidential Communications – You have the right to request that we communicate with you about your PHI by alternative means or to alternative locations. This right only applies if the information could endanger you if it is not communicated by the alternative means or to the alternative location you want. You do not have to explain the reason is for your request, but you must state that the information could endanger you if the communication means or location is not changed. We must accommodate your request if it is reasonable and specifies the alternative means or location where you PHI should be delivered.
Right to Access and Receive a Copy of your PHI – You have the right, with limited exceptions, to look at or get copies of your PHI contained in a designated record set. You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot practicably do so. You must make a request in writing to obtain access to your PHI. If we deny your request, we will provide you a written explanation and will tell you if the reasons for the denial can be reviewed and how to ask for such a review or if the denial cannot be reviewed.
Right to Amend your PHI – You have the right to request that we amend, or change, your PHI if you believe it contains incorrect information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request for certain reasons, for example if we did not create the information you want amended and the creator of the PHI is able to perform the amendment. If we deny your request, we will provide you a written explanation. You may respond with a statement that you disagree with our decision and we will attach your statement to the PHI you request that we amend. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people you name, of the amendment and to include the changes in any future disclosures of that information.
Right to Receive an Accounting of Disclosures – You have the right to receive a list of instances within the last 6 years period in which we or our business associates disclosed your PHI. This does not apply to disclosure for purposes of treatment, payment, health care operations, or disclosures you authorized and certain other activities. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will provide you with more information on our fees at the time of your request.
Right to File a Complaint – If you feel your privacy rights have been violated or that we have violated our own privacy practices, you can file a complaint with us in writing or by phone using the contact information at the end of this Notice. You can also file a complaint with the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201 or calling 1-800-368-1019, (TTY: 1-866-788-4989) or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
WE WILL NOT TAKE ANY ACTION AGAINST YOU FOR FILING A COMPLAINT.
Right to Receive a Copy of this Notice – You may request a copy of our Notice at any time by using the contact information list at the end of the Notice. If you receive this Notice on our web site or by electronic mail (e-mail), you are also entitled to request a paper copy of the Notice.
If you have any questions about this Notice, our privacy practices related to your PHI or how to exercise your rights you can contact us in writing or by phone using the contact information listed below.
USFHP St. Vincents
Barbara J Piascik, Chief Compliance and Privacy Officer
Direct phone: (646) 740-8233
HelpLine: (212) 356-4402