HIPAA (Retirees)
How is my personal health information (PHI) protected?
The PSC-CUNY Welfare Fund is bound by federal regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Fund is in full compliance with all relevant parts of the Act. The full text of HIPAA can be found through the HIPAA website of the Office for Civil Rights (OCR). There are four components of HIPAA that impact participants of this Fund: Portability, Non-Discrimination, Privacy and Security.
Privacy
The privacy provisions of HIPAA were issued to protect the health information that identifies individuals who are living or deceased. The rule balances an individual’s interest in keeping his or her health information confidential with other business, practical and social benefits.
PHI is defined as individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, which is transmitted or maintained in any form or medium (including the individually identifiable health information of non-U.S. citizens). This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse. For purposes of the Privacy Rule, genetic information is considered to be health information.
Obligations of the Fund to use or disclose PHI
- When requested by a plan participant.
- When required by city, state or federal law or requested in the course of an inquiry into the Fund’s compliance with federal privacy law.
Rights of the Fund to disclose the minimal necessary PHI without authorization
- To facilitate treatment or to coordinate or manage health care with covered providers, vendors or insurers, or to facilitate payment by provision of information regarding eligibility to covered providers, vendors or insurers.
- To promote quality assurance in support or programs designed to enhance quality of care with covered providers, vendors or insurers or to contact the participant for the provision of information designed to better avail plan features.
- In response to public health risks, to report reactions to medications, or to report victims of abuse, neglect or domestic violence, or in response to a court or administrative order, subpoena, discovery request or other lawful process, but only after reasonable efforts have been made to inform the participant.
- To comply with workers’ compensation laws and other similar legally established programs which provide benefits for work-related injuries or illnesses.
Rights of the Fund to disclose PHI with authorization
- To a family member or other person identified by the participant as involved in a participant’s health care or who assists in the payment of health care unless the Fund is duly notified to restrict the disclosure. If a family member contacts the Fund on behalf of a participant requesting PHI relating to treatment or payment for treatment, the Fund will, upon verification by requesting certain information (such as your Social Security number and date of birth) release such PHI to a family member unless a participant indicates to the Fund in writing to not disclose PHI in those circumstances.
Rights of the participants regarding PHI disclosure
- To inspect and copy the PHI that the Fund maintains, to request that the Fund amend PHI, to receive an accounting of the Plan’s disclosures of your PHI or to request a restriction on the uses and/or disclosures of PHI for treatments or payments, or to someone who is involved in the care rendered. The Fund is not required to agree to a restriction or amendment that is not in writing or does not include a reason that supports the request.
Participants who believe privacy rights have been violated, may file a complaint with the Fund or with the U.S. Department of Health and Human Services.
Security
The Security provisions of HIPAA establish a series of administrative, technical, and physical security procedures for this Fund to assure the confidentiality of electronic protected health information (EPHI). The standards are delineated into either required or addressable implementation specifications.
Much of the focus is on electronic transmission and storage of data. The PSC-CUNY Welfare Fund has taken all necessary measures to assure full compliance with the security regulations set forth. Information related to Security compliance may be reviewed upon request at the Fund office.