Privacy Policy and HIPAA Notice of Privacy Practices

Home/Privacy Policy and HIPAA Notice of Privacy Practices
Privacy Policy and HIPAA Notice of Privacy Practices 2017-03-15T13:00:35+00:00

Privacy Policy and HIPAA Notice of Privacy Practices

 

Privacy Policy

This privacy policy sets out how TCOR Management uses and protects any information that you give TCOR Management when you use this website or interact with TCOR Management as a client.

TCOR Management is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, to include protected health information, when using this website or doing business with TCOR Management, then you can be assured that it will only be used in accordance with this privacy statement.

TCOR Management may change this policy as needed by updating this page. We may amend this notice at any time, and we will provide a revised privacy policy as required by law. If you have any questions about this policy, please contact us at (830) 387-7019.

This policy is effective

[UPDATED ON] – 1/17/17.

Why We Collect and How We Use Information

 We collect and use information for business purposes with respect to our insurance and other business relationships with you. These business purposes include, without limitation, evaluating requests for insurance or other products or services, evaluating benefit claims, administering our products or services, and processing transactions requested by you. We also may use information to offer you other products or services, to enhance and improve existing products or services, or to design new ones.

How We Collect Information

We get most information directly from you. The information you provide us voluntarily when applying for our products or services or submitting a claim for benefits generally provides the information we need. If we need to verify information or need additional information, we may obtain information from third parties such as adult family members, employers, other insurers, physicians, hospitals and other medical personnel.

What Information We Collect

 The information we collect may relate to your finances, employment, health, avocations or other personal characteristics. Information we collect also may relate to transactions with us or with others, including our affiliates (i.e., companies related to us by common ownership or control). For example, we may collect the following types of “nonpublic personal information” about you:

·        Information about your identity, such as your name, date of birth, address, phone number, e-mail address, and Social Security number;

·        Information about your transactions with us, our affiliates or others, such as policy coverage, premiums and payment history; and

·        Information we receive from you on applications or other insurance forms, including your medical information

How We Protect Information

We treat information about you in a confidential manner. Our employees and other authorized personnel are required to protect the confidentiality of your information. We restrict access to nonpublic personal information about you to only those individuals who have a business reason to know the information, such as in order to provide services for you. We also maintain physical, electronic and procedural safeguards to protect information. All employees and other authorized personnel are required to comply with our established policies, including this privacy policy.

Information Disclosure

Information may be disclosed to our affiliates and our affiliates may use that information to offer products and services to you. Information also may be disclosed to nonaffiliated third parties, such as insurance companies and companies that process data or provide general administrative services for us. For example, information may be disclosed to nonaffiliates to enable them to provide business services for us, such as helping us to evaluate your request for insurance or benefits and assisting us in processing a transaction requested by you. Information may be shared with nonaffiliates to assist us in offering our products and services to you, or to nonaffiliated financial institutions with which we have joint marketing agreements. We may disclose any information we collect as described above, other than health information, for the purposes described in this paragraph, or where disclosure is otherwise permitted or required by law. When we disclose information to nonaffiliates, we require the company to maintain the confidentiality of the information.

Control of Information

 Generally, upon your written request, we will make your information available for review (except information collected in connection with, or in anticipation of, any legal claim or proceeding). If you notify us that the information is incorrect, we will review it, and if we agree, we will correct our records accordingly. If we do not agree, you may submit a short statement of dispute, which we will include in any future disclosure of the disputed information. To gain access to or to correct information, submit a request in writing to the address set forth above. The request should include your name, address, telephone number and a description of the information you would like to access or correct. We will either mail a copy of the information to you or make the information available to you in person at our offices.

Further Information

In addition to any other privacy notice we may provide, federal and state laws and regulations have established privacy standards and require us to provide this summary of our Privacy Policy. You may have additional rights under applicable privacy laws. This notice does not apply to your relationship with other financial service providers, such as nonaffiliated insurance companies.

Links to other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

HIPAA Notice of Privacy Practices

 

TCOR Management is committed to protecting the privacy of your health information. In conducting our business, we will create records regarding you and the services we provide to you. A federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), requires Agency to take reasonable steps to ensure the privacy of your “Protected Health Information” (as defined below) and to provide you with this notice of Privacy Practices. We will abide by the terms of our Notice of Privacy Practices currently in effect.

 

This notice describes your rights concerning “Protected Health Information” (“PHI”) about you. PHI is information that may identify you and that relates to (a) your past, present, or future physical or mental health or condition or (b) the past, present or future payment for your health care.

 

It may be necessary to change the terms of this notice in the future. We reserve the right to make changes and to make the new notice effective for all PHI that we maintain about you, including PHI we created or maintained in the past. If we make material changes to our privacy practices, we will provide you with the revised notice, which we may provide to you in hard copy or electronically, as permitted by applicable law.

 

This notice is effective [UPDATED ON] – 1/17/17.

 

Uses and Disclosures of Your PHI

 

This section of the notice explains how Agency uses and discloses your PHI as required or permitted by law. As explained below, in some instances we may request your written authorization to use or disclose PHI.

 

1.

 

Required Disclosures. Use and disclosure of your PHI may be required by the Secretary of the Department of Health and Human Services to investigate and/or determine Agency’s compliance with HIPAA’s privacy regulations.

2.

 

Uses and Disclosures Related to Treatment, Payment and Health Care Operations. Agency and its business associates may use or disclose PHI for activities related to treatment, payment and health care operations. As described in the next section entitled “Your Privacy Rights”, you have the right to request a restriction on the use and disclosure of your PHI for treatment, payment or health care operations purposes.

Since we are not a health care provider, we do not engage in treatment of individuals and, accordingly, we will not share your information for such purposes. Examples of activities related to payment include payment of health care claims or collection of premiums. Examples of activities related to health care operations include quality assessment and improvement, underwriting, audit services, legal services, data aggregation, business planning and development, administrative activities related to compliance, customer services, fraud and abuse prevention and detection, and complaint resolution. 

3.

 

Other Uses and Disclosures of Your PHI. In addition to the uses and disclosures described above, Agency may use or disclose PHI for the following purposes: for public health activities (for example, to alert public health authorities of public health risks to prevent or control disease, injury or disability or handle situations where a child is abused or neglected or for example, to notify the FDA of problems with a product regulated by the FDA, to notify a person who has been exposed to a communicable disease or may be at risk of spreading or contracting a disease or condition, or providing information to an employer when the employer is allowed to have the information for work-related reasons); for health oversight activities (for example, to assist in investigations relating to insurance fraud); for judicial and administrative proceedings (for example, in response to a subpoena or discovery request); for certain law enforcement purposes (for example, required reporting to certain courts or victims, to report a crime, or identify a suspect); for protection against serious harm (for example, to protect victims of abuse, neglect or domestic violence); for specialized government functions (for example, to assist in national security, military and intelligence activities); for certain government-approved research purposes (if certain conditions are met); for workers’ compensation purposes (for example, when required by workers’ compensation laws); to a coroner, medical examiner, or funeral director (to permit them to carry out their legal duties); in order to facilitate organ donations and transplants; when necessary to prevent or lessen a serious and imminent threat to health or safety; or when required to do so by federal, state, or local law.

4.

 

Use and Disclosure to Family Members or Other Personal Representatives. We may disclose PHI to a family member, guardian, executor, administrator or other person identified by you and authorized by law to act on your behalf with respect to health care. When disclosing information to such a person, we will take appropriate steps to verify the identity of such person.

5.

 

Use and Disclosures to Plan Sponsor (Employer). We may disclose PHI to an employer-sponsor of a group health plan, if applicable, provided that any such plan sponsor certifies: (a) that the information provided will be maintained in a confidential manner and shall not be used for employment related decisions or for other employee benefit determinations or in any other manner not permitted by law; and (b) that the plan documents contain provisions concerning restrictions on how the plan sponsor may use or further disclose PHI.

6.

 

Use and Disclosure to Contact You Regarding Health-Related Benefits and Services. Agency or its business associates may contact you regarding health-related benefits and services that may be of interest to you. 

7.

 

Uses and Disclosures to Business Associates. We may disclose PHI to our business associates, such as information systems consultants, production vendors and actuarial consultants, who perform services on our behalf. When we disclose information to a business associate, we will require the business associate to protect the privacy of your PHI through a written agreement with Agency. 

8.

 

Uses and Disclosures That Require Your Written Authorization. Your prior written authorization would be required before we may disclose PHI for marketing purposes, disclose PHI if Agency receives remuneration for distribution of the communication, or disclose psychotherapy notes. Other uses and disclosure of your PHI not described in this Notice of Privacy Practices will be made only with your written authorization, unless otherwise permitted or required by law as described in this notice. You may revoke such authorization at any time, except to the extent Agency or its business associates or other entities have relied on such disclosure. Revocation will not affect any uses or disclosures made with your permission before it was revoked. Also, if you gave us permission to disclose your information in order to obtain insurance coverage, you may not revoke it if other law allows the insurer to contest a claim under the policy or the policy itself. 

9.

 

Genetic Information. To the extent applicable, we will not disclose any genetic information in our possession for underwriting purposes. 

10.

 

Other Applicable Law. In the event applicable law, other than HIPAA, prohibits or materially limits our uses and disclosures of PHI, as described above, we will restrict our uses or disclosures of PHI in accordance with the more stringent standard.  

 

Your Privacy Rights

This section of the notice describes your rights as an individual with respect to your PHI and summarizes how you may exercise these rights.

1.

 

Right to Restrict Uses and Disclosures for Treatment, Payment and Health Care Operations Purposes. You have the right to request that we restrict uses and disclosures of your PHI for activities related to treatment, payment and health care operations as described above. Any such request must be made in writing to the address provided below and must state: (a) what PHI you want restricted; (b) whether the restriction shall apply to the “use” or “disclosure” of PHI, or both; and (c) to whom the restriction applies. Though we will evaluate all requests for restrictions, we are not required to agree to the restriction. If we agree to the restriction, we will abide by it, except in the case of emergency treatment or as required by law. We may terminate our agreement to a restriction if you agree to or request the termination of the restriction. In addition, we may notify you that we are terminating our agreement to a restriction as of a specified date, and that the restriction will no longer apply to PHI created or received by us after such date.

2.

 

Right to Request Confidential Communications. You may request that we communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may wish to receive communications from us at your work location rather than your home. Any such request must be made in writing to the address provided below and must include a reason in support of your request. We will evaluate all such requests. We will try to follow your request, if it is reasonable and as required under law.

3.

 

Right to Access, Inspect and Copy Your PHI. You have a right to request access to your PHI in order to inspect or copy PHI that we use to make decisions about you (including medical records and billing records), other than psychotherapy notes or information compiled in reasonable anticipation of, or for use in, a criminal, civil or administrative action or proceeding. Any such request must be made in writing to the address provided below. If we approve your request, we may charge a reasonable fee for such copying of your PHI. Under certain circumstances, we may deny your request for access to your PHI. If your request is denied, we will notify you of our reason for the denial and you may have the right to have such denial reviewed.

4.

 

Right to Amend Your PHI. You have the right to request that we amend PHI that we use to make decisions about you if you believe the information is incorrect or inaccurate. Any such request must be made in writing to the address provided below and must include a reason in support of your request. Under certain circumstances, we may deny your request for amendment of your PHI. If your request is denied, we will notify you of our reason for the denial, your right to submit a written statement of disagreement or to have the request for amendment included with future disclosures, and your right to file a complaint with our Customer Care Department and/or the Secretary of the Department of Health and Human Services. If your request for amendment is granted, we will notify you that the amendment was approved. We will also ask you to identify relevant persons who should be informed of the amendment and ask that you agree to our communication with such persons.

5.

 

Right to an Accounting of Disclosures. You have the right to receive a listing of how TCOR Management disclosed your PHI to other people or organizations. There are certain disclosures that are not included in the listing, for example, disclosures made to you about your own health information or disclosures that you give us permission to make.

6.

 

Right to a Copy of Notice of Privacy Practices. You have the right to receive a paper copy of this notice upon request, even if you agreed to receive this notice electronically. You may request a paper copy of our most current notice at any time by contacting our Employee Benefits Department at (830) 387-7019 or writing to the following address: TCOR Management, Attn: Employee Benefits Department, 1421 Hanz Drive, New Braunfels, TX 78130.

7.

 

Right to Notice of Breach. We implement appropriate administrative, physical and technical safeguards and security systems to protect your PHI. If, despite these efforts, there is a breach of your unsecured PHI, you will be notified.

 

Complaints

You may file a complaint in writing with our Employee Benefits Department or the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated. Direct your complaints to be filed with Agency to the address provided below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services within 180 days of a violation of your rights. We will not retaliate against you for filing a complaint.

Additional Information

If you have any questions or need further assistance regarding this notice or to request assistance with any of the items listed above, please call our Employee Benefits Department at (830) 387-7019. The address to send any requests or to file complaints relating to your privacy rights (as described above) is TCOR Management, Attn: Employee Benefits Department, 1421 Hanz Drive, New Braunfels, TX 78130.