HIPAA Notice of Privacy Practices
HIPAA NOTICE OF PRIVACY PRACTICES
DELTA DENTAL OF ARKANSAS
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice describes the privacy practices of Delta Dental Plan of Arkansas, Inc. (referred to here as “we” or “us” or “our”). We agree to abide
by the terms of this Notice.
We are required by law to maintain the privacy of your health information, to provide you with this notice of our legal duties and privacy practices
with respect to your health information, and to notify you of a breach of your unsecured protected health information. We are committed to
protecting your health information.
We comply with the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act. We maintain a breach reporting
policy and have in place appropriate safeguards to track required disclosures and meet appropriate reporting obligations. In addition, we comply
with the “Minimum Necessary” requirements of HIPAA and the HITECH amendments.
The HIPAA Privacy Rule protects only certain medical information known as “protected health information” (“PHI”). Generally, PHI is individually
identifiable health information, including demographic information, collected from you or received by a health care provider, a health care
clearinghouse, a health plan or your employer on behalf of the Group Health Plan that relates to:
(1) your past, present or future physical or mental health or condition;
(2) the provision of health care to you; or
(3) the past, present or future payment for the provision of health care to you.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
The following categories describe different ways that we may use or disclose your PHI without first obtaining your permission.
For Treatment We may use or disclose your PHI to facilitate medical treatment or services by providers. We may disclose PHI about
you to providers, including dentists, doctors, nurses, or technicians, who are involved in taking care of you. For example, we might disclose
information about your prior dental X-ray to a dentist to determine if the prior X-ray affects your current treatment.
For Payment We may use or disclose PHI about you to obtain payment for your treatment and to conduct other payment related activities,
such as determining eligibility for Group Health Plan benefits, obtaining customer payment for benefits, processing your claims, making coverage
decisions, administering Group Health Plan benefits, and coordinating benefits.
For Health Care Operations We may use and disclose PHI about you for our plan operations, including setting rates, conducting
quality assessment and improvement activities, reviewing your treatment, obtaining legal and audit services, detecting fraud and abuse, business
planning and other general administration activities.
To Business Associates We may contract with individuals or entities known as Business Associates to perform various functions
or to provide certain types of services on our behalf. In order to perform these functions or provide these services, Business Associates may
receive, create, maintain, use and/or disclose your PHI, but only if they agree in writing with us to implement appropriate safeguards regarding
your PHI. For example, we may disclose your PHI to a Business Associate to administer claims or provide support services, such as utilization
management, quality assessment, billing and collection or audit services, but only after the Business Associate enters into a Business Associate
Agreement with us.
Health-Related Benefits and Services We may use or disclose health information about you to communicate to you about health-related
benefits and services. For example, we may communicate to you about health-related benefits and services that add value to, but are not part
of, your Group Health Plan.
To Avert a Serious Threat to Health or Safety We may use and disclose PHI about you to prevent or lessen a serious and imminent
threat to the health or safety of a person or the general public.
Military and Veterans If you are a member of the armed forces, we may release PHI about you if required by military command authorities.
Worker's Compensation We may release PHI about you as necessary to comply with worker's compensation or similar programs.
Public Health Risks We may release PHI about you for public health activities, such as to prevent or control disease, injury or
disability, or to report child abuse, domestic violence, or disease or infection exposure.
Health Oversight Activities We may release PHI to help health agencies during audits, investigations or inspections.
Lawsuits and Disputes If you are involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative
order. We also may disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in
the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement We may release PHI if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct; and
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person
who committed the crime.
Coroners, Medical Examiners and Funeral Directors We may release PHI to a coroner or medical examiner. This may be necessary,
for example, to identify a deceased person or determine the cause of death.
National Security and Intelligence Activities We may release PHI about you to authorized federal officials for intelligence, counterintelligence,
and other national security activities authorized by law.
To Group Sponsor We may disclose your PHI to certain employees of the Group Sponsor (i.e., the Company) for the purpose of administering
the Group Health Plan. These employees will only use or disclose your PHI as necessary to perform our administrative functions or as otherwise
required by HIPAA.
Disclosure to Others We may use or disclose your PHI to your family members and friends who are involved in your care or the payment
for your care. We may also disclose PHI to an individual who has legal authority to make health care decisions on your behalf.
The following is a description of disclosures of your PHI we are required to make:
As Required By Law We will disclose PHI about you when required to do so by federal, state or local law. For example, we may disclose
PHI when required by a court order in a litigation proceeding, such as a malpractice action.
Government Audits We are required to disclose your PHI to the Secretary of the United States Department of Health and Human Services
when the Secretary is investigating or determining our compliance with HIPAA.
Disclosures to You Upon your request, we are required to disclose to you the portion of your PHI that contains medical records,
billing records, and any other records used to make decisions regarding your health care benefits.
We will use or disclose your PHI only as described in this Notice. Any other uses and disclosures not described in the notice will only be made
with your written authorization. It is not necessary for you to do anything to allow us to disclose your PHI as described here. If you want us to use or disclose your PHI for another purpose, you must authorize us in writing to do so. For example, we may use your PHI
for research purposes if you provide us with written authorization to do so. We must also get your written authorization in order to use or
disclose your PHI for marketing purposes if it involves financial remuneration to us or if we intend to sell your PHI. You may revoke your
authorization in writing at any time by notifying our Privacy Officer. When we receive your revocation, it will be effective only for future
uses and disclosures. It will not be effective for any PHI that we may have used or disclosed in reliance upon your written authorization
YOUR RIGHTS REGARDING PHI THAT WE MAINTAIN
You have the following rights regarding PHI we maintain about you:
Your Right to Inspect and Copy Your PHI You have the right to inspect and copy your PHI. You must submit your request in writing
and if you request a copy of the information, we may charge you a reasonable fee to cover expenses associated with your request.
We may deny your request to inspect and copy PHI in certain limited circumstances. If you are denied access to PHI, you may request that the denial
be reviewed by submitting a written request to the Contact Person listed below.
Your Right to Amend Incorrect or Incomplete Information If you believe that the PHI we have about you is incorrect or incomplete,
you may request that we change your PHI by submitting a written request. You also must provide a reason for your request. We are not required
to amend your PHI, but if we deny your request, we will provide you with information about our denial and how you can disagree with the denial.
Your Right to Request Restrictions on Disclosures to Health Plans. Where applicable, you may request that restrictions be placed
on disclosures of your PHI.
Your Right to an Accounting of Disclosures We Have Made You may request an accounting of disclosures of your PHI that we have
made, except for disclosures we made to you or pursuant to your written authorization, or that were made for treatment, payment or health care
operations, national security or incident to other permissible disclosures.
You must submit your request in writing. Your request should specify a time period of up to six years but may not include dates before April 14,
2003. We will provide one list of disclosures to you per 12-month period free of charge; we may charge you for additional lists.
Your Right to Request Restrictions on Uses and Disclosures You have the right to request restrictions or limitations on the way
that we use or disclose PHI. You must submit a request for such restrictions in writing, including the information you wish to limit, the scope
of the limitation and the persons to whom the limits apply. We may deny your request.
Your Right Not To Be Underwritten Using Genetic Information You have a right not to have your PHI that is genetic information
used or disclosed by us for purposes of underwriting.
Your Right to Request Confidential Communications Through a Reasonable Alternative Means or at an Alternative Location You
may request that we direct confidential communications to you in an alternative manner (i.e., by facsimile or e-mail). You must submit
your request in writing. We are not required to agree to your request.
Your Right to a Paper Copy of This Notice To obtain a paper copy of this Notice or a more detailed explanation of these rights,
send us a written request at the address listed below. You may also obtain a copy of this Notice at our website: www.deltadentalar.com.
CHANGES TO THIS NOTICE
We may amend this Notice of Privacy Practices at any time in the future and make the new Notice provisions effective for all PHI that we maintain.
We will advise you of any significant changes to the Notice. We are required by law to comply with the current version of this Notice.
If you believe your privacy rights or rights to notification in the event of a breach of your PHI have been violated, you may file a complaint
with us or with the Office of Civil Rights. Complaints about this Notice or about how we handle your PHI should be submitted in writing to
the Contact Person listed below.
A complaint to the Office of Civil Rights should be sent to Office of Civil Rights, U.S. Department of Health & Human Services, 233 N. Michigan
Ave. – Suite 240, Chicago, IL 60601, (312) 886-2359; (312) 353-5693 (TDD), (312) 886-1807 (fax). You also may visit OCR’s website at www.hhs.gov/hipaa/filing-a-complaint/index.html
for more information.
You will not be penalized, or in any other way retaliated against for filing a complaint with us or the Office of Civil Rights.
SEND ALL WRITTEN REQUESTS REGARDING THIS PRIVACY NOTICE TO:
Delta Dental Plan of Arkansas, Inc.
Attn: Privacy Officer
P.O. Box 15965
North Little Rock, AR 72231
Para asistencia en español, llame al número de servicio al cliente (customer service) que aparece en el reverso de su tarjeta para miembros.
This document is also available in alternative formats upon request and at no cost to persons with disabilities.
Effective Date: February 1, 2015