Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
As your health plan administrator for your employer’s self-insured health plan, TD Consortium Benefits Trust (“TDCBT”) provides administrative services related to your health services under the health plan. TDCBT staff must collect information about you to process health services claims and authorization for you and your dependents on behalf of your health plan. TDCBT knows that the information we collect about you and your health is private. TDCBT is required to protect this information by federal and state law. This information is known as Protected Health Information (“PHI”).
This Notice of Privacy Practices tells you how TDCBT may use or disclose your PHI. This notice may not be all inclusive of all situations. TDCBT is required to give you notice of our privacy practices for the information we collect and keep about you. TDCBT is required to follow the terms of the notice currently in effect.
TDCBT is required by law to maintain the privacy of your PHI, provide you with notice of our legal duties and privacy practices with respect to PHI, and notify you if your PHI is affected in a breach of unsecured PHI.
How We Protect Your Privacy
Our partners and vendors are trained on the need to maintain your PHI in the strictest confidence. We restrict access to your PHI to authorized workforce members who need that information for your treatment, for payment purposes and/or for health care operations. We maintain technical, physical and administrative safeguards to ensure the privacy of your PHI.
In addition, in situations where we rely on a third party to perform business, professional or insurance services or function s for us, that third party must agree to safeguard your PHI. That Business Associate must also agree to use it only as required to perform its functions for us and as otherwise permitted by our contract and the law.
When TDCBT May Use and Disclose Information Without Your Authorization:
- For Treatment. TDCBT may use or disclose information with health care providers who are involved in yourhealth care. This may include health care providers (doctors, nurses, licensed practitioners) employed by or outside of the health plan. For example, information may be shared to create and carry out a plan for your treatment.
- For Payment. TDCBT may use or disclose information to get payment for the health care services you receive. For example, TDCBT may provide PHI in relation to a bill received for health care services provided to you.
- For Health Care Operations. TDCBT may use or disclose information in order to manage its programs and activities. These uses and disclosures are necessary to run the health plan and to make sure that people covered by the health plan receive quality care. For example, TDCBT may use PHI to review the quality of services you receive or to evaluate a provider’s performance prior to providing payment.
- Other Disclosures for Plan Operations. TDCBT may use or disclose PHI for the following activities:
- TDCBT may disclose PHI to your plan sponsor as required under the plan’s contract.
- TDCBT may use or disclose PHI for underwriting purposes, but TDCBT is prohibited from using or disclosing any genetic information for such purposes.
- TDCBT may use or disclose PHI for fundraising purposes; however, you have the right to opt out of any fundraising communications.
- Appointments and Other Health Information. TDCBT may send you reminders for medical care checkups or information about health services that may be of interest to you. You have a right to place restrictions on these communications and request how these communications occur.
- For Public Health Activities. TDCBT may send PHI to the state or local public health agency that keeps and updates vital records, such as births and deaths, and tracks some diseases. We may disclose medical information to these agencies as required by law.
- For Health Oversight Activities. TDCBT may use or disclose information to inspect or investigate health care providers. We may disclose medical information to health oversight agencies for activities authorized by law.
- As Required by Law and For Law Enforcement. TDCBT may use and disclose information when required by federal or state law; by court order, subpoena, warrant, summons, administrative request or similar process; or in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
- For Abuse Reports and Investigations. TDCBT is required by law to receive and investigate reports of abuse.
- For Government Programs. TDCBT may use and disclose information for public benefits under other government programs.
- To Avoid Harm. TDCBT may disclose PHI to law enforcement in order to avoid a serious threat to the health and safety of a person(s) or the public.
- For Research. TDCBT uses information for studies and to develop research reports. These reports do not identify specific people. These types of disclosures may only occur without specific member authorization when you (the member) have previously agreed to participate in a research study and the report disclosures are included in participation agreements.
- Disclosures to Family, Friends and Others Who Are Involved in Your Medical Care. TDCBT may disclose information to your family or other persons who are involved in your medical care. You have the right to object to the sharing of this information. Disclosures may only occur without authorization in instances of emergency or incapacity to effect treatment or care.
- Other Uses and Disclosures Require Your Written Authorization. For other situations, TDCBT will ask for your written authorization before using or disclosing information. You may cancel this authorization at any time in writing. TDCBT cannot take back any uses or disclosures already made with your authorization; and disclosures made in conjunction with a valid authorization and prior to a written revocation cannot be withdrawn.
You have the following privacy rights regarding health information TDCBT maintains about you:
- Right to Inspect and Receive Copies of Your Records. In most cases, you have the right to inspect or receive copies of your records. You must make the request in writing. You may be charged a fee for the cost of copying your records. TDCBT may deny your request to inspect and copy in certain limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed.
- Right to Request a Correction or Update of Your Records. You may ask TDCBT to amend information you feel to be incorrect or add missing information to your records. You must make the request in writing, and provide a reason for your request. TDCBT may deny your request in certain limited circumstances.
- Right to Get a List of Disclosures. You have the right to ask TDCBT for a list of disclosures or access report made within the last three years. You must make the request in writing. The list will not include information provided directly to you or your family, or information that was sent with your authorization.
- Right to Request Limits on Uses or Disclosures of PHI. You have the right to ask that TDCBT limit how your information is used or disclosed. You must make the request in writing to HIPAA Privacy Officer, TDCBT, 24 Arnett Avenue, Suite 115, Lambertville, NJ 08530 tell TDCBT what information you want to limit and to whom you want the limits to apply. TDCBT is not required to agree to the restriction, unless the restriction is for disclosures to a health plan for carrying out payment or health care operations that are not otherwise required by law, and the PHI pertains solely to a health care item or service for which you personally, and not your plan, have paid in full. You can request that the restrictions be terminated in writing or verbally.
- Right to Revoke Permission. If you are asked to sign an authorization to use or disclose information, you can cancel that authorization at any time. You must make the request in writing to HIPAA Privacy Officer, TDCBT, 24 Arnett Avenue, Suite 115, Lambertville, NJ 08530. This will not affect information that has already been shared.
- Right to Choose How We Communicate with You. You have the right to request that TDCBT share information with you in a certain way or in a certain place. For example, you may ask TDBCT to send information to your work address instead of your home address. You must make this request in writing. You do not have to explain the basis for your request.
- Right to File a Complaint. You have the right to file a complaint if you do not agree with how TDCBT has used or disclosed information about you, or if you believe your privacy rights have been violated. You will not be penalized for filing a complaint. To file a complaint, you may write to us at: HIPAA Privacy Officer, TDCBT, 24 Arnett Avenue, Suite 115, Lambertville, NJ 08530. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services Office of Civil Rights by following the instructions on their website at www.hhs.gov/hipaa/filing-a-complaint/index.html
- Right to Get a Paper Copy of this Notice. You have the right to ask for a paper copy of this notice at any time. In the future, TDCBT may change its Notice of Privacy Practices. Any changes will apply to information TDCBT already has, as well as information TDCBT receives in the future. A copy of the new notice will be posted on the TDCBT website as required by law. You may ask for a copy of the current notice at any time. If you have any questions regarding this notice, please contact your Human Resources department or call the toll-free member services number on your I.D. card.
TDCBT Privacy V1 7/2020