Notice of Privacy Practices
This Notice of Privacy Practices applies to Michigan Group Benefits LLC, as a Third Party Administration (TPA) of self-funded benefit plans, or group health insurance coverages. Your employer will be able to tell you if your plan is self-funded or insured.
This Notice provides information about the ways your medical information may be used and disclosed by Michigan Group Benefits LLC and how you may access your health information. Please review it carefully.
Protected Health Information (PHI)
Michigan Group Benefits LLC considers personal information to be confidential. We protect the privacy of that information in accordance with federal and state privacy laws, as well as our own company privacy policies.
When we use the term “personal information”, we mean financial, health and other information about you that is nonpublic, and that we obtain so we can provide you with health coverage. By “health information”, we mean protected health information (PHI).
PHI means individually identifiable health information that is created or received by Michigan Group Benefits that relates to your past, present or future physical or mental health or condition; the provision of health care to you; or the past, present or future payment for the provision of healthcare to you; and that identifies you or for which there is a reasonable basis to believe the information can be used to identify you. If state law provides privacy protections that are more stringent than those provided by federal law Michigan Group Benefits LLC will maintain your PHI in accordance with the more stringent state law standard.
You have certain rights regarding your health information. This section explains your rights and our responsibilities to help you. You may:
- Request Confidential Communications
Communicate with you in a certain way or at a certain location. For example, if you are covered as an adult dependent, you might want us to send health information to a different address from that of the subscriber. We will accommodate reasonable requests.
- Request Restrictions
Restrict the way we use or disclose health information about you in connection with health care operations, payment and treatment. We will consider, but may not agree to, such requests. You also have the right to ask us to restrict disclosures to persons involved in your health care.
- Access to your PHI
You have the right to inspect and/or copy medical information that may be used to make claim decisions. You can obtain a copy of health information that is contained in a “designated record set” – medical records and other records maintained and used in making enrollment, payment, claims adjudication, medical management and other decisions. We may ask you to make your request in writing, may charge a reasonable fee for producing and mailing the copies and, in certain cases, may deny the request.
- Amend Medical Information
Amend health information that is in a “designated record set”. Your request must be in writing and must include the reason for the request. If we deny the request, you may file a written statement of disagreement. You may request a form.
- Choose Someone to Act for You
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will ensure the person has this authority and can act for you before we take action.
- Accounting for Disclosures of your PHI
Provide a list of disclosures we have made about you. Your request must be in writing. If you request such an accounting, we may charge a reasonable fee. You may request a form.
- Paper Copy of this Notice
You have the right to a paper copy of this notice. You may ask for a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
You also have the right to file a complaint if you think your privacy rights have been violated. To do so, please file the complaint in writing to your employer, benefit Plan Sponsor, or to Michigan Group Benefits LLC, Attn: Compliance Officer, 2900 West Road, Ste 222, East Lansing, MI 48823. You also may write to the Secretary of the U.S. Department of Health and Human Services in Washington, D.C. in writing within 180 days of a violation of your rights. There will be no retaliation for filing a complaint.
How Michigan Group Benefits LLC Uses and Discloses Personal Information
In order to provide your employer or insurer with TPA Services, Michigan Group Benefits LLC needs personal information about you, and we obtain that information from many different sources – particularly your employer or benefits plan sponsor, other insurers, HMOs or third-party administrators (TPAs), and health care providers. In administering your health benefits and pharmacy services, we will generally obtain your written authorization before using your health information or sharing it with others. However, we are permitted to use and disclose your health information for the following purposes without your written authorization:
Health Care Operations:
We may use and disclose personal information during the course of running our TPA business – that is, during operational activities such as quality assessment and improvement; licensing; accreditation by independent organizations; performance measurement and outcomes assessment; health services research; and preventive health, disease management, case management and care coordination. For example, we may use the information to provide disease management programs for members with specific conditions, such as diabetes, asthma or heart failure. Other operational activities requiring use and disclosure include administration of reinsurance and stop loss; underwriting and rating; detection and investigation of fraud; administration of pharmaceutical programs and payments; transfer of policies or contracts from and to other health plans; and other general administrative activities, including data and information systems management, and customer service.
To help pay for your covered services, we may use and disclose personal information in a number of ways – in conducting utilization and medical necessity reviews; coordinating care; determining eligibility; determining formulary compliance; collecting premiums; calculating cost-sharing amounts; and responding to complaints, appeals and requests for external review. For example, we may use your medical history and other health information about you to decide whether a particular treatment is medically necessary and what the payment should be – and during the process, we may disclose information to your provider. We also mail Explanation of Benefits forms and other information to your provider. We also mail Explanation of Benefits forms and other information to the address we have on record for the Plan member or employee.
We may disclose information to doctors, dentists, pharmacies, hospitals and other health care providers who take care of you. For example, doctors may request medical information from us to supplement their own records. We also may use personal information in providing pharmacy services and by sending certain information to doctors for patient safety or other treatment-related reasons.
Information Received Pre-enrollment:
We may request and receive from you and your health care providers PHI prior to your enrollment in the health plan or issuance of a policy to the group. We will use this information to determine eligibility, and to determine the rates for your group health plan. We will protect the confidentiality of that information in the same manner as all other PHI we maintain and, if you do not enroll in the health plan or a policy is not issued to the group, we will not use or disclose the information about you we obtained for any other purpose.
Other Health Related Products or Services:
We may, from time to time, use your PHI to determine whether you might be interested in or benefit from treatment alternatives or other health-related programs, products or services which may be available to you as a member of the health plan. For example, we may use your PHI to identify whether you have a particular illness, and contact you to advise you that a disease management program to help you manage your illness better is available to you as a health plan member. We will not use your information to communicate with you about products or services which are not health-related without your written permission.
Disclosures to Other Covered Entities:
We may disclose personal information to other covered entities, or business associates of those entities for treatment, payment and certain health care operations purposes. For example, we may disclose personal information to other health plans offered by your employer if it has been arranged for us to do so in order to have certain expenses reimbursed.
Minimum Necessary Disclosure of Protected Health Information:
Except for disclosures made for treatment purposes, all disclosures of protected health information must be limited to the minimum amount of information needed to accomplish the purpose of the disclosure. All requests for protected health information (except requests made for treatment purposes) must be limited to the minimum amount of information needed to accomplish the purpose of the request.
Additional Reasons for Disclosure
We may use or disclose personal information about you in providing you with treatment alternatives, treatment reminders, or other health-related benefits and services. We also may disclose such information in support of:
- Plan Administration– to your employer, or the Plan Sponsor of your benefit program.
- Research– to researchers, provided measures are taken to protect your privacy.
- Business Associates– certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, pharmacy benefits management, mail houses, accreditation, actuarial services, legal services, utilization review, case management, disease management, pre-certification, etc. At times it may be necessary for us to provide certain of your PHI to one or more of these outside persons or organizations who assist us with our health care operations. In all cases, we require these business associates to appropriately safeguard the privacy of your information through a Business Associates Agreement.
- For Data Breach Notification Purposes– If we become aware that we or one of our business associates experienced a breach of your personal information, as defined by Federal and state laws, we will take action in accordance with applicable laws and regulations. This may include notifying you and certain governmental, regulatory and media agencies about the breach.
- Industry Regulation– to state insurance departments, boards of pharmacy, U.S. Food and Drug Administration, U.S. Department of Labor and other government agencies that regulate us and your employer or Plan Sponsor.
- Law Enforcement– to federal, state and local law enforcement officials.
- Legal Proceedings– in response to a court order or other lawful process.
- Public Welfare– to address matters of public interest as required or permitted by law (e.g. victims of abuse, neglect or domestic violence, threats to public health and safety, and national security).
- Information regarding decedents– to disclose information to a coroner or medical examiner to identify a deceased person, determine a cause of death, or as authorized by law. We may also disclose information to a funeral director as necessary to carry out their duties.
- Armed Forces– if you are a member of the military as required by the armed forces and/ or if necessary for national security or intelligence activities.
- Workers’ Compensation– to workers’ compensation agencies if necessary for your worker’s compensation benefit determination.
- Special Privacy Protections– certain Federal and State laws may require special privacy protections that restrict the use and disclosure of certain health information, including highly confidential information about you. “Highly confidential information” may include confidential information under Federal and State laws that often protect the following types of information:
- Mental health
- Genetic tests
- Alcohol and drug abuse
- Sexually transmitted diseases and reproductive health information
- Child or adult abuse or neglect, including sexual assault
If use or disclosure of health information described above is prohibited or materially limited by other laws that apply, it is our intent to meet the requirements of the more stringent law.
- Information That Does Not Identify You– We may use or disclose your health information if we have removed all identifying factors that reveal who you are, or for limited purposes, we have removed most information revealing who you are and obtained a confidentiality agreement from the person or organization receiving your health information.
Disclosure to Family and Friends Involved in Your Health Care
With your approval, we may from time to time disclose your PHI to designated family, friends, and others who are involved in your care or in payment for your care in order to facilitate that person’s involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited PHI with such individuals without your approval. We may also disclose limited PHI to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you. You have the right to stop or limit this kind of disclosure by calling Michigan Group Benefits LLC at (517) 853-3100.
If you are a minor, you also may have the right to block parental access to your health information in certain circumstances, if permitted by state law. You can contact Michigan Group Benefits LLC at (517) 853-3100 – or have your provider contact us.
Michigan Group Benefits LLC Legal Obligations
The federal privacy regulations require your employer or Plan Sponsor to keep personal information about you private, to give you notice of our legal duties and privacy practices, and to follow the terms of the notice currently in effect. As a TPA representing such employer or Plan Sponsor, this notice is an extension of the employer’s or Plan Sponsor’s obligation.
Other Uses of Medical Information
Other uses and disclosures of medial information not covered by this notice or the laws that apply to us will be made only with your written permission. If you give us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the claims paid on your behalf.
This Notice is Subject to Change
We may change the terms of this notice and our privacy policies at any time. If we do, the new terms and policies will be effective for all of the information that we already have about you, as well as any information that we may receive or hold in the future.
Please note that we do not destroy personal information about you when your Plan coverage terminates. It may be necessary to use and disclose this information for the purposes described above even after your coverage terminates, although policies and procedures will remain in place to protect against inappropriate use or disclosure.