NOTICE OF PRIVACY PRACTICES FOR VANTAGE HEALTH PLAN, INC.

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

At Vantage Health Plan, Inc. (Vantage), we respect the confidentiality of your health information and will protect it in a responsible and professional manner. We consider this information private and confidential and have policies and procedures in place to protect the information against unlawful use and disclosure.

This Notice describes what types of information we collect, explains when and to whom we may disclose it, and provides you with additional important information. We are allowed by law to use and disclose your health information to carry out the operations of our business. We are required by law to maintain the privacy of your health information, to provide you with this Notice, and abide by the Notice in effect. It also informs you of your rights with respect to your health information and how you can exercise those rights.

I. What Is Protected Health Information or PHI?

When we talk about "information" or "health information" in this Notice we mean Protected Health Information or PHI. PHI is any information, including genetic information, which identifies an individual enrolled in our Plan. It relates to the person's participation in the plan, the person's past, present or future physical or mental health or condition, the provision of health care to that person, or the past, present or future payment for the provision of health care to that person. PHI also includes information which identifies the person or for which there is a reasonable basis to believe it could be used to identify the person. This information includes many common identifiers (e.g., name, address, birth date, social security number). It does not include publicly available information, or information that is available or reported in a summarized fashion that does not identify any individual person.

II. What types of personal information do we collect?

Like all health benefits companies, we collect the following types of information about you:

  • Information we receive directly or indirectly from you or your employer through applications, surveys, or other forms, in writing, in person, by telephone, or electronically, including our web site (e.g., name, address, social security number, date of birth, marital status, dependent information, employment information, medical history).
  • Information about your relationship and transactions with us, our affiliates, our providers, our agents, and others (e.g., health care claims and encounters, medical history, eligibility information, payment information, service request, and appeal and grievance information).
  • Information we receive from the Centers for Medicare and Medicare Services (CMS) and other authorized regulatory agencies.

III. How do we protect this information?

We have policies that limit internal and external sharing of PHI to only those persons who have a need for it to provide benefit services to you and your dependents. We maintain physical, electronic, and procedural safeguards to protect PHI against unauthorized access and use. For example, access to our facilities is limited to authorized personnel and we protect information electronically through a variety of technical tools. We also have established a Privacy Committee, which has overall responsibility for the development, implementation, training, oversight and enforcement of policies and procedures to safeguard PHI against inappropriate access, use and disclosure, consistent with applicable law. If there is a breach of unsecured PHI, we will notify you.

IV. How may we use or share your information?

To effectively operate your health benefit plan, we may use and share PHI about you to:

  • Perform certain duties, which may involve claims review and payment or denial; coordination of benefits; utilization review; medical necessity review; coordination of care; response to member inquiries or requests for services; conduct of grievance, appeals, and external review programs; benefits and program analysis and reporting; risk management; detection and investigation of fraud and other unlawful conduct; auditing; underwriting as permitted by law ( genetic information may not be used or disclosed for underwriting purposes); administration and coordination of reinsurance contracts.
  • Operate preventive health programs, early disease detection programs, disease management programs and case management programs in which we or our affiliates or contractors send educational materials and screening reminders to eligible members and providers; perform health risk assessments; identify and contact members who may benefit from participation in disease or case management programs; and send relevant information to those members who enroll in the programs, and their providers.
  • Conduct quality improvement activities, such as the credentialing of participating network providers; and accreditation by the National Committee for Quality Assurance (NCQA), Centers for Medicare & Medicaid Services (CMS), and/or other independent organizations, where applicable.
  • Conduct performance measurement and outcomes assessment; health claims analysis and reporting.
  • Provide data to outside contractors who help us conduct our business operations. We will not share your PHI with these outside contractors unless they agree in writing to keep it protected.
  • Manage data and information systems.
  • Perform mandatory licensing, regulatory compliance/reporting, and public health activities; responding to requests for information from regulatory authorities, responding to government agency or court subpoenas as required by law, reporting suspected or actual fraud or other criminal activity; conducting litigation, arbitration, or similar dispute resolution proceedings; and performing third-party liability and subrogation activities.
  • Change policies or contracts from and to other insurers, HMOs, or third party administrators with compliant business associate agreements.
  • Provide data to the employer that sponsors the benefit plan through which you receive health benefits. We will not share your PHI with your benefit plan sponsor except for deidentified summary health information, enrollment and disenrollment information, specific information authorized by you and any information necessary to administer the plan.

We consider the activities described above as essential for the operation of our plan. For example, we may feature:

  • Cancer screening reminder programs that promote early detection of breast, ovarian, and colorectal cancer, when these illnesses are most treatable.
  • Disease management programs that help members work with their physicians and other providers to effectively manage chronic conditions like asthma, diabetes, and heart disease to improve quality of life and avoid preventable emergencies and hospitalizations.
  • Quality assessment programs that help us review and improve the services we provide.
  • A variety of outreach programs that help us educate members about the programs and services that are available to them, and let members know how they can make the most of their health benefits.

There are also state and federal laws that may require us to release your health information to others. We may be required to provide information as follows:

  • To state and federal agencies that regulate us such as the US Department of Health and Human Services, the Louisiana Department of Insurance, and the Centers for Medicare and Medicaid Services.
  • For public health activities. For example, we may report information to the Food and Drug Administration for investigating or tracking of prescription drug and medical device problems.
  • To public health agencies if we believe there is a serious health or safety threat.
  • To a health oversight agency for certain oversight activities (for example, audits, inspections, licensure, and disciplinary actions.)
  • To a court or administrative agency (for example, pursuant to a court order, search warrant or subpoena).
  • For law enforcement purposes. For example, we may give information to a law enforcement official for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
  • To a government authority regarding child abuse, neglect or domestic violence.
  • To a coroner or medical examiner to identify a deceased person, determine a cause of death, or as otherwise authorized by law. We may also share information with funeral directors as necessary to carry out their duties.
  • For procurement, banking or transplantation of organs, eyes or tissue.
  • To specialized government functions, such as military and veteran activities, national security and intelligence activities, and the protective services for the President and other government officials.
  • For on-the-job-related injuries because of requirements of state workers' compensation laws.

We do not share PHI for any purpose other than those listed above. If one of the above reasons does not apply, we must get your written authorization to use or disclose your health information. For example, written authorization from you would be required for the use and/or disclosure of psychotherapy notes (if applicable) and the use of PHI for marketing purposes. Written authorization is also required for the sale of PHI. In the event that you are unable to provide the authorization (for example, if you are medically unable to give consent), we will accept authorization from any person legally authorized to give consent on your behalf, such as a parent or guardian. If you give us written authorization and change your mind, you may revoke your written authorization at any time.

V. What are your rights?

The following are your rights with respect to your PHI. If you would like to exercise any of these rights, please contact us at the address or phone numbers listed at the end of this Notice. We will require that you make your request in writing and will provide you with the appropriate forms.

You have the right to inspect and/or obtain a copy or summary of information that we maintain about you in your designated record set. A “designated record set” is a group of records maintained by or for us that are your enrollment, payment, claims determination, and case or medical management records or a group of records, used in whole or in part, by us to make decisions about you, such as appeals and grievance records. We may charge you a reasonable administrative fee for copying, postage or summary preparation depending on your specific request.

However, you do not have the right to inspect certain types of information and we cannot provide you with copies of the following information:

  • contained in psychotherapy notes;
  • compiled in reasonable anticipation of, or for use in a civil, criminal or administrative action or proceeding; or
  • subject to certain federal laws governing biological products and clinical laboratories.

We will respond to your request no later than 30 days after we receive it or if the information requested is not accessible or maintained on site, no later than 60 days after we receive it.

Additionally, in certain other situations, we may deny your request to inspect or obtain a copy of your information. If we deny your request, we will notify you in writing and may provide you with a right to have the denial reviewed.

You have the right to ask us to amend information we maintain about you in your designated record set. We will require that your request be in writing. We will respond to your request no later than 60 days after we receive it. If we are unable to act within 60 days, we may extend that time by no more than an additional 30 days. If we need to extend this time, we will notify you of the delay, the reason for the delay, and the date by which we will complete action on your request.

If we make the amendment, we will notify you that it was made. In addition, we will provide the amendment to any person that we know has received your health information. We will also provide the amendment to other persons identified by you.

If we deny your request to amend, we will notify you in writing of the reason for the denial. The denial will explain your right to file a written statement of disagreement. We have a right to dispute your statement through a written rebuttal. However, you have the right to request that your written request, our written denial and your statement of disagreement be included with your information for any future disclosures.

NOTE: If you want to access or amend information about yourself, you should first go to your provider (e.g., physician, pharmacy, hospital or other caregiver) that generated the original records, which are more complete than any we maintain.

You have the right to receive an accounting of certain disclosures of your information made by us during the six years prior to your request. Please note that we are not required to provide you with an accounting of the following information:

  • Any information collected prior to April 14, 2003.
  • Information disclosed or used for treatment, payment, and health care operations purposes.
  • Information disclosed to you or pursuant to your authorization;
  • Information that is incident to a use or disclosure otherwise permitted.
  • Information disclosed for a facility's directory or to persons involved in your care or other notification purposes;
  • Information disclosed for national security or intelligence purposes;
  • Information disclosed to correctional institutions, law enforcement officials or health oversight agencies;
  • Information that was disclosed or used as part of a limited data set for research, public health, or health care operations purposes.

We will act on your request for an accounting within 60 days. We may need additional time to act on your request, and therefore may take up to an additional 30 days. In connection therewith, we will provide you with a written statement of the reasons for the delay and the date by which we will provide the accounting. Your first accounting will be free, and we will continue to provide to you one free accounting upon request every 12 months. However, if you request an additional accounting within 12 months of receiving your free accounting, we may charge you a fee. The fee will be reasonable and cost-based. We will inform you in advance of the fee and provide you with an opportunity to withdraw or modify your request.

You have the right to ask us to restrict how we use or disclose your information for treatment, payment, or health care operations. You also have the right to ask us to restrict information that we have been asked to give to family members or to others who are involved in your health care or payment for your health care. If we engage in any type of fundraising activity, you have the right to opt out of receiving any such communication.

You have the right to ask to receive confidential communications of information. We may require that your request include a statement that disclosure of all or part of the information to which the request pertains could endanger you or someone else. For example, in situations involving domestic disputes or violence, you can ask us to send the information by alternative means (for example by fax) or to an alternative address. We will try to accommodate a reasonable request made by you.

VI. What do we do with member PHI when the member is no longer enrolled in our plan?

We do not destroy PHI when individuals terminate their coverage. The information is necessary and used for many purposes as described in this Notice, even after the individual leaves a plan. However, the policies and procedures that protect that information against inappropriate use and disclosure apply regardless of the status of any individual member. In many cases, PHI is subject to legal retention requirements, and after that requirement for record maintenance, PHI is destroyed in a confidential process.

VII. Exercising your rights:

  • You have a right to receive a copy of this Notice upon request at any time. We provide this Notice to our subscribers upon enrollment in a Vantage health plan. You can also view a copy of the Notice on our web site at www.vantagehealthplan.com. Should any of our privacy practices change, we reserve the right to change the terms of this Notice and to make the new Notice effective for all protected health information that we maintain. Once revised, we will provide the new Notice to you and post it on our web site.
  • If you have any questions about this Notice or about how we use or share information, please write to Vantage at Blue Cross and Blue Shield of Louisiana, Attn: Privacy Officer, 5525 Reitz Avenue, Baton Rouge, LA 70809 or email Privacy.Office@bcbsla.com. Or you can contact our Member Services Department at 888-823-1910.

If you are concerned that your privacy rights may have been violated, you may file a complaint with us. You also have the right to complain directly to the Secretary of the U.S. Department of Health and Human Services. If you have any questions about the complaint process, including the address of the Secretary of Health and Human Services, please write to our Privacy Officer at the address mentioned above or contact our Member Services Department.

Vantage will not take any action against you for filing a complaint.

This notice is effective April 14, 2003.