Privacy Practices

MEDICAL COST MANAGEMENT CORPORATION (MCM)

NOTICE OF PRIVACY PRACTICES
EFFECTIVE: APRIL 14, 2003, REVIEWED: JANUARY 2010, REVISED: SEPTEMBER 3, 2014

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND
HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Introduction

In order to provide comprehensive medical management services, MCM must obtain and maintain Protected Health Information (PHI). This privacy notice describes the types of information that is collected and your rights regarding how that information can be used.

PHI is individually identifiable health information that is created or received by your provider, your health plan or insurer or a data clearinghouse. PHI can be maintained or transmitted in any form or medium (oral, written or electronic). It relates to the past, present or future:

  1. condition of your physical or mental health,
  2. health care provided to you; or
  3. payment for the health care provided to you.

PHI does not include summary health information or information that has been de-identified according to the standards for de-identification provided for in the HIPAA Privacy Rule.

Permitted/Required Uses and Disclosures of PHI

Your PHI will be used and disclosed for the purpose of routine treatment, payment and health care operations.

Use and Disclosure for Treatment

Your PHI may be used by, and disclosed to ,your health plan or insurer or health care providers including, but not limited to, doctors, nurses, laboratory technicians, and other health care personnel involved in your treatment.

Use and Disclosure for Payment

Your PHI may be used by, and disclosed to your health plan or insurer .The use and disclosure also includes verification of participation or enrollment in the plan, eligibility for coverage and plan benefits. Your PHI may be shared with persons involved in utilization review, including pre-certification, pre­authorization, and concurrent and retrospective review, to assist in reimbursement of health care claims or other claims payment.

Use and Disclosure for Health Care Operations

Your PHI may be used and disclosed for plan operation purposes including, but not limited to: quality review assessments; audits, including fraud and abuse detection and compliance programs; business management and planning; complaint review; and regulatory review and other legal compliance. In addition, your PHI may be used and disclosed for case management, and care coordination, contacting of health care providers and patients with information about treatment, drug and disease management alternatives and other related functions that do not include treatment.

We may share this information with our business associates for purposes of utilization reviews, appropriateness of care reviews, peer review for resolution of grievances, consultation with outside health care providers, consultants and attorneys, and other health related benefits and services that may be of interest to you. We require our business associates to sign an agreement specifying their compliance with our privacy policies.

We have developed privacy policies and procedures in order to ensure the privacy of your PHI. These policies and procedures are based on appropriate administrative, technical and physical safeguards necessary to maintain confidentiality. Access to your PHI is limited to those individuals that have a legitimate business need for that information. This protection extends to the use of your PHI by our business associates.

Other Permitted/Required Uses and Disclosures of PHI

We, or our business associates, may use and disclose your protected health information for reasons permitted by the Rule, including but not limited to the following:

  1. those required by law;
  2. in response to a court order or other legal proceeding;
  3. judicial and administrative proceedings;
  4. law enforcement purposes;
  5. to comply with worker’s compensation or other similar laws;
  6. public health activities;
  7. health oversight activities;
  8. reporting abuse, neglect or domestic violence;
  9. the military if you are a member of the armed services;
  10. correctional institutions if you are an inmate;
  11. disclosures of decedent’s information to coroners, medical examiners and funeral directors;
  12. organ, eye or tissue donation purposes;
  13. national security and intelligence agencies as authorized by law.

We will only use or disclose the minimum amount necessary to perform these functions. We may disclose PHI to the sponsor of your health plan for any purpose described in this section

Other Uses and Disclosures of PHI

Uses and disclosures of PHI for purposes other than those described in Permitted/Required Uses and Disclosures of PHI will be made only with your written authorization. If you provide us authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose information following the specific purpose contained in the authorization. You understand that we are unable to take back any disclosures already made with your authorization, and that we are required to retain any records we may have containing your PHI. If you revoke your authorization for payment or health care operations, you may jeopardize the administration of the benefits under your health plan.

Your Individual Rights With Respect to PHI Upon written request, you have the right to:

  1. request restrictions on certain uses and disclosures of your PHI. We are not required to agree to a requested restriction.
  2. receive confidential communication of PHI.
  3. access our records containing descriptions of your PHI.
  4. request an amendment to your PHI. We are not required to agree to a requested amendment.
  5. receive an accounting of impermissible PHI disclosures or disclosures made in compliance with the Rule for which an accounting is required.

Unless specifically requested otherwise, we will communicate PHI in connection with treatment, payment or health care operations, with any family member covered under your plan. Should any family member want a restriction on such disclosure of PHI, they must request such restriction in writing. Although we are not required to agree to a requested restriction, we will consider all factors explained in the request.

Our Duties Regarding the Use and Disclosure of PHI

We are committed to maintaining your privacy and are required:

  1. by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI;
  2. to abide by the terms of the Notice of Privacy Practices currently in effect.

We reserve the right to change the terms of this privacy notice, and have such change be effective for all PHI that is maintained. Notification of a revised privacy notice will be provided within 60 days of the effective date of any such revision.

How to File a Complaint Regarding the Use and Disclosure of PHI

If you believe your privacy rights have been violated, you may file a complaint with us or with the U. S. Department Secretary of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Avenue, Washington, D. C. 20201. All complaints must be in writing.

Please be assured that you may not be retaliated against for filing a complaint.

How to Contact Us

If you have any questions regarding this Notice or the subjects addressed in it, you may contact the following:

Privacy Officer
Medical Cost Management Corp.
200 W. Monroe, Suite 1850
Chicago, IL 60606
800-367-9938
privacy@medicalcost.com

Conclusion

PHI use and disclosure is regulated by a federal law known as HIPAA (the Health Insurance Portability and Accountability Act). You may find these rules at 45 Code of Federal Regulations Parts 160 and 164. This Notice attempts to summarize the regulations. The regulations will supersede any discrepancy between the information in this Notice and the regulations.