2023 Archdiocese of Atlanta Meritain Group Plan Doc - Manual / Resource - Page 27
HIPAA PRIVACY PRACTICES
The following is a description of certain rules that apply to the Health Care Plan Sponsor regarding uses and
disclosures of your health information.
Disclosure of Summary Health Information to the Health Care Plan Sponsor
In accordance with HIPAA’s standards for privacy of individually identifiable health information (the “privacy
standards”), the Health Care Plan may disclose summary health information to the Health Care Plan Sponsor, if
the Health Care Plan Sponsor requests the summary health information for the purpose of:
(1)
Obtaining premium bids from Health Care Plans for providing health insurance coverage under this Health
Care Plan; or
(2)
Modifying, amending or terminating the Health Care Plan.
“Summary health information” is information, which may include individually identifiable health information, that
summarizes the claims history, claims expenses or the type of claims experienced by individuals in the Health Care
Plan, but that excludes all identifiers that must be removed for the information to be de-identified, except that it may
contain geographic information to the extent that it is aggregated by 5-digit zip code.
Disclosure of Protected Health Information (“PHI”) to the Health Care Plan Sponsor for Health Care Plan
Administration Purposes
Except as described under “Disclosure of Summary Health Information to the Health Care Plan Sponsor” above or
under “Disclosure of Certain Enrollment Information to the Health Care Plan Sponsor” below or under the terms of
an applicable individual authorization, the Health Care Plan may disclose PHI to the Health Care Plan Sponsor and
may permit the disclosure of PHI by a health insurance issuer or HMO with respect to the Health Care Plan to the
Health Care Plan Sponsor only if the Health Care Plan Sponsor requires the PHI to administer the Health Care
Plan. The Health Care Plan Sponsor by formally adopting this Health Care Plan document certifies that it agrees
to:
(1)
Not use or further disclose PHI other than as permitted or required by the Health Care Plan or as required by
law;
(2)
Ensure that any agents to whom the Health Care Plan Sponsor provides PHI received from the Health Care
Plan agree to the same restrictions and conditions that apply to the Health Care Plan Sponsor with respect to
such PHI;
(3)
Not use or disclose PHI for employment-related actions and decisions or in connection with any other benefit
or Employee benefit Health Care Plan of the Health Care Plan Sponsor;
(4)
Report to the Health Care Plan any PHI use or disclosure that is inconsistent with the uses or disclosures
provided for of which the Health Care Plan Sponsor becomes aware;
(5)
Make available PHI in accordance with section 164.524 of the privacy standards;
(6)
Make available PHI for amendment and incorporate any amendments to PHI in accordance with section
164.526 of the privacy standards;
(7)
Make available the information required to provide an accounting of disclosures in accordance with section
164.528 of the privacy standards;
(8)
Make its internal practices, books and records relating to the use and disclosure of PHI received from the
Health Care Plan available to the U.S. Department of Health and Human Services (“HHS”), for purposes of
determining compliance by the Health Care Plan with part 164, subpart E, of the privacy standards;
(9)
If feasible, return or destroy all PHI received from the Health Care Plan that the Health Care Plan Sponsor still
maintains in any form and retain no copies of such PHI when no longer needed for the purpose for which
disclosure was made, except that, if such return or destruction is not feasible, limit further uses and disclosures
to those purposes that make the return or destruction of the PHI infeasible; and
23