THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
REVIEW IT CAREFULLY. THE PRIVACY OF YOUR MEDICAL INFORMATION IS IMPORTANT TO US.
OUR LEGAL DUTIES
Triple-S is firm in its commitment to protect the privacy of your medical information. This notice informs you on our privacy practices and your rights regarding your medical information. We will follow the privacy practices described in this notice while it is in effect.
This notice contains some examples of the types of information we collect and describe the types of uses and disclosures we execute, and your rights. The examples
provided are for illustrative purposes and shall not be construed as a complete listing of such uses and disclosures.
Triple- S is required to abide by the terms of this Notice. However we reserve the right to change our privacy practices and the terms of this notice. Before we make a significant change in our privacy practices, we will change this notice and send an updated notice to our active subscribers. This privacy notice is effective from September 1, 2016 on.
Our pledge is to limit to the minimum necessary the information we collect in order to administer your insurance products or benefits.
As part of our administrative functions, we may collect your personal, financial or health information from sources such as:
- Applications and other documents you have provided to obtain a product or insurance service;
- Transactions you make with us or our affiliates;
- Consumer credit reporting agencies;
- healthcare providers;
- Government health programs.
Protected Health information (PHI) is information that can identify you (name, last name, social security number); including demographic information (like address, zip code), obtained from you through a
request or other document in order to obtain a service, created and received by a health care provider, a medical plan, intermediaries who submit claims for medical services, business associates, and that is related to (1) your health and physical or mental condition, past, present, or future; (2) the provision of medical care to you, or (3) past, present, or future payments for the provision of such medical care. For purposes of this Notice, this information will be called PHI. This Notice of Privacy Practices has been written and amended, so that it will comply with the HIPAA Privacy Regulation. Any term not defined in this Notice will hold the same meaning as in the HIPAA Privacy Regulation. We have also implemented policies and procedures for the handling of PHI, which you may examine, at your request.
We do not use or disclose genetic information for underwriting purposes.
LAWS AND REGULATIONS
HIPAA: Health Insurance Portability and Accountability Act of 1996 implements rules relating to the use, storage, transmission, and disclosure of protected health information pertaining to beneficiaries in order to standardize communications and protect the privacy and security of personal, financial and health information.
HITECH: The Health Information Technology for Economic and Clinical Health Act of 2009, promotes the adoption and meaningful use of health information technology.
It also addresses privacy and security concerns associated with the electronic transmissions of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
Privacy and Security Rule: Standards for Privacy of Individually Identifiable Health, as well as Security Standards for the Protection of Electronic Protected Health Information are guided through 45 C.F.R. Part 160 and Part 164.
ORGANIZATION COVERED BY THIS NOTICE
TRIPLE-S ADVANTAGE, INC.
USES AND DISCLOSURES OF INFORMATION
Triple – S may use and disclose PHI for the following:
Triple – S will not disclose or use your information for any other purpose other than those mentioned in this notice unless you provide written authorization. Triple-S will not disclose information for fundraising activities.
Disclosures to you
We are required to disclose to you most of your PHI. This includes, but is not limited to, all information related to your claims history and utilization report. For example: You have the right to request claims history, prescription history and any other information that is related to your protected health information.
As part of our administrative functions, we may use or disclose your information, without your authorization, for treatment, payment and healthcare operations, and when authorized or permitted by law. For example:
Treatment: To a physician or other health care provider who provides you medical services including treatment, services coordination, monitoring of your health and other services related. For example, the plan may disclose your medical information to your provider to coordinate your treatment.
Payment: To pay your medical claims, to determine your eligibility for benefits, to coordinate your benefits with other payers, or to collect premiums, and the like. For example, the plan may use or disclose information to pay claims related to health services received by you or to provide eligibility information to your health care provider when you receive treatment.
Health Care Operations: For audits, legal services, including fraud and abuse detection, business planning, general administration, and patient safety activities, credentialing, disease management, training of medical students. For example: The plan may use or disclose your health information to communicate with you to provide reminders of meetings, appointments or treatment information.
We may disclose your medical information to another health plan or to a health care provider subject to federal or local privacy protection laws, as long as the plan or provider has or had a relationship with you.
Affiliated Covered Entities: These companies are subject to the same statutes that require protection for your protected health information.
Business Associate: We may use and disclose your personal information to our business associates, who provide services on our behalf and contribute in the administration or coordination of your services. We only share the minimum necessary information and require from each of our business associates to sign a written agreement in which they provide satisfactory assurances of compliance with the security and privacy of your health information. If the business associate goes out of business, we will maintain your information secure to provide the services you need
Your Employer, union or other employee organization: To your employer on whether you are enrolled or disenrolled in the health plan your employer sponsors, and summary health information (aggregated claims history, claims expenses or types of claims experienced by the enrollees in your group health plan) to be used for the administration of the group health plan.
For Research: We may use or disclose your PHI for research purposes, if an Institutional Review Board or an Ethics Committee, has reviewed the research proposal and has established protocols to protect your information’s confidentiality, and has approved the research as part of a limited data set, which does not include individual identifiers.
Required by Law: We may use or disclose your PHI whenever Federal, State, or Local Laws require its use or disclosure. In this Notice, the term “as required by Law” is defined the same as in the HIPAA Privacy regulation. For these purposes your authorization or opportunity to agree or object will not be required. The information will be disclosed in compliance with the safeguards established and required by law.
Legal proceedings: We may use or disclose your PHI during the course of any judicial or administrative proceedings in response to an order from a court or administrative tribunal (provided that the covered entity discloses only the PHI expressly specified by such order); or in response to a subpoena, discovery request, or other lawful process.
Funeral directors, and organ donation cases: We may use or disclose your PHI to a medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties authorized by law. We may also disclose your information to a funeral director, as necessary to carry out its duties with respect to a decedent and to other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue.
Worker’s compensation: We may use or disclose your PHI to comply with laws relating to workers’ compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.
Disaster relief or emergency situations, Government Sponsored Benefits Programs: We may disclose your PHI to a public or private entity authorized by law or statutes involved in an effort to help disaster. In this way, your family can be notified about your health condition and location in case of disaster or an emergency.
Monitoring activities of regulatory agencies: We may disclose medical information to a regulatory agency such as the Department of Health (DHHS) for audit purposes, monitoring of regulatory compliance, investigations, inspections or license. These disclosures may be necessary for certain state and federal agencies to monitor the health care system agencies, government programs and the compliance with civil rights laws.
Public Health and Safety Activities: We may use and disclose your medical information when required or permitted by law for the following activities, for these purposes your authorization or opportunity to agree or object will not be required:
- Public health, including to report disease and vital statistics;
- To report child and/or adult abuse or domestic violence;
- Healthcare oversight, fraud prevention and compliance;
- In response to court and administrative orders;
- To law enforcement officials or matters of national security;
- To prevent an imminent threat to public health or safety ;
- As otherwise required by applicable laws and regulations
Military activity, national security, protective services: We may disclose your PHI to appropriate military command authorities if you are a member of the Armed Forces, or a veteran. Also, to authorized federal officials for the conduct of national security activities, lawful intelligence, counter-intelligence, or other national security and intelligence activities for the protection of the President, and other authorities, or heads of state.
Health-Related Products and Services: We may use your medical information to inform you about health-related products, benefits and services we provide or include in our benefits plan, or treatment alternatives that may be of interest to you. We will call or send you reminders of your medical appointments or the preventive services that you need according to your age or health condition.
With Your Authorization: You may give us a written authorization to disclose and permit access to your health information to anyone for any purpose. Activities such as marketing of non-health related products or services or the sale of health information must be authorized by you. In these cases your health insurance policy and your benefits will not be affected if you deny the authorization.
The authorization must be signed and dated, it must mention the entity authorized to provide or receive the information, and a brief description of the data to be disclosed. The expiration date will not exceed 2 years from the date of signage, except if you signed the authorization for one of the following purposes:
- to substantiate a request for benefits under a life insurance policy, its reinstallation or modifications to such policy, in which case the authorization will be valid for thirty (30) months or until the application is denied, the earlier of the two events; or
- to substantiate or facilitate the communication of an ongoing treatment of a chronic disease or rehabilitation of an injury.
Any disclosed information acquired by a recipient, pursuant to your authorization, may be redirected to an unauthorized third party and may not be protected by applicable privacy laws.
You may revoke the authorization in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. We will keep copies of the authorizations and revocations executed by you.
Family and Friends Involved in Your Care or Payment for Care: To a family member or friend you involve in your health care or payment for your health care, unless you request a restriction. We will disclose only the medical information that is relevant to the person’s involvement.
Before we make such a disclosure, we will provide you with an opportunity to object. If you are not present or disabled or in case of emergency we will use our professional judgment to determine whether disclosing your medical information is in your best interest.
Terminated accounts: We will not share the data of persons who are no longer our customers or who do not maintain a service relationship with us, except as required or permitted by law.
We have implemented physical, technical and administrative safeguards to limit access to your personal information. Our employees and business associates are trained and know their
duty to protect and maintain the privacy of your medical information, and are committed to comply with the highest security and privacy standards to handle your information in a responsible manner.
YOU HAVE THE FOLLOWING RIGHTS REGARDING YOUR PHI
Access: You have the right to examine and receive a copy of your protected health information, with regards to enrollment and medical claims within the limits and exceptions provided by law. You must make a written request. Upon receipt of your request, we will have thirty (30) days to do any of the following activities:
- request for additional time
- provide the requested information or allow you to examine your information during working hours
- inform you that we do not have the requested information, in which case, we will orient you where to find it if we know the source
- deny the request, partially or in its entirety, because the information originates from a confidential source or was compiled in anticipation of a legal proceeding, investigations by law enforcement agencies or the anti-fraud unit or quality assurance programs which disclosures are prohibited by law. We will notify you in writing the reasons for the denial, except in the event there’s an ongoing investigation or in anticipation of a legal proceeding.
The first report will be free of charge, but we may charge you reasonable, cost-based fees for subsequent reports. If you request the report in a special format, you may have to pay an additional charge.
Disclosure accounting: You have the right to a list of instances after April 14, 2003, in which we disclose your protected health information for purposes other than treatment, payment, health care operations, as authorized by you, and for certain other activities. The report will provide the name of the entity to which we disclosed your information, the date and purpose of the disclosure and a brief description of the data disclosed. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to your additional requests. The report only covers the last six (6) years.
Restriction: You have the right to request that we restrict our use or disclosure of your medical information. We are not required to agree to your request. If we do agree, we will abide by our agreement, except in a medical emergency or as required or authorized by law. Any agreement we may make to a request for restriction must be in writing signed by an authorized officer.
Confidential communication: You have the right to request that we communicate with you about your medical information in confidence by alternative means or to alternative locations. You must make your request in writing, and your request must represent that the information could endanger you if it is not communicated in confidence as you request.
We will accommodate your request if it is reasonable, specifies the alternative means or location for confidential communication, and continues to permit us to collect premiums and pay claims under your health plan, including issuance of explanations of benefits to the subscriber.
Amendment: You have the right to request that we amend your medical information. Your request must be in writing, and it must include explanation and justification. Once the request is received, we will execute within 60 days. If additional time is needed, we will send a written request soliciting an additional period of 30 days.
If we deny your request, we will provide you with a written explanation. You have the right to send a statement of disagreement and demand it be included with our determination for any future disclosures. If we accept your request, we will make your amendment part of your record and use reasonable efforts to inform our business associates and others that may have access to your original medical information.
Business closure: In the event of business closure, we will communicate with you to let you know how to obtain your claims history and any other information.
Notice of security breaches in which your health information may be at risk: You are entitled to be notified by any means if the security breach is the result of not having your information secured by technologies or methodologies approved by the Department of Health and Human Services.
Electronic notice: If you receive this notice on our web site www.sssadvantage.com or by e-mail, you are entitled to receive this notice in written form.
QUESTION AND COMPLAINTS
If you want more information about our privacy practices or have questions or concerns, please contact us. All the forms to exercise your rights are available at: www.sssadvantage.com
If you are concerned that we or any of our business associates may have violated your privacy rights, or you disagree with a decision we made about access to your health information, in response to a request you made to amend, restrict the use or disclosure of, or communicate in confidence about your medical information, you may file a complaint with us to the following address:
Contact Office: Departamento de cumplimiento
Attention: Oficial de Privacidad
Phone Number: (787) 620-1919
Fax: (787) 993-3260
Address: P. O. Box 11320 San Juan, PR 00922
You also may submit a written complaint to the Office for Civil Rights of the United States Department of Health and Human Services (DHHS) to the following address:
Region II, Office of Civil Rights,
US Department of Health and Human Services,
Jacob Javitz Federal Building,
26 Federal Plaza – Suite 3312, New York, New York, 10278;
Voice Phone: (212) 264-3313; fax (212) 264-3039; TDD (212) 264-2355.
We support your right to the privacy of your medical information. We will not retaliate in any way if you choose to file a complaint with us or with the DHHS.
Si interesa recibir copia de este aviso en español, envíe su solicitud a la dirección arriba indicada o visite nuestra página www.sssadvantage.com.
Notice of Privacy Practices, Revision Date: August 2016
Triple-S Advantage, Inc. complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex.
Last update: 11/02/2016