The Fund is committed to maintaining the privacy of web site guests. It does not collect any personal data from those who visit this site. It does not use “cookies” or place text files on a user’s hard drive to monitor use of the web site. Attempts are not made to identify anyone using the site unless, consistent with the Plan’s security policy, illegal behavior is suspected.
Plan participants and others cannot access personalized information about their Plan benefits through this web site. Nor can anyone gather information about a participant’s individual case by visiting here. To protect your privacy, the Trust staff will provide you with answers to your questions by phone or in writing.
Health Insurance Portability and Accountability Act (HIPAA) of 1996
The information below is the CCPOA Benefit Trust Fund’s Notice of Privacy Practices. The Plan is required by federal law to distribute this Notice to you. Specifically, the federal law that requires this Notice is the privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (the “Privacy Rule”).
The reason for the Privacy Rule is that Congress recognized that advances in electronic technology could erode the privacy of protected health information. Accordingly, Congress mandated the adoption of the privacy protections for individually identifiable health information.
The Notice below is a brief summary of how the Privacy Rule applies to the Plan and to your protected health information that the Plan creates or receives. You will receive a similar notice from a Health Maintenance Organization (HMO) that you are enrolled in or other health care providers.
CCPOA Benefit Trust Fund – Notice of Privacy Practices
Purpose of This Notice and Effective Date
THIS NOTICE DESCRIBES HOW DENTAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Effective date. This Notice has been further restated effective as of September 23, 2013. The effective date of the original Notice was April 14, 2003 which was in turn first restated effective as of January 1, 2010.
This Notice is required by law. The CCPOA Benefit Trust Fund (the “Plan”) is required by law to take reasonable steps to ensure the privacy of your personally identifiable health information and to inform you about:
- The Plan’s uses and disclosures of Protected Health Information (PHI), • Your rights to privacy with respect to your PHI,
- The Plan’s duties with respect to your PHI,
- Your right to file a complaint with the Plan and with the Secretary of the United States Department of Health and Human Services (HHS), and
- The person or office you should contact for further information about the Plan’s privacy practices.
This Notice only applies to the healthcare components of the Plan. It does not apply to the non-healthcare components of the Plan, including the Disability Benefit Program, the Life Insurance and the Accidental Death and Dismemberment benefits and the Legal Services benefits.
Your Protected Health Information
Protected Health Information (PHI) Defined
The term “Protected Health Information” (PHI) includes all individually identifiable health information related to your past, present or future physical or mental health condition or to payment for health care. The term also includes genetic information (such as family medical history and information about an individual’s receipt of genetic services or genetic tests). PHI includes information maintained by the Plan in oral, written, or electronic form.
When the Plan May Disclose Your PHI Under the law, the Plan may disclose your PHI without your consent or authorization, or the opportunity to agree or object, in the following cases:
- At your request. If you request it, the Plan is required to give you access to certain PHI in order to allow you to inspect and/or copy it.
- As required by HHS. The Secretary of the United States Department of Health and Human Services may require the disclosure of your PHI to investigate or determine the Plan’s compliance with the privacy regulations.
For treatment, payment or health care operations.
The Plan and its business associates will use PHI in order to carry out:
- Payment, or
- Health care operations
Treatment is the provision, coordination, or management of health care and related services. It also includes but is not limited to consultations and referrals between one or more of your providers. For example, the Plan may disclose to a treating orthodontist the name of your treating dentist so that the orthodontist may ask for your dental x-rays from the treating dentist.
Payment includes but is not limited to actions to make coverage determinations and payment (including billing, claims management, subrogation, plan reimbursement, reviews for medical necessity and appropriateness of care and utilization review and preauthorizations). For example, the Plan may tell a doctor whether you are eligible for coverage or what percentage of the bill will be paid by the Plan. If we contract with third parties to help us with payment operations, such as a medical review organization that reviews medical claims, we will also disclose information to them. These third parties are known as “business associates.”
Health care operations includes but is not limited to quality assessment and improvement, reviewing competence or qualifications of health care professionals, underwriting, premium rating and other insurance activities relating to creating or renewing insurance contracts. It also includes disease management, case management, conducting or arranging for medical review, legal services, and auditing functions including fraud and abuse compliance programs, business planning and development, business management and general administrative activities. However, the Plan may not use or disclose protected health information that is genetic information for any underwriting purpose. For example the Plan may use information about your claims to refer you to a disease management program, a well-pregnancy program, project future benefit costs or audit the accuracy of its claims processing functions. Disclosure to the Plan’s Trustees. The Plan will also disclose PHI to the Board of Trustees for the CCPOA Benefit Trust Fund for purposes related to treatment, payment, and health care operations, and has amended the Plan Documents to permit this use and disclosure as required by federal law. For example, we may disclose information to the Board of Trustees to allow them to decide an appeal or review a subrogation claim, Therefore, we do not need authorization for these purposes.
Disclosure to the Plan’s Business Associates. The Plan will disclose your PHI to Business Associates who perform various services in connection with the administration of the Plan. Before we share your protected health information with such Business Associates, they must agree to protect your protected health information.
When the Disclosure of Your PHI Requires Your Written Authorization
Unless otherwise permitted by applicable law, the Plan will obtain your written authorization before using or disclosing protected health information. For example, although the Plan does not routinely obtain psychotherapy notes, it must generally obtain your written authorization before the Plan will use or disclose psychotherapy notes about you. However, the Plan may use and disclose such notes when needed by the Plan to defend itself against litigation filed by you.
Psychotherapy notes are separately filed notes about your conversations with your mental health professional during a counseling session. They do not include summary information about your mental health treatment.
Chapter Presidents are also required to obtain written authorization in order to obtain PHI.
In addition, while we do not anticipate making any of the following uses or disclosures, your written authorization generally will also be required for any of the following: (i) any marketing communication for which the Plan will receive financial remuneration; and (ii) any disclosure of health information that will constitute the sale of health information.
Use or Disclosure of Your PHI That Requires You Be Given an Opportunity to Agree or Disagree Before the Use or Release
Disclosure of your PHI to family members, other relatives, your close personal friends, and any other person you choose is allowed under federal law if:
- The information is directly relevant to the family or friend’s involvement with your care or payment for that care, and
- You have either agreed to the disclosure or have been given an opportunity to object and have not objected.
Use or Disclosure of Your PHI When You Are Not Present
Disclosure of your PHI to family members, other relatives, your close personal friends, or other persons is allowed if you are not present and, if in the Plan’s professional judgment:
- Such a disclosure is directly related to such person’s involvement with your health care or payment related to your health care, and
- It is in your best interests.
If you do not want the Plan to make these types of disclosures to your spouse or others on this basis, you may request the Plan to restrict disclosures of your Protected Health Information. See Section 3 of this Notice for more information.
Use or Disclosure of Your PHI For Which Consent, Authorization or Opportunity to Object Is Not Required
The Plan is allowed under federal law to use and disclose your PHI without your consent or authorization under the following circumstances:
- When required by applicable law.
- Public health purposes. To an authorized public health authority if required by law or for public health and safety purposes. PHI may also be used or disclosed if you have been exposed to a communicable disease or are at risk of spreading a disease or condition, if authorized by law.
- Domestic violence or abuse situations. When authorized by law to report information about abuse, neglect or domestic violence to public authorities if a reasonable belief exists that you may be a victim of abuse, neglect or domestic violence. In such case, the Plan will promptly inform you that such a disclosure has been or will be made unless that notice would cause a risk of serious harm.
- Health oversight activities. To a health oversight agency for oversight activities authorized by law. These activities include civil, administrative or criminal investigations, inspections, licensure or disciplinary actions (for example, to investigate complaints against health care providers) and other activities necessary for appropriate oversight of government benefit programs (for example, to the Department of Labor).
- Legal proceedings. When required for judicial or administrative proceedings. For example, your PHI may be disclosed in response to a subpoena or discovery request that is accompanied by a court order.
- Law enforcement health purposes. When required for law enforcement purposes (for example, to report certain types of wounds).
- Law enforcement emergency purposes. For certain law enforcement purposes, including: o identifying or locating a suspect, fugitive, material witness or missing person, and o disclosing information about an individual who is or is suspected to be a victim of a crime.
- Determining cause of death and organ donation. When required to be given to a coroner or medical examiner to identify a deceased person, determine a cause of death or other authorized duties. We may also disclose PHI for cadaveric organ, eye or tissue donation purposes.
- Funeral purposes. When required to be given to funeral directors to carry out their duties with respect to the decedent.
- Research. For research, subject to certain conditions.
- Health or safety threats. When, consistent with applicable law and standards of ethical conduct, the Plan in good faith believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to a person reasonably able to prevent or lessen the threat, including the target of the threat.
- Workers’ compensation program. When authorized by and to the extent necessary to comply with workers’ compensation or other similar programs established by law. Except as otherwise indicated in this notice, uses and disclosures will be made only with your written authorization subject to your right to revoke your authorization.
Other Uses or Disclosures
In accordance with the Privacy Rule, the Plan may contact you to provide you information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Your Individual Privacy Rights
You May Request Restrictions on PHI Uses and Disclosures
You may request the Plan to:
- Restrict the uses and disclosures of your PHI to carry out treatment, payment or health care operations, or
- Restrict uses and disclosures to family members, relatives, friends or other persons identified by you who are involved in your care.
The Plan, however, is not required to agree to your request.
Make such requests to:
The Privacy Official or the Benefit Administration Supervisors
CCPOA Benefit Trust Fund
2515 Venture Oaks Way, Suite 200
Sacramento, CA 95833
Phone: (916) 779-6300 or 1-(800) 468-6486
You May Request Confidential Communications
The Plan will accommodate an individual’s reasonable request to receive communications of PHI by alternative means or at alternative locations where the request includes a statement that disclosure could endanger the individual.
You or your personal representative will be required to complete a form to request restrictions on uses and disclosures of your PHI. Make such requests to: The Privacy Official, listed above.
You May Inspect and Copy PHI
Generally, you have a right to inspect and obtain a copy of your PHI contained in a “designated record set,” for as long as the Plan maintains the PHI. If your PHI is in electronic form, you may request an electronic copy of your PHI if the form you request is readily producible.
If your request is granted, the Plan must provide the requested information within 30 days if the information is maintained on site or within 60 days if the information is maintained offsite. A single 30-day extension is allowed if the Plan is unable to comply with the deadline. If your granted request was for an electronic copy and the requested electronic form is not readily producible by the Plan, the Plan will provide you with the option to choose from among other electronic formats that are readily producible by the Plan. If you do not accept any of the electronic formats, the Plan will provide your requested PHI in paper form.
You or your personal representative will be required to complete a form to request access to the PHI in your designated record set. A reasonable fee may be charged.
Requests for access to PHI should be made to the following: The Privacy Official, listed above.
If access is denied, you or your personal representative will be provided with a written denial setting forth the basis for the denial, a description of how you may exercise your review rights (if applicable) and a description of how you may complain to the Plan and HHS.
Designated Record Set: includes your medical records and billing records that are maintained by or for a covered health care provider. Records include enrollment, payment, billing, claims adjudication and case or medical management record systems maintained by or for a health plan or other information used in whole or in part by or for the covered entity to make decisions about you. Information used for quality control or peer review analyses and not used to make decisions about you is not included.
You Have the Right to Amend Your PHI
You have the right to request that the Plan amend your PHI or a record about you in a designated record set for as long as the PHI is maintained in the designated record set subject to certain exceptions.
The Plan has 60 days after receiving your request to act on it. The Plan is allowed a single 30-day extension if the Plan is unable to comply with the 60-day deadline. If the Plan denied your request in whole or part, the Plan must provide you with a written denial that explains the basis for the decision.
You or your personal representative may then submit a written statement disagreeing with the denial and have that statement included with any future disclosures of that PHI. You should make your request to amend PHI to the following: The Privacy Official, listed above.
You or your personal representative will be required to complete a written form to request amendment of the PHI and include a reason to support the requested amendment.
You Have the Right to Receive an Accounting of the Plan’s PHI Disclosures
At your request, the Plan will also provide you with an accounting of certain disclosures by the Plan of your PHI. You are not entitled to an accounting of all disclosures made by the Plan. For example, we will not provide you with an accounting of disclosures related to treatment, payment, or health care operations, or disclosures made to you or authorized by you in writing.
The Plan has 60 days to provide the accounting. The Plan is allowed an additional 30 days if the Plan gives you a written statement of the reasons for the delay and the date by which the accounting will be provided. If you request more than one accounting within a 12-month period, the Plan will charge a reasonable, cost-based fee for each subsequent accounting.
Your Personal Representative
You may exercise your rights through a personal representative. Your personal representative will be required to produce evidence of authority to act on your behalf before the personal representative will be given access to your PHI or be allowed to take any action for you.
The Plan retains discretion to deny access to your PHI to a personal representative to provide protection to those vulnerable people who depend on others to exercise their rights under these rules and who may be subject to abuse or neglect.
The Plan will generally recognize certain individuals as personal representatives. For example, the Plan will consider a parent or guardian as the personal representative of an unemancipated minor unless applicable law requires otherwise.
You should also review the Plan’s Policy and Procedure for the Recognition of Personal Representatives for a more complete description of the circumstances where the Plan will automatically consider an individual to be a personal representative.
The Plan’s Duties
Maintaining Your Privacy
The Plan is required by law to maintain the privacy of your PHI and to provide you and your eligible dependents with notice of its legal duties and privacy practices.
This notice has been restated effective as of September 23, 2013. The original notice was effective as of on April 14, 2003 and was first restated effective as of January 1, 20110. The Plan is required to comply with the terms of this notice. However, the Plan reserves the right to change its privacy practices and to apply the changes to any PHI received or maintained by the Plan prior to that date. If a privacy practice is changed, a revised version of this notice will be provided to you and to all past and present participants and beneficiaries for whom the Plan still maintains PHI via mail.
Any revised version of this notice will be distributed within 60 days of the effective date of any material change to:
- The uses or disclosures of PHI,
- Your individual rights,
- The duties of the Plan, or
- Other privacy practices stated in this notice.
Disclosing Only the Minimum Necessary Protected Health Information
When using or disclosing PHI or when requesting PHI from another covered entity, the Plan will make reasonable efforts not to use, disclose or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations.
However, the minimum necessary standard will not apply in the following situations:
- Disclosures to or requests by a health care provider for treatment,
- Uses or disclosures made to you,
- Disclosures made to the Secretary of the United States Department of Health and Human Services pursuant to its enforcement activities under HIPAA,
- Uses or disclosures required by law, and
- Uses or disclosures required for the Plan’s compliance with the HIPAA privacy regulations.
This notice does not apply to information that has been de-identified. De-identified information is information that:
- Does not identify you, and
- With respect to which there is no reasonable basis to believe that the information can be used to identify you.
In addition, the Plan may use or disclose “summary health information” to the Plan Sponsor for obtaining premium bids or modifying, amending or terminating the group health Plan. Summary information summarizes the claims history, claims expenses or type of claims experienced by individuals for whom a Plan Sponsor has provided health benefits under a group health plan. Identifying information will be deleted from summary health information, in accordance with HIPAA.
Right to Receive Notification of Breach of Unsecured PHI
If PHI that the Plan or any of its business associates uses or discloses is “breached” within the meaning of the notification requirements of the Privacy Rule, then, in accordance with HIPAA and the Plan’s policies and procedures, the Plan will provide the required notifications to those individuals who have been affected by the breach, the Department of Health and Human Services and to any other necessary parties.
Your Right to File a Complaint with the Plan or the HHS Secretary
If you believe that your privacy rights have been violated, you may file a written complaint with the Secretary of the United States Department of Health and Human Services or with the Plan in care of the following:
The Benefit Administration Supervisors
CCPOA Benefit Trust Fund
2515 Venture Oaks Way, Suite 200
Sacramento, CA 95833
The Plan will not retaliate against you for filing a complaint.
If You Need More Information
If you have any questions regarding this notice or the subjects addressed in it, you may contact the following official at the Fund Office: Michael E. Smalley, Administrator.
PHI use and disclosure by the Plan is regulated by the federal Health Insurance Portability and Accountability Act, known as HIPAA. You may find these rules at 45 Code of Federal Regulations Parts 160 and 164. This notice attempts to summarize the regulations. The regulations will supersede this notice if there is any discrepancy between the information in this notice and the regulations.