Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
Covered Entities Duties:
Health Net* (referred to as "we" or "the Plan") is a Covered Entity as defined and regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Health Net is required by law to maintain the privacy of your protected health information (PHI), provide you with this Notice of our legal duties and privacy practices related to your PHI, abide by the terms of the Notice that is currently in affect and notify you in the event of a breach of your unsecured PHI. PHI is information about you, including demographic information, that can reasonably be used to identify you and that relates to your past, present or future physical or mental health or condition, the provision of health care to you or the payment for that care.
This Notice describes how we may use and disclose your PHI. It also describes your rights to access, amend and manage your PHI and how to exercise those rights. All other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization.
Health Net reserves the right to change this Notice. We reserve the right to make the revised or changed Notice effective for your PHI we already have as well as any of your PHI we receive in the future. Health Net will promptly revise and distribute this Notice whenever there is a material change to the following:
- Uses or disclosures
- Your rights
- Our legal duties
- Other privacy practices stated in the notice
We will make any revised Notices available on our website and in our Member Handbook.
Internal Protections of Oral, Written and Electronic PHI:
Health Net protects your PHI. We have privacy and security processes to help.
These are some of the ways we protect your PHI.
- We train our staff to follow our privacy and security processes.
- We require our business associates to follow privacy and security processes.
- We keep our offices secure.
- We talk about your PHI only for a business reason with people who need to know.
- We keep your PHI secure when we send it or store it electronically.
- We use technology to keep the wrong people from accessing your PHI.
Permissible Uses and Disclosures of Your PHI:
The following is a list of how we may use or disclose your PHI without your permission or authorization:
- Treatment – We may use or disclose your PHI to a physician or other health care provider providing treatment to you, to coordinate your treatment among providers, or to assist us in making prior authorization decisions related to your benefits.
- Payment – We may use and disclose your PHI to make benefit payments for the health care services provided to you. We may disclose your PHI to another health plan, to a health care provider, or other entity subject to the federal Privacy Rules for their payment purposes. Payment activities may include:
- processing claims
- determining eligibility or coverage for claims
- issuing premium billings
- reviewing services for medical necessity
- performing utilization review of claims
- Health Care Operations – We may use and disclose your PHI to perform our health care operations. These activities may include:
- providing customer services
- responding to complaints and appeals
- providing case management and care coordination
- conducting medical review of claims and other quality assessment
- improvement activities
In our health care operations, we may disclose PHI to business associates. We will have written agreements to protect the privacy of your PHI with these associates. We may disclose your PHI to another entity that is subject to the federal Privacy Rules. The entity must also have a relationship with you for its health care operations. This includes the following:
- quality assessment and improvement activities
- reviewing the competence or qualifications of health care professionals
- case management and care coordination
- detecting or preventing health care fraud and abuse
- Group Health Plan/Plan Sponsor Disclosures – We may disclose your protected health information to a sponsor of the group health plan, such as an employer or other entity that is providing a health care program to you, if the sponsor has agreed to certain restrictions on how it will use or disclose the protected health information (such as agreeing not to use the protected health information for employment-related actions or decisions).
Other Permitted or Required Disclosures of Your PHI:
- Fundraising Activities – We may use or disclose your PHI for fundraising activities, such as raising money for a charitable foundation or similar entity to help finance their activities. If we do contact you for fundraising activities, we will give you the opportunity to opt-out, or stop, receiving such communications in the future.
- Underwriting Purposes – We may use or disclosure your PHI for underwriting purposes, such as to make a determination about a coverage application or request. If we do use or disclose your PHI for underwriting purposes, we are prohibited from using or disclosing your PHI that is genetic information in the underwriting process.
- Appointment Reminders/Treatment Alternatives – We may use and disclose your PHI to remind you of an appointment for treatment and medical care with us or to provide you with information regarding treatment alternatives or other health-related benefits and services, such as information on how to stop smoking or lose weight.
- As Required by Law – If federal, state, and/or local law requires a use or disclosure of your PHI, we may use or disclose your PHI to the extent that the use or disclosure complies with such law and is limited to the requirements of such law. If two or more laws or regulations governing the same use or disclosure conflict, we will comply with the more restrictive laws or regulations.
- Public Health Activities – We may disclose your PHI to a public health authority for the purpose of preventing or controlling disease, injury, or disability. We may disclosure your PHI to the Food and Drug Administration (FDA) to ensure the quality, safety or effectiveness of products or services under the jurisdiction of the FDA.
- Victims of Abuse and Neglect – We may disclose your PHI to a local, state, or federal government authority, including social services or a protective services agency authorized by law authorized by law to receive such reports if we have a reasonable belief of abuse, neglect or domestic violence.
- Judicial and Administrative Proceedings – We may disclose your PHI in judicial and administrative proceedings. We may also disclose it in response to the following:
- an order of a court
- administrative tribunal
- discovery request
- similar legal request
- Law Enforcement – We may disclose your relevant PHI to law enforcement when required to do so. For example, in response to a:
- court order
- court-ordered warrant
- summons issued by a judicial officer
- grand jury subpoena
We may also disclose your relevant PHI to identify or locate a suspect, fugitive, material witness, or missing person.
- Coroners, Medical Examiners and Funeral Directors – We may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to determine a cause of death. We may also disclose your PHI to funeral directors, as necessary, to carry out their duties.
- Organ, Eye and Tissue Donation – may disclose your PHI to organ procurement organizations. We may also disclose your PHI to those who work in procurement, banking or transplantation of:
- cadaveric organs
- Threats to Health and Safety – We may use or disclose your PHI if we believe, in good faith, that the use or disclosure is necessary to prevent or lessen a serious or imminent threat to the health or safety of a person or the public.
- Specialized Government Functions – If you are a member of U.S. Armed Forces, we may disclose your PHI as required by military command authorities. We may also disclose your PHI:
- to authorized federal officials for national security and intelligence activities
- the Department of State for medical suitability determinations
- for protective services of the President or other authorized persons
- Workers’ Compensation – We may disclose your PHI to comply with laws relating to workers’ compensation or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.
- Emergency Situations – We may disclose your PHI in an emergency situation, or if you are incapacitated or not present, to a family member, close personal friend, authorized disaster relief agency, or any other person previous identified by you. We will use professional judgment and experience to determine if the disclosure is in your best interests. If the disclosure is in your best interest, we will only disclose the PHI that is directly relevant to the person's involvement in your care.
- Inmates – If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your PHI to the correctional institution or law enforcement official, where such information is necessary for the institution to provide you with health care, to protect your health or safety, or the health or safety of others, or for the safety and security of the correctional institution.
- Research –Under certain circumstances, we may disclose your PHI to researchers when their clinical research study has been approved and where certain safeguards are in place to ensure the privacy and protection of your PHI.
Uses and Disclosures of Your PHI That Require Your Written Authorization
We are required to obtain your written authorization to use or disclose your PHI, with limited exceptions, for the following reasons:
Sale of PHI – We will request your written authorization before we make any disclosure that is deemed a sale of your PHI, meaning that we are receiving compensation for disclosing the PHI in this manner.
Marketing – We will request your written authorization to use or disclose your PHI for marketing purposes with limited exceptions, such as when we have face-to-face marketing communications with you or when we provide promotional gifts of nominal value.
Psychotherapy Notes – We will request your written authorization to use or disclose any of your psychotherapy notes that we may have on file with limited exception, such as for certain treatment, payment or health care operation functions.
The following are your rights concerning your PHI. If you would like to use any of the following rights, please contact us using the information at the end of this Notice.
- Right to Revoke an Authorization – You may revoke your authorization at any time, the revocation of your authorization must be in writing. The revocation will be effective immediately, except to the extent that we have already taken actions in reliance of the authorization and before we received your written revocation.
- Right to Request Restrictions – You have the right to request restrictions on the use and disclosure of your PHI for treatment, payment or health care operations, as well as disclosures to persons involved in your care or payment of your care, such as family members or close friends. Your request should state the restrictions you are requesting and state to whom the restriction applies. We are not required to agree to this request. If we agree, we will comply with your restriction request unless the information is needed to provide you with emergency treatment. However, we will restrict the use or disclosure of PHI for payment or health care operations to a health plan when you have paid for the service or item out of pocket in full.
- Right to Request Confidential Communications – You have the right to request that we communicate with you about your PHI by alternative means or to alternative locations. This right only applies in the following circumstances: (1) the communication discloses medical information or provider name and address relating to receipt of sensitive services, or (2) disclosure of all or part of the medical information or provider name and address could endanger you if it is not communicated by the alternative means or to the alternative location you want. You do not have to explain the reason for your request, but your request must clearly state that either the communication discloses medical information or provider name and address relating to receipt of sensitive services or that disclosure of all or part of the medical information or provider name and address could endanger you if the communication means or location is not changed. We must accommodate your request if it is reasonable and specifies the alternative means or location where your PHI should be delivered.
- Right to Access and Received Copy of your PHI – You have the right, with limited exceptions, to look at or get copies of your PHI contained in a designated record set. You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot practicably do so. You must make a request in writing to obtain access to your PHI. If we deny your request, we will provide you a written explanation and will tell you if the reasons for the denial can be reviewed and how to ask for such a review or if the denial cannot be reviewed.
- Right to Amend your PHI – You have the right to request that we amend, or change, your PHI if you believe it contains incorrect information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request for certain reasons, for example if we did not create the information you want amended and the creator of the PHI is able to perform the amendment. If we deny your request, we will provide you a written explanation. You may respond with a statement that you disagree with our decision and we will attach your statement to the PHI you request that we amend. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people you name, of the amendment and to include the changes in any future disclosures of that information.
- Right to Receive an Accounting of Disclosures – You have the right to receive a list of instances within the last 6 years period in which we or our business associates disclosed your PHI. This does not apply to disclosure for purposes of treatment, payment, health care operations, or disclosures you authorized and certain other activities. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will provide you with more information on our fees at the time of your request.
- Right to File a Complaint – If you feel your privacy rights have been violated or that we have violated our own privacy practices, you can file a complaint with us in writing or by phone using the contact information at the end of this Notice. For Medi-Cal member complaints, members may also contact the California Department of Health Care Services listed in the next section.
You can also file a complaint with the Secretary of the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201 or calling 1-800-368-1019, (TTY: 1-866-788-4989) or visiting www.hhs.gov/ocr/privacy/hipaa/complaints.
WE WILL NOT TAKE ANY ACTION AGAINST YOU FOR FILING A COMPLAINT.
- Right to Receive a Copy of this Notice – You may request a copy of our Notice at any time by using the contact information list at the end of the Notice. If you receive this Notice on our web site or by electronic mail (e-mail), you are also entitled to request a paper copy of the Notice.
If you have any questions about this Notice, our privacy practices related to your PHI or how to exercise your rights you can contact us in writing or by phone using the contact information listed below.
Health Net Privacy Office
Attn: Privacy Official
P.O. Box 9103
Van Nuys, CA 9140
For Medi-Cal members only, if you believe that we have not protected your privacy and wish to complain, you may file a complaint by calling or writing:
Privacy Officer c/o Office of Legal Services
California Department of Health Care Services
1501 Capitol Avenue, MS 0010
P.O. Box 997413
Sacramento, CA 95899-7413
Phone: 1-916-445-4646 or 1-866-866-0602 (TTY:TDD: 1-877-735-2929)
FINANCIAL INFORMATION PRIVACY NOTICE
THIS NOTICE DESCRIBES HOW FINANCIAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are committed to maintaining the confidentiality of your personal financial information. For the purposes of this notice, "personal financial information" means information about an enrollee or an applicant for health care coverage that identifies the individual, is not generally publicly available, and is collected from the individual or is obtained in connection with providing health care coverage to the individual.
Information We Collect: We collect personal financial information about you from the following sources:
- Information we receive from you on applications or other forms, such as name, address, age, medical information and Social Security number;
- Information about your transactions with us, our affiliates or others, such as premium payment and claims history; and
- Information from consumer reports.
Disclosure of Information:
We do not disclose personal financial information about our enrollees or former enrollees to any third party, except as required or permitted by law. For example, in the course of our general business practices, we may, as permitted by law, disclose any of the personal financial information that we collect about you, without your authorization, to the following types of institutions:
- To our corporate affiliates, such as other insurers;
- To nonaffiliated companies for our everyday business purposes, such as to process your transactions, maintain your account(s), or respond to court orders and legal investigations; and
- To nonaffiliated companies that perform services for us, including sending promotional communications on our behalf.
Confidentiality and Security:
We maintain physical, electronic and procedural safeguards, in accordance with applicable state and federal standards, to protect your personal financial information against risks such as loss, destruction or misuse. These measures include computer safeguards, secured files and buildings, and restrictions on who may access your personal financial information.
Questions about this Notice:
If you have any questions about this notice.
Please call the toll-free phone number on the back of your ID card or contact Health Net at1-800-522-0088.
*This Notice of Privacy Practices also applies to enrollees in any of the following Health Net entities:
Health Net of California, Inc., Health Net Life Insurance Company, Health Net Health Plan of Oregon, Inc., Managed Health Network, LLC, and Health Net Community Solutions, Inc. Rev. 11/16/2017