What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. The purpose of this law is to:
make it easier for people to get and keep health insurance;
limit fraud and abuse in health insurance;
save money in the healthcare industry by requiring standardized electronic health care transactions for those in the healthcare industry, including healthcare providers and health plans.
In addition, the HIPAA provisions mandate the adoption of Federal privacy protections for individually identifiable health information. The Privacy Rule provides the first comprehensive standards for covered entities (health plans, healthcare clearinghouses and healthcare providers) that protect health information. By April 14, 2003, covered entities must implement privacy policies and procedures to protect individually identifiable health information.
The Privacy Rule creates standards for protecting medical records and other personal health information which:
gives patients control over their own health information;
sets boundaries on the release and use of health records;
establishes appropriate safeguards for providers and health plans to ensure protection of the privacy of health information;
holds violators of patient privacy rights accountable; and
allows disclosure for the public good (e.g., to protect public health).
What is a Notice of Privacy Practices and who will receive it?
The HIPAA Privacy Rule requires covered health care providers and organizations, including health plans, to provide individuals with a Notice of Privacy Practices. The notice describes the policies and procedures in place to protect the privacy of individuals' health information. The notice also explains certain individual rights granted by the law, adequate notice of the uses and disclosures of protected health information (PHI) and of the individual's rights.
What is protected health information (PHI)?
PHI is protected health information created, received or transmitted by a health care provider or organization (including the UCC Medical and Dental Benefits Plan) that includes individually identifiable information about:
a patient's health condition or history;
care for that condition;
payment for that care.
What does the HIPAA Privacy Rule mean for the Pension Boards?
The UCC Medical and Dental Benefits Plan, administered by the Pension Boards, is a covered entity under the HIPAA Privacy Rule. This means that the Plan and - because they are our business associates as defined by HIPAA - our vendor partners are bound by the regulations. While we have had ongoing policies and procedures in place to ensure privacy, the Privacy Rule provides further direction (and requirements) for the Pension Boards. PBUCC has taken time and great care to develop internal policies and procedures that are compliant with HIPAA regulations and at the same time allow us to provide advocacy for Plan participants.
HIPAA requires that the Plan:
create and send to all participants a Notice of Privacy Practices, which notifies them of their privacy rights and how their health information can be used by the Plan;
adopt and implement privacy policies and procedures;
provide training for employees so that they understand the privacy procedures;
designate an individual to be responsible for ensuring that the Pension Boards' privacy procedures are created, adopted and followed;
provide security for individually identifiable health information so that only those with a need to know and use the information have access;
obtain agreement regarding the HIPAA compliance of our vendor partners;
amend the Plan document to include privacy provisions.
Why is PBUCC's HIPAA compliance good for Plan participants?
The Pension Boards-United Church of Christ, Inc. is committed to maintaining the privacy of personal health information under the UCC Medical and Dental Benefits Plan in accordance with HIPAA standards. As part of this commitment, PBUCC has implemented policies and procedures designed to protect individuals' health information from inappropriate uses and disclosures. Prior to HIPAA, PBUCC had measures in place to protect the privacy of health information. HIPAA has provided additional guidance for the protection of participants' privacy. As a result, our existing policies have been reviewed, modified and refined. PBUCC has safeguards in place to prevent inappropriate uses and disclosures of protected health information.
How can I get a copy of the Notice of Privacy Practices?
CLICK HERE to download a copy of the Notice of Privacy Practices. Plan participants also may obtain additional copies by contacting the Pension Boards. New enrollees will receive the notice in their enrollment packets.
Can I still call the Pension Boards with questions about my claims and benefits?
PBUCC's Health Team will continue to answer your questions about claims and benefits. They may ask you for additional information to verify your identification. This procedure will help to protect your privacy.
In some cases, we will discuss claims and benefits with a spouse, parent or other family member when the Plan identifies that person as your personal representative. The Pension Boards identifies a personal representative as a person who is legally designated, chosen by you, or determined by the Plan to be acting in your best interests.