THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
REVIEW IT CAREFULLY. THE PRIVACY OF YOUR HEALTH INFORMATION IS IMPORTANT TO US.
OUR LEGAL RESPONSIBILITY
Triple-S Advantage, Inc. and Triple-S Salud, Inc. (Triple-S) are required by law to maintain the confidentiality, privacy and security of your health information. Also, it is required by law to inform you of our privacy practices and your rights regarding your protected health information (PHI). We will follow the privacy practices described in this notice while it is in effect.
This notice provides examples for illustrative purposes and shall not be construed as a complete listing of such uses and disclosures.
This notice contains some examples of the types of information we collect and describe the types of uses and disclosures we execute, and your rights.
Triple-S is required to abide by the terms of this Notice. However, we reserve the right to amend our privacy practices and the terms of this notice. Before we make a significant change in our privacy practices, we will amend this notice and send an updated notice to our active subscribers. This privacy notice will be effective as of October 1, 2022.
HOW WE PROTECT YOUR PHI:
- Our employees are trained on our privacy and data protection policies and procedures
- We use administrative, physical, and technical safeguards to help maintain the integrity, confidentiality, privacy and security of your PHI.
- We have developed and implemented policies and procedures to restrict our employees’ use of your PHI to those employees who are authorized to access this information for treatment or payment purposes or to perform certain healthcare operations; and
- We have implemented appropriate procedures to monitor and ensure compliance with our Privacy and Security policies and procedures.
SUMMARY OF PRIVACY PRACTICES
Our commitment is to limit to the minimum necessary the information we collect in order to administer your insurance products or benefits. As part of our administrative functions, we may collect your personal, financial or health information from sources such as:
- Applications and other documents you have provided to obtain a product or insurance service;
- Transactions you made with us or our affiliates;
- Consumer credit reporting agencies;
- Healthcare providers;
- Government health programs
Protected Health Information (PHI) is information that can identify you (name, last name, social security number); including demographic information (such as address, zip code), obtained from you through a request or other document in order to obtain a service, created and received by a health care provider, a medical plan, intermediaries who submit claims for medical services, business associates, and that is related to (1) your health and physical or mental condition, past, present, or future; (2) the provision of medical care to you, or (3) past, present, or future payments for the provision of such medical care. For purposes of this Notice, this information will be called PHI. This Notice of Privacy Practices has been written and amended, so that it will comply with the HIPAA Privacy Regulation. Any term not defined in this Notice will hold the same meaning as in the HIPAA Privacy Regulation. We have also implemented policies and procedures for the handling of PHI, which you may examine, at your request. You can submit your request via email email@example.com or in writing to the address included below.
We do not use or disclose genetic information for underwriting purposes.
LAWS AND REGULATIONS
HIPAA: Health Insurance Portability and Accountability Act of 1996 implements rules relating to the use, storage, transmission, and disclosure of protected health information pertaining to members in order to standardize communications and protect the privacy and security of personal, financial and health information.
HITECH: The Health Information Technology for Economic and Clinical Health Act of 2009. This Rule promotes the adoption and meaningful use of health information technology. It also addresses privacy and security concerns associated with the electronic transmissions of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
Privacy and Security Rule: Standards for Privacy of Individually Identifiable Health, as well as Security Standards for the Protection of Electronic Protected Health Information are guided through 45 C.F.R. Part 160 and Part 164.
ORGANIZATIONS COVERED BY THIS NOTICE
Triple-S Advantage, Inc.
Triple-S Salud, Inc.
USES AND DISCLOSURES OF INFORMATION
Triple-S will not disclose or use your information for any other purpose other than those mentioned in this notice unless you provide written authorization. You may revoke the authorization in writing at any time, but your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Triple-S will not disclose information for fundraising activities.
Triple-S may use and disclose PHI for the following:
Disclosures to you: We are required to disclose you most of your PHI. This includes, but is not limited to, all information related to your claim’s history and utilization report. For example: You have the right to request claims history, prescription history and any other information that is related to your protected health information.
As part of our administrative functions, we may use or disclose your information, without your authorization, for treatment, payment and healthcare operations, and when authorized or permitted by law. For example:
Treatment: To a physician or other health care provider who provides you medical services including treatment, services coordination, monitoring of your health and other services related. For example, the plan may disclose your medical information to your provider to coordinate your treatment.
Payment: To pay for the health services provided to you, to determine your eligibility for benefits, to coordinate your benefits with other payers, or to collect premiums, and other related activities. For example, the plan may use or disclose information to pay claims related to health services received by you or to provide eligibility information to your health care provider when you receive treatment.
Health Care Operations: For audits, legal services, including fraud and abuse detection, compliance, business planning, general administration, and patient safety activities, credentialing, disease management, training of medical and pharmacy students. For example, the plan may use or disclose your health information to communicate with you to provide reminders of meetings, appointments or treatment information.
We may disclose your health information to another health plan or to a health care provider subject to federal or local privacy protection laws, as long as the plan or provider has or had a relationship with you.
Affiliated Covered Entities: In order to perform our duties as insurance or benefit administrator, we may use or disclose PHI with the following entity: Triple-S Advantage, Inc and Triple-S Salud, Inc.
Business Associate: Our use of your PHI for treatment, payment or health care operations described above (or for other uses or disclosures described in this Notice) may involve our disclosure of your PHI to certain other individuals or entities with which we have contracted to perform or provide certain services on our behalf (Business Associates). We may allow our Business Associates to create, receive, maintain, or transmit your PHI on our behalf in order for the Business Associate to provide services to us, or for the proper management and administration of the Business Associate or to fulfill the Business Associate’s legal responsibilities. These Business Associates include lawyers, accountants, consultants, claims clearinghouses, and other third parties. Our Business Associates may redisclose your PHI to subcontractors in order for these subcontractors to provide services to the Business Associates. These subcontractors will be subject to the same restrictions and conditions that apply to the Business Associates. Whenever such arrangement with a Business Associate involves the use or disclosure of your PHI, we will have a written contract with our Business Associate that contains terms designed to protect the privacy of your PHI.
Your Employer or other employee organization that provide you the group health plan: We may disclose your health information to your employer or organization that provide you the group health plan, with the purpose of facilitating its management such as the discharges from the health plan. Also, we may disclose a summary of health information. This summary of health information may include aggregated claims history, claims or coverage expenses or types of claims experienced by the members in your group health plan.
For research purposes: We may use or disclose your PHI to researchers, if an Institutional Review Board or an Ethics Committee, has reviewed the research proposal and has established protocols to protect your information’s confidentiality, and has approved the research as part of a limited data set.
Required by Law: We may use or disclose your PHI whenever Federal, State, or Local Laws require its use or disclosure. In this Notice, the term “as required by Law” is defined as in the HIPAA Privacy regulation. For these purposes your authorization or opportunity to agree or object will not be required. The information will be disclosed in compliance with the safeguards established and required by law.
Legal proceedings: We may use or disclose your PHI during the course of any judicial or administrative proceedings to comply with any order (disclosure as expressly permitted); or in response to a citation, subpoena, discovery request, or other procedure as authorized by law.
Forensic Pathologists, Funeral directors, and organ donation cases: We may use or disclose your PHI to a medical examiner (Pathologist) for identifying a deceased person, determine a cause of death, or other duties authorized by law. We may also disclose your information to a funeral director, as necessary to carry out its duties with respect to corpses and to other entities engaged in the procurement, banking, or transplantation of bodies organs, eyes, or tissues.
Worker’s compensation: We may use or disclose your PHI to comply with laws relating to workers’ compensation or other similar programs as established by law, that provide benefits for work-related injuries or illness without regard to fault.
Disaster relief or emergency situations, Government Sponsored Benefits Programs: We may disclose your PHI to a public or private entity authorized by law or its acts that helps in case of a disaster. In this way, your family can be notified about your health condition and location in case of a disaster or an emergency.
Monitoring activities of regulatory agencies: We may disclose health information to a regulatory agency such as the Department of Health (DHHS) for audit purposes, monitoring of regulatory compliance, investigations, inspections or license. These disclosures may be necessary for certain state and federal agencies to monitor the health care system agencies, government programs and the compliance with civil rights laws.
Public Health and Safety Activities: We may use and disclose your health information when required or permitted by law for the following activities, for these purposes your authorization or opportunity to agree or refute will not be required:
- Public health, including to report disease and vital statistics, for specialized government functions, among others;
- Healthcare oversight, fraud prevention and compliance;
- To report child and/or adult abuse or domestic violence;
- Regulators Agency activities;
- In response to court and administrative orders;
- To law enforcement officials or matters of national security;
- To prevent an imminent threat to public health or safety;
- For storage or organ, eye or tissue transplant purposes;
- For statistical investigations and research purposes;
- For descendant purposes;
- As otherwise required by applicable laws and regulations
Military activity, national security, protective services: We may disclose your PHI to appropriate military command authorities if you are a member of the Armed Forces, or a veteran. Also, to authorized federal officials to conduct national security activities, lawful intelligence, counterintelligence, or other national security and intelligence activities for the protection of the President, and other authorities, or heads of state.
Health-Related Products and Services: We may use your health information to inform you about health-related products, benefits and services we provide or include in our benefits plan, or treatment alternatives that may be of interest to you. We will use your information to call or send you reminders of your medical appointments or the preventive services that you need according to your age or health condition.
With Your Authorization: You may give us a written authorization to disclose and permit access to your health information to anyone for any purpose. Activities such as marketing of non-health related products or services or the sale of health information must be authorized by you. In these cases, your health insurance policy and your benefits will not be affected if you deny the authorization.
The authorization must be signed and dated, it must mention the entity authorized to provide or receive the information, and a brief description of the data to be disclosed. The expiration date will not exceed two years from the date on which it was signed, except if you signed the authorization for one of the following purposes:
- To support a request for benefits under a life insurance policy, its reinstallation or modifications to such policy, in which case the authorization will be valid for 24 months or until the application is denied, the earlier of the two events; or
- To support or facilitate the communication of an ongoing treatment of a chronic disease or rehabilitation of an injury.
The information disclosed pursuant to the authorization provided by you, may be disclosed by the recipient of it and not be protected by the applicable privacy laws. You may revoke the authorization in writing at any time, but your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. We will keep copies of the authorizations and revocations executed by you.
For your family and friends: Unless you request a restriction, we may disclose limited information about you to family members or friends who are involved in your medical care or who are responsible for paying for medical services.
Before we disclose your health information to any person related to your medical care or payment for health services, we will provide you with the opportunity to refute such disclosure. If you are not present, disabled or for an emergency, we will use our professional judgment in the disclosure of information that we understand will be in your best interest.
YOU HAVE THE FOLLOWING RIGHTS REGARDING YOUR PHI
Access: You have the right to inspect and receive an electronic or paper copy of your personal, financial, health or insurance information, related to the enrollment or medical claims within the limits and exceptions provided by law. You must submit a written request. Upon receipt of your request, we will have 30 days to do any of the following activities:
- Request for additional time
- Provide the requested information or allow you to examine your information during working hours
- Inform you that we do not have the requested information, in which case, we will guide you where to find it if we know the source
- Deny the request, partially or in its entirety, because the information was created from a confidential source or was compiled in anticipation of a legal proceeding, investigations by law enforcement agencies or the anti-fraud unit or quality assurance programs which disclosures are prohibited by law. We will notify you in writing the reasons for the denial, except in the event there’s an ongoing investigation or in anticipation of a legal proceeding.
The first report will be free of charge. We reserve the right to charge you for subsequent reports.
Disclosure report: You have the right to receive a list of examples in which we disclose your protected health information for purposes other than treatment, payment, health care operations, or as authorized by you. The report will provide the name of the entity to which we disclosed your information, the date and purpose of the disclosure and a brief description of the data disclosed. If you request this accounting more than once in a 12 month period, we may charge you the costs of processing the additional request (s). The report only covers the last six years.
Restriction: You have the right to request us to implement additional restrictions in the management of your health information.
We are not required to agree to your request. If we do agree, we will abide by our agreement, except in a medical emergency or as required or authorized by law. Your request and our agreement to implement additional restrictions must be in writing.
Confidential communication: You have the right to request that we communicate with you in confidence about your PHI at an alternative address. When you call the customer service number on your ID card to request confidential communications at an alternative address, please ask for a “PHI address.”
Note: If you choose to have confidential communications sent to you at a PHI address, we will only respond to inquiries from you. If you receive services from any health care providers, you are responsible for notifying those providers directly if you would like a PHI address from them.
Amendment: You have the right to request corrections to your health information. Your request must be in writing, and it must include an explanation or evidence that justify the amendment request. We will respond to your request within 60 days. If additional time is needed, we will notify you in written before the expiration of the original term.
We may deny your request if we do not originate the information you request to be amended and the originator is available to receive your request, or for other reasons. If we deny your request, we will provide you with a written explanation. You have the right to send a statement of disagreement to be included with our determination for any future disclosures. If we accept your request, we will make the reasonable efforts to inform others, including our business associates, and we will include the amendment in any future disclosure of such information.
Notice of privacy and security breaches in which your health information may be at risk: Triple-S is required by law to let you know promptly if a breach occurs that may have compromised the privacy, security or confidentiality of your information.
Electronic notice: If you receive this notice through our web site www.sssadvantage.com for Triple-S Advantage and www.salud.grupotriples.com for Triple-S Salud, or by e-mail, you are entitled to receive this notice in paper form.
QUESTION AND COMPLAINTS
If you want more information about our privacy practices or have questions or concerns, please contact us. All the forms to exercise your rights are available at: www.sssadvantage.com and www.salud.grupotriples.com.
If you are concerned that we or any of our business associates may have violated your privacy rights, or you disagree with a decision we made about access to your health information, in response to a request you made to amend, restrict the use or disclosure of, or communicate in confidence about your medical information, you have the right to file a complaint with us to the following address:
Contact Office: Compliance Department
Attention: Privacy Officer
Phone Number: (787) 620-1919
Fax: (787) 993-3260
Address: P. O. Box 11320 San Juan, PR 00922
You also may submit a written complaint to the Office for Civil Rights (OCR) of the United States Department of Health and Human Services (DHHS) to the following address:
U.S. Department of Health and Human Services
Mailing Address: 200 Independence Avenue, S.W. Room 509F HHH Bldg. Washington, D.C. 20201.
Customer Response Center: (800) 368-1019 Fax: (202) 619-3818 TDD: (800) 537-7697
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the OCR.
Si interesa recibir copia de este aviso en español envíe su solicitud a la dirección arriba indicada o visite nuestra página; www.sssadvantage.com para Triple-S Advantage o www.salud.grupotriples.com para Triple-S Salud.
Notice of Privacy Practice Revision date: June 2022
Triple-S Advantage, Inc. is an independent Licensee of the Blue Cross and Blue Shield Association.
Triple-S Advantage Inc. cumple con las leyes federales aplicables de derechos civiles y no discrimina en base a raza, color, origen de nacionalidad, edad, discapacidad, o sexo.
Triple-S Advantage Inc. 遵守適用的聯邦民權法律規定，不因 種族、膚色、民族血統、年齡、殘障或性別而歧視任何人。
Triple-S Advantage Inc. complies with applicable Federal civil rights laws and does not discriminate based on race, color, national origin, age, disability, or sex.
ATENCIÓN: si usted habla español, servicios de asistencia lingüística están disponibles libre de cargo para usted. Llame al: 1-888-620-1919 (TTY: 1-866-620-2520). 注意:如果您使用繁體中文，您可以免費獲得語言援助服務 。請致電1-888-620-1919 (TTY: 1-866-620-2520) 。
ATTENTION: If you speak English, language assistance services, free of charge, are available to you. Call 1-888-620-1919 (TTY: 1-866-620-2520). Y0082_22CI003E_C