THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
REVIEW IT CAREFULLY. THE PRIVACY OF YOUR HEALTH INFORMATION IS IMPORTANT TO US.
OUR LEGAL RESPONSIBILITY
Triple-S Advantage, Inc. and Triple-S Salud, Inc. (Triple-S) are required by law to maintain the confidentiality, privacy and security of your health information. Also, it is required by law to inform you of our privacy practices and your rights regarding your health information. We will follow the privacy practices described in this notice while it is in effect.
This notice contains some examples of the types of information we collect and describe the types of uses and disclosures we execute, and your rights.
This notice provides examples for illustrative purposes and shall not be construed as a complete listing of such uses and disclosures.
Triple-S is required to abide by the terms of this Notice. However, we reserve the right to amend our privacy practices and the terms of this notice. Before we make a significant change in our privacy practices, we will amend this notice and send an updated notice to our active subscribers. This privacy notice will be effective as of September 1, 2021.
SUMMARY OF PRIVACY PRACTICES
Our commitment is to limit to the minimum necessary the information we collect in order to administer your insurance products or benefits. As part of our administrative functions, we may collect your personal, financial or health information from sources such as:
- Applications and other documents you have provided to obtain a product or insurance service;
- Transactions you made with us or our affiliates;
- Consumer credit reporting agencies;
- Healthcare providers;
- Government health programs
Protected Health Information (PHI) is information that can identify you (name, last name, social security number); including demographic information (such as address, zip code), obtained from you through a request or other document in order to obtain a service, created and received by a health care provider, a medical plan, intermediaries who submit claims for medical services, business associates, and that is related to (1) your health and physical or mental condition, past, present, or future; (2) the provision of medical care to you, or (3) past, present, or future payments for the provision of such medical care. For purposes of this Notice, this information will be called PHI. This Notice of Privacy Practices has been written and amended, so that it will comply with the HIPAA Privacy Regulation. Any term not defined in this Notice will hold the same meaning as in the HIPAA Privacy Regulation. We have also implemented policies and procedures for the handling of PHI, which you may examine, at your request. You can submit your request via email email@example.com or in writing to the address included below.
We do not use or disclose genetic information for underwriting purposes.
LAWS AND REGULATIONS
HIPAA: Health Insurance Portability and Accountability Act of 1996 implements rules relating to the use, storage, transmission, and disclosure of protected health information pertaining to members in order to standardize communications and protect the privacy and security of personal, financial and health information.
HITECH: The Health Information Technology for Economic and Clinical Health Act of 2009. This Rule promotes the adoption and meaningful use of health information technology.
It also addresses privacy and security concerns associated with the electronic transmissions of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.
Privacy and Security Rule: Standards for Privacy of Individually Identifiable Health, as well as Security Standards for the Protection of Electronic Protected Health Information are guided through 45 C.F.R. Part 160 and Part 164.
ORGANIZATIONS COVERED BY THIS NOTICE
Triple-S Advantage, Inc.
Triple-S Salud, Inc.
USES AND DISCLOSURES OF INFORMATION
Triple-S will not disclose or use your information for any other purpose other than those mentioned in this notice unless you provide written authorization. You may revoke the authorization in writing at any time, but your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Triple-S will not disclose information for fundraising activities.
Triple-S may use and disclose PHI for the following:
Disclosures to you: We are required to disclose you most of your PHI. This includes, but is not limited to, all information related to your claim’s history and utilization report. For example: You have the right to request claims history, prescription history and any other information that is related to your protected health information.
As part of our administrative functions, we may use or disclose your information, without your authorization, for treatment, payment and healthcare operations, and when authorized or permitted by law. For example:
Treatment: To a physician or other health care provider who provides you medical services including treatment, services coordination, monitoring of your health and other services related. For example, the plan may disclose your medical information to your provider to coordinate your treatment.
Payment: To pay for the health services provided to you, to determine your eligibility for benefits, to coordinate your benefits with other payers, or to collect premiums, and other related activities. For example, the plan may use or disclose information to pay claims related to health services received by you or to provide eligibility information to your health care provider when you receive treatment.
Health Care Operations: For audits, legal services, including fraud and abuse detection, compliance, business planning, general administration, and patient safety activities, credentialing, disease management, training of medical and pharmacy students. For example, the plan may use or disclose your health information to communicate with you to provide reminders of meetings, appointments or treatment information.
We may disclose your health information to another health plan or to a health care provider subject to federal or local privacy protection laws, as long as the plan or provider has or had a relationship with you.
Affiliated Covered Entities: In order to perform our duties as insurance or benefit administrator, we may use or disclose PHI with the following entity: Triple-S Salud, Inc.
Business Associate: Triple-S may use and disclose your personal information to our business associates, who provide services on our behalf of Triple-S Advantage, Inc. and Triple-S Salud, Inc. and contribute in the administration or coordination of your services.
Your Employer or other employee organization that provide you the group health plan: Triple-S Advantage may disclose your health information to your employer or organization that provide you the group health plan, with the purpose of facilitating its management such as the discharges from the health plan. Also, we may disclose a summary of health information. This summary of health information may include aggregated claims history, claims or coverage expenses or types of claims experienced by the members in your group health plan.
For research purposes: We may use or disclose your PHI to researchers, if an Institutional Review Board or an Ethics Committee, has reviewed the research proposal and has established protocols to protect your information’s confidentiality, and has approved the research as part of a limited data set, which does not include individual identifiers.
Required by Law: We may use or disclose your PHI whenever Federal, State, or Local Laws require its use or disclosure. In this Notice, the term “as required by Law” is defined as in the HIPAA Privacy regulation. For these purposes your authorization or opportunity to agree or object will not be required. The information will be disclosed in compliance with the safeguards established and required by law.
Legal proceedings: We may use or disclose your PHI during the course of any judicial or administrative proceedings to comply with any order (disclosure as expressly permitted); or in response to a citation, subpoena, discovery request, or other procedure as authorized by law.
Forensic Pathologists, Funeral directors, and organ donation cases: We may use or disclose your PHI to a medical examiner (Pathologist) for identifying a deceased person, determine a cause of death, or other duties authorized by law. We may also disclose your information to a funeral director, as necessary to carry out its duties with respect to corpses and to other entities engaged in the procurement, banking, or transplantation of bodies organs, eyes, or tissues.
Worker’s compensation: We may use or disclose your PHI to comply with laws relating to workers’ compensation or other similar programs as established by law, that provide benefits for work-related injuries or illness without regard to fault.
Disaster relief or emergency situations, Government Sponsored Benefits Programs: We may disclose your PHI to a public or private entity authorized by law or its acts that helps in case of a disaster. In this way, your family can be notified about your health condition and location in case of a disaster or an emergency.
Monitoring activities of regulatory agencies: We may disclose health information to a regulatory agency such as the Department of Health (DHHS) for audit purposes, monitoring of regulatory compliance, investigations, inspections or license. These disclosures may be necessary for certain state and federal agencies to monitor the health care system agencies, government programs and the compliance with civil rights laws.
Public Health and Safety Activities: We may use and disclose your health information when required or permitted by law for the following activities, for these purposes your authorization or opportunity to agree or refute will not be required:
- Public health, including to report disease and vital statistics, for specialized government functions, among others;
- Healthcare oversight, fraud prevention and compliance;
- To report child and/or adult abuse or domestic violence;
- Regulators Agency activities;
- In response to court and administrative orders;
- To law enforcement officials or matters of national security;
- To prevent an imminent threat to public health or safety;
- For storage or organ, eye or tissue transplant purposes;
- For statistical investigations and research purposes;
- For descendant purposes;
- As otherwise required by applicable laws and regulations
Military activity, national security, protective services: We may disclose your PHI to appropriate military command authorities if you are a member of the Armed Forces, or a veteran. Also, to authorized federal officials to conduct national security activities, lawful intelligence, counterintelligence, or other national security and intelligence activities for the protection of the President, and other authorities, or heads of state.
Health-Related Products and Services: We may use your health information to inform you about health-related products, benefits and services we provide or include in our benefits plan, or treatment alternatives that may be of interest to you. We will use your information to call or send you reminders of your medical appointments or the preventive services that you need according to your age or health condition.
With Your Authorization: You may give us a written authorization to disclose and permit access to your health information to anyone for any purpose. Activities such as marketing of non-health related products or services or the sale of health information must be authorized by you. In these cases, your health insurance policy and your benefits will not be affected if you deny the authorization.
The authorization must be signed and dated, it must mention the entity authorized to provide or receive the information, and a brief description of the data to be disclosed. The expiration date will not exceed two years from the date on which it was signed, except if you signed the authorization for one of the following purposes:
- To support a request for benefits under a life insurance policy, its reinstallation or modifications to such policy, in which case the authorization will be valid for 30 months or until the application is denied, the earlier of the two events; or
- To support or facilitate the communication of an ongoing treatment of a chronic disease or rehabilitation of an injury.
The information disclosed pursuant to the authorization provided by you, may be disclosed by the recipient of it and not be protected by the applicable privacy laws. You may revoke the authorization in writing at any time, but your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. We will keep copies of the authorizations and revocations executed by you.
For your family and friends: Unless you request a restriction, we may disclose limited information about you to family members or friends who are involved in your medical care or who are responsible for paying for medical services.
Before we disclose your health information to any person related to your medical care or payment for health services, we will provide you with the opportunity to refute such disclosure. If you are not present, disabled or for an emergency, we will use our professional judgment in the disclosure of information that we understand will be in your best interest.
Terminated accounts: We will not share the data of persons who are no longer our customers or who do not maintain a service relationship with us, except as required or permitted by law.
YOU HAVE THE FOLLOWING RIGHTS REGARDING YOUR PHI
Access: You have the right to review and receive an electronic or paper copy of your personal, financial, health or insurance information, related to the enrollment or medical claims within the limits and exceptions provided by law. You must submit a written request. Upon receipt of your request, we will have 30 days to do any of the following activities:
- Request for additional time
Provide the requested information or allow you to examine your information during working hours
Inform you that we do not have the requested information, in which case, we will guide you where to find it if we know the source
Deny the request, partially or in its entirety, because the information was created from a confidential source or was compiled in anticipation of a legal proceeding, investigations by law enforcement agencies or the anti-fraud unit or quality assurance programs which disclosures are prohibited by law. We will notify you in writing the reasons for the denial, except in the event there’s an ongoing investigation or in anticipation of a legal proceeding.
The first report will be free of charge. We reserve the right to charge you for subsequent reports.
Disclosure report: You have the right to receive a list of examples in which we disclose your protected health information for purposes other than treatment, payment, health care operations, or as authorized by you. The report will provide the name of the entity to which we disclosed your information, the date and purpose of the disclosure and a brief description of the data disclosed. If you request this accounting more than once in a 12 month period, we may charge you the costs of processing the additional request (s). The report only covers the last six years.
Restriction: You have the right to request us to implement additional restrictions in the management of your health information.
We are not required to agree to your request. If we do agree, we will abide by our agreement, except in a medical emergency or as required or authorized by law. Your request and our agreement to implement additional restrictions must be in writing.
Confidential communication: You have the right to request that our communications about your health information are made by alternative means or at an alternative location. You must make your request in writing. We will accept your request if it is reasonable, specify the alternative means or the alternative location.
Amendment: You have the right to request corrections to your health information. Your request must be in writing, and it must include an explanation or evidence that justify the amendment request. We will respond to your request within 60 days. If additional time is needed, we will notify you in written before the expiration of the original term.
We may deny your request if we do not originate the information you request to be amended and the originator is available to receive your request, or for other reasons. If we deny your request, we will provide you with a written explanation. You have the right to send a statement of disagreement to be included with our determination for any future disclosures. If we accept your request, we will make the reasonable efforts to inform others, including our business associates, and we will include the amendment in any future disclosure of such information.
Notice of privacy and security breaches in which your health information may be at risk: We will let you know promptly if a breach occurs that may have compromised the privacy, security or confidentiality of your information.
Electronic notice: If you receive this notice through our web site www.sssadvantage.com for Triple-S Advantage and www.salud.grupotriples.com for Triple-S Salud, or by e-mail, you are entitled to receive this notice in written form.
QUESTION AND COMPLAINTS
If you want more information about our privacy practices or have questions or concerns, please contact us. All the forms to exercise your rights are available at: www.sssadvantage.com and www.salud.grupotriples.com.
If you are concerned that we or any of our business associates may have violated your privacy rights, or you disagree with a decision we made about access to your health information, in response to a request you made to amend, restrict the use or disclosure of, or communicate in confidence about your medical information, you have the right to file a complaint with us to the following address:
You also may submit a written complaint to the Office for Civil Rights (OCR) of the United States Department of Health and Human Services (DHHS) to the following address:
U.S. Department of Health and Human Services
Mailing Address: 200 Independence Avenue, S.W. Room 509F HHH Bldg. Washington, D.C. 20201.
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the OCR.
Si interesa recibir copia de este aviso en español envíe su solicitud a la dirección arriba indicada o visite nuestra página; www.sssadvantage.com para Triple-S Advantage o www.salud.grupotriples.com para Triple-S Salud.
Notice of Privacy Practice Revision date: May 2021
Triple-S Salud, Inc. is an independent Licensee of the Blue Cross and Blue Shield Association. Y0082_22CI003E_C