NOTICE OF PRIVACY PRACTICES
Ohio Dental Association Wellness Trust
(This is a Self-Insured Health Plan sponsored by the Ohio Dental Association Services Corporation)
Effective Date: March 1, 2015
This Notice of Privacy Practices applies to the Ohio Dental Association Wellness Trust (“Plan”) administered by the Ohio Dental Association Wellness Trust Board of Trustees (“the Board”). This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
As your health plan administrator for your employer’s self-insured health plan, the Board has contracted with the Ohio Dental Association Services Corporation (“ODASC”) to provide administrative services related to your health services under the health plan. ODASC staff must collect information about you to process health services claims and authorization for you and your dependents on behalf of your health plan. ODASC knows that the information we collect about you and your health is private. ODASC is required to protect this information by federal and state law. This information is known as Protected Health Information (“PHI”).
This Notice of Privacy Practices tells you how ODASC may use or disclose your PHI. This notice may not be all inclusive of all situations. ODASC is required to give you notice of our privacy practices for the information we collect and keep about you. ODASC is required to follow the terms of the notice currently in effect.
ODASC is required by law to maintain the privacy of your PHI, provide you with notice of our legal duties and privacy practices with respect to PHI, and notify you if your PHI is affected in a breach of unsecured PHI.
How We Protect Your Privacy
Our employees are trained on the need to maintain your PHI in the strictest confidence. We restrict access to your PHI to authorized workforce members who need that information for your treatment, for payment purposes and/or for health care operations. We maintain technical, physical and administrative safeguards to ensure the privacy of your PHI.
In addition, in situations where we rely on a third party to perform business, professional or insurance services or functions for us, that third party must agree to safeguard your PHI. That Business Associate must also agree to use it only as required to perform its functions for us and as otherwise permitted by our contract and the law.
When ODASC May Use and Disclose Information Without Your Authorization:
For Treatment. ODASC may use or disclose information with health care providers who are involved in your health care. This may include health care providers (doctors, nurses, licensed practitioners) employed by or outside of the health plan. For example, information may be shared to create and carry out a plan for your treatment.
For Payment. ODASC may use or disclose information to get payment for the health care services you receive. For example, ODASC may provide PHI in relation to a bill received for health care services provided to you.
For Health Care Operations. ODASC may use or disclose information in order to manage its programs and activities. These uses and disclosures are necessary to run the health plan and to make sure that people covered by the health plan receive quality care. For example, ODASC may use PHI to review the quality of services you receive or to evaluate a provider’s performance prior to providing payment.
Other Disclosures for Plan Operations. ODASC may use or disclose PHI for underwriting purposes, but ODASC is prohibited from using or disclosing any genetic information for such purposes ODASC may use.
Appointments and Other Health Information. ODASC may send you reminders for medical care checkups or information about health services that may be of interest to you. You have a right to place restrictions on these communications and request how these communications occur.
For Public Health Activities. ODASC may send PHI to the state or local public health agency that keeps and updates vital records, such as births and deaths, and tracks some diseases. We may disclose medical information to these agencies as required by law.
For Health Oversight Activities. ODASC may use or disclose information to inspect or investigate health care providers. We may disclose medical information to health oversight agencies for activities authorized by law.
As Required by Law and For Law Enforcement. ODASC may use and disclose information when required by federal or state law; by court order, subpoena, warrant, summons, administrative request or similar process; or in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
For Abuse Reports and Investigations. ODASC is required by law to receive and investigate reports of abuse.
For Government Programs. ODASC may use and disclose information for public benefits under other government programs.
To Avoid Harm. ODASC may disclose PHI to law enforcement in order to avoid a serious threat to the health and safety of a person(s) or the public.
For Research. ODASC uses information for studies and to develop research reports. These reports do not identify specific people. These types of disclosures may only occur without specific member authorization when you (the member) have previously agreed to participate in a research study and the report disclosures are included in participation agreements.
Disclosures to Family, Friends and Others Who Are Involved In Your Medical Care. ODASC may disclose information to your family or other persons who are involved in your medical care. You have the right to object to the sharing of this information. Disclosures may only occur without authorization in instances of emergency or incapacity to effect treatment or care.
Other Uses and Disclosures Require Your Written Authorization. For other situations, ODASC will ask for your written authorization before using or disclosing information. You may cancel this authorization at any time in writing. ODASC cannot take back any uses or disclosures already made with your authorization; however disclosures made in conjunction with a valid authorization and prior to a written revocation cannot be withdrawn.
You have the following privacy rights regarding health information ODASC maintains about you:
Right to Inspect and Receive Copies of Your Records. In most cases, you have the right to inspect or receive copies of your records. You must make the request in writing. You may be charged a fee for the cost of copying your records. ODASC may deny your request to inspect and copy in certain limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed.
Right to Request a Correction or Update of Your Records. You may ask ODASC to amend information you feel to be incorrect or add missing information to your records. You must make the request in writing, and provide a reason for your request. ODASC may deny your request in certain limited circumstances.
Right to Get a List of Disclosures. You have the right to ask ODASC for a list of disclosures or access report made within the last three years. You must make the request in writing. The list will not include information provided directly to you or your family, or information that was sent with your authorization.
Right to Request Limits on Uses or Disclosures of PHI. You have the right to ask that ODASC limit how your information is used or disclosed. You must make the request in writing to HIPAA Privacy Officer, ODASC, 1370 Dublin Road Columbus, OH 43215 or fax 614-340-9444, and tell ODASC what information you want to limit and to whom you want the limits to apply. ODASC is not required to agree to the restriction, unless the restriction is for disclosures to a health plan for carrying out payment or health care operations that are not otherwise required by law, and the PHI pertains solely to a health care item or service for which you personally, and not your plan, have paid in full. You can request that the restrictions be terminated in writing or verbally.
Right to Revoke Permission. If you are asked to sign an authorization to use or disclose information, you can cancel that authorization at any time. You must make the request in writing HIPAA Privacy Officer, ODASC, 1370 Dublin Road Columbus, OH 43215 or fax 614-340-9444. This will not affect information that has already been shared.
Right to Choose How We Communicate with You. You have the right to request that ODASC share information with you in a certain way or in a certain place. For example, you may ask ODASC to send information to your work address instead of your home address. You must make this request in writing. You do not have to explain the basis for your request.
Right to File a Complaint. You have the right to file a complaint if you do not agree with how ODASC has used or disclosed information about you, or if you believe your privacy rights have been violated. You will not be penalized for filing a complaint. To file a complaint you may write to us at: HIPAA Privacy Officer, ODASC, 1370 Dublin Road Columbus, OH 43215 or fax 614-340-9444. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services Office of Civil Rights by following the instructions on their website at www.hhs.gov/ocr/privacy/complaints.
Right to Get a Paper Copy of this Notice. You have the right to ask for a paper copy of this notice at any time.
In the future, the ODAWT may change its Notice of Privacy Practices. Any changes will apply to information ODASC already has, as well as information ODASC receives in the future. A copy of the new notice will be posted on the ODAWT website at www.odawt.org as required by law. You may ask for a copy of the current notice at any time. If you have any questions regarding this notice, please contact ODASC
Date: August 1, 2019