Windsor Health Group and its Subsidiaries
(Sterling Life Insurance Company and Windsor Health Plan)
NOTICE OF PRIVACY PRACTICES
Effective Date: September 23, 2013
Your Privacy is Important to Us
Windsor Health Group (“Windsor”) is required by law to protect the privacy of your personally identifiable and protected health information.
THIS NOTICE DESCRIBES HOW SUBMITTED MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Windsor holds its employees and Business Associates to strict adherence to all State and Federal regulatory requirements for the protection of your personally identifiable and protected health information. Windsor is required by law to provide you this Privacy Statement which outlines how Windsor handles your information that is collected.
All Windsor employees, contractors and suppliers are required sign confidentiality agreements and certain vendors and/or suppliers must sign a Business Associate Agreement for adherence to State and Federal law and regulatory mandates.
In addition, Windsor employs various privacy and information security technologies to detect, prevent and to monitor for unauthorized access to or disclosure of your protected health information. This Privacy Statement explains your rights as they relate to your information and our legal duties and privacy practices.
If you have any questions about this notice, please contact Windsor Health Group Privacy & Security Officer.
WHO WILL FOLLOW THIS NOTICE
This notice describes the information privacy practices followed by our employees, staff and all other workforce members.
WINDSOR MEMBER HEALTH INFORMATION
This notice applies to the information and records we have about you, your health, health status, and the health care and services you receive from Windsor.
Your health information may include information created and received by Windsor, may be in the form of written or electronic records or spoken words, and may include information about your health history, health status, symptoms, examinations, test results, diagnoses, treatments, procedures, prescriptions, related billing activity and similar types of health-related information.
Windsor is required by law to provide you this notice. This notice communicates the ways in which Windsor may use and disclose your health information and describes your rights and our obligations regarding the use and disclosure of that information.
COLLECTION, USE AND DISCLOSE OF YOUR HEALTH INFORMATION
- How Windsor Collects Your Health Information. We collect your health information through paper applications, online forms and other correspondence and transactions which you have with us. We also collect your information through claims submitted to our company from healthcare providers, information provided by your employer if your coverage is through a group contract and from your agent. Windsor also uses electronic means to capture your data such as Web cookies, IP addresses, HTTP Referrer and other environment variables.
- The Types of Information Windsor Collects. The type of information we collect from you may include your name, address, phone number and social security number, financial/payment and other information as required. Under certain conditions and with your authorization, we may also ask you or your authorized health care representative or your covered dependents for medical history information.
- Use and Disclosure. Windsor is permitted by law to use your information for certain purposes including healthcare payment and healthcare operations. Examples of how we may use and disclose your information include but are not limited to:
- Treatment. Windsor may use and disclose your health information for the purpose of medical treatment and for the purpose of dispensing prescription medications to you.
- Payment. Windsor may use or disclose your information to pay claims for covered services or to provide eligibility information to your doctor when you receive treatment.
- Healthcare Operations. Windsor may use or disclose your information for activities like:
- Underwriting, premium rating or other activities relating to the creation or renewal of a health insurance contract. (When conducting underwriting, Windsor is prohibited from using or disclosing protected health information which is your genetic information.);
- Quality assessment and improvement activities such as peer review and credentialing of providers;
- Care and disease management activities;
- Data and information systems management; and
- In the event of a merger or acquisition.
- Business Associates. Windsor may disclose your information to third parties that it hires to assist in the administration of your benefits. These third parties are called Business Associates and they must agree in writing to protect and maintain the confidentiality and security of your information. Examples of a Business Associate are the doctors who do medical reviews and/or a vendor who prints claim notifications on the behalf of Windsor.
- Plan Sponsors. If you receive insurance benefits through a group plan, Windsor may disclose to your Plan Sponsor, in summary form, claims history and other similar information. Such summary information does not disclose your name or other distinguishing characteristics. Windsor may also disclose to your Plan Sponsor the fact that you are enrolled in, or dis-enrolled from the Plan. Windsor may disclose your medical information to the Plan Sponsor for Plan
SPECIAL SITUATIONS. We may use or disclose health information about you for the following purposes, subject to all applicable legal requirements and limitations:
- To Avert a Serious Threat to Health or Safety. We may use and disclose health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- Required By Law. We will disclose health information about you when required to do so by federal, state or local law.
- Health Oversight Activities. We may disclose health information to a health oversight agency for audits, investigations, inspections, or licensing purposes. These disclosures may be necessary for certain state and federal agencies to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. Subject to all applicable legal requirements, we may also disclose health information about you in response to a subpoena.
- Military, Veterans, National Security and Intelligence. If you are or were a member of the armed forces, or part of the national security or intelligence communities, we may be required by military command or other government authorities to release health information about you.
- Law and Regulatory Enforcement. We may release health information if asked to do so by a law official or in accordance with a regulatory enforcement requirement which is in response to a court order, administrative order, subpoena, warrant, summons or similar process or in the performance of mandatory licensing, regulatory/compliance reporting that is subject to all applicable legal requirements.
- Public Health Authorities. We may disclose health information about you for public health reasons in order to prevent or control disease, injury or disability; or report births, deaths, suspected abuse or neglect, non-accidental physical injuries, reactions to medications or problems with products.
- Information Not Personally Identifiable. We may use or disclose health information about you in a way that does not personally identify you or reveal who you are.
OTHER USES AND DISCLOSURES OF HEALTH INFORMATION. We will not use or disclose your health information for any purpose other than those identified in the previous sections without your specific written authorization. Examples of disclosures requiring your documented authorization include disclosures to your partner, your spouse, your children, your legal counsel or health care representative. We also will not use or disclose your health information for the following purposes without your specific, written authorization:
- For our marketing, as marketing is defined in the privacy regulations, purposes. This does not including face-to-face communication about products or services that may be of benefit to you and about prescriptions you have already been prescribed.
- Any disclosure of your psychotherapy notes. These are the notes which your behavioral health provider may disclose to us about treatment, claims and billing.
- The sale of any protected health information.
AUTHORIZATION AND DISCLOSURE OF YOUR HEALTH INFORMATION
If you give us authorization to use or disclose health information about you, you may revoke that authorization, in writing, at any time. Upon receiving your written request to revoke your authorization, we will no longer use or disclose information about you for the reasons covered by your written authorization. However, your request to revoke authorization does not apply or cover those approved uses or disclosures which we may have made with your permission prior to receiving your written request to revoke. In some instances, we may need specific, written authorization from you in order to disclose certain types of specially-protected information such as psychotherapy notes, HIV, substance abuse, mental health, and genetic testing information for purposes such as treatment, payment and healthcare operations.
RIGHTS REGARDING YOUR HEALTH INFORMATION
You have the following rights regarding health information we maintain about you:
Members’ Right to Inspect and Copy. You have the right to inspect and copy your health information, such as billing or payment records, that we keep. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other associated supplies. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. You also have the right to request a copy of your health information in electronic form if requested.
Right to Access Your Information. You have a right to access your information used and stored by Windsor in its designated record set. The right to access excludes:
- Psychotherapy notes.
- Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; and
- Protected health information maintained by a covered entity that is:
- Subject to the Clinical Laboratory Improvements Amendments of 1988, 42 U.S.C. 263a, to the extent the provision of access to the individual would be prohibited by law; or
- Exempt from the Clinical Laboratory Improvements Amendments of 1988, pursuant to 42 CFR 493.3(a)(2).
Right to Amend Your Information. You have the right to request an amendment of your information that is maintained in a designated record set and we will refer you to the provider of service if you are requesting an amendment to diagnosis or treatment information. We may deny your request for an amendment if your request is not in writing or does not include a satisfactory reason to support the request. In addition, we may deny or partially deny your request if you ask us to amend information that:
- We did not create.
- The person or entity that created the information is no longer available to make the amendment.
- Is not part of the health information that we keep.
- You would not be permitted to inspect and copy
- Is accurate and complete.
If we deny or partially deny your request for amendment, you have the right to submit a rebuttal and request the rebuttal be made a part of your member file. Your rebuttal needs to be 2 pages in length or less and we have the right to file a rebuttal responding to yours in your member file. You also have the right to request that all documents associated with the amendment request (including rebuttal) be transmitted to any other party any time that portion of your member file is disclosed.
Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made about you for purposes other than treatment, payment, health care operations, when specifically authorized by you and a limited number of special circumstances involving national security, correctional institutions and law enforcement.
To obtain this list, you must submit your request in writing. It must state a time period, which may not be longer than six years. Your request should indicate in what form you want to receive the list (for example, on paper, electronically). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for it, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had.
We are not required to agree to your request. However if we do agree, we will comply with your request unless there is a technical, financial, resource or process complication which would prevent us agreeing to your request or we are required by law to use or disclose the information. Windsor will send a written confirmation regarding the disposition of your request.
Right to Request Confidential Communications. You have the right to request that we communicate with you about your member information in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you may complete and submit the Request for Restriction in writing to the Windsor Health Group Chief Privacy & Security Officer. We will not ask you the reason for your request and we will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. However, if your request is determined to be unreasonable and we deny or partially deny your request, you have the right to submit a rebuttal and can request the rebuttal be made a part of your member file. Your rebuttal needs to be 2 pages in length or less and we have the right to file a rebuttal responding to yours in your member file. Windsor will send a written rebuttal to you regarding the disposition of your request.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive it electronically, you are still entitled to a paper copy.
How to Contact Windsor for All Requests.
CHANGES TO THIS NOTICE
We reserve the right to change this notice, and to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. You are entitled to a copy of the notice currently in effect. We will inform you of any significant changes to this Notice. This may be communicated through a letter, a notice posted on our website(s) or other means of communication.
BREACH OF HEALTH INFORMATION
We will inform you if there is a breach of your unsecured health information.
If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint.
HHS Office for Civil Rights:
To file a complaint with Windsor Health Group, contact:
Chief Privacy & Security Officer
Windsor Health Group
2219 Rimland Drive
Bellingham, WA 98226
Sterling HIPAA Privacy Notice
Sterling Privacy Notices by State
Privacy Notice Download (PDF 30kb)
AL, AK, AR, CO, CT, DC, DE, FL, HI, ID, IA, IL, IN, KS, KY, LA, MD, MI, MS, MO, NE, NH, NY, ND, OK, PA, RI, SC, SD, TN, TX, UT, WA, WV, WI and WY
Click to View
AZ, GA, ME, MA, NV, NJ, NC, OH, OR and VA
Click to View
MN and MT
Click to View
NM and VT
Click to View
||Click to View
How to Contact Us to Opt Out
If you prefer that we not share your non-public information with non-affiliated companies or individuals for any purpose other than that of providing the products and services you requested, please write us at Sterling Life Insurance Company, P.O. Box 5348, Bellingham, WA 98227-5348.
Questions regarding this Privacy Statement should be directed to email@example.com. Please specify “Privacy Statement” in the subject line of your e-mail.