Self-Funded Plans, Inc. respects the privacy of its clients and their membership. Self-Funded Plans, Inc. will not alter, disclose, or monitor any personal data regarding members or the member’s usage of Self-Funded Plans, Inc. services without the member’s prior permission unless Self-Funded Plans, Inc. has reason to believe, under good faith, that the action is necessary to:
· Conform and/or comply to legal requirements and/or legal processes
· Protect the interest of clients and their membership
· Enforce the terms and conditions of the SFPI OnLine service
· Protect and/or defend the rights and property of Self-Funded Plans, Inc.
Further, Self-Funded Plans, Inc. will make all good faith efforts to adhere to the following areas of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Rules:
a. Report to the designated Privacy Officer in writing, any use and/or disclosure of the Protected Health Information that is not permitted or required within fifteen (15) days of the discovery of such unauthorized use and/or disclosure.
b. Establish procedures for mitigating, to the greatest extent possible, any deleterious effect from any improper use and/or disclosure of Protected Health Information that is reported.
c. Use commercially reasonable efforts to maintain the security of the Protected Health Information and to prevent unauthorized use and/or disclosure of such Protected Health Information.
d. Require all of its subcontractors and agents that receive or use, or have access to, Protected Health Information to adhere to the same restrictions and conditions on the use and/or disclosure of Protected Health Information that apply to the terms and conditions of the SFPI OnLine service
e. Make available all records, book, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information for purposes of determining the compliance with the Privacy Regulation, subject to attorney-client and other applicable legal privileges.
f. Upon prior written request, make available during normal business hours all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Covered Entity within thirty (30) days for purposes of determining compliance with the terms and conditions of the SFPI OnLine service.
g. Within 45 days of receiving a written request, provide such information as is requested to permit response to a request by an individual for an accounting of the disclosures of the Individual’s Protected Health Information in accordance with 45 C.F.R. § 164.528.
h. Disclose to its subcontractors, agents or other third parties, and request from the Covered Entity, only the minimum Protected Health Information necessary to perform or fulfill a specific function required or permitted hereunder.