This notice describes how medical information about you may be used and disclosed and how you can get access to your information. Please review it carefully.
Receipt of this Notice does not mean you are eligible or enrolled under any of the Plans. Eligibility and enrollment are determined by the Plan documents and your elections.
The Pension Boards–United Church of Christ, Inc. (“Pension Boards”) sponsors group health plans (the “Plans”) that are subject to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). These plans include:
To the extent you are enrolled in any insured arrangement or any insured option under a Plan, you may receive a separate privacy notice from your insured plan or option. That notice will apply to the insurer’s privacy practices. This Notice generally describes the Pension Boards' privacy practices with respect to the Plans.
The privacy of your personal health information that is received, created, maintained, used or disclosed by the Plans is protected by HIPAA. The Plans are required by law to:
maintain the privacy of your protected health information (“PHI”); provide you with this Notice of the Plans’ legal duties and privacy practices with respect to your PHI; and abide by the terms of this Notice; and notify you in the event of a breach of your unsecured PHI.
PHI is health information created, received, maintained or transmitted by a Plan that identifies (or may be used to identify) an individual. The information may appear on paper or in any other form. It does not include employment records held by the Pension Boards in its role as employer.
The Plans must disclose your PHI to you or your personal representative within the legally specified period following a request, make your PHI available to the U.S. Department of Health and Human Services when it requests information relating to the privacy of PHI in the Plans and use or disclose your PHI where otherwise required by applicable law.
The Plans, and the individuals who administer them, may use, receive or disclose your PHI for treatment, payment or health care operations without obtaining a written authorization from you. These activities cover a broad range of functions, including:
Treatment. The Plans may use or disclose your PHI to facilitate medical treatment or services by a health care provider. Examples: The Plans may provide PHI to a physician to help him or her recommend a course of treatment to you.
Payment of Benefits. The Plans may use and disclose PHI to pay benefits. Examples: One of the Plans receives bills from your health care providers, processes payments, sends explanations of benefits (“EOBs”), reviews a claim appeal, or coordinates benefit payments under the Plan.
Health Care Operations. The Plans may use and disclose your PHI for certain operational purposes. Examples: Enrollment verifications or claims audits. PHI may also be used for purposes of case management or to provide you with the opportunity to participate in certain activities under a disease management program to the extent these features are available now or in the future under the Plans.
If applicable to your circumstances, and to the extent provided now or in the future, the Plans may use and disclose your PHI to provide you with appointment (or treatment) reminders, information about treatment alternatives or information about other health-related benefits and services that may be relevant to your situation.
The Plans contract with other businesses and individuals for certain plan administrative services. Each of these “business associates” may create, receive, maintain and transmit your health information for purposes of performing services for or on behalf of the Plans as long as the business associate agrees in writing to protect the privacy of your information and meet certain other specified requirements.
Certain business associates may also use and disclose PHI for their own management, administration and legal responsibilities (and for purposes of aggregating data with data obtained from other clients for evaluation of Plan design issues and other appropriate Plan purposes). Business associates maintain most of the PHI under the Plans and conduct most of the activities that involve PHI.
Under certain terms and conditions, Plans (and the Preferred Provider Organizations (“PPOs”) offering benefits under the Plans) may disclose PHI to the Pension Boards, as the Plan sponsor. Ordinarily these disclosures are limited to enrollment information and information necessary for administration of the Plans.
A Plan may disclose PHI to other health plans, health care providers, and health care clearinghouses (which translate electronic health information from one format to another) for purposes of their own provision of treatment, payment or certain health care operation services (such as quality assurance, case management, care coordination, licensing, credentialing and the detection of fraud and abuse). Where the disclosure is to another Plan covered by this Notice, disclosure is permitted for additional services related to that Plan’s operations (such as enrollment, auditing, legal services, business planning and development, management and administrative activities, and customer service).
In all situations, the Plans will limit PHI use, disclosure or request to the minimum necessary to accomplish the intended purpose.
The Plans are also permitted to use or disclose your PHI, without obtaining a written authorization from you, in the following circumstances:
If items 3 and 4 do not apply, the Plans may not use or disclose your PHI unless you authorize the use or disclosure in writing. As a result, uses and disclosures of PHI for marketing purposes and disclosures that constitute a sale of PHI will be made only with your express written authorization. Please note that the Plans do not use your PHI for marketing or fundraising purposes. However, if the data that identifies you in the PHI is appropriately removed, this non-identifiable information may then be used or disclosed without your authorization.
Please remember, if you have questions or a problem relating to a claim, a network provider or other matter pertaining to a particular benefit option, you will typically be directed to an appropriate contact person with the relevant business associate or other vendor to resolve the matter. If it is necessary for the Pension Boards to assist you directly in resolving the issue, you will usually be required to complete an authorization form.
Also keep in mind that your family members will not automatically be provided with access to your PHI on their request. However, on request, the Plan will provide your PHI to any family member or other person who demonstrates that he or she is your personal representative or whom you appropriately authorize to have access to your PHI. In addition, Explanations of Benefits (“EOBs”) and other claim denials will continue to be sent to the employee or former employee who enrolls in a Plan.
You will need to complete a prescribed written authorization form. An authorization form is available on the Pension Boards’ website (www.pbucc.org) or by calling Member Services toll-free at 1.800.642.6543. You may revoke your authorization, in writing, at any time, and the revocation will be followed to the extent action on the authorization has not yet been taken.
A federal law referred to as “ERISA” often preempts state law from applying to the Plans, particularly where benefits are self-insured. If state law is not preempted, state laws may impose stricter privacy protections or furnish you with greater rights with respect to your own PHI. If you have a question about your rights under any particular federal or state law, please contact the person identified below as the Information Contact (see item 11).
No, the Plans are prohibited from using or disclosing PHI that is genetic information for underwriting purposes.
You have the right to:
Certain administrative rules may apply to these individual rights. For example, you may be required to submit a request in writing or on a prescribed form, and you may be charged the cost of copying and postage. Your right to make a request does not necessarily mean that your request will be approved. Where a response to your request is appropriate, it will ordinarily be provided to you in writing.
To exercise your individual rights with respect to information held by the Plan administrator, you should write the Information Contact identified in item 11.
Because most of your PHI under the Plans, particularly claims information, is held by your claims administrator, it will often make sense for you to contact that entity directly to obtain access to, amend, or receive an accounting of disclosures of your PHI.
You may file a complaint with the Plans’ Information Contact, identified below (see item 11), and with the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights have been violated by any plan. Their contact information is available below. All complaints must be filed in writing. Federal law prohibits retaliation against any employee for filing a complaint.
If you have any questions about this Notice or a complaint relating to how your PHI is handled, please contact the Information Contact:
General Counsel and Corporate Secretary
The Pension Boards–United Church of Christ, Inc.
475 Riverside Drive
New York, NY 10115
To contact the Secretary of the U.S. Department of Health and Human Services, you may write to the regional office of the U.S. Department of Health and Human Services.
The effective date of this version of the Notice is September 23, 2017.
Each Plan reserves the right to change the terms of this Notice with respect to its privacy and information practices and to make the new provisions effective for all PHI it maintains, consistent with legal requirements. You will be informed of any material revisions to this Notice.
The HIPAA Privacy Rule requires covered health care providers and organizations, including health plans, to provide individuals with a Notice of Privacy Practices. The notice describes the policies and procedures in place to protect the privacy of individuals' health information. The notice also explains certain individual rights granted by the law, adequate notice of the uses and disclosures of protected health information (PHI) and of the individual's rights. PHI is protected health information created, received or transmitted by a health care provider or organization (including the UCC Medical and Dental Benefits Plan) that includes individually identifiable information about a patient's health condition, history of care or payment for care.
The UCC Medical and Dental Benefits Plan, administered by the Pension Boards, is a covered entity under the HIPAA Privacy Rule. This means that the Plan and - because they are our business associates as defined by HIPAA - our vendor partners are bound by the regulations. While we have had ongoing policies and procedures in place to ensure privacy, the Privacy Rule provides further direction (and requirements) for the Pension Boards. PBUCC has taken time and great care to develop internal policies and procedures that are compliant with HIPAA regulations and at the same time allow us to provide advocacy for Plan participants.
CLICK HERE to download a copy of the Notice of Privacy Practices. Plan participants also may obtain additional copies by contacting the Pension Boards. New enrollees will receive the notice in their enrollment packets.
PBUCC's Health Team will continue to answer your questions about claims and benefits. They may ask you for additional information to verify your identification. This procedure will help to protect your privacy.
In some cases, we will discuss claims and benefits with a spouse, parent or other family member when the Plan identifies that person as your personal representative. The Pension Boards identifies a personal representative as a person who is legally designated, chosen by you, or determined by the Plan to be acting in your best interests.
PBUCC uses 128-bit encryption (SSL 3.0) to protect your personal information on www.pbucc.org. This technology is among the strongest security available on the web today, providing a safe channel for information to pass between your computer and our systems.