Notice of Privacy Practices for PHI Version 1.0
Effective April 14, 2003

Download this CISI Privacy Statement (PDF)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have any questions about this notice, please contact the Privacy Officer at 1-800- 303-8120 x5508. Email: cwasil@mycisi.com, mail: 1 High Ridge Park, Stamford, CT 06905 attention: Christine Wasil.

In enacting the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Congress mandated the establishment of standards for the privacy of individually identifiable health information. This information, otherwise known as Protected Health Information (PHI), includes demographic, medical and financial information in respect to the health of a specific individual, the provision of health care to such an individual or the payment for the provision of health care to such an individual. This information can be in either oral, written or electronic form.

We are required by law to take reasonable steps to ensure the privacy of any PHI transmitted or maintained by us. We are also required to inform you about our uses and disclosure of Protected Health Information (PHI), your privacy rights with respect to your PHI , your right to file a complaint with us and the Secretary of the U.S. Department of Health and Human Services and the person to contact for further information about our privacy practices.

1. Minimum Necessary Standard

The Privacy Rule requires us to take reasonable steps to limit the use or disclosure of, and requests for PHI to the minimum necessary to accomplish the intended purpose. The minimum necessary provisions do not apply to the following:

• Disclosures to or requests by a health care provider for treatment purposes
• Uses or disclosures made by you
• Uses or disclosures required for compliance with the standardized Health Insurance Portability and Accountability Act (HIPAA) transactions
• Disclosures to the Health and Human Services (HHS) when disclosures of information is required under the rule for enforcement purposes
• Uses of disclosures that are required by other law

CISI will use and disclose your protected health information primarily for payment or Health Care operations purposes. The definition of each is described below:

Payment – is defined as the various activities of a health plan to obtain premiums, to fulfill their coverage responsibilities and provide benefits under the plan, and to obtain or provide reimbursement for the provision of health care.

These activities may include but are not limited to:

• Determining eligibility or coverage (including coordination of benefits with other insurers or the determination of cost sharing amounts)and adjudication or subrogation of health benefit claims;
• Risk Adjustments;
• Billing, claims management, collection activities including obtaining payment under a contract for reinsurance
• Reviewing health care services for medical necessity, coverage, justification of charges, and the like;
• Utilization review activities

Health Care Operations – defined as certain administrative, financial, legal and quality improvement activities that are necessary to run the business and to support the core functions of treatment and payment. These activities, which are limited to the activities listed in the definition include:

• Conducting quality assessment and improvement activities, population-based activities relating to improving health or reducing health care costs, and case management and care coordination;
• Underwriting and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to health care claims;
• Conducting or arranging for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs;
• Business planning and development, such as conducting cost-management and planning analyses related to managing and operating the entity; and
• Business management and general administrative activities, including those related to implementing and complying with the Privacy Rule and other Administrative Simplification Rules, customer service, resolution of internal grievances, sale or transfer of assets, creating de-identified health information or a limited data set, and fundraising for the benefit of the covered entity.

Other purposes for which we are permitted to use or disclose your PHI without your consent or authorization include:

• Uses and disclosures required by law
• Uses and disclosures to create de-identified information – we may use your PHI to disclose it to a business associate to create information that is not individually identifiable health information and therefore deemed to be “de-identified”. Once de-identified, the information is no longer PHI. We may then use it for any purpose, including but not limited to performing analyses of utilization and cost trends.
• Disclosure to our business associates, defined as persons not part of our workforce to whom we provide PHI and who have contracted with us and agreed not to disclose your PHI in any manner inconsistent with the types of uses and disclosures described in this notice. We currently utilize Business Associates to investigate for possible subrogation, to obtain discounts of your medical claims via repricing vendors, to submit for reinsurance contracts and for other purposes as allowed by law.
• Uses and Disclosures for Public Health Activities
• Uses and Disclosures to avert a serious threat to health or safety

Disclosure of your PHI to the sponsor of your plan: We may be asked by the sponsor of your plan to provide your PHI. If we are asked to do so (your sponsor may want to assess their overall experience with us or monitor us for quality assurance purposes) we may honor such requests to the extent permitted by law.

YOUR HEALTH INFORMATION RIGHTS:

Right of an individual to request restriction of uses and disclosures – You have the right to request restrictions on how your PHI is used and to whom your information is disclosed even if this restriction affects our payment or health care operations. However, we are not required to agree to your requested restriction. You will need to send your request to our office at the address listed on page one to request a restriction.

Right to receive confidential communications - We must accommodate reasonable requests by you to receive communications of protected health information from us by alternative means or at alternative locations, if you clearly state that the disclosure of all or part of that information could endanger you.

Right to inspect and copy protected health information – You have the right to inspect and obtain a copy of your PHI contained in a “designated record set”, for as long as we maintain the PHI. A “designated record set” includes the medical records and billing records about individuals maintained by or for a covered health care provider; enrollment, payment, billing, claims adjudication and case or medical management record systems maintained by or for a health plan; or other information used in whole or in part by or for the covered entity to make decisions about individuals.

Right to access to protected health information – You have the right of access to inspect and obtain a copy of protected health information about you in a designated record set, for as long as the protected health information is maintained in the designated record set, except for:

1. Psychotherapy notes;
2. Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.

Right to amend – You have the right to have us amend protected health information or a record about you in a designated record set for as long as the protected health information is maintained in the designated record set.

• Denial of amendment. We may deny your request for amendment, if we determine that the protected health information or record that is the subject of the request:
  1. Was not created by us, unless you provide a reasonable basis to believe that the originator of protected health information is no longer available to act on the requested amendment;
  2. Is not part of the designated record set;
  3. Would not be available for inspectio
  4. Is accurate and complete.

Right to an accounting of disclosures of protected health information – You have a right to receive an accounting of disclosures of protected health information made by us in the six years prior to the date on which the accounting is requested, except for disclosures:

• To carry out treatment, payment and health care operations;
• To individuals of protected health information about them;
• For the facility’s directory or to persons involved in the individual’s care or other notification purposes;
• For national security or intelligence purposes
• To correctional institutions or law enforcement officials
• That occurred prior to the effective date of this notice.

Right to obtain a paper copy of this notice. If you did not receive this notice in paper form (i.e. you downloaded it from our website) you may request a paper copy at any time. Please contact our office at (800) 303-8120 x5133 to make a request.

Complaints: If you believe your privacy rights have been violated, you may file a complaint with us and/or the United States Department of Health and Human Services. We will not retaliate against you for filing such a complaint. To file a complaint with us, please contact our privacy officer, Christine Wasil at 800-303-8120 x5508, email to cwasil@mycisi.com, or mail to 1 High Ridge Park, Stamford, CT 06905.

Additional Comments: We are required by law to maintain the privacy of protected health information and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this notice which is currently in effect as of April 14, 2003.

We reserve the right to change this notice at any time. We will make the new notice provisions effective for all protected health information that we maintain. We will provide new notices to your plan sponsor for distribution. We will also post a copy in downloadable form on our website at www.culturalinsurance.com.

THE EFFECTIVE DATE OF THIS NOTICE IS April 14, 2003. IT IS APPLICABLE TO PERSONAL HEALTH INFORMATION ABOUT YOU OBTAINED BY US ON OR AFTER April 14, 2003.