The Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law, includes privacy and security standards for the protection of individual health information created, maintained, used, and disclosed by healthcare providers and health plans such as the Medical Plan of the PC(USA).
HIPAA Privacy and Security Rules
- Limit the use of your health information. Your personal Medical Plan information can only be used for activities related to treatment, payment, and healthcare operations unless you authorize a release.
- Establish privacy rights. Your HIPAA rights under the Medical Plan are explained in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Notice (see Booklets & Publications at right).
- Require security measures to protect the privacy and integrity of your health information. Your personal health information is protected from unauthorized access and disclosures.
Members have the right to
- receive notice of the Medical Plan's privacy practices;
- inspect and copy their Medical Plan information;
- amend their Medical Plan records;
- receive an accounting of disclosures of their health information; and
- request certain restrictions on the use and disclosure of their health information.
Under HIPAA, Board employees and the Medical Plan's service providers, such as Highmark and OptumRx, may share protected health information (PHI) with other health plans and providers for payment, treatment, and healthcare operations purposes. You must authorize the release of PHI to anyone else, including your spouse and employer. Please see the Health Insurance Portability and Accountability Act (HIPAA) Privacy Notice.
To authorize the release of your PHI, you must complete the Authorization to Release Medical Plan Information form, which authorizes the Medical Plan to release the information, and the Authorization for Use or Disclosure of Protected Health Information form, which authorizes the Board to obtain PHI from your doctors or healthcare providers.
To provide limited powers of attorney to a personal representative so that person may handle Board of Pensions matters on behalf of you as the covered individual, you should complete the Designation of Personal Representative form. If you already have a power-of-attorney form, you can simply supply the Board with a copy along with the Designation of Personal Representative form. (To access forms, see Forms, top right.)
To authorize the release of your PHI to your spouse or family member, the Board's vendor partners require that you complete their release forms. Please contact the vendor for that form.
Personally Identifiable Information
HIPAA only covers personal health information related to the Medical Plan. The Board strives to protect the confidentiality of all personally identifiable information (PII). The Board's policies protect the confidentiality of financial information of members, churches and other employers, and donors from unauthorized disclosure, following best security practices and in compliance with applicable federal and state regulations.
Report Privacy Concerns
If you have questions about your privacy or believe that there has been a breach, please contact the Board's Privacy Officer.