Notice of Privacy Practices — Download PDF Version
Version Date: January 6 2024
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY.
This Notice of Privacy Practices (Notice) describes the privacy practices of Troy Health, Inc. (dba Troy Medicare). (In this Notice, we may also refer to Troy, we, us, or our). It also applies to the members of Troy Medicare. This Notice describes how we may use or share your protected health information (PHI). By law, Troy Medicare must protect your PHI and provide you with a copy of this Notice. You have rights related to your PHI. This Notice describes those rights.
Troy Medicare can share Protected Health Information (PHI) with its health plan delegates for the treatment, payment, and health care operations as allowed by HIPAA and this Notice.
Effective date: This Notice became effective on October 18, 2022.
In this Notice, we describe:
● Information we collect about you
● How we use and share your information
● Times when we must share your information
● Your rights under the law
● How we keep your information safe
● How we comply with the law
● When this Notice may change
Information we collect about you:
We get information about you from many sources, including from you. But we also can get it from other insurers and health care providers such as doctors. This is called Protected Health Information (PHI). It includes personal information that may identify you that is not public information. And it includes information about your health, medical conditions, prescriptions, and payment for health care products and services.
It may include:
● Demographic data (like your name and address)
● Health details (like medical history)
● Test results (like a lab test)
● Insurance information (like your member ID)
● Other information used to identify you or that’s linked to your past, present, or future health care or coverage.
How we use and share your information without your authorization
We may collect, use and share PHI about you to administer our health plan and provide services to our members. Below we list some examples of how we may use or disclose your information for each of these purposes. You can see the full list at 45 CFR § 164.501.
Health care operations: We may use and share your PHI for our health care operations. Those are actions we need to do to run our health business, including:
● Quality assessment and improvement
● Accreditation by independent organizations
● Performance measurement and outcomes assessment
● Health services planning and development activities
● Preventive health, disease and case management, and care coordination
For example, we may use your PHI to offer you programs for certain conditions, such as diabetes, asthma, or heart failure. We may also use it for other operations requiring use and disclosure, such as:
● Administering reinsurance and stop loss
● Investigating fraud
● Running pharmaceutical programs and payments
● Performing general administrative activities (information systems, data management, and customer service)
● Creating de-identified data (data that no longer identifies you may be used for analytics, business planning, or other reasons)
● Auditing or compliance
Payment: We may use and disclose your PHI to help pay for your covered services when:
● Conducting utilization and medical necessity reviews
● Coordinating care
● Deciding eligibility
● Deciding on drug list compliance
● Handling premium payments
● Calculating cost-sharing amounts
● Responding to complaints, appeals and requests for external reviews
● Processing service claims and payments for health services or prescription drugs
● Issuing an explanation of your benefits to the address we have on file
We carry out these tasks to make sure we pay for your care the right way.
We may use your health history and other PHI to decide on whether a treatment is medically necessary and what the payment should be. During this process, we may share information with your healthcare provider.
Treatment: We may share your PHI with the health care providers who take care of you – doctors, dentists, pharmacists, and facilities. Sometimes doctors may ask for your medical information from us for their own records. We may also use or disclose your information for:
● Coordinating member benefits, care and case management
● Consultations and referrals
● Wellness or other care management programs
Disclosures to other covered entities:
We may share your PHI with other covered entities or their business associates. This may be for treatment, payment, or certain health care operations.
Additional Reasons for Use and Disclosure without your Authorization
We may use or share PHI about you in providing you with other health related benefits and services. We may also use or share your PHI without your authorization in support of:
● Health Oversight – to health oversight agencies (e.g., agencies that oversee the health care system and government benefit programs) for purposes of oversight activities authorized by law (e.g., investigations, audits, licensure or disciplinary actions).
● Workers’ Compensation – to comply with workers’ compensation laws.
● Law Enforcement – to government law enforcement officials as permitted or required by law.
● Legal Proceedings – in response to a court order or other lawful process.
● Public Welfare – to address matters of public interest as required or permitted by law (e.g., child abuse, public health threats, investigations, disease controls, product recalls).
● As Required by Law – to comply with legal obligations and requirements
● Decedents – to a coroner or medical examiner for the purpose of identification, determining a cause of death, or as authorized by law.
● Organ Procurement – to respond to organ donation groups for the purpose of facilitating donation and transportation.
● Abuse, Neglect, or Domestic Violence – to government authorities, social services or adult protective service agencies, authorized to receive such reports, if we believe you are a victim of abuse, neglect, or domestic violence. We will inform you of such a disclosure, unless doing so would place you at risk of serious harm or not be in your best interest.
● Serious Threat to Health or Public Safety – We may share your phi to avoid a serious threat to you, another person, or the public. Your information would be given to health agencies, the police, or other law enforcement agencies. We may also share your PHI if there is an emergency or natural disaster.
● Specialized Government Functions and Correctional Institutions – to authorized government officials for purposes of national security and intelligence activities, protective services for the President, and medical suitability determinations. If you are under the custody of a correctional institution or a law enforcement official, we may disclose your PHI to such parties if certain representations are made (e.g., the information is necessary to provide you with health care or the health and safety of others).
● Data Breach – We may use your contact information to provider notices required by law. These notices can include information about an unauthorized acquisition, access, or disclosure of your PHI.
Times when we must share your information
We are required to share your PHI:
● With you or someone who has the legal right to act on your behalf (your personal representative) when requested. This is done in order to administer your rights described in our Notice.
● With the secretary of Health and Human Services, if necessary, to ensure that your privacy is protected.
We may share your PHI with people involved in your health care. We may also share with those involved in paying for your care. For example, if a family member or caregiver calls us about a claim, we may tell them what processing stage it's in. You have a right to stop or limit this kind of sharing (disclosure). To do so, call Member Services.
When we need your okay to use or share your information
If we have not described a use or disclosure above, we will need you to say it’s okay in writing to use or disclose your PHI. For example, we will get your okay for:
● Marketing purposes
● Sharing any psychotherapy notes
● If linked to the sale of your PHI
● For other reasons as required by law
Even if you gave us your okay, you could withdraw it at any time. You just need to let us know in writing. If we haven’t already acted on it, we’ll stop using or sharing your information for that purpose. If you have any questions about written permission, call Member Services. If you authorize us to share your PHI with someone outside of the health plan, we cannot guarantee that the person receiving the PHI will not disclose it.
We must also follow state privacy laws that may be stricter (or more protective of your PHI) than federal law.
Your rights under federal privacy laws
You have the right to:
● Ask us to communicate with you how or where you choose. For example, you may want us to send health information to another person. If it’s a reasonable request, we will make it happen.
● Ask us to limit the way we use or share your information when it comes to health care operations, payment, and treatment. We will consider but may not agree to such requests. You also have the right to ask us to restrict sharing with people involved in your health care.
● Ask us for a copy of PHI that’s part of a “designated record set.” This may include medical records. It may also include other records we keep and use for:
→ Claims processing
→ Medical management
→ Other decisions
We may ask you to request this in writing. And we may charge a reasonable fee for making and mailing copies. Sometimes, we may need to deny the request.
● Ask us to fix your PHI. You need to ask this in writing. And you must include the reason for the request. If we deny it, you may write to us to let us know you disagree.
● Ask us to give you a list of certain disclosures we have made about you, such as PHI we’ve shared with government agencies that license us. This is called accounting. You need to ask for this in writing. If you ask for this kind of list more than once in a 12-month period, we may charge you a reasonable fee. Your right does not include disclosures related to:
→ Health plan operations
→ Information you requested
● Be notified after a breach of your PHI.
● Insurers aren’t allowed to take part in pretext interviews, except in some cases, such as suspected fraud or criminal activity. We don’t take part in those.
You may make any of the requests (if they apply), ask for a paper copy of this Notice, or ask questions about this Notice. You can do this by calling Member Services.
You have the right to file a complaint if you think someone has violated your privacy rights. You will not be subject to retaliation for filing a complaint. To do so, send a letter to:
Attn: Chief Compliance Officer
P.O. Box 30516
Charlotte, NC 28230-0516
You may also contact the Secretary of the U.S. Department of Health and Human Services, Office of Civil Rights at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf or send an email to OCRMail@hhs.gov, or call 1-800-368-1019, TTY/TDD 1-800-537-7697.
How we keep your information safe
We use administrative, technical, and physical safeguards to keep your information from unauthorized access and other threats and hazards to its security and integrity. We comply with all state and federal laws that apply related to the security and confidentiality of your PHI.
We don’t destroy your PHI even when you end your coverage with us. We may need to use and share it even after your coverage terminates with us. We will continue to protect your information against inappropriate use or disclosure.
How we comply with the law
Federal privacy laws require us to keep your PHI private. We must tell you about our legal duties and privacy practices. We must also follow the terms of the Notice in effect.
When this Notice may change
We may change the terms of the Notice and our privacy policies anytime. If we do, the new terms and policies will be effective for all the information we now have about you. And they’ll apply to any information that we may get or hold in the future.
If we make material changes to our privacy policies, we will promptly revise our Notice. We will also post the revised Notice on our website.
You can ask for a copy of the revised Notice by calling Member Services.
We comply with applicable Federal civil rights laws and Troy Medicare does not discriminate on the basis of race, color, national origin, age, disability, or gender.
If you believe that we have failed to provide language services or discriminated in another way on the basis of race, color, national origin, age, disability, or gender, you can file a grievance by calling Member Services at 1-888-494-8769. TTY users call 711. We are available 8am -8pm Eastern time, Monday through Friday, and from October 1 to March 31, 7 days a week.