tuckeradministrators.com Privacy Policy

Authorization
As a participant in my Employers' Group Health Plan (the "Plan"), I hereby authorize the issuance of a password and the use or disclosure of, including access to, my Protected Health Information (as defined in the Privacy Standards) as described in this Authorization.

It is my desire that a password be issued so that I may access information regarding my claims under the Plan, as well as those of my dependents, if any, (the "Dependents"). Further, I may wish to disclose this password to the Dependents. I recognize that by issuance and use of this password, I am authorizing the third party administrator of the Plan, Tucker Administrators, Inc. ("TPA"), to disclose to the Dependents and I my Protected Health Information.

*The Protected Health Information that may be accessed and disclosed through use of the password includes, with respect to me and the Dependents who are covered under the Plan, the following:

Information regarding enrollment in the Plan.
Information regarding claims filed, including date of service, provider of service, amount charged and general description of services rendered.
Information regarding payment and denial of claims, including the reason for denial of any claims.
I understand that if I make this password available to the Dependents, it will allow them to access the information described in Item 3 above and I hereby authorize such access.
This Authorization shall expire within ten business days following my termination as a participant in the Plan.

I understand that I have the right to revoke this Authorization by delivering a written notice of my desire to revoke this Authorization to TPA at their offices at 3800 Arco Corporate Drive, Charlotte, NC 28273, Suite 450, Attn: Carol Ann Pencek/Vice President. The revocation will be effective ten business days following TPA's receipt of my written notice. I understand that I cannot revoke this Authorization to the extent that the Plan or TPA, on behalf of the Plan, has taken action in reliance on this Authorization (for example, any disclosure made prior to the revocation under this Authorization will not be affected by the revocation).

Collection of Information
You may be asked to voluntarily provide your name, birth date, social security number, email address, and zip code ("Personal Information") to have access to some features of the Site. By using the Site and providing us with your Personal Information, you consent to our use of such information as described in this Policy. You may always refuse to provide your Personal Information, and this may lead to our inability to provide you with certain products or services.

*I understand that the information described above, once disclosed to the Dependents, may be re-disclosed by those individuals and no longer protected by the Privacy Standards.

I understand that this Authorization is not required for the Plan to use or disclose any Protected Health Information for purposes of treatment, payment or health care operations, or if the use or disclosure is otherwise permitted by the Privacy Standards, and that any revocation of this Authorization will have no effect on such uses or disclosures.

I understand that the Plan may not condition my enrollment or eligibility for, or payment of, benefits on my agreeing to this Authorization. I also understand that I am entitled to receive a copy of this Authorization.

I agree to protect the confidentiality of the password to prevent unauthorized persons from accessing or using my Protected Health Information or the Protected Health Information of the Dependents. If I have reason to believe the password has become known to any unauthorized person, I immediately will notify TPA, so that the password may be changed.

I release the Plan, the Plan Administrator and TPA from any and all liability that may arise from improper access, use or disclosure of my Protected Health Information by the Dependents or unauthorized persons using the password.

Information Practices
Tucker Administrators, Inc. understands that security and privacy are important issues for visitors to our web site, WWW.TUCKERADMINISTRATORS.COM (the "Site") and recognizes our obligations to keep your information secure and confidential. That is why we maintain the following standards to help protect information that personally identifies you. We may modify this Privacy Policy (the "Policy") at any time and, accordingly, we urge you to frequently review the Policy. We will always apply the Policy under which your information was collected, unless we obtain your prior consent.

In connection with providing services to you, Tucker Administrators, Inc. may also obtain nonpublic health information about you including, but not limited to, information about your eligibility for health care benefits, your claims history, your medical history or other information relating to the maintenance or administration of your health care benefits ("Health Information").

Except as expressly set forth in this Policy, we will not disclose any Health Information about current or former customers to anyone, except as permitted by law. We may provide Health Information that we collect to affiliated or nonaffiliated parties involved in underwriting, processing, servicing and marketing our insurance related products and services. Except as stated in this Policy and as permitted by law, we will not disclose your Health Information to nonaffiliated third parties, unless we first obtain your authorization or offer you an opportunity to opt out of such disclosure.

Use of Information
We use your Personal Information and Health Information for the following purposes: to administer your account; to administer and improve the Site and related services; to notify you of our products, services, promotional events or special offers that maybe of interest to you; to provide Internet security; and to meet legal requirements. We may work with our business partners who may perform certain functions on our behalf, such as underwriting, processing, servicing and marketing our insurance related products and services, sending email messages, managing data or providing customer service. These business partners have access to your Personal Information only to the extent necessary to perform these specific functions and may not use it for any other purpose. If Tucker Administrators, Inc. is involved in the sale of a substantial portion of its business assets, Personal or Health Information may be among the transferred assets.

E-mail Communications
When you send an email to us, you are communicating with us electronically. You thereby consent to receive communications from us electronically. We will communicate with you by email or by posting notices on the Site. All agreements, notices, disclosures and other communications that we provide to you electronically satisfy any legal requirement that such communications be in writing.

Privacy of Children
We encourage parents and guardians to be aware of and participate in their children's online activities. We strictly adhere to the Children's Online Privacy Protection Act and will not knowingly collect, use or disclose Personal Information from any child under the age of 13 in any manner that violates this law.

Links
The Site may contain links to other sites on the Internet that are owned and operated by third parties. Tucker Administrators, Inc. is not responsible for the collection or use of your Personal or Health Information at any third party sites. Therefore, Tucker Administrators, Inc. disclaims any liability for any third party's use of your Personal or Health Information obtained through using a third party web site.

Security
We have policies and procedures in place to protect the privacy and confidentiality of your Personal and Health Information that we collect and maintain. All Personal and Health Information is stored on our secured servers, behind a firewall at a data center with access to data strictly controlled. Additionally, we restrict access to Health Information to those employees who need to know that information to provide services to you. Any unauthorized use of the Site may result in criminal and/or civil prosecution.

Contacting Us or Modifying Your Personal Information
If you have any questions or comments about this Policy, please contact Carol Ann Pencek/Vice President at 704-227-3902. Please provide a concise communication with complete information, including your contact information. If you wish to update your Personal Information provided to us, please contact your employer.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices describes how protected health information (or “PHI”) may be used or disclosed by us to carry out payment, health care operations, and for other purposes that are permitted or required by law. This Notice also sets out our legal obligations concerning your PHI, and describes your rights to access, amend and manage your PHI.

PHI is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer (when functioning on behalf of the group health plan), or a health care clearinghouse and that relates to:
(i) your past, present, or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present, or future payment for the provision of health care to you.

This Notice of Privacy Practices had been drafted to be consistent with what is known as the “HIPAA Privacy Rule,” and any of the terms not defined in this Notice should have the same meaning as they have in the HIPAA Privacy Rule.

If you have any questions or want additional information about this Notice or the policies and procedures described in this Notice, please contact your plan sponsor or visit
http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html

EFFECTIVE DATE

This Notice of Privacy Practices is effective on September 23, 2013.

OUR RESPONSIBILITIES

We are required by law to maintain the privacy of your PHI. We are obligated to: provide you with a copy of this Notice of our legal duties and of our privacy practices related to your PHI; abide by the terms of the Notice that is currently in effect; and notify you in the event of a breach of your unsecured PHI. We reserve the right to change the provisions of our Notice and make the new provisions effective for all PHI that we maintain. If we make a material change to our Notice, we will make the revised Notice available by posting on the group health plan website or providing hard copy upon request.

Permissible Uses and Disclosures of PHI

The following is a description of how we are most likely to use and/or disclose your PHI.

Payment and Health Care Operations

We have the right to use and disclose your PHI for all activities that are included within the definitions of “payment” and “health care operations” as set out in 45 C.F.R. § 164.501 (this provision is a part of the HIPAA Privacy Rule). We have not listed in this Notice all of the activities included within these definitions, so please refer to 45 C.F.R. § 164.501 for a complete list.

Payment

We will use or disclose your PHI to pay claims for services provided to you and to obtain stop-loss reimbursements or to otherwise fulfill our responsibilities for coverage and providing benefits. For example, we may disclose your PHI when a provider requests information regarding your eligibility for coverage under our health plan, or we may use your information to determine if a treatment that you received was medically necessary.

Health Care Operations

We will use or disclose your PHI to support our business functions. These functions include, but are not limited to: quality assessment and improvement, reviewing provider performance, licensing, stop-loss underwriting, business planning, and business development. For example, we may use or disclose your PHI: (i) to provide you with information about a disease management program; (ii) to respond to a customer service inquiry from you; or (iii) in connection with fraud and abuse detection and compliance programs.

Other Permissible Uses and Disclosures of PHI

The following is a description of other possible ways in which we may (and are permitted to) use and/or disclose your PHI.

Required by Law

We may use or disclose your PHI to the extent the law requires the use or disclosure. When used in this Notice, “required by law” is defined as it is in the HIPAA Privacy Rule. For example, we may disclose your PHI when required by national security laws or public health disclosure laws.

Public Health Activities

We may use or disclose your PHI for public health activities that are permitted or required by law. For example, we may use or disclose information for the purpose of preventing or controlling disease, injury, or disability, or we may disclose such information to a public health authority authorized to receive reports of child abuse or neglect. We also may disclose PHI, if directed by a public health authority, to a foreign government agency that is collaborating with the public health authority.

Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law, such as: audits; investigations; inspections; licensure or disciplinary actions; or civil, administrative, or criminal proceedings or actions. Oversight agencies seeking this information include government agencies that oversee: (i) the health care system; (ii) government benefit programs; (iii) other government regulatory programs; and (iv) compliance with civil rights laws.

Abuse or Neglect

We may disclose your PHI to a government authority that is authorized by law to receive reports of abuse, neglect, or domestic violence. Additionally, as required by law, we may disclose to a governmental entity authorized to receive such information your PHI if we believe that you have been a victim of abuse, neglect, or domestic violence.

Legal Proceedings

We may disclose your PHI: (i) in the course of any judicial or administrative proceeding; (ii) in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized); and (iii) in response to a subpoena, a discovery request, or other lawful process, once we have met all administrative requirements of the HIPAA Privacy Rule. For example, we may disclose your PHI in response to a subpoena for such information, but only after we first meet certain conditions required by the HIPAA Privacy Rule.

Law Enforcement

Under certain conditions, we also may disclose your PHI to law enforcement officials. For example, some of the reasons for such a disclosure may include, but not be limited to: (i) it is required by law or some other legal process; (ii) it is necessary to locate or identify a suspect, fugitive, material witness, or missing person; and (iii) it is necessary to provide evidence of a crime that occurred on our premises.

Coroners, Medical Examiners, Funeral Directors; Organ Donation Organizations

We may disclose PHI to a coroner or medical examiner for purposes of identifying a deceased person, determining a cause of death, or for the coroner or medical examiner to perform other duties authorized by law. We also may disclose, as authorized by law, information to funeral directors so that they may carry out their duties. Further, we may disclose PHI to organizations that handle organ, eye, or tissue donation and transplantation.

Research

We may disclose your PHI to researchers when an institutional review board or privacy board has: (i) reviewed the research proposal and established protocols to ensure the privacy of the information; and (ii) approved the research.

To Prevent a Serious Threat to Health or Safety

Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We also may disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.

Military Activity and National Security, Protective Services

Under certain conditions, we may disclose your PHI if you are, or were, Armed Forces personnel for activities deemed necessary by appropriate military command authorities. If you are a member of foreign military service, we may disclose, in certain circumstances, your information to the foreign military authority. We also may disclose your PHI to authorized federal officials for conducting national security and intelligence activities, and for the protection of the President, other authorized persons, or heads of state.

Inmates

If you are an inmate of a correctional institution, we may disclose your PHI to the correctional
institution or to a law enforcement official for: (i) the institution to provide health care to you; (ii) your health and safety and the health and safety of others; or (iii) the safety and security of the correctional institution.

Workers’ Compensation

We may disclose your PHI to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illnesses.

Emergency Situations

We may disclose your PHI in an emergency situation, or if you are incapacitated or not present, to a family member, close personal friend, authorized disaster relief agency, or any other person previous identified by you. We will use professional judgment and experience to determine if the disclosure is in your best interests. If the disclosure is in your best interest, we will disclose only the PHI that is directly relevant to the person's involvement in your care.

Fundraising Activities

We may use or disclose your PHI for fundraising activities, such as raising money for a charitable foundation or similar entity to help finance its activities. If we do contact you for fundraising activities, we will give you the opportunity to opt-out, or stop, receiving such communications in the future.

Group Health Plan Disclosures

We may disclose your PHI to a sponsor of the group health plan – such as an employer or other entity – that is providing a health care program to you. We can disclose your PHI to that entity if that entity has contracted with us to administer your health care program on its behalf.

Underwriting Purposes

We may use or disclose your PHI for underwriting purposes, such as to make a determination about a coverage application or request. If we do use or disclose your PHI for underwriting purposes, we are prohibited from using or disclosing in the underwriting process your PHI that is genetic information.

Others Involved in Your Health Care

Using our best judgment, we may make your PHI known to a family member, other relative, close personal friend or other personal representative that you identify. Such a use will be based on how involved the person is in your care, or payment that relates to your care. We may release information to parents or guardians, if allowed by law.

If you are not present or able to agree to these disclosures of your PHI, then, using our professional judgment, we may determine whether the disclosure is in your best interest.

Uses and Disclosures of Your PHI that Require Your Authorization

Sale of PHI

We will request your written authorization before we make any disclosure that is deemed a sale of your PHI, meaning that we are receiving compensation for disclosing the PHI in this manner.

Marketing

We will request your written authorization to use or disclose your PHI for marketing purposes with limited exceptions, such as when we have face-to-face marketing communications with you or when we provide promotional gifts of nominal value.

Psychotherapy Notes

We will request your written authorization to use or disclose any of your psychotherapy notes that we may have on file with limited exception, such as for certain treatment, payment or health care operation functions.

Other uses and disclosures of your PHI that are not described above will be made only with your written authorization. If you provide us with such an authorization, you may revoke the authorization in writing, and this revocation will be effective for future uses and disclosures of PHI. However, the revocation will not be effective for information that we already have used or disclosed, relying on the authorization.

Required Disclosures of Your PHI

The following is a description of disclosures that we are required by law to make.

Disclosures to the Secretary of the U.S. Department of Health and Human Services

We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the
HIPAA Privacy Rule.

Disclosures to You

We are required to disclose to you most of your PHI in a “designated record set” when you request access to this information. Generally, a “designated record set” contains medical and billing records, as well as other records that are used to make decisions about your health care benefits. We also are required to provide, upon your request, an accounting of most disclosures of your PHI that are for reasons other than payment and health care operations and are not disclosed through a signed authorization.

We will disclose your PHI to an individual who has been designated by you as your personal representative and who has qualified for such designation in accordance with relevant state law. However, before we will disclose PHI to such a person, you must submit a written notice of his/her designation, along with the documentation that supports his/her qualification (such as a power of attorney).

Even if you designate a personal representative, the HIPAA Privacy Rule permits us to elect not to treat the person as your personal representative if we have a reasonable belief that:
(i) you have been, or may be, subjected to domestic violence, abuse, or neglect by such person; (ii) treating such person as your personal representative could endanger you; or (iii) we determine, in the exercise of our professional judgment, that it is not in your best interest to treat the person as your personal representative.

Business Associates

We contract with individuals and entities (Business Associates) to perform various functions on our behalf or to provide certain types of services. To perform these functions or to provide the services, our Business Associates will receive, create, maintain, use, or disclose PHI, but only after we require the Business Associates to agree in writing to contract terms designed to appropriately safeguard your information. For example, we may disclose your PHI to a Business Associate to administer claims or to provide member service support, utilization management, subrogation, or pharmacy benefit management. Examples of our business associates would be our Third Party Administrator, Tucker Administrators, Inc. which will be handling many of the functions in connection with the operation of our Group Health Plan; the retail pharmacy; and the mail order pharmacy.

Other Covered Entities

We may use or disclose your PHI to assist health care providers in connection with their treatment or payment activities, or to assist other covered entities in connection with payment activities and certain health care operations. For example, we may disclose your PHI to a health care provider when needed by the provider to render treatment to you, and we may disclose PHI to another covered entity to conduct health care operations in the areas of quality assurance and improvement activities, or accreditation, certification, licensing or credentialing. This also means that we may disclose or share your PHI with other insurance carriers in order to coordinate benefits, if you or your family members have coverage through another carrier.

Plan Sponsor

We may disclose your PHI to the plan sponsor of the Group Health Plan for purposes of plan administration or pursuant to an authorization request signed by you.

Potential Impact of State Law

The HIPAA Privacy Rule regulations generally do not “preempt” (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the HIPAA Privacy Rule regulations, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of PHI concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing, reproductive rights, etc.

YOUR RIGHTS

The following is a description of your rights with respect to your PHI.

Right to Request a Restriction

You have the right to request a restriction on the PHI we use or disclose about you for payment or health care operations. We are not required to agree to any restriction that you may request. If we do agree to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you. You may request a restriction by contacting the designated contact listed on the first page of this Notice. It is important that you direct your request for restriction to the designated contact so that we can begin to process your request. Requests sent to persons or offices other than the designated contact might delay processing the request.

We will want to receive this information in writing and will instruct you where to send your request when you call. In your request, please tell us: (1) the information whose disclosure you want to limit; and (2) how you want to limit our use and/or disclosure of the information.

Right to Request Confidential Communications

You have the right to request that we communicate with you about your PHI by alternative means or to alternative locations. This right only applies if the information could endanger you if it is not communicated by the alternative means or to the alternative location you want. You do not have to explain the reason for your request, but you must state that the information could endanger you if the communication means or location is not changed. We must accommodate your request if it is reasonable and specifies the alternative means by which, or location where, your PHI should be delivered.

Prior to receiving the information necessary for this request, or during the time it takes to process it, PHI might be disclosed (such as through an EOB). Therefore, it is extremely important that you contact the designated contact listed on the first page of this Notice as soon as you determine that you need to restrict disclosures of your PHI.

If you terminate your request for confidential communications, the restriction will be removed for all your PHI that we hold, including PHI that was previously protected. Therefore, you should not terminate a request for confidential communications if you remain concerned that disclosure of your PHI will endanger you.

Right to Inspect and Copy

You have the right to inspect and copy your PHI that is contained in a “designated record set.” Generally, a “designated record set” contains medical and billing records, as well as other records that are used to make decisions about your health care benefits. However, you may not inspect or copy psychotherapy notes or certain other information that may be contained in a designated record set.

To inspect and copy your PHI that is contained in a designated record set, you must submit your request to the designated contact listed on the first page of this Notice. It is important that you contact the designated contact to request an inspection and copying so that we can begin to process your request. Requests sent to persons, offices, other than the designated contact might delay processing the request. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy your PHI in certain limited circumstances. If you are denied access to your information, you may request that the denial be reviewed. To request a review, you must contact the designated contact listed on the first page of this Notice. A licensed health care professional chosen by us will review your request and the denial. The person performing this review will not be the same one who denied your initial request. Under certain conditions, our denial will not be reviewable. If this event occurs, we will inform you in our denial that the decision is not reviewable.

Right to Amend

If you believe that your PHI is incorrect or incomplete, you may request that we amend your information. You may request that we amend your information by contacting the designated contact listed on the first page of this Notice. Additionally, your request should include the reason the amendment is necessary. It is important that you direct your request for amendment to the designated contact so that we can begin to process your request. Requests sent to persons or offices, other than the designated contact might delay processing the request.

In certain cases, we may deny your request for an amendment. For example, we may deny your request if the information you want to amend is not maintained by us, but by another entity. If we deny your request, you have the right to file a statement of disagreement with us. Your statement of disagreement will be linked with the disputed information and all future disclosures of the disputed information will include your statement.

Right of an Accounting

You have a right to an accounting of certain disclosures of your PHI that are for reasons other than treatment, payment, or health care operations. No accounting of disclosures is required for disclosures made pursuant to a signed authorization by you or your personal representative. You should know that most disclosures of PHI will be for purposes of payment or health care operations, and, therefore, will not be subject to your right to an accounting. There also are other exceptions to this right. An accounting will include the date(s) of the disclosure, to whom we made the disclosure, a brief description of the information disclosed, and the purpose for the disclosure. You may request an accounting by submitting your request in writing to the designated contact listed on the first page of this Notice. It is important that you direct your request for an accounting to the designated contact so that we can begin to process your request. Requests sent to persons or offices other than the designated contact might delay processing the request.

Your request may be for disclosures made up to 6 years before the date of your request, but not for disclosures made before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your
request at the time before any costs are incurred.

Right to a Copy of This Notice

You have the right to request a copy of this Notice at any time by contacting the designated contact listed on the first page of this Notice. If you receive this Notice on our Website or by electronic mail, you also are entitled to request a paper copy of this Notice.

COMPLAINTS

You may complain to us if you believe that we have violated your privacy rights. You may file a complaint with us by calling us at the number listed on the first page of this Notice. A copy of a complaint form is available from this contact office.

You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services. Complaints filed directly with the Secretary must: (1) be in writing; (2) contain the name of the entity against which the complaint is lodged; (3) describe the relevant problems; and
(4) be filed within 180 days of the time you became or should have become aware of the problem.

We will not penalize or any other way retaliate against you for filing a complaint with the Secretary or with us.